Update kasp, keymgr2kasp, and multisigner tests

Update the system tests to consider the zone's maximum TTL, now derived
from the zone's contents.
This commit is contained in:
Matthijs Mekking
2023-05-02 14:54:06 +02:00
parent 723cb07d58
commit 9857e75d48
3 changed files with 9 additions and 3 deletions

View File

@@ -18,6 +18,8 @@ dnssec-policy "migrate" {
ksk key-directory lifetime unlimited algorithm @DEFAULT_ALGORITHM@;
zsk key-directory lifetime P60D algorithm @DEFAULT_ALGORITHM@;
};
max-zone-ttl 300;
};
dnssec-policy "timing-metadata" {

View File

@@ -442,7 +442,7 @@ wait_for_done_signing() {
# ZSK now has lifetime of 60 days (5184000 seconds).
# The key is removed after Iret = TTLsig + Dprp + Dsgn + retire-safety.
Lzsk=5184000
IretZSK=867900
IretZSK=781800
#
# Testing good migration.
@@ -470,11 +470,11 @@ rollover_predecessor_keytimes 0
# - Key now has lifetime of 60 days (5184000 seconds).
# The key is removed after Iret = TTLsig + Dprp + Dsgn + retire-safety.
# TTLsig: 1d (86400 seconds)
# TTLsig: 5m (300 seconds)
# Dprp: 5m (300 seconds)
# Dsgn: 9d (777600 seconds)
# retire-safety: 1h (3600 seconds)
# IretZSK: 10d65m (867900 seconds)
# IretZSK: 9d70m (781800 seconds)
active=$(key_get KEY2 ACTIVE)
set_addkeytime "KEY2" "RETIRED" "${active}" "${Lzsk}"
retired=$(key_get KEY2 RETIRED)

View File

@@ -30,6 +30,7 @@ set_policy "model2" "2" "3600"
# Key properties and states.
key_clear "KEY1"
set_keyrole "KEY1" "ksk"
set_keymaxttl "KEY1" "300"
set_keylifetime "KEY1" "0"
set_keyalgorithm "KEY1" "13" "ECDSAP256SHA256" "256"
set_keysigning "KEY1" "yes"
@@ -41,6 +42,7 @@ set_keystate "KEY1" "STATE_DS" "omnipresent"
key_clear "KEY2"
set_keyrole "KEY2" "zsk"
set_keymaxttl "KEY2" "300"
set_keylifetime "KEY2" "0"
set_keyalgorithm "KEY2" "13" "ECDSAP256SHA256" "256"
set_keysigning "KEY2" "no"
@@ -425,6 +427,8 @@ no_dnssec_in_journal
#
set_zone "model2.secondary"
set_policy "model2" "2" "3600"
set_keymaxttl "KEY1" "none"
set_keymaxttl "KEY2" "none"
set_server "ns3" "10.53.0.3"
check_keys