Adding upstream version 1:9.11.5.P4+dfsg.upstream/1%9.11.5.P4+dfsg upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-05 18:37:14 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-05-05 18:37:14 +0000
commit: ea648e70a989cca190cd7403fe892fd2dcc290b4 (patch)
tree: e2b6b1c647da68b0d4d66082835e256eb30970e8 /bin/tests/system/dnssec/signer
parent: Initial commit. (diff)
download: bind9-ea648e70a989cca190cd7403fe892fd2dcc290b4.tar.xz
bind9-ea648e70a989cca190cd7403fe892fd2dcc290b4.zip
17 files changed, 216 insertions, 0 deletions
diff --git a/bin/tests/system/dnssec/signer/example.db.in b/bin/tests/system/dnssec/signer/example.db.in
new file mode 100644
index 0000000..dbf60c1
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/example.db.in
@@ -0,0 +1,15 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+example. 60 IN SOA example. . 0 0 0 0 0
+example. 60 IN NS example.
+example. 60 IN A 1.2.3.4
+; out of zone record
+out-of-zone. 60 IN A 1.2.3.4
diff --git a/bin/tests/system/dnssec/signer/general/Kexample.com.+005+07065.key b/bin/tests/system/dnssec/signer/general/Kexample.com.+005+07065.key
new file mode 100644
index 0000000..e4bdce2
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/Kexample.com.+005+07065.key
@@ -0,0 +1 @@
+example.com. IN DNSKEY 256 3 5 AwEAAaF0z17DdkBAKiYScVNqzsqXw7Vz/Cx5OCw7T/6RnU/KiGv815kl H2obywRZX2ZcEg9R8SUzQiP9ygY0s1xF5IFYi32HsWftNV7V/gNwNrMn GC0gV2e3OawsQ2CYWZZVwObr/fmcKIXuY6eRdJtyOilMRhlvroJdXZw1 CQdicxpZ
diff --git a/bin/tests/system/dnssec/signer/general/Kexample.com.+005+07065.private b/bin/tests/system/dnssec/signer/general/Kexample.com.+005+07065.private
new file mode 100644
index 0000000..db928c5
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/Kexample.com.+005+07065.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: oXTPXsN2QEAqJhJxU2rOypfDtXP8LHk4LDtP/pGdT8qIa/zXmSUfahvLBFlfZlwSD1HxJTNCI/3KBjSzXEXkgViLfYexZ+01XtX+A3A2sycYLSBXZ7c5rCxDYJhZllXA5uv9+Zwohe5jp5F0m3I6KUxGGW+ugl1dnDUJB2JzGlk=
+PublicExponent: AQAB
+PrivateExponent: QrbJmRabHiFlSSYFvbo8iGn9bFTotlfAZkZ732y72+SMSlLHo3g7atThJoLncJxKuhnZ0s1DXyvW9omAM3iN2lxfVDW58at1amj/lWRDYkjI0fM8z6eyrF4U2lHKDM2YEstg+sGAAs5DUZBbli4Y7+zHjhxSKLYvRf4AJvX8aoE=
+Prime1: 0259CgdF0JW+miedRZXC6tn3FijZJ4/j5edzd8IpTpdUSZupQg9hMP1ot7crreNq7MnzO0Z2ImbowUx8CDOuXQ==
+Prime2: w31/WLM2275Z1tsHEOhrntUQCUk55B4PNOCmM4hjp0vAvA/SVSgAYRNb7rc/ujaLf0DnxnDsnVsFAS2PmvQELQ==
+Exponent1: yKPhJNMh/X8dEUzmglJMVnHheLXq3RA/RL0PZmZqrJoO8os1Y+sUYFkaNr0sRie6IFrE50tGb/8YgdcDHQVuQQ==
+Exponent2: lVhDuGy5RSjnk1eiz0zwIthctutlOZupPFk/P3E7yGv74vAnXH0BxSe3/Oer3MOc0GuyZYyRhyko6px28AbpRQ==
+Coefficient: Hjup1nDnPFkQrxU2qLQBJrDz+ipw0RkNhsjWs6IgAq1Mq4sFV50bR9hOTLDd9oNhhtAwVjF+Oc0WIq+M1Mi6Ow==
diff --git a/bin/tests/system/dnssec/signer/general/Kexample.com.+005+23362.key b/bin/tests/system/dnssec/signer/general/Kexample.com.+005+23362.key
new file mode 100644
index 0000000..6f4fec8
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/Kexample.com.+005+23362.key
@@ -0,0 +1 @@
+example.com. IN DNSKEY 257 3 5 AwEAAbuWh5W3eGwixISqPwxszotQ0246KqhUB2Mb6JqNMJd6cWR66IrX YnevpIHsb6oanqJmVzOcJ6Yj3rXOIYtYYXgLbT7EJ8x7BNCZPHxG+w5C 7I1WsDbT6eGf//FLn2c4odKLOXaWCVITeNy61w43IlteIT9Q1egKdt+8 a7X9605j
diff --git a/bin/tests/system/dnssec/signer/general/Kexample.com.+005+23362.private b/bin/tests/system/dnssec/signer/general/Kexample.com.+005+23362.private
