Commit 2cad3825 authored by Michał Kępień's avatar Michał Kępień

Add helper variables in mkeys system test

The keyfile and key ID for the original managed key do not change
throughout the mkeys system test.  Keep them in helper variables to
prevent calling "cat" multiple times and improve code readability.

(cherry picked from commit 68f056b2)
parent dce66f76
Pipeline #2364 passed with stages
in 6 minutes and 50 seconds
...@@ -84,6 +84,9 @@ mkeys_secroots_on() { ...@@ -84,6 +84,9 @@ mkeys_secroots_on() {
$RNDCCMD 10.53.0.${nsidx} secroots | sed "s/^/ns${nsidx} /" | cat_i $RNDCCMD 10.53.0.${nsidx} secroots | sed "s/^/ns${nsidx} /" | cat_i
} }
original=`cat ns1/managed.key`
originalid=`cat ns1/managed.key.id`
status=0 status=0
n=1 n=1
...@@ -191,7 +194,7 @@ ret=0 ...@@ -191,7 +194,7 @@ ret=0
echo_i "restore untrusted standby key, revoke original key ($n)" echo_i "restore untrusted standby key, revoke original key ($n)"
t1=$t2 t1=$t2
$SETTIME -D none -K ns1 $standby1 > /dev/null $SETTIME -D none -K ns1 $standby1 > /dev/null
$SETTIME -R now -K ns1 `cat ns1/managed.key` > /dev/null $SETTIME -R now -K ns1 $original > /dev/null
mkeys_loadkeys_on 1 mkeys_loadkeys_on 1
# Less than a second may have passed since the last time ns2 received a # Less than a second may have passed since the last time ns2 received a
# ./DNSKEY response from ns1. Ensure keys are refreshed at a different # ./DNSKEY response from ns1. Ensure keys are refreshed at a different
...@@ -261,9 +264,9 @@ n=`expr $n + 1` ...@@ -261,9 +264,9 @@ n=`expr $n + 1`
ret=0 ret=0
echo_i "restore revoked key, ensure same result ($n)" echo_i "restore revoked key, ensure same result ($n)"
t1=$t2 t1=$t2
$SETTIME -R none -D now -K ns1 `cat ns1/managed.key` > /dev/null $SETTIME -R none -D now -K ns1 $original > /dev/null
mkeys_loadkeys_on 1 mkeys_loadkeys_on 1
$SETTIME -D none -K ns1 `cat ns1/managed.key` > /dev/null $SETTIME -D none -K ns1 $original > /dev/null
mkeys_loadkeys_on 1 mkeys_loadkeys_on 1
# Less than a second may have passed since the last time ns2 received a # Less than a second may have passed since the last time ns2 received a
# ./DNSKEY response from ns1. Ensure keys are refreshed at a different # ./DNSKEY response from ns1. Ensure keys are refreshed at a different
...@@ -298,7 +301,7 @@ status=`expr $status + $ret` ...@@ -298,7 +301,7 @@ status=`expr $status + $ret`
echo_i "reinitialize trust anchors, add second key to bind.keys" echo_i "reinitialize trust anchors, add second key to bind.keys"
$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} . ns2 $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} . ns2
rm -f ns2/managed-keys.bind* rm -f ns2/managed-keys.bind*
keyfile_to_managed_keys ns1/`cat ns1/managed.key` ns1/$standby1 > ns2/managed.conf keyfile_to_managed_keys ns1/$original ns1/$standby1 > ns2/managed.conf
nextpart ns2/named.run > /dev/null nextpart ns2/named.run > /dev/null
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns2 $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns2
...@@ -339,7 +342,7 @@ n=`expr $n + 1` ...@@ -339,7 +342,7 @@ n=`expr $n + 1`
echo_i "revoke original key, add new standby ($n)" echo_i "revoke original key, add new standby ($n)"
ret=0 ret=0
standby2=`$KEYGEN -a rsasha256 -qfk -r $RANDFILE -K ns1 .` standby2=`$KEYGEN -a rsasha256 -qfk -r $RANDFILE -K ns1 .`
$SETTIME -R now -K ns1 `cat ns1/managed.key` > /dev/null $SETTIME -R now -K ns1 $original > /dev/null
mkeys_loadkeys_on 1 mkeys_loadkeys_on 1
mkeys_refresh_on 2 mkeys_refresh_on 2
mkeys_status_on 2 > rndc.out.$n 2>&1 mkeys_status_on 2 > rndc.out.$n 2>&1
...@@ -425,7 +428,7 @@ status=`expr $status + $ret` ...@@ -425,7 +428,7 @@ status=`expr $status + $ret`
n=`expr $n + 1` n=`expr $n + 1`
echo_i "revoke all keys, confirm roll to insecure ($n)" echo_i "revoke all keys, confirm roll to insecure ($n)"
ret=0 ret=0
$SETTIME -D now -K ns1 `cat ns1/managed.key` > /dev/null $SETTIME -D now -K ns1 $original > /dev/null
$SETTIME -R now -K ns1 $standby1 > /dev/null $SETTIME -R now -K ns1 $standby1 > /dev/null
$SETTIME -R now -K ns1 $standby2 > /dev/null $SETTIME -R now -K ns1 $standby2 > /dev/null
mkeys_loadkeys_on 1 mkeys_loadkeys_on 1
...@@ -461,7 +464,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi ...@@ -461,7 +464,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
