Commit ca7cadfa authored by Ondřej Surý's avatar Ondřej Surý

dnssec system test: Remove RSAMD5 usage and make script shellcheck compliant

parent a160feca
......@@ -9,93 +9,93 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
rm -f */K* */keyset-* */dsset-* */dlvset-* */signedkey-* */*.signed
rm -f */example.bk
rm -f */named.conf
rm -f */named.memstats
rm -f */named.run
rm -f */named.secroots
rm -f */tmp* */*.jnl */*.bk */*.jbk
rm -f */trusted.conf */managed.conf */revoked.conf
rm -f Kexample.*
rm -f canonical?.*
rm -f delv.out*
rm -f delve.out*
rm -f dig.out.*
rm -f dsfromkey.out.*
rm -f keygen.err
rm -f named.secroots.test*
rm -f nosign.before
rm -f ns*/*.nta
rm -f ns*/managed-keys.bind* ns*/*.mkeys*
rm -f ns*/named.lock
rm -f ns1/managed.key.id
rm -f ns1/root.db ns2/example.db ns3/secure.example.db
rm -f ns2/algroll.db
rm -f ns2/badparam.db ns2/badparam.db.bad
rm -f ns2/cdnskey-kskonly.secure.db
rm -f ns2/cdnskey-update.secure.db
rm -f ns2/cdnskey-x.secure.db
rm -f ns2/cdnskey.secure.db
rm -f ns2/cds-auto.secure.db ns2/cds-auto.secure.db.jnl
rm -f ns2/cds-kskonly.secure.db
rm -f ns2/cds-update.secure.db ns2/cds-update.secure.db.jnl
rm -f ns2/cds.secure.db ns2/cds-x.secure.db
rm -f ns2/dlv.db
rm -f ns2/in-addr.arpa.db
rm -f ns2/nsec3chain-test.db
rm -f ns2/private.secure.example.db
rm -f ns2/single-nsec3.db
rm -f ns3/auto-nsec.example.db ns3/auto-nsec3.example.db
rm -f ns3/badds.example.db
rm -f ns3/dname-at-apex-nsec3.example.db
rm -f ns3/dnskey-nsec3-unknown.example.db
rm -f ns3/dnskey-nsec3-unknown.example.db.tmp
rm -f ns3/dnskey-unknown.example.db
rm -f ns3/dnskey-unknown.example.db.tmp
rm -f ns3/dynamic.example.db ns3/dynamic.example.db.signed.jnl
rm -f ns3/expired.example.db ns3/update-nsec3.example.db
rm -f ns3/expiring.example.db ns3/nosign.example.db
rm -f ns3/future.example.db ns3/trusted-future.key
rm -f ns3/inline.example.db.signed
rm -f ns3/kskonly.example.db
rm -f ns3/lower.example.db ns3/upper.example.db ns3/upper.example.db.lower
rm -f ns3/managed-future.example.db
rm -f ns3/multiple.example.db ns3/nsec3-unknown.example.db ns3/nsec3.example.db
rm -f ns3/nsec3.nsec3.example.db
rm -f ns3/nsec3.optout.example.db
rm -f ns3/optout-unknown.example.db ns3/optout.example.db
rm -f ns3/optout.nsec3.example.db
rm -f ns3/optout.optout.example.db
rm -f ns3/publish-inactive.example.db
rm -f ns3/revkey.example.db
rm -f ns3/rsasha256.example.db ns3/rsasha512.example.db
rm -f ns3/secure.below-cname.example.db
rm -f ns3/secure.nsec3.example.db
rm -f ns3/secure.optout.example.db
rm -f ns3/siginterval.conf
rm -f ns3/siginterval.example.db
rm -f ns3/split-dnssec.example.db
rm -f ns3/split-smart.example.db
rm -f ns3/ttlpatch.example.db ns3/ttlpatch.example.db.signed
rm -f ns3/ttlpatch.example.db.patched
rm -f ns3/unsecure.example.db ns3/bogus.example.db ns3/keyless.example.db
rm -f ns4/managed-keys.bind*
rm -f ns4/named_dump.db
rm -f ns6/optout-tld.db
rm -f ns7/multiple.example.bk ns7/nsec3.example.bk ns7/optout.example.bk
rm -f ns7/split-rrsig.db ns7/split-rrsig.db.unsplit
rm -f nsupdate.out*
rm -f python.out.*
rm -f rndc.out.*
rm -f signer/*.db
rm -f signer/*.signed.post*
rm -f signer/*.signed.pre*
rm -f signer/example.db.after signer/example.db.before
rm -f signer/example.db.changed
rm -f signer/general/dsset*
rm -f signer/general/signed.zone
rm -f signer/general/signer.out.*
rm -f signer/nsec3param.out
rm -f signer/signer.out.*
rm -f signing.out*
rm -f ./*/K* ./*/keyset-* ./*/dsset-* ./*/dlvset-* ./*/signedkey-* ./*/*.signed
