diff options
Diffstat (limited to 'bin/tests/system/verify/tests.sh')
| -rw-r--r-- | bin/tests/system/verify/tests.sh | 148 |
1 files changed, 73 insertions, 75 deletions
diff --git a/bin/tests/system/verify/tests.sh b/bin/tests/system/verify/tests.sh index d40780a..4084339 100644 --- a/bin/tests/system/verify/tests.sh +++ b/bin/tests/system/verify/tests.sh @@ -14,99 +14,97 @@ set -e . ../conf.sh -failed () { - cat verify.out.$n | sed 's/^/D:/'; - echo_i "failed"; - status=1; +failed() { + cat verify.out.$n | sed 's/^/D:/' + echo_i "failed" + status=1 } n=0 status=0 -for file in zones/*.good -do - n=$((n + 1)) - zone=$(expr "$file" : 'zones/\(.*\).good') - echo_i "checking supposedly good zone: $zone ($n)" - ret=0 - case $zone in - zsk-only.*) only=-z;; - ksk-only.*) only=-z;; - *) only=;; - esac - $VERIFY ${only} -o $zone $file > verify.out.$n 2>&1 || ret=1 - [ $ret = 0 ] || failed +for file in zones/*.good; do + n=$((n + 1)) + zone=$(expr "$file" : 'zones/\(.*\).good') + echo_i "checking supposedly good zone: $zone ($n)" + ret=0 + case $zone in + zsk-only.*) only=-z ;; + ksk-only.*) only=-z ;; + *) only= ;; + esac + $VERIFY ${only} -o $zone $file >verify.out.$n 2>&1 || ret=1 + [ $ret = 0 ] || failed done -for file in zones/*.bad -do - n=$((n + 1)) - zone=$(expr "$file" : 'zones/\(.*\).bad') - echo_i "checking supposedly bad zone: $zone ($n)" - ret=0 - dumpit=0 - case $zone in - zsk-only.*) only=-z;; - ksk-only.*) only=-z;; - *) only=;; - esac - expect1= expect2= - case $zone in - *.dnskeyonly) - expect1="DNSKEY is not signed" - ;; - *.expired) - expect1="signature has expired" - expect2="No self-signed .*DNSKEY found" - ;; - *.ksk-expired) - expect1="signature has expired" - expect2="No self-signed .*DNSKEY found" - ;; - *.out-of-zone-nsec|*.below-bottom-of-zone-nsec|*.below-dname-nsec) - expect1="unexpected NSEC RRset at" - ;; - *.nsec.broken-chain) - expect1="Bad NSEC record for.*, next name mismatch" - ;; - *.bad-bitmap) - expect1="bit map mismatch" - ;; - *.missing-empty) - expect1="Missing NSEC3 record for"; - ;; - unsigned) - expect1="Zone contains no DNSSEC keys" - ;; - *.extra-nsec3) - expect1="Expected and found NSEC3 chains not equal"; - ;; - *) - dumpit=1 - ;; - esac - $VERIFY ${only} -o $zone $file > verify.out.$n 2>&1 && ret=1 - grep "${expect1:-.}" verify.out.$n > /dev/null || ret=1 - grep "${expect2:-.}" verify.out.$n > /dev/null || ret=1 - [ $ret = 0 ] || failed - [ $dumpit = 1 ] && cat verify.out.$n +for file in zones/*.bad; do + n=$((n + 1)) + zone=$(expr "$file" : 'zones/\(.*\).bad') + echo_i "checking supposedly bad zone: $zone ($n)" + ret=0 + dumpit=0 + case $zone in + zsk-only.*) only=-z ;; + ksk-only.*) only=-z ;; + *) only= ;; + esac + expect1= expect2= + case $zone in + *.dnskeyonly) + expect1="DNSKEY is not signed" + ;; + *.expired) + expect1="signature has expired" + expect2="No self-signed .*DNSKEY found" + ;; + *.ksk-expired) + expect1="signature has expired" + expect2="No self-signed .*DNSKEY found" + ;; + *.out-of-zone-nsec | *.below-bottom-of-zone-nsec | *.below-dname-nsec) + expect1="unexpected NSEC RRset at" + ;; + *.nsec.broken-chain) + expect1="Bad NSEC record for.*, next name mismatch" + ;; + *.bad-bitmap) + expect1="bit map mismatch" + ;; + *.missing-empty) + expect1="Missing NSEC3 record for" + ;; + unsigned) + expect1="Zone contains no DNSSEC keys" + ;; + *.extra-nsec3) + expect1="Expected and found NSEC3 chains not equal" + ;; + *) + dumpit=1 + ;; + esac + $VERIFY ${only} -o $zone $file >verify.out.$n 2>&1 && ret=1 + grep "${expect1:-.}" verify.out.$n >/dev/null || ret=1 + grep "${expect2:-.}" verify.out.$n >/dev/null || ret=1 + [ $ret = 0 ] || failed + [ $dumpit = 1 ] && cat verify.out.$n done n=$((n + 1)) echo_i "checking error message when -o is not used and a SOA record not at top of zone is found ($n)" ret=0 # When -o is not used, origin is set to zone file name, which should cause an error in this case -$VERIFY zones/ksk+zsk.nsec.good > verify.out.$n 2>&1 && ret=1 -grep "not at top of zone" verify.out.$n > /dev/null || ret=1 -grep "use -o to specify a different zone origin" verify.out.$n > /dev/null || ret=1 +$VERIFY zones/ksk+zsk.nsec.good >verify.out.$n 2>&1 && ret=1 +grep "not at top of zone" verify.out.$n >/dev/null || ret=1 +grep "use -o to specify a different zone origin" verify.out.$n >/dev/null || ret=1 [ $ret = 0 ] || failed n=$((n + 1)) echo_i "checking error message when an invalid -o is specified and a SOA record not at top of zone is found ($n)" ret=0 -$VERIFY -o invalid.origin zones/ksk+zsk.nsec.good > verify.out.$n 2>&1 && ret=1 -grep "not at top of zone" verify.out.$n > /dev/null || ret=1 -grep "use -o to specify a different zone origin" verify.out.$n > /dev/null && ret=1 +$VERIFY -o invalid.origin zones/ksk+zsk.nsec.good >verify.out.$n 2>&1 && ret=1 +grep "not at top of zone" verify.out.$n >/dev/null || ret=1 +grep "use -o to specify a different zone origin" verify.out.$n >/dev/null && ret=1 [ $ret = 0 ] || failed echo_i "exit status: $status" |