1#!/bin/sh
2#
3# Copyright (C) 2004, 2007, 2009-2011  Internet Systems Consortium, Inc. ("ISC")
4#
5# Permission to use, copy, modify, and/or distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15# PERFORMANCE OF THIS SOFTWARE.
16
17# $Id: sign.sh,v 1.9.120.2 2011/05/26 23:47:05 tbox Exp $
18
19(cd ../ns6 && sh -e ./sign.sh)
20
21echo "I:dlv/ns3/sign.sh"
22
23SYSTEMTESTTOP=../..
24. $SYSTEMTESTTOP/conf.sh
25
26RANDFILE=../random.data
27dlvzone=dlv.utld.
28dlvsets=
29dssets=
30
31zone=child1.utld.
32infile=child.db.in
33zonefile=child1.utld.db
34outfile=child1.signed
35dlvsets="$dlvsets dlvset-$zone"
36
37keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 
38keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
39
40cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
41
42$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
43echo "I: signed $zone"
44
45
46zone=child3.utld.
47infile=child.db.in
48zonefile=child3.utld.db
49outfile=child3.signed
50dlvsets="$dlvsets dlvset-$zone"
51
52keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
53keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
54
55cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
56
57$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
58echo "I: signed $zone"
59
60
61zone=child4.utld.
62infile=child.db.in
63zonefile=child4.utld.db
64outfile=child4.signed
65dlvsets="$dlvsets dlvset-$zone"
66
67keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
68keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
69
70cat $infile $keyname1.key $keyname2.key >$zonefile
71
72$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
73echo "I: signed $zone"
74
75
76zone=child5.utld.
77infile=child.db.in
78zonefile=child5.utld.db
79outfile=child5.signed
80dlvsets="$dlvsets dlvset-$zone"
81
82keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
83keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
84
85cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
86
87$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
88echo "I: signed $zone"
89
90
91zone=child7.utld.
92infile=child.db.in
93zonefile=child7.utld.db
94outfile=child7.signed
95
96keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
97keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
98
99cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
100
101$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
102echo "I: signed $zone"
103
104
105zone=child8.utld.
106infile=child.db.in
107zonefile=child8.utld.db
108outfile=child8.signed
109
110keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
111keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
112
113cat $infile $keyname1.key $keyname2.key >$zonefile
114
115$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
116echo "I: signed $zone"
117
118
119zone=child9.utld.
120infile=child.db.in
121zonefile=child9.utld.db
122outfile=child9.signed
123dlvsets="$dlvsets dlvset-$zone"
124
125keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
126keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
127
128cat $infile $keyname1.key $keyname2.key >$zonefile
129
130$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
131echo "I: signed $zone"
132
133zone=child10.utld.
134infile=child.db.in
135zonefile=child10.utld.db
136outfile=child10.signed
137dlvsets="$dlvsets dlvset-$zone"
138
139keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
140keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
141
142cat $infile $keyname1.key $keyname2.key >$zonefile
143
144$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
145echo "I: signed $zone"
146
147zone=child1.druz.
148infile=child.db.in
149zonefile=child1.druz.db
150outfile=child1.druz.signed
151dlvsets="$dlvsets dlvset-$zone"
152dssets="$dssets dsset-$zone"
153
154keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null` 
155keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
156
157cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
158
159$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
160echo "I: signed $zone"
161
162
163zone=child3.druz.
164infile=child.db.in
165zonefile=child3.druz.db
166outfile=child3.druz.signed
167dlvsets="$dlvsets dlvset-$zone"
168dssets="$dssets dsset-$zone"
169
170keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
171keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
172
173cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
174
175$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
176echo "I: signed $zone"
177
178
179zone=child4.druz.
180infile=child.db.in
181zonefile=child4.druz.db
182outfile=child4.druz.signed
183dlvsets="$dlvsets dlvset-$zone"
184dssets="$dssets dsset-$zone"
185
186keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
187keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
188
189cat $infile $keyname1.key $keyname2.key >$zonefile
190
191$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
192echo "I: signed $zone"
193
194
195zone=child5.druz.
196infile=child.db.in
197zonefile=child5.druz.db
198outfile=child5.druz.signed
199dlvsets="$dlvsets dlvset-$zone"
200dssets="$dssets dsset-$zone"
201
202keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
203keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
204
205cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
206
207$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
208echo "I: signed $zone"
209
210
211zone=child7.druz.
212infile=child.db.in
213zonefile=child7.druz.db
214outfile=child7.druz.signed
215dssets="$dssets dsset-$zone"
216
217keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
218keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
219
220cat $infile $keyname1.key $keyname2.key ../ns6/dsset-grand.$zone >$zonefile
221
222$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
223echo "I: signed $zone"
224
225
226zone=child8.druz.
227infile=child.db.in
228zonefile=child8.druz.db
229outfile=child8.druz.signed
230
231keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
232keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
233
234cat $infile $keyname1.key $keyname2.key >$zonefile
235
236$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
237echo "I: signed $zone"
238
239
240zone=child9.druz.
241infile=child.db.in
242zonefile=child9.druz.db
243outfile=child9.druz.signed
244dlvsets="$dlvsets dlvset-$zone"
245
246keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
247keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
248
249cat $infile $keyname1.key $keyname2.key >$zonefile
250
251$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
252echo "I: signed $zone"
253
254zone=child10.druz.
255infile=child.db.in
256zonefile=child10.druz.db
257outfile=child10.druz.signed
258dlvsets="$dlvsets dlvset-$zone"
259dssets="$dssets dsset-$zone"
260
261keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
262keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
263
264cat $infile $keyname1.key $keyname2.key >$zonefile
265
266$SIGNER -r $RANDFILE -l $dlvzone -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
267echo "I: signed $zone"
268
269
270zone=dlv.utld.
271infile=dlv.db.in
272zonefile=dlv.utld.db
273outfile=dlv.signed
274
275keyname1=`$KEYGEN -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
276keyname2=`$KEYGEN -f KSK -r $RANDFILE -a DSA -b 768 -n zone $zone 2> /dev/null`
277
278cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile
279
280$SIGNER -r $RANDFILE -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
281echo "I: signed $zone"
282
283
284grep -v '^;' $keyname2.key | $PERL -n -e '
285local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
286local $key = join("", @rest);
287print <<EOF
288trusted-keys {
289    "$dn" $flags $proto $alg "$key";
290};
291EOF
292' > trusted-dlv.conf
293cp trusted-dlv.conf ../ns5
294
295cp $dssets ../ns2
296