2902. [func] Add regression test for change 2897. [RT #21040]

5ae2eac4 · Mark Andrews · 0b610fdb · 5ae2eac4 · 5ae2eac4 · 5ae2eac4
Commit 5ae2eac4 authored May 19, 2010 by Mark Andrews
--- a/CHANGES
+++ b/CHANGES
+2902.	[func]		Add regression test for change 2897. [RT #21040]
+
 2901.	[port]		Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]

 2900.	[bug]		The placeholder negative caching element was not

--- a/bin/tests/system/autosign/clean.sh
+++ b/bin/tests/system/autosign/clean.sh
@@ -14,11 +14,11 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: clean.sh,v 1.5 2010/01/18 23:48:39 tbox Exp $
+# $Id: clean.sh,v 1.6 2010/05/19 07:45:38 marka Exp $

 rm -f */K* */dsset-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk
 rm -f active.key inact.key del.key unpub.key standby.key rev.key
-rm -f nopriv.key vanishing.key
+rm -f nopriv.key vanishing.key del1.key del2.key
 rm -f nsupdate.out
 rm -f */core
 rm -f */example.bk

--- a/bin/tests/system/autosign/ns3/keygen.sh
+++ b/bin/tests/system/autosign/ns3/keygen.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: keygen.sh,v 1.6 2010/01/18 23:48:40 tbox Exp $
+# $Id: keygen.sh,v 1.7 2010/05/19 07:45:38 marka Exp $

 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -174,7 +174,8 @@ $KEYGEN -q -a RSASHA512 -b 1024 -r $RANDFILE $zone > /dev/null
 $SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null 2>&1

 #
-# secure-to-insecure transition test zone.
+# secure-to-insecure transition test zone; used to test removal of
+# keys via nsupdate
 #
 zone=secure-to-insecure.example
 zonefile="${zone}.db"
@@ -182,3 +183,16 @@ infile="${zonefile}.in"
 ksk=`$KEYGEN -q -r $RANDFILE -fk $zone`
 $KEYGEN -q -r $RANDFILE $zone > /dev/null
 $SIGNER -S -o $zone -f $zonefile $infile > /dev/null 2>&1
+
+#
+# another secure-to-insecure transition test zone; used to test
+# removal of keys on schedule.
+#
+zone=secure-to-insecure2.example
+zonefile="${zone}.db"
+infile="${zonefile}.in"
+ksk=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
+echo $ksk > ../del1.key
+zsk=`$KEYGEN -q -3 -r $RANDFILE $zone`
+echo $zsk > ../del2.key
+$SIGNER -S -3 beef -o $zone -f $zonefile $infile > /dev/null 2>&1
--- a/bin/tests/system/autosign/ns3/named.conf
+++ b/bin/tests/system/autosign/ns3/named.conf
@@ -14,7 +14,7 @@
 * PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: named.conf,v 1.5 2010/01/18 23:48:40 tbox Exp $ */
+/* $Id: named.conf,v 1.6 2010/05/19 07:45:38 marka Exp $ */

 // NS3

@@ -163,6 +163,14 @@ zone "secure-to-insecure.example" {
 	dnssec-secure-to-insecure yes;
 };

+zone "secure-to-insecure2.example" {
+	type master;
+	file "secure-to-insecure2.example.db";
+	allow-update { any; };
+        auto-dnssec maintain;
+	dnssec-secure-to-insecure yes;
+};
+
 zone "oldsigs.example" {
 	type master;
 	file "oldsigs.example.db";

--- a/bin/tests/system/autosign/ns3/secure-to-insecure2.example.db.in
+++ b/bin/tests/system/autosign/ns3/secure-to-insecure2.example.db.in
+; Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: secure-to-insecure2.example.db.in,v 1.2 2010/05/19 07:45:38 marka Exp $
+
+$TTL 300	; 5 minutes
+@			IN SOA	mname1. . (
+				2000042407 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns
+ns			A	10.53.0.3
+
+a			A	10.0.0.1
+b			A	10.0.0.2
+d			A	10.0.0.4
+z			A	10.0.0.26
--- a/bin/tests/system/autosign/tests.sh
+++ b/bin/tests/system/autosign/tests.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.

-# $Id: tests.sh,v 1.8 2010/05/14 04:38:52 marka Exp $
+# $Id: tests.sh,v 1.9 2010/05/19 07:45:38 marka Exp $

 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -614,7 +614,7 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

-echo "I:checking secure-to-insecure transition ($n)"
+echo "I:checking secure-to-insecure transition, nsupdate ($n)"
 $NSUPDATE > /dev/null 2>&1 <<END	|| status=1
 server 10.53.0.3 5300
 zone secure-to-insecure.example
@@ -629,6 +629,20 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

+echo "I:checking secure-to-insecure transition, scheduled ($n)"
+file="ns3/`cat del1.key`.key"
+$SETTIME -I now -D now $file > /dev/null
+file="ns3/`cat del2.key`.key"
+$SETTIME -I now -D now $file > /dev/null
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sign secure-to-insecure2.example. 2>&1 | sed 's/^/I:ns3 /'
+sleep 2
+$DIG $DIGOPTS axfr secure-to-insecure2.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
+egrep 'RRSIG.*'" $newid "'\. ' dig.out.ns3.test$n > /dev/null && ret=1
+egrep '(DNSKEY|NSEC3)' dig.out.ns3.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:preparing to test key change corner cases"
 echo "I:removing a private key file"
 file="ns1/`cat vanishing.key`.private"