mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-25 02:42:33 -05:00
ce014dbf4e
All changes in this commit were automated using the command:
shfmt -w -i 2 -ci -bn bin/tests/system/ util/ $(find bin/tests/system/ -name "*.sh.in")
By default, only *.sh and files without extension are checked, so
*.sh.in files have to be added additionally. (See mvdan/sh#944)
(manually replayed commit 4cb8b13987)
119 lines
4.8 KiB
Bash
119 lines
4.8 KiB
Bash
#!/bin/sh
|
|
|
|
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
SYSTEMTESTTOP=..
|
|
. $SYSTEMTESTTOP/conf.sh
|
|
|
|
$SHELL clean.sh
|
|
|
|
ln -s $CHECKZONE named-compilezone
|
|
|
|
# Test 1: KSK goes inactive before successor is active
|
|
dir=01-ksk-inactive
|
|
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
|
|
$SETTIME -K $dir -I +9mo -D +1y $ksk1 >/dev/null 2>&1
|
|
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
|
|
$SETTIME -K $dir -I +7mo $ksk1 >/dev/null 2>&1
|
|
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
|
|
|
|
# Test 2: ZSK goes inactive before successor is active
|
|
dir=02-zsk-inactive
|
|
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
|
|
$SETTIME -K $dir -I +9mo -D +1y $zsk1 >/dev/null 2>&1
|
|
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
|
|
$SETTIME -K $dir -I +7mo $zsk1 >/dev/null 2>&1
|
|
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
|
|
|
|
# Test 3: KSK is unpublished before its successor is published
|
|
dir=03-ksk-unpublished
|
|
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
|
|
$SETTIME -K $dir -I +9mo -D +1y $ksk1 >/dev/null 2>&1
|
|
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
|
|
$SETTIME -K $dir -D +6mo $ksk1 >/dev/null 2>&1
|
|
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
|
|
|
|
# Test 4: ZSK is unpublished before its successor is published
|
|
dir=04-zsk-unpublished
|
|
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
|
|
$SETTIME -K $dir -I +9mo -D +1y $zsk1 >/dev/null 2>&1
|
|
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
|
|
$SETTIME -K $dir -D +6mo $zsk1 >/dev/null 2>&1
|
|
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
|
|
|
|
# Test 5: KSK deleted and successor published before KSK is deactivated
|
|
# and successor activated.
|
|
dir=05-ksk-unpub-active
|
|
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
|
|
$SETTIME -K $dir -I +9mo -D +8mo $ksk1 >/dev/null 2>&1
|
|
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
|
|
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
|
|
|
|
# Test 6: ZSK deleted and successor published before ZSK is deactivated
|
|
# and successor activated.
|
|
dir=06-zsk-unpub-active
|
|
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
|
|
$SETTIME -K $dir -I +9mo -D +8mo $zsk1 >/dev/null 2>&1
|
|
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
|
|
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
|
|
|
|
# Test 7: KSK rolled with insufficient delay after prepublication.
|
|
dir=07-ksk-ttl
|
|
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
|
|
$SETTIME -K $dir -I +9mo -D +1y $ksk1 >/dev/null 2>&1
|
|
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
|
|
# allow only 1 day between publication and activation
|
|
$SETTIME -K $dir -P +269d $ksk2 >/dev/null 2>&1
|
|
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
|
|
|
|
# Test 8: ZSK rolled with insufficient delay after prepublication.
|
|
dir=08-zsk-ttl
|
|
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
|
|
$SETTIME -K $dir -I +9mo -D +1y $zsk1 >/dev/null 2>&1
|
|
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
|
|
# allow only 1 day between publication and activation
|
|
$SETTIME -K $dir -P +269d $zsk2 >/dev/null 2>&1
|
|
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
|
|
|
|
# Test 9: KSK goes inactive before successor is active, but checking ZSKs
|
|
dir=09-check-zsk
|
|
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
|
|
$SETTIME -K $dir -I +9mo -D +1y $ksk1 >/dev/null 2>&1
|
|
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
|
|
$SETTIME -K $dir -I +7mo $ksk1 >/dev/null 2>&1
|
|
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
|
|
|
|
# Test 10: ZSK goes inactive before successor is active, but checking KSKs
|
|
dir=10-check-ksk
|
|
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
|
|
$SETTIME -K $dir -I +9mo -D +1y $zsk1 >/dev/null 2>&1
|
|
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
|
|
$SETTIME -K $dir -I +7mo $zsk1 >/dev/null 2>&1
|
|
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
|
|
|
|
# Test 11: ZSK goes inactive before successor is active, but after cutoff
|
|
dir=11-cutoff
|
|
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
|
|
$SETTIME -K $dir -I +18mo -D +2y $zsk1 >/dev/null 2>&1
|
|
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
|
|
$SETTIME -K $dir -I +16mo $zsk1 >/dev/null 2>&1
|
|
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
|
|
|
|
# Test 12: Too early KSK deletion
|
|
dir=12-ksk-deletion
|
|
ksk1=$($KEYGEN -q -K $dir -f KSK -a 8 -b 2048 -I +40d -D +40d example.com)
|
|
ksk2=$($KEYGEN -q -K $dir -S $ksk1.key example.com)
|
|
|
|
# Test 13: check names with/without dots at the end
|
|
dir=13-dotted-dotless
|
|
zsk1=$($KEYGEN -q -K $dir -a rsasha256 one.example)
|
|
zsk2=$($KEYGEN -q -K $dir -a rsasha256 two.example)
|