change all keys from rsasha1 to nsec3rsasha1 so that the nsec->nsec3

transitions work correctly.  (they worked before, but weren't supposed
to; when that bug was fixed, the test broke.)

bin/tests/system/autosign/ns1/keygen.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: keygen.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
+# $Id: keygen.sh,v 1.4 2009/12/19 17:30:31 each Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -29,14 +29,14 @@ infile=root.db.in
 
 cat $infile ../ns2/dsset-example. > $zonefile
 
-$KEYGEN -q -r $RANDFILE $zone > /dev/null
-zskdel=`$KEYGEN -q -r $RANDFILE -D now $zone`
-zskinact=`$KEYGEN -q -r $RANDFILE -I now $zone`
-zskunpub=`$KEYGEN -q -r $RANDFILE -G $zone`
-zsksby=`$KEYGEN -q -r $RANDFILE -A none $zone`
+$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null
+zskdel=`$KEYGEN -3 -q -r $RANDFILE -D now $zone`
+zskinact=`$KEYGEN -3 -q -r $RANDFILE -I now $zone`
+zskunpub=`$KEYGEN -3 -q -r $RANDFILE -G $zone`
+zsksby=`$KEYGEN -3 -q -r $RANDFILE -A none $zone`
 
-ksksby=`$KEYGEN -q -r $RANDFILE -P now -A now+15s -fk $zone`
-kskrev=`$KEYGEN -q -r $RANDFILE -R now+15s -fk $zone`
+ksksby=`$KEYGEN -3 -q -r $RANDFILE -P now -A now+15s -fk $zone`
+kskrev=`$KEYGEN -3 -q -r $RANDFILE -R now+15s -fk $zone`
 
 cat $ksksby.key | grep -v '^; ' | $PERL -n -e '
 local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;

bin/tests/system/autosign/ns2/keygen.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: keygen.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
+# $Id: keygen.sh,v 1.4 2009/12/19 17:30:31 each Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -35,8 +35,8 @@ zonefile="${zone}.db"
 infile="${zonefile}.in"
 cat $infile dsset-*.example. > $zonefile
 
-kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
-$KEYGEN -q -r $RANDFILE $zone > /dev/null
+kskname=`$KEYGEN -3 -q -r $RANDFILE -fk $zone`
+$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null
 $DSFROMKEY $kskname.key > dsset-${zone}.
 
 # Create keys for a private secure zone.
@@ -44,5 +44,5 @@ zone=private.secure.example
 zonefile="${zone}.db"
 infile="${zonefile}.in"
 cp $infile $zonefile
-$KEYGEN -q -r $RANDFILE -fk $zone > /dev/null
-$KEYGEN -q -r $RANDFILE $zone > /dev/null
+$KEYGEN -3 -q -r $RANDFILE -fk $zone > /dev/null
+$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null

bin/tests/system/autosign/ns3/keygen.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: keygen.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
+# $Id: keygen.sh,v 1.4 2009/12/19 17:30:31 each Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -25,8 +25,8 @@ zone=secure.example
 zonefile="${zone}.db"
 infile="${zonefile}.in"
 cp $infile $zonefile
-ksk=`$KEYGEN -q -r $RANDFILE -fk $zone`
-$KEYGEN -q -r $RANDFILE $zone > /dev/null
+ksk=`$KEYGEN -3 -q -r $RANDFILE -fk $zone`
+$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null
 $DSFROMKEY $ksk.key > dsset-${zone}.
 
 #
@@ -102,8 +102,8 @@ zone=optout.optout.example
 zonefile="${zone}.db"
 infile="${zonefile}.in"
 cp $infile $zonefile
-ksk=`$KEYGEN -q -r $RANDFILE -fk $zone`
-$KEYGEN -q -r $RANDFILE $zone > /dev/null
+ksk=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
+$KEYGEN -q -3 -r $RANDFILE $zone > /dev/null
 $DSFROMKEY $ksk.key > dsset-${zone}.
 
 #

bin/tests/system/autosign/tests.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.4 2009/12/02 05:42:15 each Exp $
+# $Id: tests.sh,v 1.5 2009/12/19 17:30:31 each Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -456,7 +456,7 @@ status=`expr $status + $ret`
 
 echo "I:checking that revoked key is present ($n)"
 ret=0
-id=`sed 's/^K.+005+0*//' < rev.key`
+id=`sed 's/^K.+007+0*//' < rev.key`
 id=`expr $id + 128 % 65536`
 $DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null || ret=1
@@ -466,7 +466,7 @@ status=`expr $status + $ret`
 
 echo "I:checking that revoked key self-signs ($n)"
 ret=0
-id=`sed 's/^K.+005+0*//' < rev.key`
+id=`sed 's/^K.+007+0*//' < rev.key`
 id=`expr $id + 128 % 65536`
 $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
@@ -476,7 +476,7 @@ status=`expr $status + $ret`
 
 echo "I:checking for unpublished key ($n)"
 ret=0
-id=`sed 's/^K.+005+0*//' < unpub.key`
+id=`sed 's/^K.+007+0*//' < unpub.key`
 $DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -485,7 +485,7 @@ status=`expr $status + $ret`
 
 echo "I:checking that standby key does not sign records ($n)"
 ret=0
-id=`sed 's/^K.+005+0*//' < standby.key`
+id=`sed 's/^K.+007+0*//' < standby.key`
 $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -494,7 +494,7 @@ status=`expr $status + $ret`
 
 echo "I:checking that deactivated key does not sign records  ($n)"
 ret=0
-id=`sed 's/^K.+005+0*//' < inact.key`
+id=`sed 's/^K.+007+0*//' < inact.key`
 $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -503,7 +503,7 @@ status=`expr $status + $ret`
 
 echo "I:checking key deletion ($n)"
 ret=0
-id=`sed 's/^K.+005+0*//' < del.key`
+id=`sed 's/^K.+007+0*//' < del.key`
 $DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`