summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/dupsigs/ns1/reset_keys.sh
diff options
context:
space:
mode:
Diffstat (limited to 'bin/tests/system/dupsigs/ns1/reset_keys.sh')
-rw-r--r--bin/tests/system/dupsigs/ns1/reset_keys.sh100
1 files changed, 100 insertions, 0 deletions
diff --git a/bin/tests/system/dupsigs/ns1/reset_keys.sh b/bin/tests/system/dupsigs/ns1/reset_keys.sh
new file mode 100644
index 0000000..4faa0bb
--- /dev/null
+++ b/bin/tests/system/dupsigs/ns1/reset_keys.sh
@@ -0,0 +1,100 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+zone=signing.test
+rm -rf keys/signing.test
+mkdir -p keys/signing.test
+
+timetodnssec() {
+ $PERL -e 'my ($S,$M,$H,$d,$m,$y,$x) = gmtime(@ARGV[0]);
+ printf("%04u%02u%02u%02u%02u%02u\n", $y+1900,$m+1,$d,$H,$M,$S);' ${1}
+}
+
+KEYDIR=keys/signing.test
+KSK=`$KEYGEN -a RSASHA256 -K $KEYDIR -q -f KSK $zone`
+
+ZSK0=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK1=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK2=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK3=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK4=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK5=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK6=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK7=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK8=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK9=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+
+# clear all times on all keys
+for FILEN in keys/signing.test/*.key
+do
+ $SETTIME -P none -A none -R none -I none -D none $FILEN
+done
+
+BASE=`date +%s`
+BASET=`timetodnssec $BASE`
+
+# reset the publish and activation time on the KSK
+$SETTIME -P $BASET -A $BASET $KEYDIR/$KSK
+
+# reset the publish and activation time on the first ZSK
+$SETTIME -P $BASET -A $BASET $KEYDIR/$ZSK0
+
+# schedule the first roll
+R1=`expr $BASE + 50`
+R1T=`timetodnssec $R1`
+
+$SETTIME -I $R1T $KEYDIR/$ZSK0
+$SETTIME -P $BASET -A $R1T $KEYDIR/$ZSK1
+
+# schedule the second roll (which includes the delete of the first key)
+R2=`expr $R1 + 50`
+R2T=`timetodnssec $R2`
+DT=$R2
+DTT=`timetodnssec $DT`
+
+$SETTIME -D $DTT $KEYDIR/$ZSK0
+$SETTIME -I $R2T $KEYDIR/$ZSK1
+$SETTIME -P $R1T -A $R2T $KEYDIR/$ZSK2
+
+# schedule the third roll
+R3=`expr $R2 + 25`
+R3T=`timetodnssec $R3`
+
+$SETTIME -D $R3T $KEYDIR/$ZSK1
+$SETTIME -I $R3T $KEYDIR/$ZSK2
+$SETTIME -P $R2T -A $R3T $KEYDIR/$ZSK3
+
+$SETTIME -P $R3T $KEYDIR/$ZSK4
+
+echo KSK=$KSK
+echo ZSK0=$ZSK0
+echo ZSK1=$ZSK1
+echo ZSK2=$ZSK2
+echo ZSK3=$ZSK3
+echo ZSK4=$ZSK4
+
+exit
+
+# schedule the fourth roll
+# this isn't long enough for the signing to complete and would result in
+# duplicate signatures, see
+# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/231#note_9597
+R4=`expr $R3 + 10`
+R4T=`timetodnssec $R4`
+
+$SETTIME -D $R4T $KEYDIR/$ZSK2
+$SETTIME -I $R4T $KEYDIR/$ZSK3
+$SETTIME -P $R3T -A $R4T $KEYDIR/$ZSK4