inline/ns3/sign.sh

	sign.sh revision 0c27b3fe77ac1d5094ba3521e8142d9e7973133f
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews#!/bin/sh -e
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews#
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# Copyright (C) 2011-2014, 2016  Internet Systems Consortium, Inc. ("ISC")
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews#
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# file, You can obtain one at http://mozilla.org/MPL/2.0/.
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark AndrewsSYSTEMTESTTOP=../..
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews. $SYSTEMTESTTOP/conf.sh
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewszone=bits
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewsrm -f K${zone}.+*+*.key
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewsrm -f K${zone}.+*+*.private
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
b1c6de5456a5287b442de5620282902da39a4968Mark Andrews$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrews
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewszone=noixfr
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewsrm -f K${zone}.+*+*.key
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewsrm -f K${zone}.+*+*.private
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
9198ab377b1cbf07d6d0c6eec25296c135bd66bdMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
b1c6de5456a5287b442de5620282902da39a4968Mark Andrews$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
24ef32426d91c5140d75031b6443397c6d24006cMark Andrews
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewszone=master
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewsrm -f K${zone}.+*+*.key
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewsrm -f K${zone}.+*+*.private
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
24ef32426d91c5140d75031b6443397c6d24006cMark Andrews$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
24ef32426d91c5140d75031b6443397c6d24006cMark Andrews
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewszone=dynamic
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewsrm -f K${zone}.+*+*.key
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewsrm -f K${zone}.+*+*.private
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
24ef32426d91c5140d75031b6443397c6d24006cMark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
24ef32426d91c5140d75031b6443397c6d24006cMark Andrews$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
f30785f506a522ed6a5e394af2bb13b6f883927eEvan Hunt
f30785f506a522ed6a5e394af2bb13b6f883927eEvan Huntzone=updated
f30785f506a522ed6a5e394af2bb13b6f883927eEvan Huntrm -f K${zone}.+*+*.key
f30785f506a522ed6a5e394af2bb13b6f883927eEvan Huntrm -f K${zone}.+*+*.private
f30785f506a522ed6a5e394af2bb13b6f883927eEvan Huntkeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
f30785f506a522ed6a5e394af2bb13b6f883927eEvan Huntkeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
f30785f506a522ed6a5e394af2bb13b6f883927eEvan Hunt$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
f30785f506a522ed6a5e394af2bb13b6f883927eEvan Hunt$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
f30785f506a522ed6a5e394af2bb13b6f883927eEvan Huntcp master2.db.in updated.db
9a020198893d8389f1f3172d88ba6b16d7da3c04Evan Hunt
9a020198893d8389f1f3172d88ba6b16d7da3c04Evan Hunt# signatures are expired and should be regenerated on startup
9a020198893d8389f1f3172d88ba6b16d7da3c04Evan Huntzone=expired
9a020198893d8389f1f3172d88ba6b16d7da3c04Evan Huntrm -f K${zone}.+*+*.key
9a020198893d8389f1f3172d88ba6b16d7da3c04Evan Huntrm -f K${zone}.+*+*.private
9a020198893d8389f1f3172d88ba6b16d7da3c04Evan Huntkeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
9a020198893d8389f1f3172d88ba6b16d7da3c04Evan Huntkeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
9a020198893d8389f1f3172d88ba6b16d7da3c04Evan Hunt$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
9a020198893d8389f1f3172d88ba6b16d7da3c04Evan Hunt$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
1864400107f7dc21e1797d602ab1f8523f599df9Mark Andrews
1864400107f7dc21e1797d602ab1f8523f599df9Mark Andrewszone=retransfer
1864400107f7dc21e1797d602ab1f8523f599df9Mark Andrewsrm -f K${zone}.+*+*.key
1864400107f7dc21e1797d602ab1f8523f599df9Mark Andrewsrm -f K${zone}.+*+*.private
1864400107f7dc21e1797d602ab1f8523f599df9Mark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
1864400107f7dc21e1797d602ab1f8523f599df9Mark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
1864400107f7dc21e1797d602ab1f8523f599df9Mark Andrews$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Hunt
d1e22676de16e6dee54c58b27cca11c5fb8f1ff5Mark Andrewszone=nsec3
d1e22676de16e6dee54c58b27cca11c5fb8f1ff5Mark Andrewsrm -f K${zone}.+*+*.key
d1e22676de16e6dee54c58b27cca11c5fb8f1ff5Mark Andrewsrm -f K${zone}.+*+*.private
d1e22676de16e6dee54c58b27cca11c5fb8f1ff5Mark Andrewskeyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
d1e22676de16e6dee54c58b27cca11c5fb8f1ff5Mark Andrews$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
d1e22676de16e6dee54c58b27cca11c5fb8f1ff5Mark Andrews
8009525601d946805fae58b037cf7dad0da516f8Curtis Blackburnzone=retransfer3
