1#!/bin/sh -e 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14set -eu 15 16SYSTEMTESTTOP=.. 17. $SYSTEMTESTTOP/conf.sh 18 19touch empty 20 21Z=cds.test 22 23keyz=$($KEYGEN -q -a $DEFAULT_ALGORITHM $Z) 24key1=$($KEYGEN -q -a $DEFAULT_ALGORITHM -f KSK $Z) 25key2=$($KEYGEN -q -a $DEFAULT_ALGORITHM -f KSK $Z) 26 27idz=$(keyfile_to_key_id $keyz) 28id1=$(keyfile_to_key_id $key1) 29id2=$(keyfile_to_key_id $key2) 30 31cat <<EOF >vars.sh 32Z=$Z 33key1=$key1 34key2=$key2 35idz=$idz 36id1=$id1 37id2=$id2 38EOF 39 40tac() { 41 $PERL -e 'print reverse <>' 42} 43 44convert() { 45 key=$1 46 n=$2 47 $DSFROMKEY -12 $key >DS.$n 48 grep " ${DEFAULT_ALGORITHM_NUMBER} 1 " DS.$n >DS.$n-1 49 grep " ${DEFAULT_ALGORITHM_NUMBER} 2 " DS.$n >DS.$n-2 50 sed 's/ IN DS / IN CDS /' <DS.$n >>CDS.$n 51 sed 's/ IN DNSKEY / IN CDNSKEY /' <$key.key >CDNSKEY.$n 52 sed 's/ IN DS / 3600 IN DS /' <DS.$n >DS.ttl$n 53 sed 's/ IN DS / 7200 IN DS /' <DS.$n >DS.ttlong$n 54 tac <DS.$n >DS.rev$n 55} 56convert $key1 1 57convert $key2 2 58 59# consistent order wrt IDs 60sort DS.1 DS.2 >DS.both 61 62cp DS.1 DS.inplace 63$PERL -we 'utime time, time - 7200, "DS.inplace" or die' 64 65mangle="$PERL mangle.pl" 66 67$mangle " IN DS $id1 ${DEFAULT_ALGORITHM_NUMBER} 1 " <DS.1 >DS.broke1 68$mangle " IN DS $id1 ${DEFAULT_ALGORITHM_NUMBER} 2 " <DS.1 >DS.broke2 69$mangle " IN DS $id1 ${DEFAULT_ALGORITHM_NUMBER} [12] " <DS.1 >DS.broke12 70 71sed 's/^/update add / 72$a\ 73send 74' <DS.2 >UP.add2 75 76sed 's/^/update del / 77$a\ 78send 79' <DS.1 >UP.del1 80 81cat UP.add2 UP.del1 | sed 3d >UP.swap 82 83sed 's/ add \(.*\) IN DS / add \1 3600 IN DS /' <UP.swap >UP.swapttl 84 85sign() { 86 cat >db.$1 87 $SIGNER >/dev/null \ 88 -S -O full -o $Z -f sig.$1 db.$1 89} 90 91sign null <<EOF 92\$TTL 1h 93@ SOA localhost. root.localhost. ( 94 1 ; serial 95 1h ; refresh 96 1h ; retry 97 1w ; expiry 98 1h ; minimum 99 ) 100; 101 NS localhost. 102; 103EOF 104 105cat sig.null CDS.1 >brk.unsigned-cds 106 107cat db.null CDS.1 | sign cds.1 108cat db.null CDS.2 | sign cds.2 109cat db.null CDS.1 CDS.2 | sign cds.both 110 111tac <sig.cds.1 >sig.cds.rev1 112 113cat db.null CDNSKEY.2 | sign cdnskey.2 114cat db.null CDS.2 CDNSKEY.2 | sign cds.cdnskey.2 115 116$mangle '\s+IN\s+RRSIG\s+CDS .* '$idz' '$Z'\. ' \ 117 <sig.cds.1 >brk.rrsig.cds.zsk 118$mangle '\s+IN\s+RRSIG\s+CDS .* '$id1' '$Z'\. ' \ 119 <sig.cds.1 >brk.rrsig.cds.ksk 120 121$mangle " IN CDS $id1 ${DEFAULT_ALGORITHM_NUMBER} 1 " <db.cds.1 | 122sign cds-mangled 123 124bad=$($PERL -le "print ($id1 ^ 255);") 125sed "s/IN CDS $id1 ${DEFAULT_ALGORITHM_NUMBER} 1 /IN CDS $bad ${DEFAULT_ALGORITHM_NUMBER} 1 /" <db.cds.1 | 126sign bad-digests 127 128sed "/IN CDS $id1 ${DEFAULT_ALGORITHM_NUMBER} /p;s//IN CDS $bad $ALTERNATIVE_ALGORITHM_NUMBER /" <db.cds.1 | 129sign bad-algos 130 131rm -f dsset-* 132