3 # Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
5 # Permission to use, copy, modify, and/or distribute this software for any
6 # purpose with or without fee is hereby granted, provided that the above
7 # copyright notice and this permission notice appear in all copies.
9 # THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 # REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 # AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 # INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 # LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 # PERFORMANCE OF THIS SOFTWARE.
17 # Id: tests.sh,v 1.5 2009/12/02 17:54:45 each Exp
20 .
$SYSTEMTESTTOP/conf.sh
22 RANDFILE
=.
/random.data
23 pzone
=parent.nil pfile
=parent.db
24 czone
=child.parent.nil cfile
=child.db
28 echo "I:setting key timers"
29 $SETTIME -A now
+15s
`cat rolling.key` > /dev
/null
31 inact
=`sed 's/^K'${czone}'.+005+0*//' < inact.key`
32 ksk
=`sed 's/^K'${czone}'.+005+0*//' < ksk.key`
33 pending
=`sed 's/^K'${czone}'.+005+0*//' < pending.key`
34 postrev
=`sed 's/^K'${czone}'.+005+0*//' < postrev.key`
35 prerev
=`sed 's/^K'${czone}'.+005+0*//' < prerev.key`
36 rolling
=`sed 's/^K'${czone}'.+005+0*//' < rolling.key`
37 standby
=`sed 's/^K'${czone}'.+005+0*//' < standby.key`
38 zsk
=`sed 's/^K'${czone}'.+005+0*//' < zsk.key`
40 ..
/..
/..
/tools
/genrandom
400 $RANDFILE
42 echo "I:signing zones"
43 $SIGNER -Sg -o $czone $cfile > /dev
/null
2>&1
44 $SIGNER -Sg -o $pzone $pfile > /dev
/null
2>&1
50 if ($3 ~ /'${czone}'/) {
53 }' < ${cfile}.signed
> sigs
57 while ($0 !~ /key id =/)
61 }' < ${cfile}.signed
> keys
63 echo "I:checking that KSK signed DNSKEY only ($n)"
65 grep "DNSKEY $ksk"'$' sigs
> /dev
/null || ret
=1
66 grep "SOA $ksk"'$' sigs
> /dev
/null
&& ret
=1
68 if [ $ret != 0 ]; then echo "I:failed"; fi
69 status
=`expr $status + $ret`
71 echo "I:checking that ZSK signed ($n)"
73 grep "SOA $zsk"'$' sigs
> /dev
/null || ret
=1
75 if [ $ret != 0 ]; then echo "I:failed"; fi
76 status
=`expr $status + $ret`
78 echo "I:checking that standby ZSK did not sign ($n)"
80 grep " $standby"'$' sigs
> /dev
/null
&& ret
=1
82 if [ $ret != 0 ]; then echo "I:failed"; fi
83 status
=`expr $status + $ret`
85 echo "I:checking that inactive key did not sign ($n)"
87 grep " $inact"'$' sigs
> /dev
/null
&& ret
=1
89 if [ $ret != 0 ]; then echo "I:failed"; fi
90 status
=`expr $status + $ret`
92 echo "I:checking that pending key was not published ($n)"
94 grep " $pending"'$' keys
> /dev
/null
&& ret
=1
96 if [ $ret != 0 ]; then echo "I:failed"; fi
97 status
=`expr $status + $ret`
99 echo "I:checking that standby KSK did not sign but is delegated ($n)"
101 grep " $rolling"'$' sigs
> /dev
/null
&& ret
=1
102 grep " $rolling"'$' keys
> /dev
/null || ret
=1
103 egrep "DS[ ]*$rolling[ ]" ${pfile}.signed
> /dev
/null || ret
=1
105 if [ $ret != 0 ]; then echo "I:failed"; fi
106 status
=`expr $status + $ret`
108 echo "I:checking that key was revoked ($n)"
110 grep " $prerev"'$' keys
> /dev
/null
&& ret
=1
111 grep " $postrev"'$' keys
> /dev
/null || ret
=1
113 if [ $ret != 0 ]; then echo "I:failed"; fi
114 status
=`expr $status + $ret`
116 echo "I:checking that revoked key self-signed ($n)"
118 grep "DNSKEY $postrev"'$' sigs
> /dev
/null || ret
=1
119 grep "SOA $postrev"'$' sigs
> /dev
/null
&& ret
=1
121 if [ $ret != 0 ]; then echo "I:failed"; fi
122 status
=`expr $status + $ret`
124 echo "I:waiting 20 seconds for key changes to occur"
127 echo "I:re-signing zone"
128 $SIGNER -Sg -o $czone -f ${cfile}.new
${cfile}.signed
> /dev
/null
2>&1
130 echo "I:checking that standby KSK is now active ($n)"
132 grep "DNSKEY $rolling"'$' sigs
> /dev
/null
&& ret
=1
134 if [ $ret != 0 ]; then echo "I:failed"; fi
135 status
=`expr $status + $ret`
137 echo "I:exit status: $status"
