summaryrefslogtreecommitdiffstats
path: root/bin/tests/system/mkeys/ns1/sign.sh
blob: 626e18f77683433b8872a1079562f3f9f3e8dc6c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93

#!/bin/sh -e

# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0.  If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.

. ../../conf.sh

zone=sub.tld
zonefile=sub.tld.db

keyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -qfk $zone)
zskkeyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -q $zone)

$SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null
keyfile_to_initial_ds $keyname > island.conf
cp island.conf ../ns5/island.conf

zone=tld
zonefile=tld.db

keyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -qfk $zone)
zskkeyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -q $zone)

$SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null

zone=.
zonefile=root.db

keyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -qfk $zone)
zskkeyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -q $zone)

$SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null

# Configure the resolving server with an initializing key.
keyfile_to_initial_ds $keyname > managed.conf
cp managed.conf ../ns2/managed.conf
cp managed.conf ../ns4/managed.conf
cp managed.conf ../ns5/managed.conf

# Configure broken trust anchor for ns3
# Rotate each nibble in the digest by -1
$DSFROMKEY $keyname.key |
awk '!/^; /{
            printf "trust-anchors {\n"
            printf "\t\""$1"\" initial-ds "
            printf $4 " " $5 " " $6 " \""
            for (i=7; i<=NF; i++) {
		# rotate digest
		digest=$i
		gsub("0", ":", digest)
		gsub("1", "0", digest)
		gsub("2", "1", digest)
		gsub("3", "2", digest)
		gsub("4", "3", digest)
		gsub("5", "4", digest)
		gsub("6", "5", digest)
		gsub("7", "6", digest)
		gsub("8", "7", digest)
		gsub("9", "8", digest)
		gsub("A", "9", digest)
		gsub("B", "A", digest)
		gsub("C", "B", digest)
		gsub("D", "C", digest)
		gsub("E", "D", digest)
		gsub("F", "E", digest)
		gsub(":", "F", digest)
		printf digest
	    }
	    printf "\";\n"
	    printf "};\n"
	}' > ../ns3/broken.conf

# Configure a static key to be used by delv.
keyfile_to_static_ds $keyname > trusted.conf

# Prepare an unsupported algorithm key.
unsupportedkey=Kunknown.+255+00000
cp unsupported.key "${unsupportedkey}.key"

#
#  Save keyname and keyid for managed key id test.
#
echo "$keyname" > managed.key
echo "$zskkeyname" > zone.key
keyfile_to_key_id $keyname > managed.key.id
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-04 02:33:26 +0000