rm -f ./*/example.bk
rm -f ./*/named.conf
rm -f ./*/named.memstats
rm -f ./*/named.run
rm -f ./*/named.secroots
rm -f ./*/tmp* ./*/*.jnl ./*/*.bk ./*/*.jbk
rm -f ./*/trusted.conf ./*/managed.conf ./*/revoked.conf
rm -f ./Kexample.*
rm -f ./canonical?.*
rm -f ./delv.out*
rm -f ./delve.out*
rm -f ./dig.out.*
rm -f ./dsfromkey.out.*
rm -f ./keygen.err
rm -f ./named.secroots.test*
rm -f ./nosign.before
rm -f ./ns*/*.nta
rm -f ./ns*/managed-keys.bind* ./ns*/*.mkeys*
rm -f ./ns*/named.lock
rm -f ./ns1/managed.key.id
rm -f ./ns1/root.db ./ns2/example.db ./ns3/secure.example.db
rm -f ./ns2/algroll.db
rm -f ./ns2/badparam.db ./ns2/badparam.db.bad
rm -f ./ns2/cdnskey-kskonly.secure.db
rm -f ./ns2/cdnskey-update.secure.db
rm -f ./ns2/cdnskey-x.secure.db
rm -f ./ns2/cdnskey.secure.db
rm -f ./ns2/cds-auto.secure.db ./ns2/cds-auto.secure.db.jnl
rm -f ./ns2/cds-kskonly.secure.db
rm -f ./ns2/cds-update.secure.db ./ns2/cds-update.secure.db.jnl
rm -f ./ns2/cds.secure.db ./ns2/cds-x.secure.db
rm -f ./ns2/dlv.db
rm -f ./ns2/in-addr.arpa.db
rm -f ./ns2/nsec3chain-test.db
rm -f ./ns2/private.secure.example.db
rm -f ./ns2/single-nsec3.db
rm -f ./ns3/auto-nsec.example.db ./ns3/auto-nsec3.example.db
rm -f ./ns3/badds.example.db
rm -f ./ns3/dname-at-apex-nsec3.example.db
rm -f ./ns3/dnskey-nsec3-unknown.example.db
rm -f ./ns3/dnskey-nsec3-unknown.example.db.tmp
rm -f ./ns3/dnskey-unknown.example.db
rm -f ./ns3/dnskey-unknown.example.db.tmp
rm -f ./ns3/dynamic.example.db ./ns3/dynamic.example.db.signed.jnl
rm -f ./ns3/expired.example.db ./ns3/update-nsec3.example.db
rm -f ./ns3/expiring.example.db ./ns3/nosign.example.db
rm -f ./ns3/future.example.db ./ns3/trusted-future.key
rm -f ./ns3/inline.example.db.signed
rm -f ./ns3/kskonly.example.db
rm -f ./ns3/lower.example.db ./ns3/upper.example.db ./ns3/upper.example.db.lower
rm -f ./ns3/managed-future.example.db
rm -f ./ns3/multiple.example.db ./ns3/nsec3-unknown.example.db ./ns3/nsec3.example.db
rm -f ./ns3/nsec3.nsec3.example.db
rm -f ./ns3/nsec3.optout.example.db
rm -f ./ns3/optout-unknown.example.db ./ns3/optout.example.db
rm -f ./ns3/optout.nsec3.example.db
rm -f ./ns3/optout.optout.example.db
rm -f ./ns3/publish-inactive.example.db
rm -f ./ns3/revkey.example.db
rm -f ./ns3/rsasha256.example.db ./ns3/rsasha512.example.db
rm -f ./ns3/secure.below-cname.example.db
rm -f ./ns3/secure.nsec3.example.db
rm -f ./ns3/secure.optout.example.db
rm -f ./ns3/siginterval.conf
rm -f ./ns3/siginterval.example.db
rm -f ./ns3/split-dnssec.example.db
rm -f ./ns3/split-smart.example.db
rm -f ./ns3/ttlpatch.example.db ./ns3/ttlpatch.example.db.signed
rm -f ./ns3/ttlpatch.example.db.patched
rm -f ./ns3/unsecure.example.db ./ns3/bogus.example.db ./ns3/keyless.example.db
rm -f ./ns4/managed-keys.bind*
rm -f ./ns4/named_dump.db
rm -f ./ns6/optout-tld.db
rm -f ./ns7/multiple.example.bk ./ns7/nsec3.example.bk ./ns7/optout.example.bk
rm -f ./ns7/split-rrsig.db ./ns7/split-rrsig.db.unsplit
rm -f ./nsupdate.out*
rm -f ./python.out.*
rm -f ./rndc.out.*
rm -f ./signer/*.db
rm -f ./signer/*.signed.post*
rm -f ./signer/*.signed.pre*
rm -f ./signer/example.db.after ./signer/example.db.before
rm -f ./signer/example.db.changed
rm -f ./signer/general/dsset*
rm -f ./signer/general/signed.zone
rm -f ./signer/general/signer.out.*
rm -f ./signer/nsec3param.out
rm -f ./signer/signer.out.*
rm -f ./signing.out*
......@@ -9,8 +9,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
zone=.
