sign.sh 5.24 KB
Newer Older
1 2
#!/bin/sh -e
#
3
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
4
#
5 6 7
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 9 10
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
11 12 13 14 15 16 17

SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh

zone=bits
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
18 19
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
20
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
21 22 23 24

zone=noixfr
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
25 26
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
27
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
28 29 30 31

zone=master
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
32 33
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
34 35 36 37 38
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db

zone=dynamic
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
39 40
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
41
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
42 43 44 45

zone=updated
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
46 47
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
48 49 50
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
cp master2.db.in updated.db
51 52 53 54 55

# signatures are expired and should be regenerated on startup
zone=expired
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
56 57
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
58 59
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 2>&1
60 61 62 63

zone=retransfer
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
64 65
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
66
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db
67

68 69 70
zone=nsec3
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
71
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
72 73
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db

74 75 76
zone=retransfer3
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
77 78
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
79 80
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db

81 82 83
zone=inactiveksk
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
84 85 86 87
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 -f KSK $zone`
keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
88 89
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db

90 91 92
zone=inactivezsk
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
93 94 95 96
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 $zone`
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone`
keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
97 98
$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db

99 100 101
zone=removedkeys-primary
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
102 103
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
104 105 106 107

zone=removedkeys-secondary
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private
108 109
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
110

111 112 113
for s in a c d h k l m q z
do
	zone=test-$s
114
	keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
115 116 117 118 119
done

for s in b f i o p t v
do
	zone=test-$s
120 121
	keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
	keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
122
done
123 124 125 126 127

zone=externalkey
rm -f K${zone}.+*+*.key
rm -f K${zone}.+*+*.private

128
for alg in ECDSAP256SHA256 NSEC3RSASHA1 DSA
129
do
130 131
    case $alg in
        DSA)
132
            $SHELL ../checkdsa.sh 2> /dev/null || continue
133 134 135 136
            checkfile=../checkdsa
            touch $checkfile ;;
        ECDSAP256SHA256)
            fail=0
137
            $KEYGEN -q -a ecdsap256sha256 test > /dev/null 2>&1 || fail=1
138 139
            rm -f Ktest*
            [ $fail != 0 ] && continue
140
            $SHELL ../checkdsa.sh 2> /dev/null || continue
141 142 143 144
            checkfile=../checkecdsa
            touch $checkfile ;;
        *) ;;
    esac
Evan Hunt's avatar
Evan Hunt committed
145

146 147 148 149
    k1=`$KEYGEN -q -a $alg -b 1024 -n zone -f KSK $zone`
    k2=`$KEYGEN -q -a $alg -b 1024 -n zone $zone`
    k3=`$KEYGEN -q -a $alg -b 1024 -n zone $zone`
    k4=`$KEYGEN -q -a $alg -b 1024 -n zone -f KSK $zone`
150
    $DSFROMKEY -T 1200 $k4 >> ../ns1/root.db
Evan Hunt's avatar
Evan Hunt committed
151 152 153 154

    # Convert k1 and k2 in to External Keys.
    rm -f $k1.private 
    mv $k1.key a-file
155 156
    $IMPORTKEY -P now -D now+3600 -f a-file $zone > /dev/null 2>&1 ||
        ( echo "importkey failed: $alg"; rm -f $checkfile )
Evan Hunt's avatar
Evan Hunt committed
157 158
    rm -f $k2.private 
    mv $k2.key a-file
159 160
    $IMPORTKEY -f a-file $zone > /dev/null 2>&1 ||
        ( echo "importkey failed: $alg"; rm -f $checkfile )
161
done