summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/coverage/setup.sh
diff options
context:
space:
mode:
Diffstat (limited to 'bin/tests/system/coverage/setup.sh')
-rw-r--r--bin/tests/system/coverage/setup.sh119
1 files changed, 119 insertions, 0 deletions
diff --git a/bin/tests/system/coverage/setup.sh b/bin/tests/system/coverage/setup.sh
new file mode 100644
index 0000000..7de73b8
--- /dev/null
+++ b/bin/tests/system/coverage/setup.sh
@@ -0,0 +1,119 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+$SHELL clean.sh
+
+ln -s $CHECKZONE named-compilezone
+
+# Test 1: KSK goes inactive before successor is active
+dir=01-ksk-inactive
+ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
+$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
+ksk2=$($KEYGEN -q -K $dir -S $ksk1)
+$SETTIME -K $dir -I +7mo $ksk1 > /dev/null 2>&1
+zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
+
+# Test 2: ZSK goes inactive before successor is active
+dir=02-zsk-inactive
+zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
+$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
+zsk2=$($KEYGEN -q -K $dir -S $zsk1)
+$SETTIME -K $dir -I +7mo $zsk1 > /dev/null 2>&1
+ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
+
+# Test 3: KSK is unpublished before its successor is published
+dir=03-ksk-unpublished
+ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
+$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
+ksk2=$($KEYGEN -q -K $dir -S $ksk1)
+$SETTIME -K $dir -D +6mo $ksk1 > /dev/null 2>&1
+zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
+
+# Test 4: ZSK is unpublished before its successor is published
+dir=04-zsk-unpublished
+zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
+$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
+zsk2=$($KEYGEN -q -K $dir -S $zsk1)
+$SETTIME -K $dir -D +6mo $zsk1 > /dev/null 2>&1
+ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
+
+# Test 5: KSK deleted and successor published before KSK is deactivated
+# and successor activated.
+dir=05-ksk-unpub-active
+ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
+$SETTIME -K $dir -I +9mo -D +8mo $ksk1 > /dev/null 2>&1
+ksk2=$($KEYGEN -q -K $dir -S $ksk1)
+zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
+
+# Test 6: ZSK deleted and successor published before ZSK is deactivated
+# and successor activated.
+dir=06-zsk-unpub-active
+zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
+$SETTIME -K $dir -I +9mo -D +8mo $zsk1 > /dev/null 2>&1
+zsk2=$($KEYGEN -q -K $dir -S $zsk1)
+ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
+
+# Test 7: KSK rolled with insufficient delay after prepublication.
+dir=07-ksk-ttl
+ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
+$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
+ksk2=$($KEYGEN -q -K $dir -S $ksk1)
+# allow only 1 day between publication and activation
+$SETTIME -K $dir -P +269d $ksk2 > /dev/null 2>&1
+zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
+
+# Test 8: ZSK rolled with insufficient delay after prepublication.
+dir=08-zsk-ttl
+zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
+$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
+zsk2=$($KEYGEN -q -K $dir -S $zsk1)
+# allow only 1 day between publication and activation
+$SETTIME -K $dir -P +269d $zsk2 > /dev/null 2>&1
+ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
+
+# Test 9: KSK goes inactive before successor is active, but checking ZSKs
+dir=09-check-zsk
+ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
+$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
+ksk2=$($KEYGEN -q -K $dir -S $ksk1)
+$SETTIME -K $dir -I +7mo $ksk1 > /dev/null 2>&1
+zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
+
+# Test 10: ZSK goes inactive before successor is active, but checking KSKs
+dir=10-check-ksk
+zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
+$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
+zsk2=$($KEYGEN -q -K $dir -S $zsk1)
+$SETTIME -K $dir -I +7mo $zsk1 > /dev/null 2>&1
+ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
+
+# Test 11: ZSK goes inactive before successor is active, but after cutoff
+dir=11-cutoff
+zsk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3 example.com)
+$SETTIME -K $dir -I +18mo -D +2y $zsk1 > /dev/null 2>&1
+zsk2=$($KEYGEN -q -K $dir -S $zsk1)
+$SETTIME -K $dir -I +16mo $zsk1 > /dev/null 2>&1
+ksk1=$($KEYGEN -q -K $dir -a ${DEFAULT_ALGORITHM} -3fk example.com)
+
+# Test 12: Too early KSK deletion
+dir=12-ksk-deletion
+ksk1=$($KEYGEN -q -K $dir -f KSK -a 8 -b 2048 -I +40d -D +40d example.com)
+ksk2=$($KEYGEN -q -K $dir -S $ksk1.key example.com)
+
+# Test 13: check names with/without dots at the end
+dir=13-dotted-dotless
+zsk1=$($KEYGEN -q -K $dir -a rsasha256 one.example)
+zsk2=$($KEYGEN -q -K $dir -a rsasha256 two.example)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-01 00:57:50 +0000