Commit f766024a authored by Evan Hunt's avatar Evan Hunt

change all keys from rsasha1 to nsec3rsasha1 so that the nsec->nsec3

transitions work correctly.  (they worked before, but weren't supposed
to; when that bug was fixed, the test broke.)
parent 3c8a4c7a
......@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: keygen.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
# $Id: keygen.sh,v 1.4 2009/12/19 17:30:31 each Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
......@@ -29,14 +29,14 @@ infile=root.db.in
cat $infile ../ns2/dsset-example. > $zonefile
$KEYGEN -q -r $RANDFILE $zone > /dev/null
zskdel=`$KEYGEN -q -r $RANDFILE -D now $zone`
zskinact=`$KEYGEN -q -r $RANDFILE -I now $zone`
zskunpub=`$KEYGEN -q -r $RANDFILE -G $zone`
zsksby=`$KEYGEN -q -r $RANDFILE -A none $zone`
$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null
zskdel=`$KEYGEN -3 -q -r $RANDFILE -D now $zone`
zskinact=`$KEYGEN -3 -q -r $RANDFILE -I now $zone`
zskunpub=`$KEYGEN -3 -q -r $RANDFILE -G $zone`
zsksby=`$KEYGEN -3 -q -r $RANDFILE -A none $zone`
ksksby=`$KEYGEN -q -r $RANDFILE -P now -A now+15s -fk $zone`
kskrev=`$KEYGEN -q -r $RANDFILE -R now+15s -fk $zone`
ksksby=`$KEYGEN -3 -q -r $RANDFILE -P now -A now+15s -fk $zone`
kskrev=`$KEYGEN -3 -q -r $RANDFILE -R now+15s -fk $zone`
cat $ksksby.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
......
......@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: keygen.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
# $Id: keygen.sh,v 1.4 2009/12/19 17:30:31 each Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
......@@ -35,8 +35,8 @@ zonefile="${zone}.db"
infile="${zonefile}.in"
cat $infile dsset-*.example. > $zonefile
kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
$KEYGEN -q -r $RANDFILE $zone > /dev/null
kskname=`$KEYGEN -3 -q -r $RANDFILE -fk $zone`
$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null
$DSFROMKEY $kskname.key > dsset-${zone}.
# Create keys for a private secure zone.
......@@ -44,5 +44,5 @@ zone=private.secure.example
zonefile="${zone}.db"
infile="${zonefile}.in"
cp $infile $zonefile
$KEYGEN -q -r $RANDFILE -fk $zone > /dev/null
$KEYGEN -q -r $RANDFILE $zone > /dev/null
$KEYGEN -3 -q -r $RANDFILE -fk $zone > /dev/null
$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null
......@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: keygen.sh,v 1.3 2009/11/30 23:48:02 tbox Exp $
# $Id: keygen.sh,v 1.4 2009/12/19 17:30:31 each Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
......@@ -25,8 +25,8 @@ zone=secure.example
zonefile="${zone}.db"
infile="${zonefile}.in"
cp $infile $zonefile
ksk=`$KEYGEN -q -r $RANDFILE -fk $zone`
$KEYGEN -q -r $RANDFILE $zone > /dev/null
ksk=`$KEYGEN -3 -q -r $RANDFILE -fk $zone`
$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null
$DSFROMKEY $ksk.key > dsset-${zone}.
#
......@@ -102,8 +102,8 @@ zone=optout.optout.example
zonefile="${zone}.db"
infile="${zonefile}.in"
cp $infile $zonefile
ksk=`$KEYGEN -q -r $RANDFILE -fk $zone`
$KEYGEN -q -r $RANDFILE $zone > /dev/null
ksk=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
$KEYGEN -q -3 -r $RANDFILE $zone > /dev/null
$DSFROMKEY $ksk.key > dsset-${zone}.
#
......
......@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.4 2009/12/02 05:42:15 each Exp $
# $Id: tests.sh,v 1.5 2009/12/19 17:30:31 each Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
......@@ -456,7 +456,7 @@ status=`expr $status + $ret`
echo "I:checking that revoked key is present ($n)"
ret=0
id=`sed 's/^K.+005+0*//' < rev.key`
id=`sed 's/^K.+007+0*//' < rev.key`
id=`expr $id + 128 % 65536`
$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null || ret=1
......@@ -466,7 +466,7 @@ status=`expr $status + $ret`
echo "I:checking that revoked key self-signs ($n)"
ret=0
id=`sed 's/^K.+005+0*//' < rev.key`
id=`sed 's/^K.+007+0*//' < rev.key`
id=`expr $id + 128 % 65536`
$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
......@@ -476,7 +476,7 @@ status=`expr $status + $ret`
echo "I:checking for unpublished key ($n)"
ret=0
id=`sed 's/^K.+005+0*//' < unpub.key`
id=`sed 's/^K.+007+0*//' < unpub.key`
$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
......@@ -485,7 +485,7 @@ status=`expr $status + $ret`
echo "I:checking that standby key does not sign records ($n)"
ret=0
id=`sed 's/^K.+005+0*//' < standby.key`
id=`sed 's/^K.+007+0*//' < standby.key`
$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
......@@ -494,7 +494,7 @@ status=`expr $status + $ret`
echo "I:checking that deactivated key does not sign records ($n)"
ret=0
id=`sed 's/^K.+005+0*//' < inact.key`
id=`sed 's/^K.+007+0*//' < inact.key`
$DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
......@@ -503,7 +503,7 @@ status=`expr $status + $ret`
echo "I:checking key deletion ($n)"
ret=0
id=`sed 's/^K.+005+0*//' < del.key`
id=`sed 's/^K.+007+0*//' < del.key`
$DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1
n=`expr $n + 1`
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment