Commit 0ef5b8ed authored by Evan Hunt's avatar Evan Hunt

rename keyfile_to_*_keys system test shell functions

- keyfile_to_trusted_keys -> keyfile_to_static_keys
- keyfile_to_managed_keys -> keyfile_to_initial_keys
parent 821f041d
......@@ -33,12 +33,12 @@ rm $zsknopriv.private
ksksby=`$KEYGEN -3 -a RSASHA1 -q -P now -A now+15s -fk $zone`
kskrev=`$KEYGEN -3 -a RSASHA1 -q -R now+15s -fk $zone`
keyfile_to_trusted_keys $ksksby > trusted.conf
keyfile_to_static_keys $ksksby > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
keyfile_to_trusted_keys $kskrev > trusted.conf
keyfile_to_static_keys $kskrev > trusted.conf
cp trusted.conf ../ns5/trusted.conf
echo $zskact > ../active.key
......
......@@ -37,7 +37,7 @@ zonefile="${zone}.db"
infile="${zonefile}.in"
ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone`
$KEYGEN -a RSASHA1 -3 -q $zone > /dev/null
keyfile_to_trusted_keys $ksk > private.conf
keyfile_to_static_keys $ksk > private.conf
cp private.conf ../ns4/private.conf
$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null 2>&1
......
......@@ -225,17 +225,17 @@ keyfile_to_keys_section() {
echo "};"
}
# keyfile_to_trusted_keys: convert key data contained in the keyfile(s)
# keyfile_to_static_keys: convert key data contained in the keyfile(s)
# provided to a *static* "dnssec-keys" section suitable for including in a
# resolver's configuration file
keyfile_to_trusted_keys() {
keyfile_to_static_keys() {
keyfile_to_keys_section "dnssec-keys" "static-key" $*
}
# keyfile_to_managed_keys: convert key data contained in the keyfile(s)
# provided to a "dnssec-keys" section suitable for including in a
# resolver's configuration file
keyfile_to_managed_keys() {
# keyfile_to_initial_keys: convert key data contained in the keyfile(s)
# provided to an *initialzing* "dnssec-keys" section suitable for including
# in a resolver's configuration file
keyfile_to_initial_keys() {
keyfile_to_keys_section "dnssec-keys" "initial-key" $*
}
......
......@@ -32,7 +32,7 @@ $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signe
echo_i "signed $zone"
keyfile_to_trusted_keys $keyname2 > trusted.conf
keyfile_to_static_keys $keyname2 > trusted.conf
cp trusted.conf ../ns5
cp trusted.conf ../ns7
cp trusted.conf ../ns8
......@@ -378,18 +378,18 @@ do
case $zone in
"dlv.utld")
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
keyfile_to_trusted_keys $keyname2 > ../ns5/trusted-dlv.conf
keyfile_to_static_keys $keyname2 > ../ns5/trusted-dlv.conf
;;
"disabled-algorithm-dlv.utld")
$SIGNER -O full -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
keyfile_to_trusted_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf
keyfile_to_static_keys $keyname2 > ../ns8/trusted-dlv-disabled.conf
;;
"unsupported-algorithm-dlv.utld")
cp ${keyname2}.key ${keyname2}.tmp
$SIGNER -O full -o $zone -f ${outfile}.tmp $zonefile > /dev/null 2> signer.err || cat signer.err
awk '$4 == "DNSKEY" { $7 = 255 } $4 == "RRSIG" { $6 = 255 } { print }' ${outfile}.tmp > $outfile
awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${keyname2}.tmp > ${keyname2}.key
keyfile_to_trusted_keys $keyname2 > ../ns7/trusted-dlv-unsupported.conf
keyfile_to_static_keys $keyname2 > ../ns7/trusted-dlv-unsupported.conf
;;
esac
......
......@@ -37,8 +37,8 @@ cat "$infile" "$keyname.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys "$keyname" > trusted.conf
# Configure the resolving server with a staitc key.
keyfile_to_static_keys "$keyname" > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
......@@ -46,8 +46,8 @@ cp trusted.conf ../ns6/trusted.conf
cp trusted.conf ../ns7/trusted.conf
cp trusted.conf ../ns9/trusted.conf
# ...or with a managed key.
keyfile_to_managed_keys "$keyname" > managed.conf
# ...or with an initializing key.
keyfile_to_initial_keys "$keyname" > managed.conf
cp managed.conf ../ns4/managed.conf
#
......
