Add test for many keys

Add a statschannel test case for DNSSEC sign metrics that has more keys than there are allocated stats counters for. This will produce gibberish, but at least it should not crash.
2020-03-26 16:13:55 +01:00
parent 705810d577
commit 31e8b2b13c
6 changed files with 73 additions and 14 deletions
--- a/bin/tests/system/statschannel/clean.sh
+++ b/bin/tests/system/statschannel/clean.sh
@@ -22,5 +22,6 @@ rm -f xml.*mem json.*mem
 rm -f compressed.headers regular.headers compressed.out regular.out
 rm -f ns*/managed-keys.bind*
 rm -f ns2/Kdnssec* ns2/dnssec.*.id
-rm -f ns2/dnssec.db.signed* ns2/dsset-dnssec.
+rm -f ns2/Kmanykeys* ns2/manykeys.*.id
+rm -f ns2/*.db.signed* ns2/dsset-*. ns2/*.jbk
 rm -f ns2/core
--- a/bin/tests/system/statschannel/ns2/named.conf.in
+++ b/bin/tests/system/statschannel/ns2/named.conf.in
@@ -34,6 +34,17 @@ controls {
 	inet 10.53.0.2 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
 };

+dnssec-policy "manykeys" {
+	keys {
+		ksk lifetime unlimited algorithm 5;
+		zsk lifetime unlimited algorithm 5;
+		ksk lifetime unlimited algorithm 13;
+		zsk lifetime unlimited algorithm 13;
+		ksk lifetime unlimited algorithm 14;
+		zsk lifetime unlimited algorithm 14;
+	};
+};
+
 zone "example" {
 	type master;
 	file "example.db";
@@ -49,3 +60,10 @@ zone "dnssec" {
 	dnssec-dnskey-kskonly yes;
 	update-check-ksk yes;
 };
+
+zone "manykeys" {
+        type master;
+        file "manykeys.db.signed";
+	zone-statistics full;
+	dnssec-policy "manykeys";
+};
--- a/bin/tests/system/statschannel/ns2/sign.sh
+++ b/bin/tests/system/statschannel/ns2/sign.sh
@@ -17,12 +17,27 @@ set -e
 zone=dnssec.
 infile=dnssec.db.in
 zonefile=dnssec.db.signed
-
 ksk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
 zsk=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" "$zone")
 # Sign deliberately with a very short expiration date.
 "$SIGNER" -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" > /dev/null 2>&1
-
 keyfile_to_key_id "$ksk" > dnssec.ksk.id
 keyfile_to_key_id "$zsk" > dnssec.zsk.id

+zone=manykeys.
+infile=manykeys.db.in
+zonefile=manykeys.db.signed
+ksk8=$("$KEYGEN" -q -a RSASHA256 -b 2048 -f KSK "$zone")
+zsk8=$("$KEYGEN" -q -a RSASHA256 -b 2048 "$zone")
+ksk13=$("$KEYGEN" -q -a ECDSAP256SHA256 -b 256 -f KSK "$zone")
+zsk13=$("$KEYGEN" -q -a ECDSAP256SHA256 -b 256 "$zone")
+ksk14=$("$KEYGEN" -q -a ECDSAP384SHA384 -b 384 -f KSK "$zone")
+zsk14=$("$KEYGEN" -q -a ECDSAP384SHA384 -b 384 "$zone")
+# Sign deliberately with a very short expiration date.
+"$SIGNER" -S -x -O full -e "now"+1s -o "$zone" -f "$zonefile" "$infile" > /dev/null 2>&1
+keyfile_to_key_id "$ksk8" > manykeys.ksk8.id
+keyfile_to_key_id "$zsk8" > manykeys.zsk8.id
+keyfile_to_key_id "$ksk13" > manykeys.ksk13.id
+keyfile_to_key_id "$zsk13" > manykeys.zsk13.id
+keyfile_to_key_id "$ksk14" > manykeys.ksk14.id
+keyfile_to_key_id "$zsk14" > manykeys.zsk14.id
--- a/bin/tests/system/statschannel/tests.sh
+++ b/bin/tests/system/statschannel/tests.sh
@@ -70,8 +70,8 @@ getzones() {
        *) return 1 ;;
    esac
    file=`$PERL fetch.pl -p ${EXTRAPORT1} $path`
-    cp $file $file.$1.$2
-    $PERL zones-${1}.pl $file 2>/dev/null | sort > zones.out.$2
+    cp $file $file.$1.$3
+    $PERL zones-${1}.pl $file $2 2>/dev/null | sort > zones.out.$3
    result=$?
    return $result
 }
@@ -292,11 +292,11 @@ rm -f zones.expect
 # Fetch and check the dnssec sign statistics.
 echo_i "fetching zone stats data after zone maintenance at startup ($n)"
 if [ $PERL_XML ]; then
-    getzones xml x$n || ret=1
+    getzones xml $zone x$n || ret=1
    cmp zones.out.x$n zones.expect.$n || ret=1
 fi
 if [ $PERL_JSON ]; then
-    getzones json j$n || ret=1
+    getzones json $zone j$n || ret=1
    cmp zones.out.j$n zones.expect.$n || ret=1
 fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -322,11 +322,11 @@ rm -f zones.expect
 # Fetch and check the dnssec sign statistics.
 echo_i "fetching zone stats data after dynamic update ($n)"
 if [ $PERL_XML ]; then
-    getzones xml x$n || ret=1
+    getzones xml $zone x$n || ret=1
    cmp zones.out.x$n zones.expect.$n || ret=1
 fi
 if [ $PERL_JSON ]; then
-    getzones json j$n || ret=1
+    getzones json $zone j$n || ret=1
    cmp zones.out.j$n zones.expect.$n || ret=1
 fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
@@ -349,16 +349,39 @@ cat zones.expect | sort > zones.expect.$n
 rm -f zones.expect
 # Fetch and check the dnssec sign statistics.
 if [ $PERL_XML ]; then
-    getzones xml x$n || ret=1
+    getzones xml $zone x$n || ret=1
    cmp zones.out.x$n zones.expect.$n || ret=1
 fi
 if [ $PERL_JSON ]; then
-    getzones json j$n || ret=1
+    getzones json $zone j$n || ret=1
    cmp zones.out.j$n zones.expect.$n || ret=1
 fi
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 n=`expr $n + 1`

