Add inline test related to unsupported algorithms

924fdad0 · Matthijs Mekking · dfcf9bb0 · 924fdad0 · 924fdad0 · 924fdad0
Commit 924fdad0 authored Jan 14, 2019 by Matthijs Mekking 🏡
--- a/bin/tests/system/inline/ns3/named.conf.in
+++ b/bin/tests/system/inline/ns3/named.conf.in
@@ -168,3 +168,10 @@ zone "removedkeys-secondary" {
 	auto-dnssec maintain;
 	file "removedkeys-secondary.bk";
 };
+
+zone "unsupported" {
+	type master;
+	file "unsupported.db";
+	inline-signing yes;
+	auto-dnssec maintain;
+};
--- a/bin/tests/system/inline/ns3/sign.sh
+++ b/bin/tests/system/inline/ns3/sign.sh
@@ -12,6 +12,11 @@
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh

+# Fake an unsupported key
+unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone unsupported)
+awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${unsupportedkey}.key > ${unsupportedkey}.tmp
+mv ${unsupportedkey}.tmp ${unsupportedkey}.key
+
 zone=bits
 rm -f K${zone}.+*+*.key
 rm -f K${zone}.+*+*.private

--- a/bin/tests/system/inline/setup.sh
+++ b/bin/tests/system/inline/setup.sh
@@ -27,6 +27,7 @@ cp ns2/bits.db.in ns2/retransfer3.db
 cp ns3/master.db.in ns3/master.db
 cp ns3/master.db.in ns3/dynamic.db
 cp ns3/master.db.in ns3/updated.db
+cp ns3/master.db.in ns3/unsupported.db
 cp ns3/master.db.in ns3/expired.db
 cp ns3/master.db.in ns3/nsec3.db
 cp ns3/master.db.in ns3/externalkey.db

--- a/bin/tests/system/inline/tests.sh
+++ b/bin/tests/system/inline/tests.sh
@@ -27,6 +27,13 @@ do
 	sleep 1
 done

+n=`expr $n + 1`
+echo_i "checking that an unsupported algorithm is not used for signing ($n)"
+ret=0
+grep -q "algorithm is unsupported" ns3/named.run || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 n=`expr $n + 1`
 echo_i "checking that rrsigs are replaced with ksk only ($n)"
 ret=0