diff options
Diffstat (limited to 'bin/tests/system/dupsigs/ns1/reset_keys.sh')
-rw-r--r-- | bin/tests/system/dupsigs/ns1/reset_keys.sh | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/bin/tests/system/dupsigs/ns1/reset_keys.sh b/bin/tests/system/dupsigs/ns1/reset_keys.sh new file mode 100644 index 0000000..4faa0bb --- /dev/null +++ b/bin/tests/system/dupsigs/ns1/reset_keys.sh @@ -0,0 +1,100 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +zone=signing.test +rm -rf keys/signing.test +mkdir -p keys/signing.test + +timetodnssec() { + $PERL -e 'my ($S,$M,$H,$d,$m,$y,$x) = gmtime(@ARGV[0]); + printf("%04u%02u%02u%02u%02u%02u\n", $y+1900,$m+1,$d,$H,$M,$S);' ${1} +} + +KEYDIR=keys/signing.test +KSK=`$KEYGEN -a RSASHA256 -K $KEYDIR -q -f KSK $zone` + +ZSK0=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK1=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK2=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK3=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK4=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK5=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK6=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK7=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK8=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` +ZSK9=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone` + +# clear all times on all keys +for FILEN in keys/signing.test/*.key +do + $SETTIME -P none -A none -R none -I none -D none $FILEN +done + +BASE=`date +%s` +BASET=`timetodnssec $BASE` + +# reset the publish and activation time on the KSK +$SETTIME -P $BASET -A $BASET $KEYDIR/$KSK + +# reset the publish and activation time on the first ZSK +$SETTIME -P $BASET -A $BASET $KEYDIR/$ZSK0 + +# schedule the first roll +R1=`expr $BASE + 50` +R1T=`timetodnssec $R1` + +$SETTIME -I $R1T $KEYDIR/$ZSK0 +$SETTIME -P $BASET -A $R1T $KEYDIR/$ZSK1 + +# schedule the second roll (which includes the delete of the first key) +R2=`expr $R1 + 50` +R2T=`timetodnssec $R2` +DT=$R2 +DTT=`timetodnssec $DT` + +$SETTIME -D $DTT $KEYDIR/$ZSK0 +$SETTIME -I $R2T $KEYDIR/$ZSK1 +$SETTIME -P $R1T -A $R2T $KEYDIR/$ZSK2 + +# schedule the third roll +R3=`expr $R2 + 25` +R3T=`timetodnssec $R3` + +$SETTIME -D $R3T $KEYDIR/$ZSK1 +$SETTIME -I $R3T $KEYDIR/$ZSK2 +$SETTIME -P $R2T -A $R3T $KEYDIR/$ZSK3 + +$SETTIME -P $R3T $KEYDIR/$ZSK4 + +echo KSK=$KSK +echo ZSK0=$ZSK0 +echo ZSK1=$ZSK1 +echo ZSK2=$ZSK2 +echo ZSK3=$ZSK3 +echo ZSK4=$ZSK4 + +exit + +# schedule the fourth roll +# this isn't long enough for the signing to complete and would result in +# duplicate signatures, see +# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/231#note_9597 +R4=`expr $R3 + 10` +R4T=`timetodnssec $R4` + +$SETTIME -D $R4T $KEYDIR/$ZSK2 +$SETTIME -I $R4T $KEYDIR/$ZSK3 +$SETTIME -P $R3T -A $R4T $KEYDIR/$ZSK4 |