blob: 7de73b8a92c92d81f6d0e32663eef4a74783c498 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
#!/bin/sh
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
$SHELL clean.sh
ln -s $CHECKZONE named-compilezone
# Test 1: KSK goes inactive before successor is active
dir=01-ksk-inactive
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
$SETTIME -K $dir -I +7mo $ksk1 > /dev/null 2>&1
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
# Test 2: ZSK goes inactive before successor is active
dir=02-zsk-inactive
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
$SETTIME -K $dir -I +7mo $zsk1 > /dev/null 2>&1
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
# Test 3: KSK is unpublished before its successor is published
dir=03-ksk-unpublished
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
$SETTIME -K $dir -D +6mo $ksk1 > /dev/null 2>&1
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
# Test 4: ZSK is unpublished before its successor is published
dir=04-zsk-unpublished
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
$SETTIME -K $dir -D +6mo $zsk1 > /dev/null 2>&1
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
# Test 5: KSK deleted and successor published before KSK is deactivated
# and successor activated.
dir=05-ksk-unpub-active
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
$SETTIME -K $dir -I +9mo -D +8mo $ksk1 > /dev/null 2>&1
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
# Test 6: ZSK deleted and successor published before ZSK is deactivated
# and successor activated.
dir=06-zsk-unpub-active
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
$SETTIME -K $dir -I +9mo -D +8mo $zsk1 > /dev/null 2>&1
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
# Test 7: KSK rolled with insufficient delay after prepublication.
dir=07-ksk-ttl
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
# allow only 1 day between publication and activation
$SETTIME -K $dir -P +269d $ksk2 > /dev/null 2>&1
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
# Test 8: ZSK rolled with insufficient delay after prepublication.
dir=08-zsk-ttl
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
# allow only 1 day between publication and activation
$SETTIME -K $dir -P +269d $zsk2 > /dev/null 2>&1
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
# Test 9: KSK goes inactive before successor is active, but checking ZSKs
dir=09-check-zsk
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
ksk2=$($KEYGEN -q -K $dir -S $ksk1)
$SETTIME -K $dir -I +7mo $ksk1 > /dev/null 2>&1
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
# Test 10: ZSK goes inactive before successor is active, but checking KSKs
dir=10-check-ksk
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
$SETTIME -K $dir -I +7mo $zsk1 > /dev/null 2>&1
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
# Test 11: ZSK goes inactive before successor is active, but after cutoff
dir=11-cutoff
zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
$SETTIME -K $dir -I +18mo -D +2y $zsk1 > /dev/null 2>&1
zsk2=$($KEYGEN -q -K $dir -S $zsk1)
$SETTIME -K $dir -I +16mo $zsk1 > /dev/null 2>&1
ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
# Test 12: Too early KSK deletion
dir=12-ksk-deletion
ksk1=$($KEYGEN -q -K $dir -f KSK -a 8 -b 2048 -I +40d -D +40d example.com)
ksk2=$($KEYGEN -q -K $dir -S $ksk1.key example.com)
# Test 13: check names with/without dots at the end
dir=13-dotted-dotless
zsk1=$($KEYGEN -q -K $dir -a rsasha256 one.example)
zsk2=$($KEYGEN -q -K $dir -a rsasha256 two.example)
|