......@@ -66,10 +66,10 @@ do
case $tld in
"managed")
keyfile_to_managed_keys $keyname1 $keyname2 $keyname3 $keyname4 $keyname5 > ../ns8/managed.conf
keyfile_to_initial_keys $keyname1 $keyname2 $keyname3 $keyname4 $keyname5 > ../ns8/managed.conf
;;
"trusted")
keyfile_to_trusted_keys $keyname1 $keyname2 $keyname3 $keyname4 $keyname5 > ../ns8/trusted.conf
keyfile_to_static_keys $keyname1 $keyname2 $keyname3 $keyname4 $keyname5 > ../ns8/trusted.conf
;;
esac
done
......
......@@ -23,7 +23,7 @@ zonefile=root.db.signed
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
# copy the KSK out first, then revoke it
keyfile_to_managed_keys "$keyname" > revoked.conf
keyfile_to_initial_keys "$keyname" > revoked.conf
"$SETTIME" -R now "${keyname}.key" > /dev/null
......@@ -34,4 +34,4 @@ keyfile_to_managed_keys "$keyname" > revoked.conf
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".")
keyfile_to_trusted_keys "$keyname" > trusted.conf
keyfile_to_static_keys "$keyname" > trusted.conf
......@@ -28,8 +28,8 @@ cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys $key2 > trusted.conf
# Configure the resolving server with a static key.
keyfile_to_static_keys $key2 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
......@@ -24,6 +24,6 @@ cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys $key1 > trusted.conf
# Configure the resolving server with a static key.
keyfile_to_static_keys $key1 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
......@@ -25,8 +25,8 @@ cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys $key1 > trusted.conf
# Configure the resolving server with a static key.
keyfile_to_static_keys $key1 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cd ../ns2 && $SHELL sign.sh
......@@ -26,7 +26,7 @@ $KEYGEN -f KSK -a $DEFAULT_ALGORITHM $zone 2>&1 > keygen.out | cat_i
keyname=`cat keygen.out`
rm -f keygen.out
keyfile_to_trusted_keys $keyname > trusted.conf
keyfile_to_static_keys $keyname > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns5/trusted.conf
......
......@@ -20,5 +20,5 @@ keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone`
$SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1
[ $? = 0 ] || cat signer.out
keyfile_to_trusted_keys $keyname > trusted.conf
keyfile_to_static_keys $keyname > trusted.conf
cp trusted.conf ../ns6/trusted.conf
......@@ -28,5 +28,5 @@ cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err
keyfile_to_trusted_keys $keyname2 > trusted.conf
keyfile_to_static_keys $keyname2 > trusted.conf
cp trusted.conf ../ns1
......@@ -33,4 +33,4 @@ $SIGNER -P -g -o $zone $zonefile > /dev/null
# irrelevant here, so just reuse the root zone key generated above.
sed "s/^\./nonexistent./;" $keyname1.key > $keyname1.modified.key
keyfile_to_trusted_keys $keyname1 $keyname1.modified > trusted.conf
keyfile_to_static_keys $keyname1 $keyname1.modified > trusted.conf
......@@ -75,4 +75,4 @@ for variant in addzone axfr ixfr load reconfig untrusted; do
fi
done
keyfile_to_trusted_keys $keys_to_trust > trusted-mirror.conf
keyfile_to_static_keys $keys_to_trust > trusted-mirror.conf
......@@ -20,14 +20,14 @@ zskkeyname=`$KEYGEN -a rsasha256 -q $zone`
$SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null
# Configure the resolving server with a managed trusted key.
keyfile_to_managed_keys $keyname > managed.conf
# Configure the resolving server with an initializing key.
keyfile_to_initial_keys $keyname > managed.conf
cp managed.conf ../ns2/managed.conf
cp managed.conf ../ns4/managed.conf
cp managed.conf ../ns5/managed.conf
# Configure a trusted key statement (used by delv).
keyfile_to_trusted_keys $keyname > trusted.conf
# Configure a static key to be used by delv.
keyfile_to_static_keys $keyname > trusted.conf
# Prepare an unsupported algorithm key.
unsupportedkey=Kunknown.+255+00000
......
