2841. [func] Added "smartsign" and improved "autosign" and

			"dnssec" regression tests. [RT #20865]

CHANGES

+2841.	[func]		Added "smartsign" and improved "autosign" and
+			"dnssec" regression tests. [RT #20865]
+
 2840.	[bug]		Change 2836 was not complete. [RT #20883]
 
 2839.	[bug]		Temporary fixed pkcs11-destroy usage check.

bin/tests/system/autosign/clean.sh

@@ -14,24 +14,31 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
+# $Id: clean.sh,v 1.4 2010/01/18 19:19:30 each Exp $
 
 rm -f */K* */dsset-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk
-rm -f inact.key del.key unpub.key standby.key rev.key
-rm -f ns1/root.db ns2/example.db ns3/secure.example.db
-rm -f ns3/rsasha256.example.db ns3/rsasha512.example.db
-rm -f ns2/private.secure.example.db
+rm -f active.key inact.key del.key unpub.key standby.key rev.key
+rm -f nopriv.key vanishing.key
+rm -f nsupdate.out
 rm -f */core
 rm -f */example.bk
+rm -f */named.memstats
 rm -f dig.out.*
 rm -f random.data
-rm -f ns2/dlv.db
-rm -f ns3/multiple.example.db ns3/nsec3-unknown.example.db ns3/nsec3.example.db
-rm -f ns3/optout-unknown.example.db ns3/optout.example.db
-rm -f */named.memstats
+rm -f ns1/root.db
+rm -f ns2/example.db
+rm -f ns2/private.secure.example.db ns2/bar.db
+rm -f ns3/nsec.example.db
+rm -f ns3/nsec3.example.db
 rm -f ns3/nsec3.nsec3.example.db
 rm -f ns3/nsec3.optout.example.db
+rm -f ns3/nsec3-to-nsec.example.db
+rm -f ns3/oldsigs.example.db
+rm -f ns3/optout.example.db
 rm -f ns3/optout.nsec3.example.db
 rm -f ns3/optout.optout.example.db
+rm -f ns3/rsasha256.example.db ns3/rsasha512.example.db
+rm -f ns3/secure.example.db
 rm -f ns3/secure.nsec3.example.db
 rm -f ns3/secure.optout.example.db
+rm -f ns3/secure-to-insecure.example.db

bin/tests/system/autosign/ns1/keygen.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: keygen.sh,v 1.4 2009/12/19 17:30:31 each Exp $
+# $Id: keygen.sh,v 1.5 2010/01/18 19:19:30 each Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -29,11 +29,14 @@ infile=root.db.in
 
 cat $infile ../ns2/dsset-example. > $zonefile
 
-$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null
+zskact=`$KEYGEN -3 -q -r $RANDFILE $zone`
+zskvanish=`$KEYGEN -3 -q -r $RANDFILE $zone`
 zskdel=`$KEYGEN -3 -q -r $RANDFILE -D now $zone`
 zskinact=`$KEYGEN -3 -q -r $RANDFILE -I now $zone`
 zskunpub=`$KEYGEN -3 -q -r $RANDFILE -G $zone`
 zsksby=`$KEYGEN -3 -q -r $RANDFILE -A none $zone`
+zsknopriv=`$KEYGEN -3 -q -r $RANDFILE $zone`
+rm $zsknopriv.private
 
 ksksby=`$KEYGEN -3 -q -r $RANDFILE -P now -A now+15s -fk $zone`
 kskrev=`$KEYGEN -3 -q -r $RANDFILE -R now+15s -fk $zone`
@@ -62,8 +65,11 @@ EOF
 ' > trusted.conf
 cp trusted.conf ../ns5/trusted.conf
 
+echo $zskact > ../active.key
+echo $zskvanish > ../vanishing.key
 echo $zskdel > ../del.key
 echo $zskinact > ../inact.key
 echo $zskunpub > ../unpub.key
+echo $zsknopriv > ../nopriv.key
 echo $zsksby > ../standby.key
 echo $kskrev > ../rev.key

bin/tests/system/autosign/ns1/root.db.in

@@ -12,7 +12,7 @@
 ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 ; PERFORMANCE OF THIS SOFTWARE.
 