+# 4. Test a zone with more than four keys.
+zone="manykeys"
+ksk8_id=`cat ns2/$zone.ksk8.id`
+zsk8_id=`cat ns2/$zone.zsk8.id`
+ksk13_id=`cat ns2/$zone.ksk13.id`
+zsk13_id=`cat ns2/$zone.zsk13.id`
+ksk14_id=`cat ns2/$zone.ksk14.id`
+zsk14_id=`cat ns2/$zone.zsk14.id`
+
+ret=0
+echo_i "fetch zone stats data for a zone with many keys ($n)"
+# Fetch and check the dnssec sign statistics.
+if [ $PERL_XML ]; then
+    getzones xml $zone x$n || ret=1
+fi
+if [ $PERL_JSON ]; then
+    getzones json $zone j$n || ret=1
+fi
+# The output is gibberish, but at least make sure it does not crash.
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+n=`expr $n + 1`
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
--- a/bin/tests/system/statschannel/zones-json.pl
+++ b/bin/tests/system/statschannel/zones-json.pl
@@ -16,6 +16,7 @@
 use JSON;

 my $file = $ARGV[0];
+my $zone = $ARGV[1];
 open(INPUT, "<$file");
 my $text = do{local$/;<INPUT>};
 close(INPUT);
@@ -23,12 +24,12 @@ close(INPUT);
 my $ref = decode_json($text);


-my $dnssecsign = $ref->{views}->{_default}->{zones}[0]->{"dnssec-sign"};
+my $dnssecsign = $ref->{views}->{_default}->{zones}[$zone]->{"dnssec-sign"};
 my $type = "dnssec-sign operations ";
 foreach $key (keys %{$dnssecsign}) {
    print $type . $key . ": ". $dnssecsign->{$key} ."\n";
 }
-my $dnssecrefresh = $ref->{views}->{_default}->{zones}[0]->{"dnssec-refresh"};
+my $dnssecrefresh = $ref->{views}->{_default}->{zones}[$zone]->{"dnssec-refresh"};
 my $type = "dnssec-refresh operations ";
 foreach $key (keys %{$dnssecrefresh}) {
    print $type . $key . ": ". $dnssecrefresh->{$key} ."\n";
--- a/bin/tests/system/statschannel/zones-xml.pl
+++ b/bin/tests/system/statschannel/zones-xml.pl
@@ -16,10 +16,11 @@
 use XML::Simple;

 my $file = $ARGV[0];
+my $zone = $ARGV[1];

 my $ref = XMLin($file);

-my $counters = $ref->{views}->{view}->{_default}->{zones}->{zone}->{dnssec}->{counters};
+my $counters = $ref->{views}->{view}->{_default}->{zones}->{zone}->{$zone}->{counters};

 foreach $group (@$counters) {