new file mode 100644
index 0000000..2d299d0
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/Kexample.com.+005+23362.private
@@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: u5aHlbd4bCLEhKo/DGzOi1DTbjoqqFQHYxvomo0wl3pxZHroitdid6+kgexvqhqeomZXM5wnpiPetc4hi1hheAttPsQnzHsE0Jk8fEb7DkLsjVawNtPp4Z//8UufZzih0os5dpYJUhN43LrXDjciW14hP1DV6Ap237xrtf3rTmM=
+PublicExponent: AQAB
+PrivateExponent: XZSssv3CL3/wtZYQuewV5d4+e8C8wxiYTtL/aQqCcS7+HnhKRelJEBgpYz9GPX/mH3Iakn6WMQW39s6MYW2HwXUnqhsvHoyabGX0Dbc/1LcY4J2VPgzVHwSXYm+j4unOByOOS4KoBtUAQxJsTBokVZrZ5pKsLUK9X2gdywYw+PE=
+Prime1: 9fB7PaygjKoT1nbbeEMy1KYNqetg3zmN49Mk6ilEWxzJXKSSjTIhdkiLGXtYmE8rDBLBiYm8YWNe7YdA9PbQ7Q==
+Prime2: w0L7mTOLDecH3XAkC/wvALv8K9KSoZ31ajidKBxV15u8awj5AxDG7gjerYgCLjU1fq1GulMr11j8r4ftQn3Cjw==
+Exponent1: Up52yEE1rgt0npdPIxdv+//Ml0h7QoITKHXF8OPsEq+Y9YZTtRsiIpo8IFNPb9somuWyHoImxpCbUzAcoi5IAQ==
+Exponent2: uYTbvYx+UsAt9dOFPCnnkqAJEK3qCUomET0m/CQn30mldGC7DpGTIDgnMeLmh3agk/IYIBHDtsBinHfeEe2guw==
+Coefficient: FiHAet8On9Yaz1ksEAlCWulwck3zPWIsgqJBM2J4kHhgHTm17mZyxtVxIzLAMBNMIBcFl40FCpmPmTLY5QK5mw==
diff --git a/bin/tests/system/dnssec/signer/general/bogus-ksk.key b/bin/tests/system/dnssec/signer/general/bogus-ksk.key
new file mode 100644
index 0000000..af4640b
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/bogus-ksk.key
@@ -0,0 +1,6 @@
+;
+; This is a bogus key.  It will not have a .private file.
+;
+; This will be key id 7091
+;
+example.com. IN DNSKEY 257 3 5 AwEAAaF0z17DdkBAKiYScVNqzsqXw7Vz/Cx5OCw7T/6RnU/KiGv815kl H2obywRZX2ZcEg9R8SUzQiP9ygY0s1xF5IFYi32HsWftNV7V/gNwNrMn GC0gV2e3OawsQ2CYWZZVwObr/fmcKIXuY6eRdJtyOilMRhlvroJdXZw1 CQdicxpz
diff --git a/bin/tests/system/dnssec/signer/general/bogus-zsk.key b/bin/tests/system/dnssec/signer/general/bogus-zsk.key
new file mode 100644
index 0000000..2e53d5c
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/bogus-zsk.key
@@ -0,0 +1,6 @@
+;
+; This is a bogus key.  It will not have a .private file.
+;
+; This will be key id 7092
+;
+example.com. IN DNSKEY 256 3 5 AwEAAaF0z17DdkBAKiYScVNqzsqXw7Vz/Cx5OCw7T/6RnU/KiGv815kl H2obywRZX2ZcEg9R8SUzQiP9ygY0s1xF5IFYi32HsWftNV7V/gNwNrMn GC0gV2e3OawsQ2CYWZZVwObr/fmcKIXuY6eRdJtyOilMRhlvroJdXZw1 CQdicxpz
diff --git a/bin/tests/system/dnssec/signer/general/test1.zone b/bin/tests/system/dnssec/signer/general/test1.zone
new file mode 100644
index 0000000..8c11a0e
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/test1.zone
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+;	This is a zone which has two DNSKEY records, both of which have
+; existing private key files available.  They should be loaded automatically
+; and the zone correctly signed.
+;
+$TTL 3600
+example.com.	IN	SOA ns hostmaster 00090000 1200 3600 604800 300
+$include Kexample.com.+005+07065.key
+$include Kexample.com.+005+23362.key
diff --git a/bin/tests/system/dnssec/signer/general/test2.zone b/bin/tests/system/dnssec/signer/general/test2.zone
new file mode 100644
index 0000000..b603931
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/test2.zone
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+;	This is a zone which has one non-KSK DNSKEY record for which the
+; private key file exists.  It should be loaded automatically and the zone
+; correctly signed.
