diff options
Diffstat (limited to '')
-rw-r--r-- | bin/tests/system/keymgr/tests.sh | 146 |
1 files changed, 146 insertions, 0 deletions
diff --git a/bin/tests/system/keymgr/tests.sh b/bin/tests/system/keymgr/tests.sh new file mode 100644 index 0000000..667277f --- /dev/null +++ b/bin/tests/system/keymgr/tests.sh @@ -0,0 +1,146 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +SYSTEMTESTTOP=.. +. $SYSTEMTESTTOP/conf.sh + +status=0 +n=1 + +matchall () { + match_result=ok + file=$1 + while IFS="," read expect matchline; do + [ -z "$matchline" ] && continue + matches=`grep "$matchline" $file | wc -l` + [ "$matches" -ne "$expect" ] && { + echo "'$matchline': expected $expect found $matches" + return 1 + } + done << EOF + $2 +EOF + return 0 +} + +echo_i "checking for DNSSEC key coverage issues" +ret=0 +for dir in [0-9][0-9]-*; do + ret=0 + echo_i "$dir ($n)" + kargs= cargs= kmatch= cmatch= kret= cret=0 warn= error= ok= + . $dir/expect + + # use policy.conf if available + policy="" + if [ -e "$dir/policy.conf" ]; then + policy="-c $dir/policy.conf" + if grep -e "-c policy.conf" $dir/expect > /dev/null + then + echo_i "fix $dir/expect: multiple policy files" + ret=1 + fi + else + policy="-c policy.conf" + fi + + # run keymgr to update keys + if [ "$CYGWIN" ]; then + $KEYMGR $policy -K $dir -g `cygpath -w $KEYGEN` \ + -s `cygpath -w $SETTIME` $kargs > keymgr.$n 2>&1 + else + $KEYMGR $policy -K $dir -g $KEYGEN \ + -s $SETTIME $kargs > keymgr.$n 2>&1 + fi + # check that return code matches expectations + found=$? + if [ $found -ne $kret ]; then + echo "keymgr retcode was $found expected $kret" + ret=1 + fi + + # check for matches in keymgr output + matchall keymgr.$n "$kmatch" || ret=1 + + # now check coverage + $COVERAGE -K $dir $cargs > coverage.$n 2>&1 + # check that return code matches expectations + found=$? + if [ $found -ne $cret ]; then + echo "coverage retcode was $found expected $cret" + ret=1 + fi + + # check for correct number of errors + found=`grep ERROR coverage.$n | wc -l` + if [ $found -ne $error ]; then + echo "error count was $found expected $error" + ret=1 + fi + + # check for correct number of warnings + found=`grep WARNING coverage.$n | wc -l` + if [ $found -ne $warn ]; then + echo "warning count was $found expected $warn" + ret=1 + fi + + # check for correct number of OKs + found=`grep "No errors found" coverage.$n | wc -l` + if [ $found -ne $ok ]; then + echo "good count was $found expected $ok" + ret=1 + fi + + # check for matches in coverage output + matchall coverage.$n "$cmatch" || ret=1 + + if [ -f $dir/extra.sh ]; then + cd $dir + . ./extra.sh + cd .. + fi + + n=`expr $n + 1` + if [ $ret != 0 ]; then echo_i "failed"; fi + status=`expr $status + $ret` +done + +echo_i "checking domains ending in . ($n)" +ret=0 +$KEYMGR -g $KEYGEN -s $SETTIME . > keymgr.1.$n 2>&1 +nkeys=`grep dnssec-keygen keymgr.1.$n | wc -l` +[ "$nkeys" -eq 2 ] || ret=1 +$KEYMGR -g $KEYGEN -s $SETTIME . > keymgr.2.$n 2>&1 +nkeys=`grep dnssec-keygen keymgr.2.$n | wc -l` +[ "$nkeys" -eq 0 ] || ret=1 +$KEYMGR -g $KEYGEN -s $SETTIME example.com. > keymgr.3.$n 2>&1 +nkeys=`grep dnssec-keygen keymgr.3.$n | wc -l` +[ "$nkeys" -eq 2 ] || ret=1 +$KEYMGR -g $KEYGEN -s $SETTIME example.com. > keymgr.4.$n 2>&1 +nkeys=`grep dnssec-keygen keymgr.4.$n | wc -l` +[ "$nkeys" -eq 0 ] || ret=1 +status=`expr $status + $ret` +n=`expr $n + 1` + +echo_i "checking policy.conf parser ($n)" +ret=0 +PYTHONPATH="../../../python:$PYTHONPATH" ${PYTHON} testpolicy.py policy.sample > policy.out +$DOS2UNIX policy.out > /dev/null 2>&1 +cmp -s policy.good policy.out || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` +n=`expr $n + 1` + +echo_i "exit status: $status" +[ $status -eq 0 ] || exit 1 |