......@@ -26,5 +26,5 @@ cp unsupported-managed.key "${unsupportedkey}.key"
rootkey=`cat ../ns1/managed.key`
cp "../ns1/${rootkey}.key" .
# Configure the resolving server with a managed trusted key.
keyfile_to_managed_keys $unsupportedkey $rsakey $rootkey > managed.conf
# Configure the resolving server with an initializing key.
keyfile_to_initial_keys $unsupportedkey $rsakey $rootkey > managed.conf
......@@ -301,7 +301,7 @@ status=`expr $status + $ret`
echo_i "reinitialize trust anchors, add second key to bind.keys"
$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} mkeys ns2
rm -f ns2/managed-keys.bind*
keyfile_to_managed_keys ns1/$original ns1/$standby1 > ns2/managed.conf
keyfile_to_initial_keys ns1/$original ns1/$standby1 > ns2/managed.conf
nextpart ns2/named.run > /dev/null
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} mkeys ns2
......
......@@ -27,8 +27,8 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys $keyname2 > trusted.conf
# Configure the resolving server with a static key.
keyfile_to_static_keys $keyname2 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
......@@ -30,5 +30,5 @@ zsk=`$KEYGEN -q -a rsasha256 $zone`
cat $ksk.key $zsk.key dsset-ds.example.net$TP >> $zonefile
$SIGNER -P -o $zone $zonefile > /dev/null 2>&1
# Configure a trusted key statement (used by delv)
keyfile_to_trusted_keys $ksk > ../ns5/trusted.conf
# Configure a static key to be used by delv
keyfile_to_static_keys $ksk > ../ns5/trusted.conf
......@@ -27,8 +27,8 @@ cat $infile $keyname.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys $keyname > trusted.conf
# Configure the resolving server with a static key.
keyfile_to_static_keys $keyname > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
......@@ -24,8 +24,8 @@ cat $infile $keyname.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys $keyname > trusted.conf
# Configure the resolving server with a static key.
keyfile_to_static_keys $keyname > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
......
......@@ -28,9 +28,9 @@ cat "$infile" "$keyname.key" > "$zonefile"
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys "$keyname" > trusted.conf
# Configure the resolving server with a static key.
keyfile_to_static_keys "$keyname" > trusted.conf
cp trusted.conf ../ns2/trusted.conf
# ...or with a managed key.
keyfile_to_managed_keys "$keyname" > managed.conf
# ...or with an initializing key.
keyfile_to_initial_keys "$keyname" > managed.conf
......@@ -16,4 +16,4 @@ set -e
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".")
keyfile_to_trusted_keys "$keyname" > trusted.conf
keyfile_to_static_keys "$keyname" > trusted.conf
......@@ -27,7 +27,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys $keyname2 > trusted.conf
keyfile_to_static_keys $keyname2 > trusted.conf
zone=undelegated
infile=undelegated.db.in
......@@ -38,5 +38,5 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -g -o $zone $zonefile > /dev/null 2>&1
keyfile_to_trusted_keys $keyname2 >> trusted.conf
keyfile_to_static_keys $keyname2 >> trusted.conf
cp trusted.conf ../ns2/trusted.conf
......@@ -39,5 +39,5 @@ cat "$infile" "$keyname.key" > "$zonefile"
$SIGNER -P -g -o $zone $zonefile > /dev/null 2>&1
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys "$keyname" > trusted.conf
# Configure the resolving server with a static key.
keyfile_to_static_keys "$keyname" > trusted.conf
......@@ -57,7 +57,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
keyfile_to_trusted_keys $keyname2 > private.nsec.conf
keyfile_to_static_keys $keyname2 > private.nsec.conf
zone=nsec3
infile=nsec3.db.in
......@@ -86,7 +86,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile
$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
keyfile_to_trusted_keys $keyname2 > private.nsec3.conf
keyfile_to_static_keys $keyname2 > private.nsec3.conf
zone=.
infile=root.db.in
......@@ -101,4 +101,4 @@ cat $infile $keyname1.key $keyname2.key $dssets >$zonefile
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
keyfile_to_trusted_keys $keyname2 > trusted.conf
keyfile_to_static_keys $keyname2 > trusted.conf
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment