1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14. ../../conf.sh 15 16zone=signing.test 17rm -rf keys/signing.test 18mkdir -p keys/signing.test 19 20timetodnssec() { 21 $PERL -e 'my ($S,$M,$H,$d,$m,$y,$x) = gmtime(@ARGV[0]); 22 printf("%04u%02u%02u%02u%02u%02u\n", $y+1900,$m+1,$d,$H,$M,$S);' ${1} 23} 24 25KEYDIR=keys/signing.test 26KSK=$($KEYGEN -a RSASHA256 -K $KEYDIR -q -f KSK $zone) 27 28ZSK0=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) 29ZSK1=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) 30ZSK2=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) 31ZSK3=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) 32ZSK4=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) 33ZSK5=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) 34ZSK6=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) 35ZSK7=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) 36ZSK8=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) 37ZSK9=$($KEYGEN -a RSASHA256 -K $KEYDIR -q $zone) 38 39# clear all times on all keys 40for FILEN in keys/signing.test/*.key; do 41 $SETTIME -P none -A none -R none -I none -D none $FILEN 42done 43 44BASE=$(date +%s) 45BASET=$(timetodnssec $BASE) 46 47# reset the publish and activation time on the KSK 48$SETTIME -P $BASET -A $BASET $KEYDIR/$KSK 49 50# reset the publish and activation time on the first ZSK 51$SETTIME -P $BASET -A $BASET $KEYDIR/$ZSK0 52 53# schedule the first roll 54R1=$((BASE + 50)) 55R1T=$(timetodnssec $R1) 56 57$SETTIME -I $R1T $KEYDIR/$ZSK0 58$SETTIME -P $BASET -A $R1T $KEYDIR/$ZSK1 59 60# schedule the second roll (which includes the delete of the first key) 61R2=$((R1 + 50)) 62R2T=$(timetodnssec $R2) 63DT=$R2 64DTT=$(timetodnssec $DT) 65 66$SETTIME -D $DTT $KEYDIR/$ZSK0 67$SETTIME -I $R2T $KEYDIR/$ZSK1 68$SETTIME -P $R1T -A $R2T $KEYDIR/$ZSK2 69 70# schedule the third roll 71R3=$((R2 + 25)) 72R3T=$(timetodnssec $R3) 73 74$SETTIME -D $R3T $KEYDIR/$ZSK1 75$SETTIME -I $R3T $KEYDIR/$ZSK2 76$SETTIME -P $R2T -A $R3T $KEYDIR/$ZSK3 77 78$SETTIME -P $R3T $KEYDIR/$ZSK4 79 80echo KSK=$KSK 81echo ZSK0=$ZSK0 82echo ZSK1=$ZSK1 83echo ZSK2=$ZSK2 84echo ZSK3=$ZSK3 85echo ZSK4=$ZSK4 86 87exit 88 89# schedule the fourth roll 90# this isn't long enough for the signing to complete and would result in 91# duplicate signatures, see 92# https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/231#note_9597 93R4=$((R3 + 10)) 94R4T=$(timetodnssec $R4) 95 96$SETTIME -D $R4T $KEYDIR/$ZSK2 97$SETTIME -I $R4T $KEYDIR/$ZSK3 98$SETTIME -P $R3T -A $R4T $KEYDIR/$ZSK4 99