Commit dbb225d8 authored by Evan Hunt's avatar Evan Hunt
Browse files

migrate tests from bin/tests/dnssec-signzone to bin/tests/system/dnssec

- added tests to the dnssec system test that duplicate the ones
  from bin/tests/dnssec-signzone
- changed cleanall.sh so it doesn't automatically remove all
  key files, because there are now some of those that are part of the
  distribution

(cherry picked from commit ccfe778c)
(cherry picked from commit d8f8eee3)
parent e0621096
#!/bin/sh
#
# Copyright (C) 2009, 2012, 2016 Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
# $Id: run-test.sh,v 1.3 2009/06/04 02:56:47 tbox Exp $
sign="../../dnssec/dnssec-signzone -f signed.zone -o example.com."
signit() {
rm -f signed.zone
grep '^;' $zone
$sign $zone
}
expect_success() {
if ! test -f signed.zone ; then
echo "Error: expected success, but sign failed for $zone."
else
echo "Success: Sign succeeded for $zone."
fi
}
expect_failure() {
if test -f signed.zone ; then
echo "Error: expected failure, but sign succeeded for $zone."
else
echo "Success: Sign failed (expected) for $zone"
fi
}
zone="test1.zone" ; signit ; expect_success
zone="test2.zone" ; signit ; expect_failure
zone="test3.zone" ; signit ; expect_failure
zone="test4.zone" ; signit ; expect_success
zone="test5.zone" ; signit ; expect_failure
zone="test6.zone" ; signit ; expect_failure
zone="test7.zone" ; signit ; expect_failure
zone="test8.zone" ; signit ; expect_failure
......@@ -15,7 +15,7 @@ SYSTEMTESTTOP=.
find . -type f \( \
-name 'K*' -o -name '*~' -o -name 'core' -o -name '*.core' \
-name '*~' -o -name 'core' -o -name '*.core' \
-o -name '*.log' -o -name '*.pid' -o -name '*.keyset' \
-o -name named.run -o -name lwresd.run -o -name ans.run \
-o -name '*-valgrind-*.log' \) -print | xargs rm -f
......
......@@ -84,6 +84,9 @@ rm -f signer/example.db.after signer/example.db.before
rm -f signer/example.db.changed
rm -f signer/nsec3param.out
rm -f signer/signer.out.*
rm -f signer/general/signed.zone
rm -f signer/general/signer.out.*
rm -f signer/general/dsset*
rm -f signing.out*
rm -f signer/*.signed.pre*
rm -f signer/*.signed.post*
;
; This is a zone which has three DNSKEY records, two (KSK + ZSK) of
; which have existing private key files available. The third is a
; which have existing private key files available. The third is a
; pre-published ZSK.
;
$TTL 3600
......
;
; This is a zone which has two DNSKEY records, none of which have
; This is a zone which has two DNSKEY records, none of which have
; existing private key files available. The resulting zone should fail
; the consistancy tests.
;
......
......@@ -1270,6 +1270,103 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i "basic dnssec-signzone checks:"
echo_i " two DNSKEYs ($n)"
ret=0
(
cd signer/general
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test1.zone > signer.out.$n 2>&1
test -f signed.zone
) || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i " one non-KSK DNSKEY ($n)"
ret=0
(
cd signer/general
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test2.zone > signer.out.$n 2>&1
test -f signed.zone
) && ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i " one KSK DNSKEY ($n)"
ret=0
(
cd signer/general
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test3.zone > signer.out.$n 2>&1
test -f signed.zone
) && ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i " three DNSKEY ($n)"
ret=0
(
cd signer/general
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test4.zone > signer.out.$n 2>&1
test -f signed.zone
) || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i " three DNSKEY, one private key missing ($n)"
ret=0
(
cd signer/general
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test5.zone > signer.out.$n 2>&1
test -f signed.zone
) || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i " four DNSKEY ($n)"
ret=0
(
cd signer/general
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test6.zone > signer.out.$n 2>&1
test -f signed.zone
) || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i " two DNSKEY, both private keys missing ($n)"
ret=0
(
cd signer/general
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test7.zone > signer.out.$n 2>&1
test -f signed.zone
) && ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i " two DNSKEY, one private key missing ($n)"
ret=0
(
cd signer/general
rm -f signed.zone
$SIGNER -f signed.zone -o example.com. test8.zone > signer.out.$n 2>&1
test -f signed.zone
) && ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i "checking that we can sign a zone with out-of-zone records ($n)"
ret=0
zone=example
......
......@@ -517,21 +517,6 @@
./bin/tests/db/win32/t_db.vcxproj.in X 2013,2015,2016,2017
./bin/tests/db/win32/t_db.vcxproj.user X 2013
./bin/tests/db_test.c C 1999,2000,2001,2004,2005,2007,2008,2009,2011,2012,2013,2015,2016,2017
./bin/tests/dnssec-signzone/Kexample.com.+005+07065.key X 2009
./bin/tests/dnssec-signzone/Kexample.com.+005+07065.private X 2009
./bin/tests/dnssec-signzone/Kexample.com.+005+23362.key X 2009
./bin/tests/dnssec-signzone/Kexample.com.+005+23362.private X 2009
./bin/tests/dnssec-signzone/bogus-ksk.key X 2009
./bin/tests/dnssec-signzone/bogus-zsk.key X 2009
./bin/tests/dnssec-signzone/run-test.sh SH 2009,2012,2016
./bin/tests/dnssec-signzone/test1.zone X 2009
./bin/tests/dnssec-signzone/test2.zone X 2009
./bin/tests/dnssec-signzone/test3.zone X 2009
./bin/tests/dnssec-signzone/test4.zone X 2009
./bin/tests/dnssec-signzone/test5.zone X 2009
./bin/tests/dnssec-signzone/test6.zone X 2009
./bin/tests/dnssec-signzone/test7.zone X 2009
./bin/tests/dnssec-signzone/test8.zone X 2009
./bin/tests/dst/.gitignore X 2012,2013
./bin/tests/dst/Kdh.+002+18602.key.in X 2001,2013
./bin/tests/dst/Kdh.+002+18602.private.in X 2001,2013
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment