xref: /minix3/external/bsd/bind/dist/bin/tests/system/wildcard/ns1/sign.sh (revision 00b67f09dd46474d133c95011a48590a8e8f94c7) 
1#!/bin/sh
2#
3# Copyright (C) 2012-2014  Internet Systems Consortium, Inc. ("ISC")
4#
5# Permission to use, copy, modify, and/or distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15# PERFORMANCE OF THIS SOFTWARE.
16
17# Id: sign.sh,v 1.1.2.2 2010/06/01 06:38:47 marka Exp
18
19SYSTEMTESTTOP=../..
20. $SYSTEMTESTTOP/conf.sh
21
22dssets=
23
24zone=dlv.
25infile=dlv.db.in
26zonefile=dlv.db
27outfile=dlv.db.signed
28dssets="$dssets dsset-$zone"
29
30keyname1=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
31keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
32
33cat $infile $keyname1.key $keyname2.key > $zonefile
34
35$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
36echo "I: signed $zone"
37
38zone=nsec.
39infile=nsec.db.in
40zonefile=nsec.db
41outfile=nsec.db.signed
42dssets="$dssets dsset-$zone"
43
44keyname1=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
45keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
46
47cat $infile $keyname1.key $keyname2.key > $zonefile
48
49$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
50echo "I: signed $zone"
51
52zone=private.nsec.
53infile=private.nsec.db.in
54zonefile=private.nsec.db
55outfile=private.nsec.db.signed
56
57keyname1=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
58keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
59
60cat $infile $keyname1.key $keyname2.key > $zonefile
61
62$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
63echo "I: signed $zone"
64
65grep -v '^;' $keyname2.key | $PERL -n -e '
66local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
67local $key = join("", @rest);
68print <<EOF
69trusted-keys {
70    "$dn" $flags $proto $alg "$key";
71};
72EOF
73' > private.nsec.conf
74
75zone=nsec3.
76infile=nsec3.db.in
77zonefile=nsec3.db
78outfile=nsec3.db.signed
79dssets="$dssets dsset-$zone"
80
81keyname1=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
82keyname2=`$KEYGEN -f KSK -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
83
84cat $infile $keyname1.key $keyname2.key > $zonefile
85
86$SIGNER -r $RANDFILE -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
87echo "I: signed $zone"
88
89zone=private.nsec3.
90infile=private.nsec3.db.in
91zonefile=private.nsec3.db
92outfile=private.nsec3.db.signed
93
94keyname1=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
95keyname2=`$KEYGEN -f KSK -r $RANDFILE -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
96
97cat $infile $keyname1.key $keyname2.key > $zonefile
98
99$SIGNER -r $RANDFILE -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
100echo "I: signed $zone"
101
102grep -v '^;' $keyname2.key | $PERL -n -e '
103local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
104local $key = join("", @rest);
105print <<EOF
106trusted-keys {
107    "$dn" $flags $proto $alg "$key";
108};
109EOF
110' > private.nsec3.conf
111
112zone=.
113infile=root.db.in
114zonefile=root.db
115outfile=root.db.signed
116
117keyname1=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
118keyname2=`$KEYGEN -f KSK -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
119
120cat $infile $keyname1.key $keyname2.key $dssets >$zonefile
121
122$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
123echo "I: signed $zone"
124
125grep -v '^;' $keyname2.key | $PERL -n -e '
126local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
127local $key = join("", @rest);
128print <<EOF
129trusted-keys {
130    "$dn" $flags $proto $alg "$key";
131};
132EOF
133' > trusted.conf
134