591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt#!/bin/sh -e
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt#
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# Copyright (C) 2015, 2016 Internet Systems Consortium, Inc. ("ISC")
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt#
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# file, You can obtain one at http://mozilla.org/MPL/2.0/.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan HuntSYSTEMTESTTOP=../..
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt. $SYSTEMTESTTOP/conf.sh
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntzone=.
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntinfile=../ns1/root.db.in
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntzonefile=root.db.signed
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntkeyname=`$KEYGEN -r $RANDFILE -qfk $zone`
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt# copy the KSK out first, then revoke it
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntcat $keyname.key | grep -v '^; ' | $PERL -n -e '
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntlocal ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntlocal $key = join("", @rest);
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntprint <<EOF
591389c7d44e5ca20c357627dd179772cfefaaccEvan Huntmanaged-keys {
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt "$dn" initial-key $flags $proto $alg "$key";
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt};
591389c7d44e5ca20c357627dd179772cfefaaccEvan HuntEOF
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt' > revoked.conf
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt$SETTIME -R now ${keyname}.key > /dev/null
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt# create a current set of keys, and sign the root zone
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt$KEYGEN -r $RANDFILE -q $zone > /dev/null
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt$KEYGEN -r $RANDFILE -qfk $zone > /dev/null
591389c7d44e5ca20c357627dd179772cfefaaccEvan Hunt$SIGNER -S -r $RANDFILE -o $zone -f $zonefile $infile > /dev/null 2>&1