1*00b67f09SDavid van Moolenbroek#!/bin/sh 2*00b67f09SDavid van Moolenbroek# 3*00b67f09SDavid van Moolenbroek# Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC") 4*00b67f09SDavid van Moolenbroek# 5*00b67f09SDavid van Moolenbroek# Permission to use, copy, modify, and/or distribute this software for any 6*00b67f09SDavid van Moolenbroek# purpose with or without fee is hereby granted, provided that the above 7*00b67f09SDavid van Moolenbroek# copyright notice and this permission notice appear in all copies. 8*00b67f09SDavid van Moolenbroek# 9*00b67f09SDavid van Moolenbroek# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10*00b67f09SDavid van Moolenbroek# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11*00b67f09SDavid van Moolenbroek# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12*00b67f09SDavid van Moolenbroek# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13*00b67f09SDavid van Moolenbroek# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14*00b67f09SDavid van Moolenbroek# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15*00b67f09SDavid van Moolenbroek# PERFORMANCE OF THIS SOFTWARE. 16*00b67f09SDavid van Moolenbroek 17*00b67f09SDavid van MoolenbroekSYSTEMTESTTOP=.. 18*00b67f09SDavid van Moolenbroek. $SYSTEMTESTTOP/conf.sh 19*00b67f09SDavid van Moolenbroek 20*00b67f09SDavid van MoolenbroekKEYGEN="$KEYGEN -qr $RANDFILE" 21*00b67f09SDavid van Moolenbroek 22*00b67f09SDavid van Moolenbroek$SHELL clean.sh 23*00b67f09SDavid van Moolenbroek 24*00b67f09SDavid van Moolenbroekln -s $CHECKZONE named-compilezone 25*00b67f09SDavid van Moolenbroek 26*00b67f09SDavid van Moolenbroek# Test 1: KSK goes inactive before successor is active 27*00b67f09SDavid van Moolenbroekdir=01-ksk-inactive 28*00b67f09SDavid van Moolenbroekrm -f $dir/K*.key 29*00b67f09SDavid van Moolenbroekrm -f $dir/K*.private 30*00b67f09SDavid van Moolenbroekksk1=`$KEYGEN -K $dir -3fk example.com` 31*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1 32*00b67f09SDavid van Moolenbroekksk2=`$KEYGEN -K $dir -S $ksk1` 33*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +7mo $ksk1 > /dev/null 2>&1 34*00b67f09SDavid van Moolenbroekzsk1=`$KEYGEN -K $dir -3 example.com` 35*00b67f09SDavid van Moolenbroek 36*00b67f09SDavid van Moolenbroek# Test 2: ZSK goes inactive before successor is active 37*00b67f09SDavid van Moolenbroekdir=02-zsk-inactive 38*00b67f09SDavid van Moolenbroekrm -f $dir/K*.key 39*00b67f09SDavid van Moolenbroekrm -f $dir/K*.private 40*00b67f09SDavid van Moolenbroekzsk1=`$KEYGEN -K $dir -3 example.com` 41*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1 42*00b67f09SDavid van Moolenbroekzsk2=`$KEYGEN -K $dir -S $zsk1` 43*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +7mo $zsk1 > /dev/null 2>&1 44*00b67f09SDavid van Moolenbroekksk1=`$KEYGEN -K $dir -3fk example.com` 45*00b67f09SDavid van Moolenbroek 46*00b67f09SDavid van Moolenbroek# Test 3: KSK is unpublished before its successor is published 47*00b67f09SDavid van Moolenbroekdir=03-ksk-unpublished 48*00b67f09SDavid van Moolenbroekrm -f $dir/K*.key 49*00b67f09SDavid van Moolenbroekrm -f $dir/K*.private 50*00b67f09SDavid van Moolenbroekksk1=`$KEYGEN -K $dir -3fk example.com` 51*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1 52*00b67f09SDavid van Moolenbroekksk2=`$KEYGEN -K $dir -S $ksk1` 53*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -D +6mo $ksk1 > /dev/null 2>&1 54*00b67f09SDavid van Moolenbroekzsk1=`$KEYGEN -K $dir -3 example.com` 55*00b67f09SDavid van Moolenbroek 56*00b67f09SDavid van Moolenbroek# Test 4: ZSK is unpublished before its successor is published 57*00b67f09SDavid van Moolenbroekdir=04-zsk-unpublished 58*00b67f09SDavid van Moolenbroekrm -f $dir/K*.key 59*00b67f09SDavid van Moolenbroekrm -f $dir/K*.private 60*00b67f09SDavid van Moolenbroekzsk1=`$KEYGEN -K $dir -3 example.com` 61*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1 62*00b67f09SDavid van Moolenbroekzsk2=`$KEYGEN -K $dir -S $zsk1` 63*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -D +6mo $zsk1 > /dev/null 2>&1 64*00b67f09SDavid van Moolenbroekksk1=`$KEYGEN -K $dir -3fk example.com` 65*00b67f09SDavid van Moolenbroek 66*00b67f09SDavid van Moolenbroek# Test 5: KSK deleted and successor published before KSK is deactivated 67*00b67f09SDavid van Moolenbroek# and successor activated. 