1*00b67f09SDavid van Moolenbroek#!/bin/sh 2*00b67f09SDavid van Moolenbroek# 3*00b67f09SDavid van Moolenbroek# Copyright (C) 2014 Internet Systems Consortium, Inc. ("ISC") 4*00b67f09SDavid van Moolenbroek# 5*00b67f09SDavid van Moolenbroek# Permission to use, copy, modify, and/or distribute this software for any 6*00b67f09SDavid van Moolenbroek# purpose with or without fee is hereby granted, provided that the above 7*00b67f09SDavid van Moolenbroek# copyright notice and this permission notice appear in all copies. 8*00b67f09SDavid van Moolenbroek# 9*00b67f09SDavid van Moolenbroek# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10*00b67f09SDavid van Moolenbroek# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11*00b67f09SDavid van Moolenbroek# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12*00b67f09SDavid van Moolenbroek# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13*00b67f09SDavid van Moolenbroek# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14*00b67f09SDavid van Moolenbroek# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15*00b67f09SDavid van Moolenbroek# PERFORMANCE OF THIS SOFTWARE. 16*00b67f09SDavid van Moolenbroek 17*00b67f09SDavid van Moolenbroek# Id: tests.sh,v 1.3 2010/06/08 23:50:24 tbox Exp 18*00b67f09SDavid van Moolenbroek 19*00b67f09SDavid van MoolenbroekSYSTEMTESTTOP=.. 20*00b67f09SDavid van Moolenbroek. $SYSTEMTESTTOP/conf.sh 21*00b67f09SDavid van Moolenbroek 22*00b67f09SDavid van MoolenbroekDIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" 23*00b67f09SDavid van Moolenbroek 24*00b67f09SDavid van Moolenbroekstatus=0 25*00b67f09SDavid van Moolenbroekret=0 26*00b67f09SDavid van Moolenbroek 27*00b67f09SDavid van Moolenbroekalg=rsa 28*00b67f09SDavid van Moolenbroekzonefile=ns1/rsa.example.db 29*00b67f09SDavid van Moolenbroekecho "I:testing PKCS#11 key generation (rsa)" 30*00b67f09SDavid van Moolenbroekcount=`$PK11LIST | grep robie-rsa-ksk | wc -l` 31*00b67f09SDavid van Moolenbroekif [ $count != 2 ]; then echo "I:failed"; status=1; fi 32*00b67f09SDavid van Moolenbroek 33*00b67f09SDavid van Moolenbroekecho "I:testing offline signing with PKCS#11 keys (rsa)" 34*00b67f09SDavid van Moolenbroek 35*00b67f09SDavid van Moolenbroekcount=`grep RRSIG $zonefile.signed | wc -l` 36*00b67f09SDavid van Moolenbroekif [ $count != 12 ]; then echo "I:failed"; status=1; fi 37*00b67f09SDavid van Moolenbroek 38*00b67f09SDavid van Moolenbroekecho "I:testing inline signing with PKCS#11 keys (rsa)" 39*00b67f09SDavid van Moolenbroek 40*00b67f09SDavid van Moolenbroek$NSUPDATE > /dev/null <<END || status=1 41*00b67f09SDavid van Moolenbroekserver 10.53.0.1 5300 42*00b67f09SDavid van Moolenbroekttl 300 43*00b67f09SDavid van Moolenbroekzone rsa.example. 44*00b67f09SDavid van Moolenbroekupdate add `grep -v ';' ns1/${alg}.key` 45*00b67f09SDavid van Moolenbroeksend 46*00b67f09SDavid van MoolenbroekEND 47*00b67f09SDavid van Moolenbroek 48*00b67f09SDavid van Moolenbroekecho "I:waiting 20 seconds for key changes to take effect" 49*00b67f09SDavid van Moolenbroeksleep 20 50*00b67f09SDavid van Moolenbroek 51*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS ns.rsa.example. @10.53.0.1 a > dig.out || ret=1 52*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 53*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 54*00b67f09SDavid van Moolenbroekcount=`grep RRSIG dig.out | wc -l` 55*00b67f09SDavid van Moolenbroekif [ $count != 4 ]; then echo "I:failed"; status=1; fi 56*00b67f09SDavid van Moolenbroek 57*00b67f09SDavid van Moolenbroekecho "I:testing PKCS#11 key destroy (rsa)" 58*00b67f09SDavid van Moolenbroekret=0 59*00b67f09SDavid van Moolenbroek$PK11DEL -l robie-rsa-ksk -w0 > /dev/null 2>&1 || ret=1 60*00b67f09SDavid van Moolenbroek$PK11DEL -l robie-rsa-zsk1 -w0 > /dev/null 2>&1 || ret=1 61*00b67f09SDavid van Moolenbroek$PK11DEL -i $id -w0 > /dev/null 2>&1 || ret=1 62*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 63*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 64*00b67f09SDavid van Moolenbroekcount=`$PK11LIST | grep robie-rsa | wc -l` 65*00b67f09SDavid van Moolenbroekif [ $count != 0 ]; then echo "I:failed"; fi 66*00b67f09SDavid van Moolenbroekstatus=`expr $status + $count` 67*00b67f09SDavid van Moolenbroek 68*00b67f09SDavid van Moolenbroekecho "I:exit status: $status" 69*00b67f09SDavid van Moolenbroekexit $status 70