Sync usage with man page.
[netbsd-mini2440.git] / external / bsd / bind / dist / bin / tests / system / metadata / tests.sh
blob51af8cd084520b13219f52c37d2c1502e24b830d
1 #!/bin/sh
3 # Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
5 # Permission to use, copy, modify, and/or distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 # REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 # AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 # INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 # LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 # PERFORMANCE OF THIS SOFTWARE.
17 # Id: tests.sh,v 1.5 2009/12/02 17:54:45 each Exp
19 SYSTEMTESTTOP=..
20 . $SYSTEMTESTTOP/conf.sh
22 RANDFILE=./random.data
23 pzone=parent.nil pfile=parent.db
24 czone=child.parent.nil cfile=child.db
25 status=0
26 n=0
28 echo "I:setting key timers"
29 $SETTIME -A now+15s `cat rolling.key` > /dev/null
31 inact=`sed 's/^K'${czone}'.+005+0*//' < inact.key`
32 ksk=`sed 's/^K'${czone}'.+005+0*//' < ksk.key`
33 pending=`sed 's/^K'${czone}'.+005+0*//' < pending.key`
34 postrev=`sed 's/^K'${czone}'.+005+0*//' < postrev.key`
35 prerev=`sed 's/^K'${czone}'.+005+0*//' < prerev.key`
36 rolling=`sed 's/^K'${czone}'.+005+0*//' < rolling.key`
37 standby=`sed 's/^K'${czone}'.+005+0*//' < standby.key`
38 zsk=`sed 's/^K'${czone}'.+005+0*//' < zsk.key`
40 ../../../tools/genrandom 400 $RANDFILE
42 echo "I:signing zones"
43 $SIGNER -Sg -o $czone $cfile > /dev/null 2>&1
44 $SIGNER -Sg -o $pzone $pfile > /dev/null 2>&1
46 awk '$2 ~ /RRSIG/ {
47 type = $3;
48 getline;
49 id = $2;
50 if ($3 ~ /'${czone}'/) {
51 print type, id
53 }' < ${cfile}.signed > sigs
55 awk '$2 ~ /DNSKEY/ {
56 flags = $3;
57 while ($0 !~ /key id =/)
58 getline;
59 id = $6;
60 print flags, id;
61 }' < ${cfile}.signed > keys
63 echo "I:checking that KSK signed DNSKEY only ($n)"
64 ret=0
65 grep "DNSKEY $ksk"'$' sigs > /dev/null || ret=1
66 grep "SOA $ksk"'$' sigs > /dev/null && ret=1
67 n=`expr $n + 1`
68 if [ $ret != 0 ]; then echo "I:failed"; fi
69 status=`expr $status + $ret`
71 echo "I:checking that ZSK signed ($n)"
72 ret=0
73 grep "SOA $zsk"'$' sigs > /dev/null || ret=1
74 n=`expr $n + 1`
75 if [ $ret != 0 ]; then echo "I:failed"; fi
76 status=`expr $status + $ret`
78 echo "I:checking that standby ZSK did not sign ($n)"
79 ret=0
80 grep " $standby"'$' sigs > /dev/null && ret=1
81 n=`expr $n + 1`
82 if [ $ret != 0 ]; then echo "I:failed"; fi
83 status=`expr $status + $ret`
85 echo "I:checking that inactive key did not sign ($n)"
86 ret=0
87 grep " $inact"'$' sigs > /dev/null && ret=1
88 n=`expr $n + 1`
89 if [ $ret != 0 ]; then echo "I:failed"; fi
90 status=`expr $status + $ret`
92 echo "I:checking that pending key was not published ($n)"
93 ret=0
94 grep " $pending"'$' keys > /dev/null && ret=1
95 n=`expr $n + 1`
96 if [ $ret != 0 ]; then echo "I:failed"; fi
97 status=`expr $status + $ret`
99 echo "I:checking that standby KSK did not sign but is delegated ($n)"
100 ret=0
101 grep " $rolling"'$' sigs > /dev/null && ret=1
102 grep " $rolling"'$' keys > /dev/null || ret=1
103 egrep "DS[ ]*$rolling[ ]" ${pfile}.signed > /dev/null || ret=1
104 n=`expr $n + 1`
105 if [ $ret != 0 ]; then echo "I:failed"; fi
106 status=`expr $status + $ret`
108 echo "I:checking that key was revoked ($n)"
109 ret=0
110 grep " $prerev"'$' keys > /dev/null && ret=1
111 grep " $postrev"'$' keys > /dev/null || ret=1
112 n=`expr $n + 1`
113 if [ $ret != 0 ]; then echo "I:failed"; fi
114 status=`expr $status + $ret`
116 echo "I:checking that revoked key self-signed ($n)"
117 ret=0
118 grep "DNSKEY $postrev"'$' sigs > /dev/null || ret=1
119 grep "SOA $postrev"'$' sigs > /dev/null && ret=1
120 n=`expr $n + 1`
121 if [ $ret != 0 ]; then echo "I:failed"; fi
122 status=`expr $status + $ret`
124 echo "I:waiting 20 seconds for key changes to occur"
125 sleep 20
127 echo "I:re-signing zone"
128 $SIGNER -Sg -o $czone -f ${cfile}.new ${cfile}.signed > /dev/null 2>&1
130 echo "I:checking that standby KSK is now active ($n)"
131 ret=0
132 grep "DNSKEY $rolling"'$' sigs > /dev/null && ret=1
133 n=`expr $n + 1`
134 if [ $ret != 0 ]; then echo "I:failed"; fi
135 status=`expr $status + $ret`
137 echo "I:exit status: $status"
138 exit $status