68*00b67f09SDavid van Moolenbroekdir=05-ksk-unpub-active 69*00b67f09SDavid van Moolenbroekrm -f $dir/K*.key 70*00b67f09SDavid van Moolenbroekrm -f $dir/K*.private 71*00b67f09SDavid van Moolenbroekksk1=`$KEYGEN -K $dir -3fk example.com` 72*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +9mo -D +8mo $ksk1 > /dev/null 2>&1 73*00b67f09SDavid van Moolenbroekksk2=`$KEYGEN -K $dir -S $ksk1` 74*00b67f09SDavid van Moolenbroekzsk1=`$KEYGEN -K $dir -3 example.com` 75*00b67f09SDavid van Moolenbroek 76*00b67f09SDavid van Moolenbroek# Test 6: ZSK deleted and successor published before ZSK is deactivated 77*00b67f09SDavid van Moolenbroek# and successor activated. 78*00b67f09SDavid van Moolenbroekdir=06-zsk-unpub-active 79*00b67f09SDavid van Moolenbroekrm -f $dir/K*.key 80*00b67f09SDavid van Moolenbroekrm -f $dir/K*.private 81*00b67f09SDavid van Moolenbroekzsk1=`$KEYGEN -K $dir -3 example.com` 82*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +9mo -D +8mo $zsk1 > /dev/null 2>&1 83*00b67f09SDavid van Moolenbroekzsk2=`$KEYGEN -K $dir -S $zsk1` 84*00b67f09SDavid van Moolenbroekksk1=`$KEYGEN -K $dir -3fk example.com` 85*00b67f09SDavid van Moolenbroek 86*00b67f09SDavid van Moolenbroek# Test 7: KSK rolled with insufficient delay after prepublication. 87*00b67f09SDavid van Moolenbroekdir=07-ksk-ttl 88*00b67f09SDavid van Moolenbroekrm -f $dir/K*.key 89*00b67f09SDavid van Moolenbroekrm -f $dir/K*.private 90*00b67f09SDavid van Moolenbroekksk1=`$KEYGEN -K $dir -3fk example.com` 91*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1 92*00b67f09SDavid van Moolenbroekksk2=`$KEYGEN -K $dir -S $ksk1` 93*00b67f09SDavid van Moolenbroek# allow only 1 day between publication and activation 94*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -P +269d $ksk2 > /dev/null 2>&1 95*00b67f09SDavid van Moolenbroekzsk1=`$KEYGEN -K $dir -3 example.com` 96*00b67f09SDavid van Moolenbroek 97*00b67f09SDavid van Moolenbroek# Test 8: ZSK rolled with insufficient delay after prepublication. 98*00b67f09SDavid van Moolenbroekdir=08-zsk-ttl 99*00b67f09SDavid van Moolenbroekrm -f $dir/K*.key 100*00b67f09SDavid van Moolenbroekrm -f $dir/K*.private 101*00b67f09SDavid van Moolenbroekzsk1=`$KEYGEN -K $dir -3 example.com` 102*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1 103*00b67f09SDavid van Moolenbroekzsk2=`$KEYGEN -K $dir -S $zsk1` 104*00b67f09SDavid van Moolenbroek# allow only 1 day between publication and activation 105*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -P +269d $zsk2 > /dev/null 2>&1 106*00b67f09SDavid van Moolenbroekksk1=`$KEYGEN -K $dir -3fk example.com` 107*00b67f09SDavid van Moolenbroek 108*00b67f09SDavid van Moolenbroek# Test 9: KSK goes inactive before successor is active, but checking ZSKs 109*00b67f09SDavid van Moolenbroekdir=09-check-zsk 110*00b67f09SDavid van Moolenbroekrm -f $dir/K*.key 111*00b67f09SDavid van Moolenbroekrm -f $dir/K*.private 112*00b67f09SDavid van Moolenbroekksk1=`$KEYGEN -K $dir -3fk example.com` 113*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +9mo -D +1y $ksk1 > /dev/null 2>&1 114*00b67f09SDavid van Moolenbroekksk2=`$KEYGEN -K $dir -S $ksk1` 115*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +7mo $ksk1 > /dev/null 2>&1 116*00b67f09SDavid van Moolenbroekzsk1=`$KEYGEN -K $dir -3 example.com` 117*00b67f09SDavid van Moolenbroek 118*00b67f09SDavid van Moolenbroek# Test 10: ZSK goes inactive before successor is active, but checking KSKs 119*00b67f09SDavid van Moolenbroekdir=10-check-ksk 120*00b67f09SDavid van Moolenbroekrm -f $dir/K*.key 121*00b67f09SDavid van Moolenbroekrm -f $dir/K*.private 122*00b67f09SDavid van Moolenbroekzsk1=`$KEYGEN -K $dir -3 example.com` 123*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +9mo -D +1y $zsk1 > /dev/null 2>&1 124*00b67f09SDavid van Moolenbroekzsk2=`$KEYGEN -K $dir -S $zsk1` 125*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +7mo $zsk1 > /dev/null 2>&1 126*00b67f09SDavid van Moolenbroekksk1=`$KEYGEN -K $dir -3fk example.com` 127*00b67f09SDavid van Moolenbroek 128*00b67f09SDavid van Moolenbroek# Test 11: ZSK goes inactive before successor is active, but after cutoff 129*00b67f09SDavid van Moolenbroekdir=11-cutoff 130*00b67f09SDavid van Moolenbroekrm -f $dir/K*.key 131*00b67f09SDavid van Moolenbroekrm -f $dir/K*.private 132*00b67f09SDavid van Moolenbroekzsk1=`$KEYGEN -K $dir -3 example.com` 133*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +18mo -D +2y $zsk1 > /dev/null 2>&1 134*00b67f09SDavid van Moolenbroekzsk2=`$KEYGEN -K $dir -S $zsk1` 135*00b67f09SDavid van Moolenbroek$SETTIME -K $dir -I +16mo $zsk1 > /dev/null 2>&1 136*00b67f09SDavid van Moolenbroekksk1=`$KEYGEN -K $dir -3fk example.com` 137