-; $Id: root.db.in,v 1.3 2009/11/30 23:48:02 tbox Exp $
+; $Id: root.db.in,v 1.4 2010/01/18 19:19:30 each Exp $
 
 $TTL 30
 . 			IN SOA	a.root.servers.nil. each.isc.org. (
@@ -26,4 +26,5 @@ $TTL 30
 a.root-servers.nil.	A	10.53.0.1
 
 example.		NS	ns2.example.
+bar.			NS	ns2.example.
 ns2.example.		A	10.53.0.2

bin/tests/system/autosign/ns2/bar.db.in

+; Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: bar.db.in,v 1.2 2010/01/18 19:19:31 each Exp $
+
+$TTL 300	; 5 minutes
+@			IN SOA	mname1. . (
+				2000042407 ; serial
+				20         ; refresh (20 seconds)
+				20         ; retry (20 seconds)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+			NS	ns2
+			NS	ns3
+ns2			A	10.53.0.2
+ns3			A	10.53.0.3
+
+a			A	10.0.0.1
+b			A	10.0.0.2
+d			A	10.0.0.4
+
+; Used for testing ANY queries
+foo			TXT	"testing"
+foo			A	10.0.1.0
+
+; Used for testing CNAME queries
+cname1			CNAME	cname1-target
+cname1-target		TXT	"testing cname"
+
+cname2			CNAME	cname2-target
+cname2-target		TXT	"testing cname"
+
+; Used for testing DNAME queries
+dname1			DNAME	dname1-target
+foo.dname1-target	TXT	"testing dname"
+
+dname2			DNAME	dname2-target
+foo.dname2-target	TXT	"testing dname"
+
+; A secure subdomain
+secure			NS	ns.secure
+ns.secure		A	10.53.0.3
+
+; An insecure subdomain
+insecure		NS	ns.insecure
+ns.insecure		A	10.53.0.3
+
+; A insecure subdomain
+mustbesecure		NS	ns.mustbesecure
+ns.mustbesecure		A	10.53.0.3
+
+z			A	10.0.0.26
+
+nsec3			NS	ns.nsec3
+ns.nsec3		A	10.53.0.3
+
+optout			NS	ns.optout
+ns.optout		A	10.53.0.3
+
+nsec3-unknown		NS	ns.nsec3-unknown
+ns.nsec3-unknown	A	10.53.0.3
+
+optout-unknown		NS	ns.optout-unknown
+ns.optout-unknown	A	10.53.0.3
+
+multiple		NS	ns.multiple
+ns.multiple		A	10.53.0.3
+
+rsasha256		NS	ns.rsasha256
+ns.rsasha256		A	10.53.0.3
+
+rsasha512		NS	ns.rsasha512
+ns.rsasha512		A	10.53.0.3

bin/tests/system/autosign/ns2/example.db.in

@@ -12,7 +12,7 @@
 ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 ; PERFORMANCE OF THIS SOFTWARE.
 
-; $Id: example.db.in,v 1.3 2009/11/30 23:48:02 tbox Exp $
+; $Id: example.db.in,v 1.4 2010/01/18 19:19:31 each Exp $
 
 $TTL 300	; 5 minutes
 @			IN SOA	mname1. . (
@@ -83,3 +83,9 @@ ns.rsasha256		A	10.53.0.3
 
 rsasha512		NS	ns.rsasha512
 ns.rsasha512		A	10.53.0.3
+
+nsec3-to-nsec		NS	ns.nsec3-to-nsec
+ns.nsec3-to-nsec	A	10.53.0.3
+
+oldsigs			NS	ns.oldsigs
+ns.oldsigs		A	10.53.0.3

bin/tests/system/autosign/ns2/keygen.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: keygen.sh,v 1.4 2009/12/19 17:30:31 each Exp $
+# $Id: keygen.sh,v 1.5 2010/01/18 19:19:31 each Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -24,7 +24,7 @@ RANDFILE=../random.data
 # Have the child generate subdomain keys and pass DS sets to us.
 ( cd ../ns3 && sh keygen.sh )
 
-for subdomain in secure nsec3 optout rsasha256 rsasha512
+for subdomain in secure nsec3 optout rsasha256 rsasha512 nsec3-to-nsec oldsigs
 do
 	cp ../ns3/dsset-$subdomain.example. .
 done
@@ -46,3 +46,12 @@ infile="${zonefile}.in"
 cp $infile $zonefile
 $KEYGEN -3 -q -r $RANDFILE -fk $zone > /dev/null
 $KEYGEN -3 -q -r $RANDFILE $zone > /dev/null
+
+# Extract saved keys for the revoke-to-duplicate-key test
+zone=bar
+zonefile="${zone}.db"
+infile="${zonefile}.in"
+cat $infile > $zonefile
+sh revkeys.shar > /dev/null
+$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null
+$DSFROMKEY Kbar.+005+30804.key > dsset-bar.

bin/tests/system/autosign/ns2/named.conf

@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.3 2009/11/30 23:48:02 tbox Exp $ */
+/* $Id: named.conf,v 1.4 2010/01/18 19:19:31 each Exp $ */
 
 // NS2
 
@@ -35,12 +35,12 @@ options {
 };
 
 key rndc_key {
-        secret "1234abcd8765";
-        algorithm hmac-md5;
+	secret "1234abcd8765";
+	algorithm hmac-md5;
 };
 
 controls {
-        inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
+	inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
 };
 
 zone "." {
@@ -51,46 +51,56 @@ zone "." {
 zone "example" {
 	type master;
 	file "example.db";
-        allow-query { any; };
-        allow-transfer { any; };
+	allow-query { any; };
+	allow-transfer { any; };
 	allow-update { any; };
-        auto-dnssec maintain;
+	auto-dnssec maintain;
+};
+
+zone "bar" {
+	type master;
+	file "bar.db";
+	allow-query { any; };
+	allow-transfer { any; };
+	allow-update { any; };
+	auto-dnssec maintain;
+	dnssec-dnskey-kskonly yes;
 };
 
 zone "private.secure.example" {
 	type master;
 	file "private.secure.example.db";
-        allow-query { any; };
-        allow-transfer { any; };
+	allow-query { any; };
+	allow-transfer { any; };
 	allow-update { any; };
-        auto-dnssec maintain;
+	auto-dnssec maintain;
 };
 
 zone "insecure.secure.example" {
 	type master;
 	file "insecure.secure.example.db";
-        allow-query { any; };
-        allow-transfer { any; };
+	allow-query { any; };
+	allow-transfer { any; };
 	allow-update { any; };
-        auto-dnssec maintain;
+	auto-dnssec maintain;
 };
 
 zone "child.nsec3.example" {
 	type master;
 	file "child.nsec3.example.db";
-        allow-query { any; };
-        allow-transfer { any; };
+	allow-query { any; };
+	allow-transfer { any; };
 	allow-update { any; };
-        auto-dnssec maintain;
+	auto-dnssec maintain;
 };
 
 zone "child.optout.example" {
 	type master;
 	file "child.optout.example.db";
-        allow-query { any; };
-        allow-transfer { any; };
+	allow-query { any; };
+	allow-transfer { any; };
 	allow-update { any; };
-        auto-dnssec maintain;
+	auto-dnssec maintain;
 };
 
 include "trusted.conf";

bin/tests/system/autosign/ns2/revkeys.shar

+#!/bin/sh
+# This is a shell archive (produced by GNU sharutils 4.6.3).
+# To extract the files from this archive, save it to some FILE, remove
+# everything before the `#!/bin/sh' line above, then type `sh FILE'.
+#
+lock_dir=_sh31052
+# Made on 2010-01-08 23:17 PST by <each@pisces>.
+# Source directory was `/home/each/isc/bind9/bin/tests/system/autosign/ns2/keys'.
+#
+# Existing files will *not* be overwritten, unless `-c' is specified.
+#
+# This shar contains:
+# length mode       name
+# ------ ---------- ------------------------------------------
+#    538 -rw-r--r-- Kbar.+005+30676.key
+#   1774 -rw-r--r-- Kbar.+005+30676.private
+#    538 -rw-r--r-- Kbar.+005+30804.key
+#   1774 -rw-r--r-- Kbar.+005+30804.private
+#
+MD5SUM=${MD5SUM-md5sum}
+f=`${MD5SUM} --version | egrep '^md5sum .*(core|text)utils'`
+test -n "${f}" && md5check=true || md5check=false
+${md5check} || \
+  echo 'Note: not verifying md5sums.  Consider installing GNU coreutils.'
+save_IFS="${IFS}"
+IFS="${IFS}:"
+gettext_dir=FAILED
+locale_dir=FAILED
+first_param="$1"
+for dir in $PATH
+do
+  if test "$gettext_dir" = FAILED && test -f $dir/gettext \
+     && ($dir/gettext --version >/dev/null 2>&1)
+  then
+    case `$dir/gettext --version 2>&1 | sed 1q` in
+      *GNU*) gettext_dir=$dir ;;
+    esac
+  fi
+  if test "$locale_dir" = FAILED && test -f $dir/shar \
+     && ($dir/shar --print-text-domain-dir >/dev/null 2>&1)
+  then
+    locale_dir=`$dir/shar --print-text-domain-dir`
+  fi
+done
+IFS="$save_IFS"
+if test "$locale_dir" = FAILED || test "$gettext_dir" = FAILED
+then
+  echo=echo
+else
+  TEXTDOMAINDIR=$locale_dir
+  export TEXTDOMAINDIR
+  TEXTDOMAIN=sharutils
+  export TEXTDOMAIN
+  echo="$gettext_dir/gettext -s"
+fi
+if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null
+then if (echo -n test; echo 1,2,3) | grep n >/dev/null
+     then shar_n= shar_c='
+'
+     else shar_n=-n shar_c= ; fi
+else shar_n= shar_c='\c' ; fi
+f=shar-touch.$$
+st1=200112312359.59
+st2=123123592001.59
+st2tr=123123592001.5 # old SysV 14-char limit
+st3=1231235901
+
+if touch -am -t ${st1} ${f} >/dev/null 2>&1 && \
+   test ! -f ${st1} && test -f ${f}; then
+  shar_touch='touch -am -t $1$2$3$4$5$6.$7 "$8"'
+
+elif touch -am ${st2} ${f} >/dev/null 2>&1 && \
+   test ! -f ${st2} && test ! -f ${st2tr} && test -f ${f}; then
+  shar_touch='touch -am $3$4$5$6$1$2.$7 "$8"'
+
+elif touch -am ${st3} ${f} >/dev/null 2>&1 && \
+   test ! -f ${st3} && test -f ${f}; then
+  shar_touch='touch -am $3$4$5$6$2 "$8"'
+
+else
+  shar_touch=:
+  echo
+  ${echo} 'WARNING: not restoring timestamps.  Consider getting and'
+  ${echo} 'installing GNU `touch'\'', distributed in GNU coreutils...'
+  echo
+fi
+rm -f ${st1} ${st2} ${st2tr} ${st3} ${f}
+#
+if test ! -d ${lock_dir}
+then : ; else ${echo} 'lock directory '${lock_dir}' exists'
+  exit 1
+fi
+if mkdir ${lock_dir}
+then ${echo} 'x - created lock directory `'${lock_dir}\''.'
+else ${echo} 'x - failed to create lock directory `'${lock_dir}\''.'
+  exit 1
+fi
+# ============= Kbar.+005+30676.key ==============
+if test -f 'Kbar.+005+30676.key' && test "$first_param" != -c; then
+  ${echo} 'x -SKIPPING Kbar.+005+30676.key (file already exists)'
+else
+${echo} 'x - extracting Kbar.+005+30676.key (text)'
+  sed 's/^X//' << 'SHAR_EOF' > 'Kbar.+005+30676.key' &&
+; This is a key-signing key, keyid 30676, for bar.
+; Created: Sat Dec 26 03:13:10 2009
+; Publish: Sat Dec 26 03:13:10 2009
+; Activate: Sat Dec 26 03:13:10 2009
+bar. IN DNSKEY 257 3 5 AwEAAc7ppysDZjlldTwsvcXcTTOYJd5TvW5RUWWYKRsee+ozwY6C7vNI 0Xp1PiY+H31GhcnNMCjQU00y8Vezo42oJ4kpRTDevL0STksExXi1/wG+ M4j1CFMh2wgJ/9XLFzHaEWzt4sflVBAVZVXa/qNkRWDXYjsr30MWyylA wHCIxEuyA+NxAL6UL+ZuFo1j84AvfwkGcMbXTcOBSCaHT6AJToSXAcCa X4fnKJIzG4RyJoN2GK4TVdj4qSzLxL1lRkYHNqJvcmMjezxUs9A5fHNI iBEBRPs7NKrQJxegAGVn9ALylKHyhJW6uyBjleOWUDom4ej2J1vGrpQT /KCA35toCvU=
+SHAR_EOF
+  (set 20 10 01 08 23 14 29 'Kbar.+005+30676.key'; eval "$shar_touch") &&
+  chmod 0644 'Kbar.+005+30676.key'
+if test $? -ne 0
+then ${echo} 'restore of Kbar.+005+30676.key failed'
+fi
+  if ${md5check}
+  then (
+       ${MD5SUM} -c >/dev/null 2>&1 || ${echo} 'Kbar.+005+30676.key: MD5 check failed'
+       ) << SHAR_EOF
+9c89adb7c9e6d5e2fd34f694b8752c95  Kbar.+005+30676.key
+SHAR_EOF
+  else
+test `LC_ALL=C wc -c < 'Kbar.+005+30676.key'` -ne 538 && \
+  ${echo} 'restoration warning:  size of Kbar.+005+30676.key is not 538'
+  fi
+fi
+# ============= Kbar.+005+30676.private ==============
+if test -f 'Kbar.+005+30676.private' && test "$first_param" != -c; then
+  ${echo} 'x -SKIPPING Kbar.+005+30676.private (file already exists)'
+else
+${echo} 'x - extracting Kbar.+005+30676.private (text)'
+  sed 's/^X//' << 'SHAR_EOF' > 'Kbar.+005+30676.private' &&
+Private-key-format: v1.3
+Algorithm: 5 (RSASHA1)
+Modulus: zumnKwNmOWV1PCy9xdxNM5gl3lO9blFRZZgpGx576jPBjoLu80jRenU+Jj4ffUaFyc0wKNBTTTLxV7OjjagniSlFMN68vRJOSwTFeLX/Ab4ziPUIUyHbCAn/1csXMdoRbO3ix+VUEBVlVdr+o2RFYNdiOyvfQxbLKUDAcIjES7ID43EAvpQv5m4WjWPzgC9/CQZwxtdNw4FIJodPoAlOhJcBwJpfh+cokjMbhHImg3YYrhNV2PipLMvEvWVGRgc2om9yYyN7PFSz0Dl8c0iIEQFE+zs0qtAnF6AAZWf0AvKUofKElbq7IGOV45ZQOibh6PYnW8aulBP8oIDfm2gK9Q==
+PublicExponent: AQAB
+PrivateExponent: BcfjYsFCjuH1x4ucdbW09ncOv8ppJXbiJkt9AoP0hFOT2c5wrJ1hNOGnrdvYd2CMBlpUOR+w5BxDP+cF78Q97ogXpcjjTwj+5PuqJLg4+qx8thvacrAkdXIKEsgMytjD2d4/ksQmeBiQ7zgiGyCHC7CYzvxnzXEKlgl4FuzLRy4SH1YiSTxKfw1ANKKHxmw8Xvav9ljubrzNdBEQNs6eJNkC6c3aGqiPFyTWGa90s6t1mwTXSxFqBUR1WlbfyYfuiAK2CAvFHeNo7VuC934ri7ceEq8jeOSuY0IqDq2pA3gVWVOyR4NFLXJWeDA3pjqi109t/WGg9IGydD/hsleP4Q==
+Prime1: /hz+WxAL+9bO1l/857ME/OhxImSp86Xi7eA920sAo5ukOIQAQ6hbaKemYxyUbwBmGHEX9d0GOU+xAgZWUU9PbZgXw0fdf+uw6Hrgfce0rWY+uJpUcVHfjLPFgMC/XYrfcVQ8tsCXqRsIbqL+ynsEkQ4vybLhlSAyFqGqYFk/Qt0=
+Prime2: 0HLxXynoSxUcNW15cbuMRHD34ri8sUQsqCtezofPWcCo/17jqf42W7X9YGO70+BvmG3awSr3LaLf862ovCR5+orwE2MqamAV6JZMyR7nvMNGSHTdg3Kk7Jv7T5Gu7Cg6K+on8pMRW3aIms4gs/Z16j0Gxz74ES9IP3vsvC+q6vk=
+Exponent1: NLeXHRUrJ0fdCSRIt1iwRDeEoPn5OA7GEUtgCcp5i3eSjhb0ZxTaQc/l+NHJCW4vwApWSi9cRy99LUpbResKM1ZGN8EE9rDStqgnQnDXztFTWcDKm+e8VNhGtPtHuARDbqNnJRK3Y+Gz0iAGc8Mpo14qE9IEcoeHXKKVUf+x3BE=
+Exponent2: dKCbJB+SdM/u5IXH+TZyGKkMSLIMATKfucfqV6vs+86rv5Yb0zUEvPNqPNAQe0+LoMF2L7YWblY+71wumHXgOaobAP3u8W2pVGUjuTOtfRPU8x1QAwfV9vye87oTINaxFXkBuNtITuBXNiY2bfprpw9WB4zXxuWpiruPjQsumiE=
+Coefficient: qk8HX5fy74Sx6z3niBfTM/SUEjcsnJCTTmsXy6e7nOXWBK5ihKkmMw7LDhaY4OwjXvaVQH0Z190dfyOkWYTbXInIyNNnqCD+xZXkuzuvsUwLNgvXEFhVnzrrj3ozNiizZsyeAhFCKcITz3ci15HB3y8ZLChGYBPFU1ui7MsSkc8=
+Created: 20091226021310
+Publish: 20091226021310
+Activate: 20091226021310
+SHAR_EOF
+  (set 20 10 01 08 23 14 29 'Kbar.+005+30676.private'; eval "$shar_touch") &&
+  chmod 0644 'Kbar.+005+30676.private'
+if test $? -ne 0
+then ${echo} 'restore of Kbar.+005+30676.private failed'
+fi
+  if ${md5check}
+  then (
+       ${MD5SUM} -c >/dev/null 2>&1 || ${echo} 'Kbar.+005+30676.private: MD5 check failed'
+       ) << SHAR_EOF
+c85dfac0b5c0cf2972878a65717af9ea  Kbar.+005+30676.private
+SHAR_EOF
+  else
+test `LC_ALL=C wc -c < 'Kbar.+005+30676.private'` -ne 1774 && \
+  ${echo} 'restoration warning:  size of Kbar.+005+30676.private is not 1774'
+  fi
+fi
+# ============= Kbar.+005+30804.key ==============
+if test -f 'Kbar.+005+30804.key' && test "$first_param" != -c; then
+  ${echo} 'x -SKIPPING Kbar.+005+30804.key (file already exists)'
+else
+${echo} 'x - extracting Kbar.+005+30804.key (text)'
+  sed 's/^X//' << 'SHAR_EOF' > 'Kbar.+005+30804.key' &&
+; This is a key-signing key, keyid 30804, for bar.
+; Created: Sat Dec 26 03:13:10 2009
+; Publish: Sat Dec 26 03:13:10 2009
+; Activate: Sat Dec 26 03:13:10 2009
+bar. IN DNSKEY 257 3 5 AwEAgc7ppysDZjlldTwsvcXcTTOYJd5TvW5RUWWYKRsee+ozwY6C7vNI 0Xp1PiY+H31GhcnNMCjQU00y8Vezo42oJ4kpRTDevL0STksExXi1/wG+ M4j1CFMh2wgJ/9XLFzHaEWzt4sflVBAVZVXa/qNkRWDXYjsr30MWyylA wHCIxEuyA+NxAL6UL+ZuFo1j84AvfwkGcMbXTcOBSCaHT6AJToSXAcCa X4fnKJIzG4RyJoN2GK4TVdj4qSzLxL1lRkYHNqJvcmMjezxUs9A5fHNI iBEBRPs7NKrQJxegAGVn9ALylKHyhJW6uyBjleOWUDom4ej2J1vGrpQT /KCA35toCvU=
+SHAR_EOF
+  (set 20 10 01 08 23 14 29 'Kbar.+005+30804.key'; eval "$shar_touch") &&
+  chmod 0644 'Kbar.+005+30804.key'
+if test $? -ne 0
+then ${echo} 'restore of Kbar.+005+30804.key failed'
+fi
+  if ${md5check}
+  then (
+       ${MD5SUM} -c >/dev/null 2>&1 || ${echo} 'Kbar.+005+30804.key: MD5 check failed'
+       ) << SHAR_EOF
+825116de64b44b14893cb3b8a48475bc  Kbar.+005+30804.key
+SHAR_EOF
+  else
+test `LC_ALL=C wc -c < 'Kbar.+005+30804.key'` -ne 538 && \
+  ${echo} 'restoration warning:  size of Kbar.+005+30804.key is not 538'
+  fi
+fi
+# ============= Kbar.+005+30804.private ==============
+if test -f 'Kbar.+005+30804.private' && test "$first_param" != -c; then
+  ${echo} 'x -SKIPPING Kbar.+005+30804.private (file already exists)'
+else
+${echo} 'x - extracting Kbar.+005+30804.private (text)'
+  sed 's/^X//' << 'SHAR_EOF' > 'Kbar.+005+30804.private' &&
+Private-key-format: v1.3
+Algorithm: 5 (RSASHA1)
+Modulus: zumnKwNmOWV1PCy9xdxNM5gl3lO9blFRZZgpGx576jPBjoLu80jRenU+Jj4ffUaFyc0wKNBTTTLxV7OjjagniSlFMN68vRJOSwTFeLX/Ab4ziPUIUyHbCAn/1csXMdoRbO3ix+VUEBVlVdr+o2RFYNdiOyvfQxbLKUDAcIjES7ID43EAvpQv5m4WjWPzgC9/CQZwxtdNw4FIJodPoAlOhJcBwJpfh+cokjMbhHImg3YYrhNV2PipLMvEvWVGRgc2om9yYyN7PFSz0Dl8c0iIEQFE+zs0qtAnF6AAZWf0AvKUofKElbq7IGOV45ZQOibh6PYnW8aulBP8oIDfm2gK9Q==
+PublicExponent: AQCB
+PrivateExponent: I5TcRq2sbSi1u5a+jL6VVBBu3nyY7p3NXeD1WYYYD66b8RWbgJdTtsZxgixD5sKKrW/xT68d3FUsIjs36w7yp5+g99q7lJ3v35VcMuLXbaKitS/LJdTZF/GIWwRs+DHdt+chh0QeNLzclq8ZfBeTAycFxwC7zVDLsqqcL6/JHiJhHT+dNEqj6/AIOgSYJzVeBI34LtZLW94IKf4dHLzREnLK6+64PFjpwjOG12O9klKfwHRIRN9WUsDG4AuzDSABH+qo2Zc6uJusC/D6HADbiG7tXmLYL6IxanWTbTrx4Hfp01fF+JQCuyOCRmN47X/nCumvDXKMn9Ve5+OlYi0vAQ==
+Prime1: /hz+WxAL+9bO1l/857ME/OhxImSp86Xi7eA920sAo5ukOIQAQ6hbaKemYxyUbwBmGHEX9d0GOU+xAgZWUU9PbZgXw0fdf+uw6Hrgfce0rWY+uJpUcVHfjLPFgMC/XYrfcVQ8tsCXqRsIbqL+ynsEkQ4vybLhlSAyFqGqYFk/Qt0=
+Prime2: 0HLxXynoSxUcNW15cbuMRHD34ri8sUQsqCtezofPWcCo/17jqf42W7X9YGO70+BvmG3awSr3LaLf862ovCR5+orwE2MqamAV6JZMyR7nvMNGSHTdg3Kk7Jv7T5Gu7Cg6K+on8pMRW3aIms4gs/Z16j0Gxz74ES9IP3vsvC+q6vk=
+Exponent1: JDLRyjRz53hTP7H2oaKgQYADs/UDswN2lwWpuag0wsPwQmeRAZZY2TiISPSu+3Mvh4XJ6r5UHQd5FbAN1v2mG4aYgWwoYwoxyvdTLcnQXciX2z+7877GcEyKHPno4fYXRqhVH4i1QjKaQl8dw9LFvzbVvGvvwsHGwQeqPprw7hk=
+Exponent2: vbnob7AZKqKhiVdEcnnhbeZBGcaKkTpE+RAkUL7spNQDiTPvJgo5fcTk/h6G7ijAXK0j62ZHZ3RS7RnaRa+KhO7usPcYMFiJ/VdAyRlIivhyi+WNQ2x4vSygwDy2VV9elljFeNe4dV1Cb+ssE8kAmbP52JjJD6MkhvVLd0u/jMk=
+Coefficient: qk8HX5fy74Sx6z3niBfTM/SUEjcsnJCTTmsXy6e7nOXWBK5ihKkmMw7LDhaY4OwjXvaVQH0Z190dfyOkWYTbXInIyNNnqCD+xZXkuzuvsUwLNgvXEFhVnzrrj3ozNiizZsyeAhFCKcITz3ci15HB3y8ZLChGYBPFU1ui7MsSkc8=
+Created: 20091226021310
+Publish: 20091226021310
+Activate: 20091226021310
+SHAR_EOF
+  (set 20 10 01 08 23 14 29 'Kbar.+005+30804.private'; eval "$shar_touch") &&
+  chmod 0644 'Kbar.+005+30804.private'
+if test $? -ne 0
+then ${echo} 'restore of Kbar.+005+30804.private failed'
+fi
+  if ${md5check}
+  then (
+       ${MD5SUM} -c >/dev/null 2>&1 || ${echo} 'Kbar.+005+30804.private: MD5 check failed'
+       ) << SHAR_EOF
+580cfb43bac6ed945896b464923676e7  Kbar.+005+30804.private
+SHAR_EOF
+  else
+test `LC_ALL=C wc -c < 'Kbar.+005+30804.private'` -ne 1774 && \
+  ${echo} 'restoration warning:  size of Kbar.+005+30804.private is not 1774'
+  fi
+fi
+if rm -fr ${lock_dir}
+then ${echo} 'x - removed lock directory `'${lock_dir}\''.'
+else ${echo} 'x - failed to remove lock directory `'${lock_dir}\''.'
+  exit 1
+fi
+exit 0