infile=root.db.in
......@@ -20,21 +20,21 @@ zonefile=root.db
(cd ../ns6 && $SHELL sign.sh )
(cd ../ns7 && $SHELL sign.sh )
cp ../ns2/dsset-example$TP .
cp ../ns2/dsset-dlv$TP .
cp ../ns2/dsset-in-addr.arpa$TP .
cp "../ns2/dsset-example$TP" .
cp "../ns2/dsset-dlv$TP" .
cp "../ns2/dsset-in-addr.arpa$TP" .
grep "8 [12] " ../ns2/dsset-algroll$TP > dsset-algroll$TP
cp ../ns6/dsset-optout-tld$TP .
grep "$DEFAULT_ALGORITHM_NUMBER [12] " "../ns2/dsset-algroll$TP" > "dsset-algroll$TP"
cp "../ns6/dsset-optout-tld$TP" .
keyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $zone`
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat $infile $keyname.key > $zonefile
cat "$infile" "$keyname.key" > "$zonefile"
$SIGNER -P -g -o $zone $zonefile > /dev/null
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
# Configure the resolving server with a trusted key.
keyfile_to_trusted_keys $keyname > trusted.conf
keyfile_to_trusted_keys "$keyname" > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
......@@ -42,12 +42,11 @@ cp trusted.conf ../ns6/trusted.conf
cp trusted.conf ../ns7/trusted.conf
# ...or with a managed key.
keyfile_to_managed_keys $keyname > managed.conf
keyfile_to_managed_keys "$keyname" > managed.conf
cp managed.conf ../ns4/managed.conf
#
# Save keyid for managed key id test.
#
keyid=`expr $keyname : 'K.+001+\(.*\)'`
keyid=`expr $keyid + 0`
echo "$keyid" > managed.key.id
echo "$keyname" | sed -e 's/.*[+]//' -e 's/^0*//' > managed.key.id
......@@ -9,8 +9,8 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
zone=example.
infile=example.db.in
......@@ -27,21 +27,23 @@ for subdomain in secure badds bogus dynamic keyless nsec3 optout \
dnskey-unknown dnskey-nsec3-unknown managed-future revkey \
dname-at-apex-nsec3
do
cp ../ns3/dsset-$subdomain.example$TP .
cp "../ns3/dsset-$subdomain.example$TP" .
done
keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
keyname1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone -f KSK "$zone")
keyname2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone "$zone")
cat $infile $keyname1.key $keyname2.key >$zonefile
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
#
# lower/uppercase the signature bits with the exception of the last characters
# changing the last 4 characters will lead to a bad base64 encoding.
#
$CHECKZONE -D -q -i local $zone $zonefile.signed |
zonefiletmp=$(mktemp "$zonefile.XXXXXX") || exit 1
"$CHECKZONE" -D -q -i local "$zone" "$zonefile.signed" |
awk '
tolower($1) == "bad-cname.example." && $4 == "RRSIG" && $5 == "CNAME" {
for (i = 1; i <= NF; i++ ) {
......@@ -81,7 +83,7 @@ tolower($1) == "bad-dname.example." && $4 == "RRSIG" && $5 == "DNAME" {
next;
}
{ print; }' > $zonefile.signed++ && mv $zonefile.signed++ $zonefile.signed
{ print; }' > "$zonefiletmp" && mv "$zonefiletmp" "$zonefile.signed"
#
# signed in-addr.arpa w/ a delegation for 10.in-addr.arpa which is unsigned.
......@@ -90,11 +92,11 @@ zone=in-addr.arpa.