echo_i "reset the root server" echo_i "reset the root server"
$SETTIME -D none -R none -K ns1 `cat ns1/managed.key` > /dev/null $SETTIME -D none -R none -K ns1 $original > /dev/null
$SETTIME -D now -K ns1 $standby1 > /dev/null $SETTIME -D now -K ns1 $standby1 > /dev/null
$SETTIME -D now -K ns1 $standby2 > /dev/null $SETTIME -D now -K ns1 $standby2 > /dev/null
$SIGNER -Sg -K ns1 -N unixtime -r $RANDFILE -o . ns1/root.db > /dev/null 2>/dev/null $SIGNER -Sg -K ns1 -N unixtime -r $RANDFILE -o . ns1/root.db > /dev/null 2>/dev/null
...@@ -488,9 +491,7 @@ status=`expr $status + $ret` ...@@ -488,9 +491,7 @@ status=`expr $status + $ret`
n=`expr $n + 1` n=`expr $n + 1`
echo_i "revoke key with bad signature, check revocation is ignored ($n)" echo_i "revoke key with bad signature, check revocation is ignored ($n)"
ret=0 ret=0
orig=`cat ns1/managed.key` revoked=`$REVOKE -K ns1 $original`
keyid=`cat ns1/managed.key.id`
revoked=`$REVOKE -K ns1 $orig`
rkeyid=`expr $revoked : 'ns1/K\.+00.+0*\([1-9]*[0-9]*[0-9]\)'` rkeyid=`expr $revoked : 'ns1/K\.+00.+0*\([1-9]*[0-9]*[0-9]\)'`
rm -f ns1/root.db.signed.jnl rm -f ns1/root.db.signed.jnl
# We need to activate at least one valid DNSKEY to prevent dnssec-signzone from # We need to activate at least one valid DNSKEY to prevent dnssec-signzone from
...@@ -515,8 +516,8 @@ mkeys_status_on 2 > rndc.out.$n 2>&1 ...@@ -515,8 +516,8 @@ mkeys_status_on 2 > rndc.out.$n 2>&1
count=`grep -c "keyid: " rndc.out.$n` count=`grep -c "keyid: " rndc.out.$n`
[ "$count" -eq 1 ] || { echo "'keyid:' count ($count) != 1"; ret=1; } [ "$count" -eq 1 ] || { echo "'keyid:' count ($count) != 1"; ret=1; }
# it's the original key id # it's the original key id
count=`grep -c "keyid: $keyid" rndc.out.$n` count=`grep -c "keyid: $originalid" rndc.out.$n`
[ "$count" -eq 1 ] || { echo "'keyid: $keyid' count ($count) != 1"; ret=1; } [ "$count" -eq 1 ] || { echo "'keyid: $originalid' count ($count) != 1"; ret=1; }
# not revoked # not revoked
count=`grep -c "REVOKE" rndc.out.$n` count=`grep -c "REVOKE" rndc.out.$n`
[ "$count" -eq 0 ] || { echo "'REVOKE' count ($count) != 0"; ret=1; } [ "$count" -eq 0 ] || { echo "'REVOKE' count ($count) != 0"; ret=1; }
...@@ -542,7 +543,7 @@ echo_i "restore DNSKEY rrset, check validation succeeds again ($n)" ...@@ -542,7 +543,7 @@ echo_i "restore DNSKEY rrset, check validation succeeds again ($n)"
ret=0 ret=0
rm -f ${revoked}.key ${revoked}.private rm -f ${revoked}.key ${revoked}.private
rm -f ns1/root.db.signed.jnl rm -f ns1/root.db.signed.jnl
$SETTIME -D none -R none -K ns1 `cat ns1/managed.key` > /dev/null $SETTIME -D none -R none -K ns1 $original > /dev/null
$SETTIME -D now -K ns1 $standby1 > /dev/null $SETTIME -D now -K ns1 $standby1 > /dev/null
# Less than a second may have passed since ns1 was started. If we call # Less than a second may have passed since ns1 was started. If we call
# dnssec-signzone immediately, ns1/root.db.signed will not be reloaded by the # dnssec-signzone immediately, ns1/root.db.signed will not be reloaded by the
...@@ -583,7 +584,7 @@ mkeys_status_on 2 > rndc.out.$n 2>&1 ...@@ -583,7 +584,7 @@ mkeys_status_on 2 > rndc.out.$n 2>&1
count=`grep -c "keyid: " rndc.out.$n` count=`grep -c "keyid: " rndc.out.$n`
[ "$count" -eq 1 ] || ret=1 [ "$count" -eq 1 ] || ret=1
# it's the original key id # it's the original key id
count=`grep -c "keyid: $keyid" rndc.out.$n` count=`grep -c "keyid: $originalid" rndc.out.$n`
[ "$count" -eq 1 ] || ret=1 [ "$count" -eq 1 ] || ret=1
# not revoked # not revoked
count=`grep -c "REVOKE" rndc.out.$n` count=`grep -c "REVOKE" rndc.out.$n`
...@@ -621,7 +622,7 @@ mkeys_status_on 2 > rndc.out.$n 2>&1 ...@@ -621,7 +622,7 @@ mkeys_status_on 2 > rndc.out.$n 2>&1
count=`grep -c "keyid: " rndc.out.$n` count=`grep -c "keyid: " rndc.out.$n`
[ "$count" -eq 1 ] || ret=1 [ "$count" -eq 1 ] || ret=1
# it's the original key id # it's the original key id
count=`grep -c "keyid: $keyid" rndc.out.$n` count=`grep -c "keyid: $originalid" rndc.out.$n`
[ "$count" -eq 1 ] || ret=1 [ "$count" -eq 1 ] || ret=1
# not revoked # not revoked
count=`grep -c "REVOKE" rndc.out.$n` count=`grep -c "REVOKE" rndc.out.$n`
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment