xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/mkeys/ns1/sign.sh (revision 32d1c65c71fbdb65a012e8392a62a757dd6853e9) 
1#!/bin/sh -e
2
3# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4#
5# SPDX-License-Identifier: MPL-2.0
6#
7# This Source Code Form is subject to the terms of the Mozilla Public
8# License, v. 2.0.  If a copy of the MPL was not distributed with this
9# file, you can obtain one at https://mozilla.org/MPL/2.0/.
10#
11# See the COPYRIGHT file distributed with this work for additional
12# information regarding copyright ownership.
13
14. ../../conf.sh
15
16zone=sub.tld
17zonefile=sub.tld.db
18
19keyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -qfk $zone)
20zskkeyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -q $zone)
21
22$SIGNER -Sg -o $zone $zonefile >/dev/null 2>/dev/null
23keyfile_to_initial_ds $keyname >island.conf
24cp island.conf ../ns5/island.conf
25
26zone=tld
27zonefile=tld.db
28
29keyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -qfk $zone)
30zskkeyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -q $zone)
31
32$SIGNER -Sg -o $zone $zonefile >/dev/null 2>/dev/null
33
34zone=.
35zonefile=root.db
36
37keyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -qfk $zone)
38zskkeyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -q $zone)
39
40$SIGNER -Sg -o $zone $zonefile >/dev/null 2>/dev/null
41
42# Configure the resolving server with an initializing key.
43keyfile_to_initial_ds $keyname >managed.conf
44cp managed.conf ../ns2/managed.conf
45cp managed.conf ../ns4/managed.conf
46cp managed.conf ../ns5/managed.conf
47
48# Configure broken trust anchor for ns3
49# Rotate each nibble in the digest by -1
50$DSFROMKEY $keyname.key \
51  | awk '!/^; /{
52            printf "trust-anchors {\n"
53            printf "\t\""$1"\" initial-ds "
54            printf $4 " " $5 " " $6 " \""
55            for (i=7; i<=NF; i++) {
56		# rotate digest
57		digest=$i
58		gsub("0", ":", digest)
59		gsub("1", "0", digest)
60		gsub("2", "1", digest)
61		gsub("3", "2", digest)
62		gsub("4", "3", digest)
63		gsub("5", "4", digest)
64		gsub("6", "5", digest)
65		gsub("7", "6", digest)
66		gsub("8", "7", digest)
67		gsub("9", "8", digest)
68		gsub("A", "9", digest)
69		gsub("B", "A", digest)
70		gsub("C", "B", digest)
71		gsub("D", "C", digest)
72		gsub("E", "D", digest)
73		gsub("F", "E", digest)
74		gsub(":", "F", digest)
75		printf digest
76	    }
77	    printf "\";\n"
78	    printf "};\n"
79	}' >../ns3/broken.conf
80
81# Configure a static key to be used by delv.
82keyfile_to_static_ds $keyname >trusted.conf
83
84# Prepare an unsupported algorithm key.
85unsupportedkey=Kunknown.+255+00000
86cp unsupported.key "${unsupportedkey}.key"
87
88#
89#  Save keyname and keyid for managed key id test.
90#
91echo "$keyname" >managed.key
92echo "$zskkeyname" >zone.key
93keyfile_to_key_id $keyname >managed.key.id
94