sign.sh 6.4 KB
Newer Older
1
#!/bin/sh -e
Michael Sawyer's avatar
Michael Sawyer committed
2
#
Automatic Updater's avatar
Automatic Updater committed
3
# Copyright (C) 2004, 2006-2009  Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
4
# Copyright (C) 2000-2002  Internet Software Consortium.
5
#
Automatic Updater's avatar
Automatic Updater committed
6
# Permission to use, copy, modify, and/or distribute this software for any
Michael Sawyer's avatar
Michael Sawyer committed
7 8
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
9
#
Mark Andrews's avatar
Mark Andrews committed
10 11 12 13 14 15 16
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
17

18
# $Id: sign.sh,v 1.30 2009/10/28 00:27:10 marka Exp $
19 20 21

SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
David Lawrence's avatar
David Lawrence committed
22

23 24
RANDFILE=../random.data

Andreas Gustafsson's avatar
Andreas Gustafsson committed
25 26 27 28
zone=secure.example.
infile=secure.example.db.in
zonefile=secure.example.db

29
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
Andreas Gustafsson's avatar
Andreas Gustafsson committed
30

31
cat $infile $keyname.key >$zonefile
Andreas Gustafsson's avatar
Andreas Gustafsson committed
32

33
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
Andreas Gustafsson's avatar
Andreas Gustafsson committed
34

Michael Sawyer's avatar
Michael Sawyer committed
35 36 37 38
zone=bogus.example.
infile=bogus.example.db.in
zonefile=bogus.example.db

39
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
Michael Sawyer's avatar
Michael Sawyer committed
40 41 42

cat $infile $keyname.key >$zonefile

43
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
44

45 46 47 48
zone=dynamic.example.
infile=dynamic.example.db.in
zonefile=dynamic.example.db

49 50
keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone`
51

52
cat $infile $keyname1.key $keyname2.key >$zonefile
53

54
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
55

56 57 58 59
zone=keyless.example.
infile=keyless.example.db.in
zonefile=keyless.example.db

60
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
61 62 63

cat $infile $keyname.key >$zonefile

64
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
65 66 67 68 69 70 71

# Change the signer field of the a.b.keyless.example SIG A
# to point to a provably nonexistent KEY record.
mv $zonefile.signed $zonefile.tmp
<$zonefile.tmp perl -p -e 's/ keyless.example/ b.keyless.example/
    if /^a.b.keyless.example/../NXT/;' >$zonefile.signed
rm -f $zonefile.tmp
72 73 74 75 76 77 78 79

#
#  NSEC3/NSEC test zone
#
zone=secure.nsec3.example.
infile=secure.nsec3.example.db.in
zonefile=secure.nsec3.example.db

80
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
81 82 83

cat $infile $keyname.key >$zonefile

84
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
85 86 87 88 89 90 91 92

#
#  NSEC3/NSEC3 test zone
#
zone=nsec3.nsec3.example.
infile=nsec3.nsec3.example.db.in
zonefile=nsec3.nsec3.example.db

93
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
94 95 96

cat $infile $keyname.key >$zonefile

97
$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null
98 99 100 101 102 103 104 105

#
#  OPTOUT/NSEC3 test zone
#
zone=optout.nsec3.example.
infile=optout.nsec3.example.db.in
zonefile=optout.nsec3.example.db

106
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
107 108 109

cat $infile $keyname.key >$zonefile

110
$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null
111 112 113 114 115 116 117 118

#
# A nsec3 zone (non-optout).
#
zone=nsec3.example.
infile=nsec3.example.db.in
zonefile=nsec3.example.db

119
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
120 121 122

cat $infile $keyname.key >$zonefile

123
$SIGNER -P -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null
124 125 126 127 128 129 130 131

#
#  OPTOUT/NSEC test zone
#
zone=secure.optout.example.
infile=secure.optout.example.db.in
zonefile=secure.optout.example.db

132
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
133 134 135

cat $infile $keyname.key >$zonefile

136
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
137 138 139 140 141 142 143 144

#
#  OPTOUT/NSEC3 test zone
#
zone=nsec3.optout.example.
infile=nsec3.optout.example.db.in
zonefile=nsec3.optout.example.db

145
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
146 147 148

cat $infile $keyname.key >$zonefile

149
$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null
150 151 152 153 154 155 156 157

#
#  OPTOUT/OPTOUT test zone
#
zone=optout.optout.example.
infile=optout.optout.example.db.in
zonefile=optout.optout.example.db

158
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
159 160 161

cat $infile $keyname.key >$zonefile

162
$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null
163 164 165 166 167 168 169 170

#
# A optout nsec3 zone.
#
zone=optout.example.
infile=optout.example.db.in
zonefile=optout.example.db

171
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
172 173 174

cat $infile $keyname.key >$zonefile

175
$SIGNER -P -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null
176 177 178 179 180 181 182 183

#
# A nsec3 zone (non-optout) with unknown hash algorithm.
#
zone=nsec3-unknown.example.
infile=nsec3-unknown.example.db.in
zonefile=nsec3-unknown.example.db

184
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
185 186 187

cat $infile $keyname.key >$zonefile

188
$SIGNER -P -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null
189 190 191 192 193 194 195 196

#
# A optout nsec3 zone.
#
zone=optout-unknown.example.
infile=optout-unknown.example.db.in
zonefile=optout-unknown.example.db

197
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
198 199 200

cat $infile $keyname.key >$zonefile

201
$SIGNER -P -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null
202 203 204 205 206 207 208 209

#
# A multiple parameter nsec3 zone.
#
zone=multiple.example.
infile=multiple.example.db.in
zonefile=multiple.example.db

210
keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
211 212 213

cat $infile $keyname.key >$zonefile

214
$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
215
mv $zonefile.signed $zonefile
216
$SIGNER -P -u3 - -r $RANDFILE -o $zone $zonefile > /dev/null
217
mv $zonefile.signed $zonefile
218
$SIGNER -P -u3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null
219
mv $zonefile.signed $zonefile
220
$SIGNER -P -u3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null
221
mv $zonefile.signed $zonefile
222
$SIGNER -P -u3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null
223
mv $zonefile.signed $zonefile
224
$SIGNER -P -u3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null
225 226 227 228 229 230 231 232

#
# A RSASHA256 zone.
#
zone=rsasha256.example.
infile=rsasha256.example.db.in
zonefile=rsasha256.example.db

233
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
234 235 236 237 238 239 240 241 242 243 244 245

cat $infile $keyname.key >$zonefile

$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null

#
# A RSASHA512 zone.
#
zone=rsasha512.example.
infile=rsasha512.example.db.in
zonefile=rsasha512.example.db

246
keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA512 -b 1024 -n zone $zone`
247 248 249 250

cat $infile $keyname.key >$zonefile

$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null