infile=in-addr.arpa.db.in
zonefile=in-addr.arpa.db
keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat $infile $keyname1.key $keyname2.key >$zonefile
$SIGNER -P -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
# Sign the privately secure file
......@@ -102,25 +104,24 @@ privzone=private.secure.example.
privinfile=private.secure.example.db.in
privzonefile=private.secure.example.db
privkeyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $privzone`
privkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$privzone")
cat $privinfile $privkeyname.key >$privzonefile
cat "$privinfile" "$privkeyname.key" > "$privzonefile"
$SIGNER -P -g -o $privzone -l dlv $privzonefile > /dev/null
"$SIGNER" -P -g -o "$privzone" -l dlv "$privzonefile" > /dev/null
# Sign the DLV secure zone.
dlvzone=dlv.
dlvinfile=dlv.db.in
dlvzonefile=dlv.db
dlvsetfile=dlvset-`echo $privzone |sed -e "s/\.$//g"`$TP
dlvsetfile="dlvset-$(echo "$privzone" |sed -e "s/\\.$//g")$TP"
dlvkeyname=`$KEYGEN -q -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -n zone $dlvzone`
dlvkeyname=$("$KEYGEN" -q -a "${DEFAULT_ALGORITHM}" -b "${DEFAULT_BITS}" -n zone "$dlvzone")
cat $dlvinfile $dlvkeyname.key $dlvsetfile > $dlvzonefile
cat "$dlvinfile" "$dlvkeyname.key" "$dlvsetfile" > "$dlvzonefile"
$SIGNER -P -g -o $dlvzone $dlvzonefile > /dev/null
"$SIGNER" -P -g -o "$dlvzone" "$dlvzonefile" > /dev/null
# Sign the badparam secure file
......@@ -128,14 +129,14 @@ zone=badparam.
infile=badparam.db.in
zonefile=badparam.db
keyname1=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone -f KSK $zone`
keyname2=`$KEYGEN -q -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n zone $zone`
keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat $infile $keyname1.key $keyname2.key >$zonefile
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
$SIGNER -P -3 - -H 1 -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
"$SIGNER" -P -3 - -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
sed 's/IN NSEC3 1 0 1 /IN NSEC3 1 0 10 /' $zonefile.signed > $zonefile.bad
sed -e 's/IN NSEC3 1 0 1 /IN NSEC3 1 0 10 /' "$zonefile.signed" > "$zonefile.bad"
# Sign the single-nsec3 secure zone with optout
......@@ -143,12 +144,12 @@ zone=single-nsec3.
infile=single-nsec3.db.in
zonefile=single-nsec3.db
keyname1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone`
keyname2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
keyname1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
keyname2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat $infile $keyname1.key $keyname2.key >$zonefile
cat "$infile" "$keyname1.key" "$keyname2.key" > "$zonefile"
$SIGNER -P -3 - -A -H 1 -g -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$keyname1" "$zonefile" "$keyname2" > /dev/null
#
# algroll has just has the old DNSKEY records removed and is waiting
......@@ -159,14 +160,14 @@ zone=algroll.
