setup.sh 2.56 KB
Newer Older
Evan Hunt's avatar
Evan Hunt committed
1 2
#!/bin/sh -e
#
3
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
Evan Hunt's avatar
Evan Hunt committed
4 5 6 7
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 9 10
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
Evan Hunt's avatar
Evan Hunt committed
11 12 13 14 15 16 17 18 19 20 21 22

set -eu

SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh

$SHELL clean.sh

touch empty

Z=cds.test

Evan Hunt's avatar
Evan Hunt committed
23 24 25
keyz=`$KEYGEN -q -a RSASHA256 $Z`
key1=`$KEYGEN -q -a RSASHA256 -f KSK $Z`
key2=`$KEYGEN -q -a RSASHA256 -f KSK $Z`
Evan Hunt's avatar
Evan Hunt committed
26

Evan Hunt's avatar
Evan Hunt committed
27 28 29
idz=`echo $keyz | sed 's/.*+0*//'`
id1=`echo $key1 | sed 's/.*+0*//'`
id2=`echo $key2 | sed 's/.*+0*//'`
Evan Hunt's avatar
Evan Hunt committed
30 31 32 33 34 35 36 37 38 39 40

cat <<EOF >vars.sh
Z=$Z
key1=$key1
key2=$key2
idz=$idz
id1=$id1
id2=$id2
EOF

tac() {
Evan Hunt's avatar
Evan Hunt committed
41
	$PERL -e 'print reverse <>' "$@"
Evan Hunt's avatar
Evan Hunt committed
42 43 44
}

convert() {
45 46
	key=$1
	n=$2
Evan Hunt's avatar
Evan Hunt committed
47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70
	$DSFROMKEY $key >DS.$n
	grep ' 8 1 ' DS.$n >DS.$n-1
	grep ' 8 2 ' DS.$n >DS.$n-2
	sed 's/ IN DS / IN CDS /' <DS.$n >>CDS.$n
	sed 's/ IN DNSKEY / IN CDNSKEY /' <$key.key >CDNSKEY.$n
	sed 's/ IN DS / 3600 IN DS /' <DS.$n >DS.ttl$n
	sed 's/ IN DS / 7200 IN DS /' <DS.$n >DS.ttlong$n
	tac <DS.$n >DS.rev$n
}
convert $key1 1
convert $key2 2

# consistent order wrt IDs
sort DS.1 DS.2 >DS.both

cp DS.1 DS.inplace
$PERL -we 'utime time, time - 7200, "DS.inplace" or die'

mangle="$PERL mangle.pl"

$mangle " IN DS $id1 8 1 " <DS.1 >DS.broke1
$mangle " IN DS $id1 8 2 " <DS.1 >DS.broke2
$mangle " IN DS $id1 8 [12] " <DS.1 >DS.broke12

71 72 73 74 75 76 77 78 79 80
sed 's/^/update add /
$a\
send
' <DS.2 >UP.add2

sed 's/^/update del /
$a\
send
' <DS.1 >UP.del1

Evan Hunt's avatar
Evan Hunt committed
81 82 83 84 85 86
cat UP.add2 UP.del1 | sed 3d >UP.swap

sed 's/ add \(.*\) IN DS / add \1 3600 IN DS /' <UP.swap >UP.swapttl

sign() {
	cat >db.$1
87
	$SIGNER >/dev/null 2>&1 \
Evan Hunt's avatar
Evan Hunt committed
88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123
		 -S -O full -o $Z -f sig.$1 db.$1
}

sign null <<EOF
\$TTL 1h
@	SOA	localhost.	root.localhost. (
		1	; serial
		1h	; refresh
		1h	; retry
		1w	; expiry
		1h	; minimum
		)
;
	NS	localhost.
;
EOF

cat sig.null CDS.1 >brk.unsigned-cds

cat db.null CDS.1 | sign cds.1
cat db.null CDS.2 | sign cds.2
cat db.null CDS.1 CDS.2 | sign cds.both

tac <sig.cds.1 >sig.cds.rev1

cat db.null CDNSKEY.2 | sign cdnskey.2
cat db.null CDS.2 CDNSKEY.2 | sign cds.cdnskey.2

$mangle '\s+IN\s+RRSIG\s+CDS .* '$idz' '$Z'\. ' \
	<sig.cds.1 >brk.rrsig.cds.zsk
$mangle '\s+IN\s+RRSIG\s+CDS .* '$id1' '$Z'\. ' \
	<sig.cds.1 >brk.rrsig.cds.ksk

$mangle " IN CDS $id1 8 1 " <db.cds.1 |
sign cds-mangled

Evan Hunt's avatar
Evan Hunt committed
124 125
bad=`$PERL -le "print ($id1 ^ 255);"`
sed 's/IN CDS '$id1' 8 1 /IN CDS '$bad' 8 1 /' <db.cds.1 |
Evan Hunt's avatar
Evan Hunt committed
126 127
sign bad-digests

Evan Hunt's avatar
Evan Hunt committed
128
sed '/IN CDS '$id1' 8 /p;s//IN CDS '$bad' 13 /' <db.cds.1 |
Evan Hunt's avatar
Evan Hunt committed
129 130 131
sign bad-algos

rm -f dsset-*