f3df966b81ba3d3db8412d8787af60ca05d3fce5Tinderbox User# Copyright (C) 2009, 2011-2014, 2016, 2017 Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews# file, You can obtain one at http://mozilla.org/MPL/2.0/.
b47c020d5c635b662ac57e5485d266fd62c796c0Evan Hunt# $Id: tests.sh,v 1.9 2011/07/08 01:43:26 each Exp $
095810f8cb710e0211c7db084191c2cad8e3c4c9Evan Huntecho "I:setting key timers"
b47c020d5c635b662ac57e5485d266fd62c796c0Evan Huntinact=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < inact.key`
b47c020d5c635b662ac57e5485d266fd62c796c0Evan Huntksk=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < ksk.key`
b47c020d5c635b662ac57e5485d266fd62c796c0Evan Huntpending=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < pending.key`
b47c020d5c635b662ac57e5485d266fd62c796c0Evan Huntpostrev=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < postrev.key`
b47c020d5c635b662ac57e5485d266fd62c796c0Evan Huntprerev=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < prerev.key`
b47c020d5c635b662ac57e5485d266fd62c796c0Evan Huntrolling=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < rolling.key`
b47c020d5c635b662ac57e5485d266fd62c796c0Evan Huntstandby=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < standby.key`
b47c020d5c635b662ac57e5485d266fd62c796c0Evan Huntzsk=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < zsk.key`
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntecho "I:signing zones"
6a4d6e3379f891a532d16c1c1d822676de26905cEvan Hunt print type, id
6a4d6e3379f891a532d16c1c1d822676de26905cEvan Hunt while ($0 !~ /key id =/)
6a4d6e3379f891a532d16c1c1d822676de26905cEvan Hunt print flags, id;
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntecho "I:checking that KSK signed DNSKEY only ($n)"
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntecho "I:checking that ZSK signed ($n)"
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntecho "I:checking that standby ZSK did not sign ($n)"
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntecho "I:checking that inactive key did not sign ($n)"
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntecho "I:checking that pending key was not published ($n)"
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntecho "I:checking that standby KSK did not sign but is delegated ($n)"
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntegrep "DS[ ]*$rolling[ ]" ${pfile}.signed > /dev/null || ret=1
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntecho "I:checking that key was revoked ($n)"
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntecho "I:checking that revoked key self-signed ($n)"
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntgrep "DNSKEY $postrev"'$' sigs > /dev/null || ret=1
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntecho "I:waiting 20 seconds for key changes to occur"
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntecho "I:re-signing zone"
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Hunt$SIGNER -Sg -o $czone -f ${cfile}.new ${cfile}.signed > /dev/null 2>&1
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntecho "I:checking that standby KSK is now active ($n)"
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntgrep "DNSKEY $rolling"'$' sigs > /dev/null && ret=1
c514f38c801755da4dbe405139d8512873b332b0ckbecho "I:checking update of an old-style key ($n)"
10a759cee69dcc3ce3a4d65e6e263c66e7f60ee8Evan Hunt# printing metadata should not work with an old-style key
10a759cee69dcc3ce3a4d65e6e263c66e7f60ee8Evan Hunt$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 && ret=1
10a759cee69dcc3ce3a4d65e6e263c66e7f60ee8Evan Hunt$SETTIME -f `cat oldstyle.key` > /dev/null 2>&1 || ret=1
10a759cee69dcc3ce3a4d65e6e263c66e7f60ee8Evan Hunt# but now it should
10a759cee69dcc3ce3a4d65e6e263c66e7f60ee8Evan Hunt$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 || ret=1
c514f38c801755da4dbe405139d8512873b332b0ckbecho "I:checking warning about permissions change on key with dnssec-settime ($n)"
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki echo "I: Cygwin detected, skipping"
cc51cd2d2076e33117c60c9effcb8caccde4983bWitold Krecicki # settime should print a warning about changing the permissions
079c9e6939ef8972bf0d13441738e6ef64505647Mark Andrews $SETTIME -P none `cat oldstyle.key` > settime1.test$n 2>&1 || ret=1
079c9e6939ef8972bf0d13441738e6ef64505647Mark Andrews grep "warning: Permissions on the file.*have changed" settime1.test$n > /dev/null 2>&1 || ret=1
079c9e6939ef8972bf0d13441738e6ef64505647Mark Andrews $SETTIME -P none `cat oldstyle.key` > settime2.test$n 2>&1 || ret=1
079c9e6939ef8972bf0d13441738e6ef64505647Mark Andrews grep "warning: Permissions on the file.*have changed" settime2.test$n > /dev/null 2>&1 && ret=1
c8803902d6e740d1ed85e099835813466fa51391Curtis Blackburnecho "I:checking warning about delete date < inactive date with dnssec-settime ($n)"
c8803902d6e740d1ed85e099835813466fa51391Curtis Blackburn# settime should print a warning about delete < inactive
c8803902d6e740d1ed85e099835813466fa51391Curtis Blackburn$SETTIME -I now+15s -D now `cat oldstyle.key` > tmp.out 2>&1 || ret=1
c8803902d6e740d1ed85e099835813466fa51391Curtis Blackburngrep "warning" tmp.out > /dev/null 2>&1 || ret=1
0aadc6dd7b719539445e7a0a058b15dd9d982a9bMichał Kępieńecho "I:checking no warning about delete date < inactive date with dnssec-settime when delete date is unset ($n)"
0aadc6dd7b719539445e7a0a058b15dd9d982a9bMichał Kępień$SETTIME -D none `cat oldstyle.key` > tmp.out 2>&1 || ret=1
0aadc6dd7b719539445e7a0a058b15dd9d982a9bMichał Kępień$SETTIME -p all `cat oldstyle.key` > tmp.out 2>&1 || ret=1
0aadc6dd7b719539445e7a0a058b15dd9d982a9bMichał Kępieńgrep "warning" tmp.out > /dev/null 2>&1 && ret=1
c8803902d6e740d1ed85e099835813466fa51391Curtis Blackburnecho "I:checking warning about delete date < inactive date with dnssec-keygen ($n)"
c8803902d6e740d1ed85e099835813466fa51391Curtis Blackburn# keygen should print a warning about delete < inactive
c8803902d6e740d1ed85e099835813466fa51391Curtis Blackburn$KEYGEN -q -r $RANDFILE -I now+15s -D now $czone > tmp.out 2>&1 || ret=1
c8803902d6e740d1ed85e099835813466fa51391Curtis Blackburngrep "warning" tmp.out > /dev/null 2>&1 || ret=1
a165a17a81ff3285f4f4d79785fafb465e626183Evan Huntecho "I:checking correct behavior setting activation without publication date ($n)"
a165a17a81ff3285f4f4d79785fafb465e626183Evan Huntkey=`$KEYGEN -q -r $RANDFILE -A +1w -P never $czone`
f20ff8b74d21fa3e3f071544f6fd060d015cf27eMichał Kępieńecho "I:checking calculation of dates for a successor key ($n)"
f20ff8b74d21fa3e3f071544f6fd060d015cf27eMichał Kępień$SETTIME -A -2d -I +2d $oldkey > settime1.test$n 2>&1 || ret=1
f20ff8b74d21fa3e3f071544f6fd060d015cf27eMichał Kępień$SETTIME -i 1d -S $oldkey $newkey > settime2.test$n 2>&1 || ret=1
f20ff8b74d21fa3e3f071544f6fd060d015cf27eMichał Kępień$SETTIME -pA $newkey | grep "1970" > /dev/null && ret=1
75b8de87879ad017c9cd2ffc328e5d2391d16e99Evan Huntecho "I:exit status: $status"