tests.sh 2.27 KB
Newer Older
1
2
#!/bin/sh
#
3
# Copyright (C) 2010, 2012, 2014, 2016  Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
4
#
5
6
7
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
8

Automatic Updater's avatar
Automatic Updater committed
9
# $Id: tests.sh,v 1.3 2010/06/08 23:50:24 tbox Exp $
10
11
12
13
14
15
16
17
18

SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh

DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"

status=0
ret=0

Evan Hunt's avatar
Evan Hunt committed
19
20
21
22
23
24
supported=`cat supported`
case $supported in
    rsaonly) algs="rsa" ;;
    ecconly) algs="ecc" ;;
    both) algs="rsa ecc" ;;
esac
25
26


Evan Hunt's avatar
Evan Hunt committed
27
28
29
30
31
for alg in $algs; do
    zonefile=ns1/$alg.example.db 
    echo "I:testing PKCS#11 key generation ($alg)"
    count=`$PK11LIST | grep robie-$alg-ksk | wc -l`
    if [ $count != 2 ]; then echo "I:failed"; status=1; fi
32

Evan Hunt's avatar
Evan Hunt committed
33
    echo "I:testing offline signing with PKCS#11 keys ($alg)"
34

Evan Hunt's avatar
Evan Hunt committed
35
36
    count=`grep RRSIG $zonefile.signed | wc -l`
    if [ $count != 12 ]; then echo "I:failed"; status=1; fi
37

Evan Hunt's avatar
Evan Hunt committed
38
    echo "I:testing inline signing with PKCS#11 keys ($alg)"
39

40
41
42
43
44
45
    $DIG $DIGOPTS ns.$alg.example. @10.53.0.1 a > dig.out.$alg.0 || ret=1
    if [ $ret != 0 ]; then echo "I:failed"; fi
    status=`expr $status + $ret`
    count0=`grep RRSIG dig.out.$alg.0 | wc -l`

    $NSUPDATE -v > upd.log.$alg <<END || status=1
46
47
server 10.53.0.1 5300
ttl 300
Evan Hunt's avatar
Evan Hunt committed
48
49
zone $alg.example.
update add `grep -v ';' ns1/${alg}.key`
50
51
52
send
END

Evan Hunt's avatar
Evan Hunt committed
53
54
55
    echo "I:waiting 20 seconds for key changes to take effect"
    sleep 20

56
    $DIG $DIGOPTS ns.$alg.example. @10.53.0.1 a > dig.out.$alg || ret=1
Evan Hunt's avatar
Evan Hunt committed
57
58
    if [ $ret != 0 ]; then echo "I:failed"; fi
    status=`expr $status + $ret`
59
60
    count=`grep RRSIG dig.out.$alg | wc -l`
    if [ $count -le $count0 ]; then echo "I:failed"; status=1; fi
Evan Hunt's avatar
Evan Hunt committed
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

    echo "I:testing PKCS#11 key destroy ($alg)"
    ret=0
    $PK11DEL -l robie-$alg-ksk -w0 > /dev/null 2>&1 || ret=1
    $PK11DEL -l robie-$alg-zsk1 -w0 > /dev/null 2>&1 || ret=1
    case $alg in
        rsa) id=02 ;;
        ecc) id=04 ;;
    esac
    $PK11DEL -i $id -w0 > /dev/null 2>&1 || ret=1
    if [ $ret != 0 ]; then echo "I:failed"; fi
    status=`expr $status + $ret`
    count=`$PK11LIST | grep robie-$alg | wc -l`
    if [ $count != 0 ]; then echo "I:failed"; fi
    status=`expr $status + $count`
done
77
78

echo "I:exit status: $status"
79
[ $status -eq 0 ] || exit 1