1# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") 2# 3# Permission to use, copy, modify, and/or distribute this software for any 4# purpose with or without fee is hereby granted, provided that the above 5# copyright notice and this permission notice appear in all copies. 6# 7# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 8# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 9# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 10# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 11# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 12# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 13# PERFORMANCE OF THIS SOFTWARE. 14 15# Id 16 17SYSTEMTESTTOP=.. 18. $SYSTEMTESTTOP/conf.sh 19failed () { 20 cat verify.out.$n | sed 's/^/D:/'; 21 echo "I:failed"; 22 status=1; 23} 24 25n=0 26status=0 27 28for file in zones/*.good 29do 30 n=`expr $n + 1` 31 zone=`expr "$file" : 'zones/\(.*\).good'` 32 echo "I:checking supposedly good zone: $zone ($n)" 33 ret=0 34 case $zone in 35 zsk-only.*) only=-z;; 36 ksk-only.*) only=-z;; 37 *) only=;; 38 esac 39 $VERIFY ${only} -o $zone $file > verify.out.$n 2>&1 || ret=1 40 [ $ret = 0 ] || failed 41done 42 43for file in zones/*.bad 44do 45 n=`expr $n + 1` 46 zone=`expr "$file" : 'zones/\(.*\).bad'` 47 echo "I:checking supposedly bad zone: $zone ($n)" 48 ret=0 49 dumpit=0 50 case $zone in 51 zsk-only.*) only=-z;; 52 ksk-only.*) only=-z;; 53 *) only=;; 54 esac 55 expect1= expect2= 56 case $zone in 57 *.dnskeyonly) 58 expect1="DNSKEY is not signed" 59 ;; 60 *.expired) 61 expect1="signature has expired" 62 expect2="No self-signed .*DNSKEY found" 63 ;; 64 *.ksk-expired) 65 expect1="signature has expired" 66 expect2="No self-signed .*DNSKEY found" 67 ;; 68 *.out-of-zone-nsec|*.below-bottom-of-zone-nsec) 69 expect1="unexpected NSEC RRset at" 70 ;; 71 *.nsec.broken-chain) 72 expect1="Bad record NSEC record for.*, next name mismatch" 73 ;; 74 *.bad-bitmap) 75 expect1="bit map mismatch" 76 ;; 77 *.missing-empty) 78 expect1="Missing NSEC3 record for"; 79 ;; 80 unsigned) 81 expect1="Zone contains no DNSSEC keys" 82 ;; 83 *.extra-nsec3) 84 expect1="Expected and found NSEC3 chains not equal"; 85 ;; 86 *) 87 dumpit=1 88 ;; 89 esac 90 $VERIFY ${only} -o $zone $file > verify.out.$n 2>&1 && ret=1 91 grep "${expect1:-.}" verify.out.$n > /dev/null || ret=1 92 grep "${expect2:-.}" verify.out.$n > /dev/null || ret=1 93 [ $ret = 0 ] || failed 94 [ $dumpit = 1 ] && cat verify.out.$n 95done 96exit $status 97