summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/dupsigs/ns1/reset_keys.sh
blob: 9db5c27587fd6674cc5865bda7df814ddc3959c4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
#!/bin/sh

# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0.  If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.

SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh

zone=signing.test
rm -rf keys/signing.test
mkdir -p keys/signing.test

timetodnssec() {
  $PERL -e 'my ($S,$M,$H,$d,$m,$y,$x) = gmtime(@ARGV[0]);
	      printf("%04u%02u%02u%02u%02u%02u\n", $y+1900,$m+1,$d,$H,$M,$S);' ${1}
}

KEYDIR=keys/signing.test
KSK=$($KEYGEN -a RSASHA256 -K $KEYDIR -q -f KSK $zone)

ZSK0=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK1=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK2=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK3=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK4=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK5=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK6=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK7=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK8=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)
ZSK9=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone)

# clear all times on all keys
for FILEN in keys/signing.test/*.key; do
  $SETTIME -P none -A none -R none -I none -D none $FILEN
done

BASE=$(date +%s)
BASET=$(timetodnssec $BASE)

# reset the publish and activation time on the KSK
$SETTIME -P $BASET -A $BASET $KEYDIR/$KSK

# reset the publish and activation time on the first ZSK
$SETTIME -P $BASET -A $BASET $KEYDIR/$ZSK0

# schedule the first roll
R1=$(expr $BASE + 50)
R1T=$(timetodnssec $R1)

$SETTIME -I $R1T $KEYDIR/$ZSK0
$SETTIME -P $BASET -A $R1T $KEYDIR/$ZSK1

# schedule the second roll (which includes the delete of the first key)
R2=$(expr $R1 + 50)
R2T=$(timetodnssec $R2)
DT=$R2
DTT=$(timetodnssec $DT)

$SETTIME -D $DTT $KEYDIR/$ZSK0
$SETTIME -I $R2T $KEYDIR/$ZSK1
$SETTIME -P $R1T -A $R2T $KEYDIR/$ZSK2

# schedule the third roll
R3=$(expr $R2 + 25)
R3T=$(timetodnssec $R3)

$SETTIME -D $R3T $KEYDIR/$ZSK1
$SETTIME -I $R3T $KEYDIR/$ZSK2
$SETTIME -P $R2T -A $R3T $KEYDIR/$ZSK3

$SETTIME -P $R3T $KEYDIR/$ZSK4

echo KSK=$KSK
echo ZSK0=$ZSK0
echo ZSK1=$ZSK1
echo ZSK2=$ZSK2
echo ZSK3=$ZSK3
echo ZSK4=$ZSK4

exit

# schedule the fourth roll
# this isn't long enough for the signing to complete and would result in
# duplicate signatures, see
# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/231#note_9597
R4=$(expr $R3 + 10)
R4T=$(timetodnssec $R4)

$SETTIME -D $R4T $KEYDIR/$ZSK2
$SETTIME -I $R4T $KEYDIR/$ZSK3
$SETTIME -P $R3T -A $R4T $KEYDIR/$ZSK4