[master] dnssec-keymgr

4349. [contrib] kasp2policy: A python script to create a DNSSEC policy file from an OpenDNSSEC KASP XML file. 4348. [func] dnssec-keymgr: A new python-based DNSSEC key management utility, which reads a policy definition file and can create or update DNSSEC keys as needed to ensure that a zone's keys match policy, roll over correctly on schedule, etc. Thanks to Sebastian Castro for assistance in development. [RT #39211]
2016-04-28 00:12:33 -07:00
parent 16591ba9ae
commit f6096b958c
88 changed files with 4686 additions and 1129 deletions
--- a/bin/python/isc/tests/test-policies/01-keysize.pol
+++ b/bin/python/isc/tests/test-policies/01-keysize.pol
@@ -0,0 +1,41 @@
+policy keysize_rsa {
+        algorithm rsasha1;
+        coverage 1y;
+        roll-period zsk 3mo;
+        pre-publish zsk 2w;
+        post-publish zsk 2w;
+        roll-period ksk 1y;
+        pre-publish ksk 1mo;
+        post-publish ksk 2mo;
+        keyttl 1h;
+        key-size ksk 2048;
+        key-size zsk 1024;
+};
+
+policy keysize_dsa {
+        algorithm dsa;
+        coverage 1y;
+        key-size ksk 2048;
+        key-size zsk 1024;
+};
+
+zone good_rsa.test {
+        policy keysize_rsa;
+};
+
+zone bad_rsa.test {
+        policy keysize_rsa;
+        key-size ksk 511;
+};
+
+zone good_dsa.test {
+        policy keysize_dsa;
+        key-size ksk 1024;
+        key-size zsk 768;
+};
+
+zone bad_dsa.test {
+        policy keysize_dsa;
+        key-size ksk 1024;
+        key-size zsk 769;
+};