Commit a160feca authored by Ondřej Surý's avatar Ondřej Surý Committed by Evan Hunt

Replace RSAMD5 keys with keys using DEFAULT_ALGORITHM variable from conf.sh

parent c0eb02d4
......@@ -27,7 +27,7 @@ cp ../ns2/dsset-in-addr.arpa$TP .
grep "8 [12] " ../ns2/dsset-algroll$TP > dsset-algroll$TP
cp ../ns6/dsset-optout-tld$TP .
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key > $zonefile
......
......@@ -102,7 +102,7 @@ privzone=private.secure.example.
privinfile=private.secure.example.db.in
privzonefile=private.secure.example.db
privkeyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $privzone`
privkeyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $privzone`
cat $privinfile $privkeyname.key >$privzonefile
......@@ -116,7 +116,7 @@ dlvinfile=dlv.db.in
dlvzonefile=dlv.db
dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP
dlvkeyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $dlvzone`
dlvkeyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $dlvzone`
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
......
......@@ -18,7 +18,7 @@ zonefile=secure.example.db
cnameandkey=`$KEYGEN -T KEY -q -a RSASHA1 -b 1024 -n host cnameandkey.$zone`
dnameandkey=`$KEYGEN -T KEY -q -a RSASHA1 -b 1024 -n host dnameandkey.$zone`
keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $cnameandkey.key $dnameandkey.key $keyname.key >$zonefile
......@@ -28,7 +28,7 @@ zone=bogus.example.
infile=bogus.example.db.in
zonefile=bogus.example.db
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -38,8 +38,8 @@ zone=dynamic.example.
infile=dynamic.example.db.in
zonefile=dynamic.example.db
keyname1=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
keyname2=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone -f KSK $zone`
keyname1=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
keyname2=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone -f KSK $zone`
cat $infile $keyname1.key $keyname2.key >$zonefile
......@@ -49,7 +49,7 @@ zone=keyless.example.
infile=generic.example.db.in
zonefile=keyless.example.db
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -69,7 +69,7 @@ zone=secure.nsec3.example.
infile=secure.nsec3.example.db.in
zonefile=secure.nsec3.example.db
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -82,7 +82,7 @@ zone=nsec3.nsec3.example.
infile=nsec3.nsec3.example.db.in
zonefile=nsec3.nsec3.example.db
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -95,7 +95,7 @@ zone=optout.nsec3.example.
infile=optout.nsec3.example.db.in
zonefile=optout.nsec3.example.db
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -108,7 +108,7 @@ zone=nsec3.example.
infile=nsec3.example.db.in
zonefile=nsec3.example.db
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -121,7 +121,7 @@ zone=secure.optout.example.
infile=secure.optout.example.db.in
zonefile=secure.optout.example.db
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -134,7 +134,7 @@ zone=nsec3.optout.example.
infile=nsec3.optout.example.db.in
zonefile=nsec3.optout.example.db
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -147,7 +147,7 @@ zone=optout.optout.example.
infile=optout.optout.example.db.in
zonefile=optout.optout.example.db
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -160,7 +160,7 @@ zone=optout.example.
infile=optout.example.db.in
zonefile=optout.example.db
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -173,7 +173,7 @@ zone=nsec3-unknown.example.
infile=nsec3-unknown.example.db.in
zonefile=nsec3-unknown.example.db
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -186,7 +186,7 @@ zone=optout-unknown.example.
infile=optout-unknown.example.db.in
zonefile=optout-unknown.example.db
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -200,7 +200,7 @@ zone=dnskey-unknown.example.
infile=dnskey-unknown.example.db.in
zonefile=dnskey-unknown.example.db
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -219,7 +219,7 @@ zone=dnskey-nsec3-unknown.example.
infile=dnskey-nsec3-unknown.example.db.in
zonefile=dnskey-nsec3-unknown.example.db
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -237,7 +237,7 @@ zone=multiple.example.
infile=multiple.example.db.in
zonefile=multiple.example.db
keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......@@ -400,7 +400,7 @@ echo '$INCLUDE "'"$signedfile"'"' >> $zonefile
: > $signedfile
$SIGNER -P -S -D -o $zone $zonefile > /dev/null 2>&1
#
#
# Zone with signatures about to expire, but no private key to replace them
#
zone="expiring.example."
......@@ -498,7 +498,7 @@ zone=badds.example.
infile=bogus.example.db.in
zonefile=badds.example.db
keyname=`$KEYGEN -q -a RSAMD5 -b 1024 -n zone $zone`
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
cat $infile $keyname.key >$zonefile
......
......@@ -1677,7 +1677,7 @@ ret=0
$RNDCCMD 10.53.0.4 secroots 2>&1 | sed 's/^/ns4 /' | cat_i
keyid=`cat ns1/managed.key.id`
cp ns4/named.secroots named.secroots.test$n
linecount=`grep "./RSAMD5/$keyid ; trusted" named.secroots.test$n | wc -l`
linecount=`grep "./${DEFAULT_ALGORITHM}/$keyid ; trusted" named.secroots.test$n | wc -l`
[ "$linecount" -eq 1 ] || ret=1
linecount=`cat named.secroots.test$n | wc -l`
[ "$linecount" -eq 10 ] || ret=1
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment