setup.sh 4.6 KB
Newer Older
Evan Hunt's avatar
Evan Hunt committed
1
#!/bin/sh
Tinderbox User's avatar
Tinderbox User committed
2
#
3
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
Evan Hunt's avatar
Evan Hunt committed
4
#
5
6
7
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
8
9
10
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
Evan Hunt's avatar
Evan Hunt committed
11
12
13
14

SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh

15
$SHELL clean.sh
Evan Hunt's avatar
Evan Hunt committed
16
17
18
19
20
21
22

ln -s $CHECKZONE named-compilezone

# Test 1: KSK goes inactive before successor is active
dir=01-ksk-inactive
rm -f $dir/K*.key
rm -f $dir/K*.private
23
ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com`
Evan Hunt's avatar
Evan Hunt committed
24
25
26
$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
ksk2=`$KEYGEN -K $dir -S $ksk1`
$SETTIME -K $dir -I +7mo $ksk1 > /dev/null 2>&1
27
zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com`
Evan Hunt's avatar
Evan Hunt committed
28
29
30
31
32

# Test 2: ZSK goes inactive before successor is active
dir=02-zsk-inactive
rm -f $dir/K*.key
rm -f $dir/K*.private
33
zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com`
Evan Hunt's avatar
Evan Hunt committed
34
35
36
$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
zsk2=`$KEYGEN -K $dir -S $zsk1`
$SETTIME -K $dir -I +7mo $zsk1 > /dev/null 2>&1
37
ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com`
Evan Hunt's avatar
Evan Hunt committed
38
39
40
41
42

# Test 3: KSK is unpublished before its successor is published
dir=03-ksk-unpublished
rm -f $dir/K*.key
rm -f $dir/K*.private
43
ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com`
Evan Hunt's avatar
Evan Hunt committed
44
45
46
$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
ksk2=`$KEYGEN -K $dir -S $ksk1`
$SETTIME -K $dir -D +6mo $ksk1 > /dev/null 2>&1
47
zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com`
Evan Hunt's avatar
Evan Hunt committed
48
49
50
51
52

# Test 4: ZSK is unpublished before its successor is published
dir=04-zsk-unpublished
rm -f $dir/K*.key
rm -f $dir/K*.private
53
zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com`
Evan Hunt's avatar
Evan Hunt committed
54
55
56
$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
zsk2=`$KEYGEN -K $dir -S $zsk1`
$SETTIME -K $dir -D +6mo $zsk1 > /dev/null 2>&1
57
ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com`
Evan Hunt's avatar
Evan Hunt committed
58
59
60
61
62
63

# Test 5: KSK deleted and successor published before KSK is deactivated
# and successor activated.
dir=05-ksk-unpub-active
rm -f $dir/K*.key
rm -f $dir/K*.private
64
ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com`
Evan Hunt's avatar
Evan Hunt committed
65
66
$SETTIME -K $dir -I +9mo -D +8mo $ksk1 > /dev/null 2>&1
ksk2=`$KEYGEN -K $dir -S $ksk1`
67
zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com`
Evan Hunt's avatar
Evan Hunt committed
68
69
70
71
72
73

# Test 6: ZSK deleted and successor published before ZSK is deactivated
# and successor activated.
dir=06-zsk-unpub-active
rm -f $dir/K*.key
rm -f $dir/K*.private
74
zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com`
Evan Hunt's avatar
Evan Hunt committed
75
76
$SETTIME -K $dir -I +9mo -D +8mo $zsk1 > /dev/null 2>&1
zsk2=`$KEYGEN -K $dir -S $zsk1`
77
ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com`
Evan Hunt's avatar
Evan Hunt committed
78
79
80
81
82

# Test 7: KSK rolled with insufficient delay after prepublication.
dir=07-ksk-ttl
rm -f $dir/K*.key
rm -f $dir/K*.private
83
ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com`
Evan Hunt's avatar
Evan Hunt committed
84
85
86
87
$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
ksk2=`$KEYGEN -K $dir -S $ksk1`
# allow only 1 day between publication and activation
$SETTIME -K $dir -P +269d $ksk2 > /dev/null 2>&1
88
zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com`
Evan Hunt's avatar
Evan Hunt committed
89
90
91
92
93

# Test 8: ZSK rolled with insufficient delay after prepublication.
dir=08-zsk-ttl
rm -f $dir/K*.key
rm -f $dir/K*.private
94
zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com`
Evan Hunt's avatar
Evan Hunt committed
95
96
97
98
$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
zsk2=`$KEYGEN -K $dir -S $zsk1`
# allow only 1 day between publication and activation
$SETTIME -K $dir -P +269d $zsk2 > /dev/null 2>&1
99
ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com`
100
101
102
103
104

# Test 9: KSK goes inactive before successor is active, but checking ZSKs
dir=09-check-zsk
rm -f $dir/K*.key
rm -f $dir/K*.private
105
ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com`
106
107
108
$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1
ksk2=`$KEYGEN -K $dir -S $ksk1`
$SETTIME -K $dir -I +7mo $ksk1 > /dev/null 2>&1
109
zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com`
110
111
112
113
114

# Test 10: ZSK goes inactive before successor is active, but checking KSKs
dir=10-check-ksk
rm -f $dir/K*.key
rm -f $dir/K*.private
115
zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com`
116
117
118
$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1
zsk2=`$KEYGEN -K $dir -S $zsk1`
$SETTIME -K $dir -I +7mo $zsk1 > /dev/null 2>&1
119
ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com`
120
121
122
123
124

# Test 11: ZSK goes inactive before successor is active, but after cutoff
dir=11-cutoff
rm -f $dir/K*.key
rm -f $dir/K*.private
125
zsk1=`$KEYGEN -K $dir -a rsasha1 -3 example.com`
126
127
128
$SETTIME -K $dir -I +18mo -D +2y $zsk1 > /dev/null 2>&1
zsk2=`$KEYGEN -K $dir -S $zsk1`
$SETTIME -K $dir -I +16mo $zsk1 > /dev/null 2>&1
129
ksk1=`$KEYGEN -K $dir -a rsasha1 -3fk example.com`
Mark Andrews's avatar
Mark Andrews committed
130
131
132
133
134

# Test 12: Too early KSK deletion
dir=12-ksk-deletion
ksk1=`$KEYGEN -K $dir -f KSK -a 8 -b 2048 -I +40d -D +40d example.com`
ksk2=`$KEYGEN -K $dir -S $ksk1.key example.com`