infile=algroll.db.in
zonefile=algroll.db
keyold1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
keyold2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
keynew1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -fk $zone`
keynew2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
keyold1=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone -f KSK "$zone")
keyold2=$("$KEYGEN" -q -a "$ALTERNATIVE_ALGORITHM" -b "$ALTERNATIVE_BITS" -n zone "$zone")
keynew1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
keynew2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat $infile $keynew1.key $keynew2.key >$zonefile
cat "$infile" "$keynew1.key" "$keynew2.key" > "$zonefile"
$SIGNER -P -o $zone -k $keyold1 -k $keynew1 $zonefile $keyold1 $keyold2 $keynew1 $keynew2 > /dev/null
"$SIGNER" -P -o "$zone" -k "$keyold1" -k "$keynew1" "$zonefile" "$keyold1" "$keyold2" "$keynew1" "$keynew2" > /dev/null
#
# Make a zone big enough that it takes several seconds to generate a new
......@@ -174,103 +175,104 @@ $SIGNER -P -o $zone -k $keyold1 -k $keynew1 $zonefile $keyold1 $keyold2 $keynew1
#
zone=nsec3chain-test
zonefile=nsec3chain-test.db
cat > $zonefile << 'EOF'
$TTL 10
cat > "$zonefile" << EOF
\$TTL 10
@ 10 SOA ns2 hostmaster 0 3600 1200 864000 1200
@ 10 NS ns2
@ 10 NS ns3
ns2 10 A 10.53.0.2
ns3 10 A 10.53.0.3
EOF
awk 'END { for (i = 0; i < 300; i++)
print "host" i, 10, "NS", "ns.elsewhere"; }' < /dev/null >> $zonefile
key1=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -fk $zone`
key2=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone`
cat $key1.key $key2.key >> $zonefile
$SIGNER -P -3 - -A -H 1 -g -o $zone -k $key1 $zonefile $key2 > /dev/null
for i in $(seq 300); do
echo "host$i 10 IN NS ns.elsewhere"
done >> "$zonefile"
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$key1.key" "$key2.key" >> "$zonefile"
"$SIGNER" -P -3 - -A -H 1 -g -o "$zone" -k "$key1" "$zonefile" "$key2" > /dev/null
zone=cds.secure
infile=cds.secure.db.in
zonefile=cds.secure.db
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
$DSFROMKEY -C $key1.key > $key1.cds
cat $infile $key1.key $key2.key $key1.cds >$zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
"$DSFROMKEY" -C "$key1.key" > "$key1.cds"
cat "$infile" "$key1.key" "$key2.key" "$key1.cds" >$zonefile
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
zone=cds-x.secure
infile=cds.secure.db.in
zonefile=cds-x.secure.db
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
key3=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
$DSFROMKEY -C $key2.key > $key2.cds
cat $infile $key1.key $key3.key $key2.cds >$zonefile
$SIGNER -P -g -x -o $zone $zonefile > /dev/null
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
"$DSFROMKEY" -C "$key2.key" > "$key2.cds"
cat "$infile" "$key1.key" "$key3.key" "$key2.cds" > "$zonefile"
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null
zone=cds-update.secure
infile=cds-update.secure.db.in
zonefile=cds-update.secure.db
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
zone=cds-kskonly.secure
infile=cds-kskonly.secure.db.in
zonefile=cds-kskonly.secure.db
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
zone=cds-auto.secure
infile=cds-auto.secure.db.in
zonefile=cds-auto.secure.db
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
$DSFROMKEY -C $key1.key > $key1.cds
cat $infile $key1.cds > $zonefile.signed
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
"$DSFROMKEY" -C "$key1.key" > "$key1.cds"
cat "$infile" "$key1.cds" > "$zonefile.signed"
zone=cdnskey.secure
infile=cdnskey.secure.db.in
zonefile=cdnskey.secure.db
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
sed 's/DNSKEY/CDNSKEY/' $key1.key > $key1.cds
cat $infile $key1.key $key2.key $key1.cds >$zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
cat "$infile" "$key1.key" "$key2.key" "$key1.cds" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
zone=cdnskey-x.secure
infile=cdnskey.secure.db.in
zonefile=cdnskey-x.secure.db
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
key3=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
sed 's/DNSKEY/CDNSKEY/' $key1.key > $key1.cds
cat $infile $key2.key $key3.key $key1.cds >$zonefile
$SIGNER -P -g -x -o $zone $zonefile > /dev/null
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key3=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
cat "$infile" "$key2.key" "$key3.key" "$key1.cds" > "$zonefile"
"$SIGNER" -P -g -x -o "$zone" "$zonefile" > /dev/null
zone=cdnskey-update.secure
infile=cdnskey-update.secure.db.in
zonefile=cdnskey-update.secure.db
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
zone=cdnskey-kskonly.secure
infile=cdnskey-kskonly.secure.db.in
zonefile=cdnskey-kskonly.secure.db
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -o $zone $zonefile > /dev/null
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
cat "$infile" "$key1.key" "$key2.key" > "$zonefile"
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null
zone=cdnskey-auto.secure
infile=cdnskey-auto.secure.db.in
zonefile=cdnskey-auto.secure.db
key1=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -fk $zone`
key2=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone`
sed 's/DNSKEY/CDNSKEY/' $key1.key > $key1.cds
cat $infile $key1.cds > $zonefile.signed
key1=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone -f KSK "$zone")
key2=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone "$zone")
sed 's/DNSKEY/CDNSKEY/' "$key1.key" > "$key1.cds"
cat "$infile" "$key1.cds" > "$zonefile.signed"
This diff is collapsed.
......@@ -9,21 +9,25 @@
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
# shellcheck source=conf.sh
. "$SYSTEMTESTTOP/conf.sh"
zone=.
infile=../ns1/root.db.in