xref: /netbsd-src/external/mpl/bind/dist/bin/tests/system/wildcard/ns1/sign.sh (revision e6c7e151de239c49d2e38720a061ed9d1fa99309) 
1#!/bin/sh
2#
3# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4#
5# This Source Code Form is subject to the terms of the Mozilla Public
6# License, v. 2.0. If a copy of the MPL was not distributed with this
7# file, You can obtain one at http://mozilla.org/MPL/2.0/.
8#
9# See the COPYRIGHT file distributed with this work for additional
10# information regarding copyright ownership.
11
12SYSTEMTESTTOP=../..
13. $SYSTEMTESTTOP/conf.sh
14
15SYSTESTDIR=wildcard
16
17dssets=
18
19zone=dlv
20infile=dlv.db.in
21zonefile=dlv.db
22outfile=dlv.db.signed
23dssets="$dssets dsset-${zone}${TP}"
24
25keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
26keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
27
28cat $infile $keyname1.key $keyname2.key > $zonefile
29
30$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
31echo_i "signed $zone"
32
33zone=nsec
34infile=nsec.db.in
35zonefile=nsec.db
36outfile=nsec.db.signed
37dssets="$dssets dsset-${zone}${TP}"
38
39keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
40keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
41
42cat $infile $keyname1.key $keyname2.key > $zonefile
43
44$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
45echo_i "signed $zone"
46
47zone=private.nsec
48infile=private.nsec.db.in
49zonefile=private.nsec.db
50outfile=private.nsec.db.signed
51
52keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
53keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
54
55cat $infile $keyname1.key $keyname2.key > $zonefile
56
57$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
58echo_i "signed $zone"
59
60keyfile_to_trusted_keys $keyname2 > private.nsec.conf
61
62zone=nsec3
63infile=nsec3.db.in
64zonefile=nsec3.db
65outfile=nsec3.db.signed
66dssets="$dssets dsset-${zone}${TP}"
67
68keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
69keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
70
71cat $infile $keyname1.key $keyname2.key > $zonefile
72
73$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
74echo_i "signed $zone"
75
76zone=private.nsec3
77infile=private.nsec3.db.in
78zonefile=private.nsec3.db
79outfile=private.nsec3.db.signed
80
81keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
82keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
83
84cat $infile $keyname1.key $keyname2.key > $zonefile
85
86$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
87echo_i "signed $zone"
88
89keyfile_to_trusted_keys $keyname2 > private.nsec3.conf
90
91zone=.
92infile=root.db.in
93zonefile=root.db
94outfile=root.db.signed
95
96keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
97keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
98
99cat $infile $keyname1.key $keyname2.key $dssets >$zonefile
100
101$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
102echo_i "signed $zone"
103
104keyfile_to_trusted_keys $keyname2 > trusted.conf
105