xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/wildcard/ns1/sign.sh (revision 9fd8799cb5ceb66c69f2eb1a6d26a1d587ba1f1e) 
1#!/bin/sh
2#
3# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4#
5# This Source Code Form is subject to the terms of the Mozilla Public
6# License, v. 2.0. If a copy of the MPL was not distributed with this
7# file, You can obtain one at http://mozilla.org/MPL/2.0/.
8#
9# See the COPYRIGHT file distributed with this work for additional
10# information regarding copyright ownership.
11
12SYSTEMTESTTOP=../..
13. $SYSTEMTESTTOP/conf.sh
14
15SYSTESTDIR=wildcard
16
17dssets=
18
19# RFC 4592 example zone.
20cp example.db.in example.db
21
22zone=nsec
23infile=nsec.db.in
24zonefile=nsec.db
25outfile=nsec.db.signed
26dssets="$dssets dsset-${zone}${TP}"
27
28keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
29keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
30
31cat $infile $keyname1.key $keyname2.key > $zonefile
32
33$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
34echo_i "signed $zone"
35
36zone=private.nsec
37infile=private.nsec.db.in
38zonefile=private.nsec.db
39outfile=private.nsec.db.signed
40
41keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
42keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
43
44cat $infile $keyname1.key $keyname2.key > $zonefile
45
46$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
47echo_i "signed $zone"
48
49keyfile_to_static_ds $keyname2 > private.nsec.conf
50
51zone=nsec3
52infile=nsec3.db.in
53zonefile=nsec3.db
54outfile=nsec3.db.signed
55dssets="$dssets dsset-${zone}${TP}"
56
57keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
58keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
59
60cat $infile $keyname1.key $keyname2.key > $zonefile
61
62$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
63echo_i "signed $zone"
64
65zone=private.nsec3
66infile=private.nsec3.db.in
67zonefile=private.nsec3.db
68outfile=private.nsec3.db.signed
69
70keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
71keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
72
73cat $infile $keyname1.key $keyname2.key > $zonefile
74
75$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
76echo_i "signed $zone"
77
78keyfile_to_static_ds $keyname2 > private.nsec3.conf
79
80zone=.
81infile=root.db.in
82zonefile=root.db
83outfile=root.db.signed
84
85keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
86keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
87
88cat $infile $keyname1.key $keyname2.key $dssets >$zonefile
89
90$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
91echo_i "signed $zone"
92
93keyfile_to_static_ds $keyname2 > trusted.conf
94