xref: /minix3/external/bsd/bind/dist/bin/tests/system/pkcs11/tests.sh (revision 00b67f09dd46474d133c95011a48590a8e8f94c7) 
1#!/bin/sh
2#
3# Copyright (C) 2010, 2012, 2014  Internet Systems Consortium, Inc. ("ISC")
4#
5# Permission to use, copy, modify, and/or distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15# PERFORMANCE OF THIS SOFTWARE.
16
17# Id: tests.sh,v 1.3 2010/06/08 23:50:24 tbox Exp
18
19SYSTEMTESTTOP=..
20. $SYSTEMTESTTOP/conf.sh
21
22DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
23
24status=0
25ret=0
26
27supported=`cat supported`
28case $supported in
29    rsaonly) algs="rsa" ;;
30    ecconly) algs="ecc" ;;
31    both) algs="rsa ecc" ;;
32esac
33
34
35for alg in $algs; do
36    zonefile=ns1/$alg.example.db
37    echo "I:testing PKCS#11 key generation ($alg)"
38    count=`$PK11LIST | grep robie-$alg-ksk | wc -l`
39    if [ $count != 2 ]; then echo "I:failed"; status=1; fi
40
41    echo "I:testing offline signing with PKCS#11 keys ($alg)"
42
43    count=`grep RRSIG $zonefile.signed | wc -l`
44    if [ $count != 12 ]; then echo "I:failed"; status=1; fi
45
46    echo "I:testing inline signing with PKCS#11 keys ($alg)"
47
48    $NSUPDATE > /dev/null <<END || status=1
49server 10.53.0.1 5300
50ttl 300
51zone $alg.example.
52update add `grep -v ';' ns1/${alg}.key`
53send
54END
55
56    echo "I:waiting 20 seconds for key changes to take effect"
57    sleep 20
58
59    $DIG $DIGOPTS ns.$alg.example. @10.53.0.1 a > dig.out || ret=1
60    if [ $ret != 0 ]; then echo "I:failed"; fi
61    status=`expr $status + $ret`
62    count=`grep RRSIG dig.out | wc -l`
63    if [ $count != 4 ]; then echo "I:failed"; status=1; fi
64
65    echo "I:testing PKCS#11 key destroy ($alg)"
66    ret=0
67    $PK11DEL -l robie-$alg-ksk -w0 > /dev/null 2>&1 || ret=1
68    $PK11DEL -l robie-$alg-zsk1 -w0 > /dev/null 2>&1 || ret=1
69    case $alg in
70        rsa) id=02 ;;
71        ecc) id=04 ;;
72    esac
73    $PK11DEL -i $id -w0 > /dev/null 2>&1 || ret=1
74    if [ $ret != 0 ]; then echo "I:failed"; fi
75    status=`expr $status + $ret`
76    count=`$PK11LIST | grep robie-$alg | wc -l`
77    if [ $count != 0 ]; then echo "I:failed"; fi
78    status=`expr $status + $count`
79done
80
81echo "I:exit status: $status"
82exit $status
83