bin/tests/system/autosign/ns3/keygen.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: keygen.sh,v 1.4 2009/12/19 17:30:31 each Exp $
+# $Id: keygen.sh,v 1.5 2010/01/18 19:19:31 each Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -138,3 +138,47 @@ cp $infile $zonefile
 ksk=`$KEYGEN -q -a RSASHA512 -b 2048 -r $RANDFILE -fk $zone`
 $KEYGEN -q -a RSASHA512 -b 1024 -r $RANDFILE $zone > /dev/null
 $DSFROMKEY $ksk.key > dsset-${zone}.
+
+#
+# NSEC-only zone.
+#
+zone=nsec.example
+zonefile="${zone}.db"
+infile="${zonefile}.in"
+cp $infile $zonefile
+ksk=`$KEYGEN -q -r $RANDFILE -fk $zone`
+$KEYGEN -q -r $RANDFILE $zone > /dev/null
+$DSFROMKEY $ksk.key > dsset-${zone}.
+
+#
+# Signature refresh test zone.  Signatures are set to expire long
+# in the past; they should be updated by autosign.
+#
+zone=oldsigs.example
+zonefile="${zone}.db"
+infile="${zonefile}.in"
+cp $infile $zonefile
+ksk=`$KEYGEN -q -r $RANDFILE -fk $zone`
+$KEYGEN -q -r $RANDFILE $zone > /dev/null
+$SIGNER -PS -s now-1y -e now-6mo -o $zone -f $zonefile $infile > /dev/null 2>&1
+
+#
+# NSEC3->NSEC transition test zone.
+#
+zone=nsec3-to-nsec.example
+zonefile="${zone}.db"