tests.sh revision ad127d839d2e7aa542939a8a336691407e23397e
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews
ad127d839d2e7aa542939a8a336691407e23397eMark AndrewsSYSTEMTESTTOP=..
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews. $SYSTEMTESTTOP/conf.sh
ad127d839d2e7aa542939a8a336691407e23397eMark Andrewsfailed () {
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews cat verify.out.$n | sed 's/^/D:/';
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews echo "I:failed";
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews status=1;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews}
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews
ad127d839d2e7aa542939a8a336691407e23397eMark Andrewsn=0
ad127d839d2e7aa542939a8a336691407e23397eMark Andrewsstatus=0
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews
ad127d839d2e7aa542939a8a336691407e23397eMark Andrewsfor file in zones/*.good
ad127d839d2e7aa542939a8a336691407e23397eMark Andrewsdo
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews n=`expr $n + 1`
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews zone=`expr "$file" : 'zones/\(.*\).good'`
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews echo "I:checking supposedly good zone: $zone ($n)"
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ret=0
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews case $zone in
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews zsk-only.*) only=-z;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ksk-only.*) only=-z;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews *) only=;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews esac
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews $VERIFY ${only} -o $zone $file > verify.out.$n 2>&1 || ret=1
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews [ $ret = 0 ] || failed
ad127d839d2e7aa542939a8a336691407e23397eMark Andrewsdone
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews
ad127d839d2e7aa542939a8a336691407e23397eMark Andrewsfor file in zones/*.bad
ad127d839d2e7aa542939a8a336691407e23397eMark Andrewsdo
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews n=`expr $n + 1`
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews zone=`expr "$file" : 'zones/\(.*\).bad'`
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews echo "I:checking supposedly bad zone: $zone ($n)"
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ret=0
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews dumpit=0
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews case $zone in
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews zsk-only.*) only=-z;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ksk-only.*) only=-z;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews *) only=;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews esac
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews expect1= expect2=
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews case $zone in
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews *.dnskeyonly)
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews expect1="DNSKEY is not signed"
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews *.expired)
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews expect1="signature has expired"
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews expect2="No self-signed .*DNSKEY found"
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews *.ksk-expired)
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews expect1="signature has expired"
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews expect2="No self-signed .*DNSKEY found"
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews *.out-of-zone-nsec|*.below-bottom-of-zone-nsec)
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews expect1="unexpected NSEC RRset at"
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews *.nsec.broken-chain)
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews expect1="Bad record NSEC record for.*, next name mismatch"
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews *.bad-bitmap)
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews expect1="bit map mismatch"
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews *.missing-empty)
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews expect1="Missing NSEC3 record for";
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews unsigned)
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews expect1="Zone contains no DNSSEC keys"
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews *.extra-nsec3)
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews expect1="Expected and found NSEC3 chains not equal";
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews *)
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews dumpit=1
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews ;;
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews esac
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews $VERIFY ${only} -o $zone $file > verify.out.$n 2>&1 && ret=1
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews grep "${expect1:-.}" verify.out.$n > /dev/null || ret=1
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews grep "${expect2:-.}" verify.out.$n > /dev/null || ret=1
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews [ $ret = 0 ] || failed
ad127d839d2e7aa542939a8a336691407e23397eMark Andrews [ $dumpit = 1 ] && cat verify.out.$n
ad127d839d2e7aa542939a8a336691407e23397eMark Andrewsdone
ad127d839d2e7aa542939a8a336691407e23397eMark Andrewsexit $status