1328. [func] DS (delegation signer) support.
This commit is contained in:
Mark Andrews
@@ -15,7 +15,7 @@
|
||||
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
|
||||
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
# $Id: sign.sh,v 1.13 2001/09/17 17:42:04 bwelling Exp $
|
||||
# $Id: sign.sh,v 1.14 2002/06/17 04:01:12 marka Exp $
|
||||
|
||||
SYSTEMTESTTOP=../..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
@@ -26,17 +26,11 @@ zone=.
|
||||
infile=root.db.in
|
||||
zonefile=root.db
|
||||
|
||||
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
|
||||
|
||||
(cd ../ns2 && sh sign.sh )
|
||||
|
||||
cp ../ns2/keyset-example. .
|
||||
|
||||
$KEYSIGNER -r $RANDFILE keyset-example. $keyname > /dev/null
|
||||
|
||||
cat signedkey-example. >> ../ns2/example.db.signed
|
||||
|
||||
$KEYSETTOOL -r $RANDFILE -t 3600 $keyname > /dev/null
|
||||
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key > $zonefile
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
|
||||
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
# $Id: sign.sh,v 1.19 2002/02/20 03:33:55 marka Exp $
|
||||
# $Id: sign.sh,v 1.20 2002/06/17 04:01:14 marka Exp $
|
||||
|
||||
SYSTEMTESTTOP=../..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
@@ -26,29 +26,21 @@ zone=example.
|
||||
infile=example.db.in
|
||||
zonefile=example.db
|
||||
|
||||
keyname=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
||||
|
||||
# Have the child generate a zone key and pass it to us,
|
||||
# sign it, and pass it back
|
||||
# Have the child generate a zone key and pass it to us.
|
||||
|
||||
( cd ../ns3 && sh sign.sh )
|
||||
|
||||
for subdomain in secure bogus dynamic
|
||||
do
|
||||
cp ../ns3/keyset-$subdomain.example. .
|
||||
|
||||
$KEYSIGNER -r $RANDFILE keyset-$subdomain.example. $keyname > /dev/null
|
||||
|
||||
# This will leave two copies of the child's zone key in the signed db file;
|
||||
# that shouldn't cause any problems.
|
||||
cat signedkey-$subdomain.example. >>../ns3/$subdomain.example.db.signed
|
||||
done
|
||||
|
||||
$KEYSETTOOL -r $RANDFILE -t 3600 $keyname > /dev/null
|
||||
keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
||||
keyname2=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone`
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
cat $infile $keyname1.key $keyname2.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
$SIGNER -r $RANDFILE -o $zone -k $keyname1 $zonefile $keyname2 > /dev/null
|
||||
|
||||
# Sign the privately secure file
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
|
||||
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
# $Id: sign.sh,v 1.16 2002/02/20 03:33:59 marka Exp $
|
||||
# $Id: sign.sh,v 1.17 2002/06/17 04:01:15 marka Exp $
|
||||
|
||||
RANDFILE=../random.data
|
||||
|
||||
@@ -25,8 +25,6 @@ zonefile=secure.example.db
|
||||
|
||||
keyname=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
|
||||
|
||||
$KEYSETTOOL -r $RANDFILE -t 3600 $keyname.key > /dev/null
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
@@ -37,8 +35,6 @@ zonefile=bogus.example.db
|
||||
|
||||
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
|
||||
|
||||
$KEYSETTOOL -r $RANDFILE -t 3600 $keyname.key > /dev/null
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
@@ -49,8 +45,6 @@ zonefile=dynamic.example.db
|
||||
|
||||
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
|
||||
|
||||
$KEYSETTOOL -r $RANDFILE -t 3600 $keyname.key > /dev/null
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
@@ -61,8 +55,6 @@ zonefile=keyless.example.db
|
||||
|
||||
keyname=`$KEYGEN -r $RANDFILE -a RSA -b 768 -n zone $zone`
|
||||
|
||||
$KEYSETTOOL -r $RANDFILE -t 3600 $keyname.key > /dev/null
|
||||
|
||||
cat $infile $keyname.key >$zonefile
|
||||
|
||||
$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
|
||||
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
# $Id: tests.sh,v 1.39 2002/02/20 03:33:50 marka Exp $
|
||||
# $Id: tests.sh,v 1.40 2002/06/17 04:01:11 marka Exp $
|
||||
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
@@ -25,7 +25,7 @@ n=0
|
||||
|
||||
rm -f dig.out.*
|
||||
|
||||
DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocmd +dnssec -p 5300"
|
||||
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
|
||||
|
||||
# Check the example. domain
|
||||
|
||||
@@ -113,6 +113,14 @@ n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking that insecurity proofs fail with a misconfigured trusted key ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS a.insecure.example. a @10.53.0.5 > dig.out.ns5.test$n || ret=1
|
||||
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
|
||||
n=`expr $n + 1`
|
||||
if [ $ret != 0 ]; then echo "I:failed"; fi
|
||||
status=`expr $status + $ret`
|
||||
|
||||
echo "I:checking that validation fails when key record is missing ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS a.b.keyless.example. a @10.53.0.4 > dig.out.ns4.test$n || ret=1
|
||||
|
||||
Reference in New Issue
Block a user