summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/dupsigs/ns1
diff options
context:
space:
mode:
Diffstat (limited to 'bin/tests/system/dupsigs/ns1')
-rw-r--r--bin/tests/system/dupsigs/ns1/named.args1
-rw-r--r--bin/tests/system/dupsigs/ns1/named.conf.in33
-rw-r--r--bin/tests/system/dupsigs/ns1/reset_keys.sh100
-rw-r--r--bin/tests/system/dupsigs/ns1/signing.test.db.in18
4 files changed, 152 insertions, 0 deletions
diff --git a/bin/tests/system/dupsigs/ns1/named.args b/bin/tests/system/dupsigs/ns1/named.args
new file mode 100644
index 0000000..231eed4
--- /dev/null
+++ b/bin/tests/system/dupsigs/ns1/named.args
@@ -0,0 +1 @@
+-D dupsigs-ns1 -X named.lock -m record,size,mctx -c named.conf -d 99 -g -U 4 -T maxcachesize=2097152 -T sigvalinsecs
diff --git a/bin/tests/system/dupsigs/ns1/named.conf.in b/bin/tests/system/dupsigs/ns1/named.conf.in
new file mode 100644
index 0000000..494ecfb
--- /dev/null
+++ b/bin/tests/system/dupsigs/ns1/named.conf.in
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+ recursion no;
+ max-journal-size unlimited;
+ port @PORT@;
+ listen-on { 10.53.0.1; };
+ listen-on-v6 { none; };
+ pid-file "named.pid";
+};
+
+zone "signing.test" {
+ type primary;
+ masterfile-format text;
+ allow-update { any; };
+ file "signing.test.db";
+ update-check-ksk yes;
+ key-directory "keys/signing.test";
+ inline-signing yes;
+ auto-dnssec maintain;
+ sig-validity-interval 20 5;
+};
diff --git a/bin/tests/system/dupsigs/ns1/reset_keys.sh b/bin/tests/system/dupsigs/ns1/reset_keys.sh
new file mode 100644
index 0000000..4faa0bb
--- /dev/null
+++ b/bin/tests/system/dupsigs/ns1/reset_keys.sh
@@ -0,0 +1,100 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+zone=signing.test
+rm -rf keys/signing.test
+mkdir -p keys/signing.test
+
+timetodnssec() {
+ $PERL -e 'my ($S,$M,$H,$d,$m,$y,$x) = gmtime(@ARGV[0]);
+ printf("%04u%02u%02u%02u%02u%02u\n", $y+1900,$m+1,$d,$H,$M,$S);' ${1}
+}
+
+KEYDIR=keys/signing.test
+KSK=`$KEYGEN -a RSASHA256 -K $KEYDIR -q -f KSK $zone`
+
+ZSK0=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK1=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK2=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK3=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK4=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK5=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK6=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK7=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK8=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+ZSK9=`$KEYGEN -a RSASHA256 -K $KEYDIR -q $zone`
+
+# clear all times on all keys
+for FILEN in keys/signing.test/*.key
+do
+ $SETTIME -P none -A none -R none -I none -D none $FILEN
+done
+
+BASE=`date +%s`
+BASET=`timetodnssec $BASE`
+
+# reset the publish and activation time on the KSK
+$SETTIME -P $BASET -A $BASET $KEYDIR/$KSK
+
+# reset the publish and activation time on the first ZSK
+$SETTIME -P $BASET -A $BASET $KEYDIR/$ZSK0
+
+# schedule the first roll
+R1=`expr $BASE + 50`
+R1T=`timetodnssec $R1`
+
+$SETTIME -I $R1T $KEYDIR/$ZSK0
+$SETTIME -P $BASET -A $R1T $KEYDIR/$ZSK1
+
+# schedule the second roll (which includes the delete of the first key)
+R2=`expr $R1 + 50`
+R2T=`timetodnssec $R2`
+DT=$R2
+DTT=`timetodnssec $DT`
+
+$SETTIME -D $DTT $KEYDIR/$ZSK0
+$SETTIME -I $R2T $KEYDIR/$ZSK1
+$SETTIME -P $R1T -A $R2T $KEYDIR/$ZSK2
+
+# schedule the third roll
+R3=`expr $R2 + 25`
+R3T=`timetodnssec $R3`
+
+$SETTIME -D $R3T $KEYDIR/$ZSK1
+$SETTIME -I $R3T $KEYDIR/$ZSK2
+$SETTIME -P $R2T -A $R3T $KEYDIR/$ZSK3
+
+$SETTIME -P $R3T $KEYDIR/$ZSK4
+
+echo KSK=$KSK
+echo ZSK0=$ZSK0
+echo ZSK1=$ZSK1
+echo ZSK2=$ZSK2
+echo ZSK3=$ZSK3
+echo ZSK4=$ZSK4
+
+exit
+
+# schedule the fourth roll
+# this isn't long enough for the signing to complete and would result in
+# duplicate signatures, see
+# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/231#note_9597
+R4=`expr $R3 + 10`
+R4T=`timetodnssec $R4`
+
+$SETTIME -D $R4T $KEYDIR/$ZSK2
+$SETTIME -I $R4T $KEYDIR/$ZSK3
+$SETTIME -P $R3T -A $R4T $KEYDIR/$ZSK4
diff --git a/bin/tests/system/dupsigs/ns1/signing.test.db.in b/bin/tests/system/dupsigs/ns1/signing.test.db.in
new file mode 100644
index 0000000..b522b6f
--- /dev/null
+++ b/bin/tests/system/dupsigs/ns1/signing.test.db.in
@@ -0,0 +1,18 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; SPDX-License-Identifier: MPL-2.0
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, you can obtain one at https://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 3600
+@ IN SOA ns root.ns 1996072700 3600 1800 86400 60
+@ NS ns
+ns A 127.0.0.1
+ns AAAA ::1
+
+$GENERATE 0-499 a${0,4,d} AAAA ::$