+;
+$TTL 3600
+example.com.	IN	SOA ns hostmaster 00090000 1200 3600 604800 300
+$include Kexample.com.+005+07065.key
diff --git a/bin/tests/system/dnssec/signer/general/test3.zone b/bin/tests/system/dnssec/signer/general/test3.zone
new file mode 100644
index 0000000..70f2a86
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/test3.zone
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+;       This is a zone which has one KSK DNSKEY record for which the
+; private key file exists.  It should be loaded automatically.  As there
+; is no non-KSK DNSKEY the resulting zone should be rejected.
+;
+$TTL 3600
+example.com.	IN	SOA ns hostmaster 00090000 1200 3600 604800 300
+$include Kexample.com.+005+23362.key
diff --git a/bin/tests/system/dnssec/signer/general/test4.zone b/bin/tests/system/dnssec/signer/general/test4.zone
new file mode 100644
index 0000000..fb5b6c4
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/test4.zone
@@ -0,0 +1,18 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+;	This is a zone which has three DNSKEY records, two (KSK + ZSK) of
+; which have existing private key files available.  The third is a
+; pre-published ZSK.
+;
+$TTL 3600
+example.com.	IN	SOA ns hostmaster 00090000 1200 3600 604800 300
+$include Kexample.com.+005+07065.key
+$include Kexample.com.+005+23362.key
+$include bogus-zsk.key
diff --git a/bin/tests/system/dnssec/signer/general/test5.zone b/bin/tests/system/dnssec/signer/general/test5.zone
new file mode 100644
index 0000000..7f33e27
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/test5.zone
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+;	This is a zone which has three DNSKEY records, two (KSK +ZSK) of which
+; have existing private key files available.  The third is a KSK.
+;
+$TTL 3600
+example.com.	IN	SOA ns hostmaster 00090000 1200 3600 604800 300
+$include Kexample.com.+005+07065.key
+$include Kexample.com.+005+23362.key
+$include bogus-ksk.key
diff --git a/bin/tests/system/dnssec/signer/general/test6.zone b/bin/tests/system/dnssec/signer/general/test6.zone
new file mode 100644
index 0000000..aad2838
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/test6.zone
@@ -0,0 +1,19 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+;	This is a zone which has four DNSKEY records, two (KK + ZSK) of which
+; have existing private key files available.  There are also a KSK and ZSK
+; for which there will be no signatures.
+;
+$TTL 3600
+example.com.	IN	SOA ns hostmaster 00090000 1200 3600 604800 300
+$include Kexample.com.+005+07065.key
+$include Kexample.com.+005+23362.key
+$include bogus-ksk.key
+$include bogus-zsk.key
diff --git a/bin/tests/system/dnssec/signer/general/test7.zone b/bin/tests/system/dnssec/signer/general/test7.zone
new file mode 100644
index 0000000..e804f81
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/test7.zone
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+;	This is a zone which has two DNSKEY records, none of which have
+; existing private key files available.  The resulting zone should fail
+; the consistancy tests.
+;
+$TTL 3600
+example.com.	IN	SOA ns hostmaster 00090000 1200 3600 604800 300
+$include bogus-ksk.key
+$include bogus-zsk.key
diff --git a/bin/tests/system/dnssec/signer/general/test8.zone b/bin/tests/system/dnssec/signer/general/test8.zone
new file mode 100644
index 0000000..abfc58f
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/general/test8.zone
@@ -0,0 +1,17 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+;	This is a zone which has two DNSKEY records, one of which,
+; the KSK, has a private key.  The resulting zone should be rejected as
+; it has no ZSK signatures.
+;
+$TTL 3600
+example.com.	IN	SOA ns hostmaster 00090000 1200 3600 604800 300
+$include Kexample.com.+005+23362.key
+$include bogus-zsk.key
diff --git a/bin/tests/system/dnssec/signer/remove.db.in b/bin/tests/system/dnssec/signer/remove.db.in
new file mode 100644
index 0000000..8e0fccd
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/remove.db.in
@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+remove. 60 IN SOA remove. . 0 0 0 0 0
+remove. 60 IN NS remove.
+remove. 60 IN A 1.2.3.4
+remove. 60 IN AAAA ::ffff:1.2.3.4
+remove. 60 IN MX 0 remove.
+$INCLUDE remove.db.signed
diff --git a/bin/tests/system/dnssec/signer/remove2.db.in b/bin/tests/system/dnssec/signer/remove2.db.in
new file mode 100644
index 0000000..aa1d2f5
--- /dev/null
+++ b/bin/tests/system/dnssec/signer/remove2.db.in
@@ -0,0 +1,14 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 60
+remove. 60 IN SOA remove. . 0 0 0 0 0
+remove. 60 IN NS remove.
+remove. 60 IN A 1.2.3.4
+$INCLUDE remove.db.signed
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-05 18:37:14 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-05-05 18:37:14 +0000
commit	ea648e70a989cca190cd7403fe892fd2dcc290b4 (patch)
tree	e2b6b1c647da68b0d4d66082835e256eb30970e8 /bin/tests/system/dnssec/signer
parent	Initial commit. (diff)
download	bind9-ea648e70a989cca190cd7403fe892fd2dcc290b4.tar.xz bind9-ea648e70a989cca190cd7403fe892fd2dcc290b4.zip