improve handling of trailing dots in dnssec-keymgr and dnssec-coverage

- mishandling of trailing dots caused bad behavior with the root zone or names like "example.com." - fixing this exposed an error in dnssec-coverage caused the wrong return value if there were KSK errors but no ZSK errors - incidentally silenced the dnssec-keygen output in the coverage system test
2019-01-21 13:12:26 -08:00
parent 58e4d00c43
commit 1ccf4e6c16
7 changed files with 68 additions and 44 deletions
--- a/bin/python/isc/keydict.py.in
+++ b/bin/python/isc/keydict.py.in
@@ -49,15 +49,18 @@ class keydict:
            self._keydict[key.name][key.alg][key.keyid] = key

    def readone(self, path, zone):
-        match='K' + zone + '.+*.private'
+        if not zone.endswith('.'):
+            zone += '.'
+        match='K' + zone + '+*.private'
        files = glob.glob(os.path.join(path, match))

        found = False
        for infile in files:
            key = dnskey(infile, path, self._defttl)
-            if key.name != zone: # shouldn't ever happen
+            if key.fullname != zone: # shouldn't ever happen
                continue
-            self._keydict[key.name][key.alg][key.keyid] = key
+            keyname=key.name if zone != '.' else '.'
+            self._keydict[keyname][key.alg][key.keyid] = key
            found = True

        return found