1#!/bin/sh -e
2#
3# Copyright (C) 2004, 2006-2012  Internet Systems Consortium, Inc. ("ISC")
4# Copyright (C) 2000-2002  Internet Software Consortium.
5#
6# Permission to use, copy, modify, and/or distribute this software for any
7# purpose with or without fee is hereby granted, provided that the above
8# copyright notice and this permission notice appear in all copies.
9#
10# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16# PERFORMANCE OF THIS SOFTWARE.
17
18# $Id$
19
20SYSTEMTESTTOP=../..
21. $SYSTEMTESTTOP/conf.sh
22
23RANDFILE=../random.data
24
25zone=secure.example.
26infile=secure.example.db.in
27zonefile=secure.example.db
28
29keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
30
31cat $infile $keyname.key >$zonefile
32
33$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
34
35zone=bogus.example.
36infile=bogus.example.db.in
37zonefile=bogus.example.db
38
39keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
40
41cat $infile $keyname.key >$zonefile
42
43$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
44
45zone=dynamic.example.
46infile=dynamic.example.db.in
47zonefile=dynamic.example.db
48
49keyname1=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
50keyname2=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone`
51
52cat $infile $keyname1.key $keyname2.key >$zonefile
53
54$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
55
56zone=keyless.example.
57infile=keyless.example.db.in
58zonefile=keyless.example.db
59
60keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
61
62cat $infile $keyname.key >$zonefile
63
64$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
65
66# Change the signer field of the a.b.keyless.example SIG A
67# to point to a provably nonexistent KEY record.
68mv $zonefile.signed $zonefile.tmp
69<$zonefile.tmp perl -p -e 's/ keyless.example/ b.keyless.example/
70    if /^a.b.keyless.example/../NXT/;' >$zonefile.signed
71rm -f $zonefile.tmp
72
73#
74#  NSEC3/NSEC test zone
75#
76zone=secure.nsec3.example.
77infile=secure.nsec3.example.db.in
78zonefile=secure.nsec3.example.db
79
80keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
81
82cat $infile $keyname.key >$zonefile
83
84$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
85
86#
87#  NSEC3/NSEC3 test zone
88#
89zone=nsec3.nsec3.example.
90infile=nsec3.nsec3.example.db.in
91zonefile=nsec3.nsec3.example.db
92
93keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
94
95cat $infile $keyname.key >$zonefile
96
97$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
98
99#
100#  OPTOUT/NSEC3 test zone
101#
102zone=optout.nsec3.example.
103infile=optout.nsec3.example.db.in
104zonefile=optout.nsec3.example.db
105
106keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
107
108cat $infile $keyname.key >$zonefile
109
110$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
111
112#
113# A nsec3 zone (non-optout).
114#
115zone=nsec3.example.
116infile=nsec3.example.db.in
117zonefile=nsec3.example.db
118
119keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
120
121cat $infile $keyname.key >$zonefile
122
123$SIGNER -P -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
124
125#
126#  OPTOUT/NSEC test zone
127#
128zone=secure.optout.example.
129infile=secure.optout.example.db.in
130zonefile=secure.optout.example.db
131
132keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
133
134cat $infile $keyname.key >$zonefile
135
136$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
137
138#
139#  OPTOUT/NSEC3 test zone
140#
141zone=nsec3.optout.example.
142infile=nsec3.optout.example.db.in
143zonefile=nsec3.optout.example.db
144
145keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
146
147cat $infile $keyname.key >$zonefile
148
149$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
150
151#
152#  OPTOUT/OPTOUT test zone
153#
154zone=optout.optout.example.
155infile=optout.optout.example.db.in
156zonefile=optout.optout.example.db
157
158keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
159
160cat $infile $keyname.key >$zonefile
161
162$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
163
164#
165# A optout nsec3 zone.
166#
167zone=optout.example.
168infile=optout.example.db.in
169zonefile=optout.example.db
170
171keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
172
173cat $infile $keyname.key >$zonefile
174
175$SIGNER -P -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
176
177#
178# A nsec3 zone (non-optout) with unknown hash algorithm.
179#
180zone=nsec3-unknown.example.
181infile=nsec3-unknown.example.db.in
182zonefile=nsec3-unknown.example.db
183
184keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
185
186cat $infile $keyname.key >$zonefile
187
188$SIGNER -P -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
189
190#
191# A optout nsec3 zone.
192#
193zone=optout-unknown.example.
194infile=optout-unknown.example.db.in
195zonefile=optout-unknown.example.db
196
197keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
198
199cat $infile $keyname.key >$zonefile
200
201$SIGNER -P -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
202
203#
204# A multiple parameter nsec3 zone.
205#
206zone=multiple.example.
