xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/mkeys/ns1/sign.sh (revision 3f351f34c6d827cf017cdcff3543f6ec0c88b420) 
1#!/bin/sh -e
2
3# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4#
5# SPDX-License-Identifier: MPL-2.0
6#
7# This Source Code Form is subject to the terms of the Mozilla Public
8# License, v. 2.0.  If a copy of the MPL was not distributed with this
9# file, you can obtain one at https://mozilla.org/MPL/2.0/.
10#
11# See the COPYRIGHT file distributed with this work for additional
12# information regarding copyright ownership.
13
14SYSTEMTESTTOP=../..
15. $SYSTEMTESTTOP/conf.sh
16
17zone=sub.tld
18zonefile=sub.tld.db
19
20keyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -qfk $zone)
21zskkeyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -q $zone)
22
23$SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null
24keyfile_to_initial_ds $keyname > island.conf
25cp island.conf ../ns5/island.conf
26
27zone=tld
28zonefile=tld.db
29
30keyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -qfk $zone)
31zskkeyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -q $zone)
32
33$SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null
34
35zone=.
36zonefile=root.db
37
38keyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -qfk $zone)
39zskkeyname=$($KEYGEN -a ${DEFAULT_ALGORITHM} -q $zone)
40
41$SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null
42
43# Configure the resolving server with an initializing key.
44keyfile_to_initial_ds $keyname > managed.conf
45cp managed.conf ../ns2/managed.conf
46cp managed.conf ../ns4/managed.conf
47cp managed.conf ../ns5/managed.conf
48
49# Configure broken trust anchor for ns3
50# Rotate each nibble in the digest by -1
51$DSFROMKEY $keyname.key |
52awk '!/^; /{
53            printf "trust-anchors {\n"
54            printf "\t\""$1"\" initial-ds "
55            printf $4 " " $5 " " $6 " \""
56            for (i=7; i<=NF; i++) {
57		# rotate digest
58		digest=$i
59		gsub("0", ":", digest)
60		gsub("1", "0", digest)
61		gsub("2", "1", digest)
62		gsub("3", "2", digest)
63		gsub("4", "3", digest)
64		gsub("5", "4", digest)
65		gsub("6", "5", digest)
66		gsub("7", "6", digest)
67		gsub("8", "7", digest)
68		gsub("9", "8", digest)
69		gsub("A", "9", digest)
70		gsub("B", "A", digest)
71		gsub("C", "B", digest)
72		gsub("D", "C", digest)
73		gsub("E", "D", digest)
74		gsub("F", "E", digest)
75		gsub(":", "F", digest)
76		printf digest
77	    }
78	    printf "\";\n"
79	    printf "};\n"
80	}' > ../ns3/broken.conf
81
82# Configure a static key to be used by delv.
83keyfile_to_static_ds $keyname > trusted.conf
84
85# Prepare an unsupported algorithm key.
86unsupportedkey=Kunknown.+255+00000
87cp unsupported.key "${unsupportedkey}.key"
88
89#
90#  Save keyname and keyid for managed key id test.
91#
92echo "$keyname" > managed.key
93echo "$zskkeyname" > zone.key
94keyfile_to_key_id $keyname > managed.key.id
95