8009525601d946805fae58b037cf7dad0da516f8Curtis Blackburnrm -f K${zone}.+*+*.key
8009525601d946805fae58b037cf7dad0da516f8Curtis Blackburnrm -f K${zone}.+*+*.private
8009525601d946805fae58b037cf7dad0da516f8Curtis Blackburnkeyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
8009525601d946805fae58b037cf7dad0da516f8Curtis Blackburnkeyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
8009525601d946805fae58b037cf7dad0da516f8Curtis Blackburn$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
8009525601d946805fae58b037cf7dad0da516f8Curtis Blackburn
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Huntfor s in a c d h k l m q z
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Huntdo
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Hunt    zone=test-$s
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Hunt    keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Huntdone
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Hunt
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Huntfor s in b f i o p t v
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Huntdo
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Hunt    zone=test-$s
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Hunt    keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Hunt    keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -f KSK $zone`
927e4c9fecf448bf3894c68fcaf9dc2f89557f3aEvan Huntdone
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrewszone=externalkey
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrewsrm -f K${zone}.+*+*.key
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrewsrm -f K${zone}.+*+*.private
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Huntfor alg in ECCGOST ECDSAP256SHA256 NSEC3RSASHA1 DSA
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrewsdo
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt    case $alg in
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt        DSA)
60988462e5d6db53205851d056e3482a29239be9Evan Hunt            $SHELL ../checkdsa.sh 2> /dev/null || continue
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            checkfile=../checkdsa
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            touch $checkfile ;;
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt        ECCGOST)
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            fail=0
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            $KEYGEN -q -r $RANDFILE -a eccgost test > /dev/null 2>&1 || fail=1
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            rm -f Ktest*
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            [ $fail != 0 ] && continue
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            checkfile=../checkgost
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            touch $checkfile ;;
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt        ECDSAP256SHA256)
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            fail=0
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            $KEYGEN -q -r $RANDFILE -a ecdsap256sha256 test > /dev/null 2>&1 || fail=1
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            rm -f Ktest*
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            [ $fail != 0 ] && continue
60988462e5d6db53205851d056e3482a29239be9Evan Hunt            $SHELL ../checkdsa.sh 2> /dev/null || continue
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            checkfile=../checkecdsa
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt            touch $checkfile ;;
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt        *) ;;
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt    esac
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt    k1=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone`
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt    k2=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone`
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt    k3=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone $zone`
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt    k4=`$KEYGEN -q -r $RANDFILE -a $alg -b 1024 -n zone -f KSK $zone`
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt    $DSFROMKEY -T 1200 $k4 >> ../ns1/root.db
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt    # Convert k1 and k2 in to External Keys.
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt    rm -f $k1.private
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt    mv $k1.key a-file
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt    $IMPORTKEY -P now -D now+3600 -f a-file $zone > /dev/null 2>&1 ||
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt        ( echo "importkey failed: $alg"; rm -f $checkfile )
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt    rm -f $k2.private
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt    mv $k2.key a-file
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt    $IMPORTKEY -f a-file $zone > /dev/null 2>&1 ||
12bf5d4796505b4c20680531da96a31e6c2c1144Evan Hunt        ( echo "importkey failed: $alg"; rm -f $checkfile )
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrewsdone