diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:59:48 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 15:59:48 +0000 |
| commit | 3b9b6d0b8e7f798023c9d109c490449d528fde80 (patch) | |
| tree | 2e1c188dd7b8d7475cd163de9ae02c428343669b /bin/tests/system/tkey/tests.sh | |
| parent | Initial commit. (diff) | |
| download | bind9-3b9b6d0b8e7f798023c9d109c490449d528fde80.tar.xz bind9-3b9b6d0b8e7f798023c9d109c490449d528fde80.zip | |
Adding upstream version 1:9.18.19.upstream/1%9.18.19upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'bin/tests/system/tkey/tests.sh')
| -rw-r--r-- | bin/tests/system/tkey/tests.sh | 163 |
1 files changed, 163 insertions, 0 deletions
diff --git a/bin/tests/system/tkey/tests.sh b/bin/tests/system/tkey/tests.sh new file mode 100644 index 0000000..864542f --- /dev/null +++ b/bin/tests/system/tkey/tests.sh @@ -0,0 +1,163 @@ +#!/bin/sh + +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +set -e + +. ../conf.sh + +dig_with_opts() { + "$DIG" @10.53.0.1 -p "$PORT" "$@" +} + +status=0 +n=1 + +echo_i "generating new DH key ($n)" +ret=0 +dhkeyname=$($KEYGEN -T KEY -a DH -b 768 -n host client) || ret=1 +if [ $ret != 0 ]; then + echo_i "failed" + status=$((status+ret)) + echo_i "exit status: $status" + exit $status +fi +status=$((status+ret)) +n=$((n+1)) + +for owner in . foo.example. +do + echo_i "creating new key using owner name \"$owner\" ($n)" + ret=0 + keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" $owner) || ret=1 + if [ $ret != 0 ]; then + echo_i "failed" + status=$((status+ret)) + echo_i "exit status: $status" + exit $status + fi + status=$((status+ret)) + n=$((n+1)) + + echo_i "checking the new key ($n)" + ret=0 + dig_with_opts txt txt.example -k "$keyname" > dig.out.test$n || ret=1 + grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 + grep "TSIG.*hmac-md5.*NOERROR" dig.out.test$n > /dev/null || ret=1 + grep "Some TSIG could not be validated" dig.out.test$n > /dev/null && ret=1 + if [ $ret != 0 ]; then + echo_i "failed" + fi + status=$((status+ret)) + n=$((n+1)) + + echo_i "deleting new key ($n)" + ret=0 + $KEYDELETE 10.53.0.1 "$PORT" "$keyname" || ret=1 + if [ $ret != 0 ]; then + echo_i "failed" + fi + status=$((status+ret)) + n=$((n+1)) + + echo_i "checking that new key has been deleted ($n)" + ret=0 + dig_with_opts txt txt.example -k "$keyname" > dig.out.test$n || ret=1 + grep "status: NOERROR" dig.out.test$n > /dev/null && ret=1 + grep "TSIG.*hmac-md5.*NOERROR" dig.out.test$n > /dev/null && ret=1 + grep "Some TSIG could not be validated" dig.out.test$n > /dev/null || ret=1 + if [ $ret != 0 ]; then + echo_i "failed" + fi + status=$((status+ret)) + n=$((n+1)) +done + +echo_i "creating new key using owner name bar.example. ($n)" +ret=0 +keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" bar.example.) || ret=1 +if [ $ret != 0 ]; then + echo_i "failed" + status=$((status+ret)) + echo_i "exit status: $status" + exit $status +fi +status=$((status+ret)) +n=$((n+1)) + +echo_i "checking the key with 'rndc tsig-list' ($n)" +ret=0 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-list > rndc.out.test$n +grep "key \"bar.example.server" rndc.out.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then + echo_i "failed" +fi +status=$((status+ret)) +n=$((n+1)) + +echo_i "using key in a request ($n)" +ret=0 +dig_with_opts -k "$keyname" txt.example txt > dig.out.test$n || ret=1 +grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then + echo_i "failed" +fi +status=$((status+ret)) +n=$((n+1)) + +echo_i "deleting the key with 'rndc tsig-delete' ($n)" +ret=0 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-delete bar.example.server > /dev/null || ret=1 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-list > rndc.out.test$n +grep "key \"bar.example.server" rndc.out.test$n > /dev/null && ret=1 +dig_with_opts -k "$keyname" txt.example txt > dig.out.test$n || ret=1 +grep "TSIG could not be validated" dig.out.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then + echo_i "failed" +fi +status=$((status+ret)) +n=$((n+1)) + +echo_i "recreating the bar.example. key ($n)" +ret=0 +keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" bar.example.) || ret=1 +if [ $ret != 0 ]; then + echo_i "failed" + status=$((status+ret)) + echo_i "exit status: $status" + exit $status +fi +status=$((status+ret)) +n=$((n+1)) + +echo_i "checking the new key with 'rndc tsig-list' ($n)" +ret=0 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-list > rndc.out.test$n +grep "key \"bar.example.server" rndc.out.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then + echo_i "failed" +fi +status=$((status+ret)) +n=$((n+1)) + +echo_i "using the new key in a request ($n)" +ret=0 +dig_with_opts -k "$keyname" txt.example txt > dig.out.test$n || ret=1 +grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 +if [ $ret != 0 ]; then + echo_i "failed" +fi +status=$((status+ret)) +n=$((n+1)) + +echo_i "exit status: $status" +[ $status -eq 0 ] || exit 1 |