207infile=multiple.example.db.in
208zonefile=multiple.example.db
209
210keyname=`$KEYGEN -q -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
211
212cat $infile $keyname.key >$zonefile
213
214$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
215mv $zonefile.signed $zonefile
216$SIGNER -P -u3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
217mv $zonefile.signed $zonefile
218$SIGNER -P -u3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
219mv $zonefile.signed $zonefile
220$SIGNER -P -u3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
221mv $zonefile.signed $zonefile
222$SIGNER -P -u3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
223mv $zonefile.signed $zonefile
224$SIGNER -P -u3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
225
226#
227# A RSASHA256 zone.
228#
229zone=rsasha256.example.
230infile=rsasha256.example.db.in
231zonefile=rsasha256.example.db
232
233keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
234
235cat $infile $keyname.key >$zonefile
236
237$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
238
239#
240# A RSASHA512 zone.
241#
242zone=rsasha512.example.
243infile=rsasha512.example.db.in
244zonefile=rsasha512.example.db
245
246keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA512 -b 1024 -n zone $zone`
247
248cat $infile $keyname.key >$zonefile
249
250$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
251
252#
253# A zone with the DNSKEY set only signed by the KSK
254#
255zone=kskonly.example.
256infile=kskonly.example.db.in
257zonefile=kskonly.example.db
258
259kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
260zskname=`$KEYGEN -q -r $RANDFILE $zone`
261cat $infile $kskname.key $zskname.key >$zonefile
262$SIGNER -x -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
263
264#
265# A zone with the expired signatures
266#
267zone=expired.example.
268infile=expired.example.db.in
269zonefile=expired.example.db
270
271kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
272zskname=`$KEYGEN -q -r $RANDFILE $zone`
273cat $infile $kskname.key $zskname.key >$zonefile
274$SIGNER -P -r $RANDFILE -o $zone -s -1d -e +1h $zonefile > /dev/null 2>&1
275rm -f $kskname.* $zskname.*
276
277#
278# A NSEC3 signed zone that will have a DNSKEY added to it via UPDATE.
279#
280zone=update-nsec3.example.
281infile=update-nsec3.example.db.in
282zonefile=update-nsec3.example.db
283
284kskname=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
285zskname=`$KEYGEN -q -3 -r $RANDFILE $zone`
286cat $infile $kskname.key $zskname.key >$zonefile
287$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
288
289#
290# A NSEC signed zone that will have auto-dnssec enabled and
291# extra keys not in the initial signed zone.
292#
293zone=auto-nsec.example.
294infile=auto-nsec.example.db.in
295zonefile=auto-nsec.example.db
296
297kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
298zskname=`$KEYGEN -q -r $RANDFILE $zone`
299kskname=`$KEYGEN -q -r $RANDFILE -fk $zone`
300zskname=`$KEYGEN -q -r $RANDFILE $zone`
301cat $infile $kskname.key $zskname.key >$zonefile
302$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
303
304#
305# A NSEC3 signed zone that will have auto-dnssec enabled and
306# extra keys not in the initial signed zone.
307#
308zone=auto-nsec3.example.
309infile=auto-nsec3.example.db.in
310zonefile=auto-nsec3.example.db
311
312kskname=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
313zskname=`$KEYGEN -q -3 -r $RANDFILE $zone`
314kskname=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
315zskname=`$KEYGEN -q -3 -r $RANDFILE $zone`
316cat $infile $kskname.key $zskname.key >$zonefile
317$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
318
319#
320# Secure below cname test zone.
321#
322zone=secure.below-cname.example.
323infile=secure.below-cname.example.db.in
324zonefile=secure.below-cname.example.db
325keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
326cat $infile $keyname.key >$zonefile
327$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null 2>&1
328
329#
330# Patched TTL test zone.
331#
332zone=ttlpatch.example.
333infile=ttlpatch.example.db.in
334zonefile=ttlpatch.example.db
335signedfile=ttlpatch.example.db.signed
336patchedfile=ttlpatch.example.db.patched
337
338keyname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
339cat $infile $keyname.key >$zonefile
340
341$SIGNER -P -r $RANDFILE -f $signedfile -o $zone $zonefile > /dev/null 2>&1
342$CHECKZONE -D -s full $zone $signedfile 2> /dev/null | \
343    awk '{$2 = "3600"; print}' > $patchedfile
344
345zone="expiring.example."
346infile="expiring.example.db.in"
347zonefile="expiring.example.db"
348signedfile="expiring.example.db.signed"
349kskname=`$KEYGEN -q -r $RANDFILE $zone`
350zskname=`$KEYGEN -q -r $RANDFILE -f KSK $zone`
351cp $infile $zonefile
352$SIGNER -S -r $RANDFILE -e now+1mi -o $zone $zonefile > /dev/null 2>&1
353rm -f ${zskname}.private ${kskname}.private
354