diff options
Diffstat (limited to 'bin/tests/system/dnssec/ns3/sign.sh')
-rw-r--r-- | bin/tests/system/dnssec/ns3/sign.sh | 224 |
1 files changed, 224 insertions, 0 deletions
diff --git a/bin/tests/system/dnssec/ns3/sign.sh b/bin/tests/system/dnssec/ns3/sign.sh new file mode 100644 index 0000000..eb362aa --- /dev/null +++ b/bin/tests/system/dnssec/ns3/sign.sh @@ -0,0 +1,224 @@ +#!/bin/sh +# +# Copyright (C) 2004, 2006-2008 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2000-2002 Internet Software Consortium. +# +# Permission to use, copy, modify, and/or distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: sign.sh,v 1.25 2008/09/25 04:02:38 tbox Exp $ + +SYSTEMTESTTOP=../.. +. $SYSTEMTESTTOP/conf.sh + +RANDFILE=../random.data + +zone=secure.example. +infile=secure.example.db.in +zonefile=secure.example.db + +keyname=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +zone=bogus.example. +infile=bogus.example.db.in +zonefile=bogus.example.db + +keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +zone=dynamic.example. +infile=dynamic.example.db.in +zonefile=dynamic.example.db + +keyname1=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +keyname2=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone` + +cat $infile $keyname1.key $keyname2.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +zone=keyless.example. +infile=keyless.example.db.in +zonefile=keyless.example.db + +keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +# Change the signer field of the a.b.keyless.example SIG A +# to point to a provably nonexistent KEY record. +mv $zonefile.signed $zonefile.tmp +<$zonefile.tmp perl -p -e 's/ keyless.example/ b.keyless.example/ + if /^a.b.keyless.example/../NXT/;' >$zonefile.signed +rm -f $zonefile.tmp + +# +# NSEC3/NSEC test zone +# +zone=secure.nsec3.example. +infile=secure.nsec3.example.db.in +zonefile=secure.nsec3.example.db + +keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# NSEC3/NSEC3 test zone +# +zone=nsec3.nsec3.example. +infile=nsec3.nsec3.example.db.in +zonefile=nsec3.nsec3.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# OPTOUT/NSEC3 test zone +# +zone=optout.nsec3.example. +infile=optout.nsec3.example.db.in +zonefile=optout.nsec3.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A nsec3 zone (non-optout). +# +zone=nsec3.example. +infile=nsec3.example.db.in +zonefile=nsec3.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# OPTOUT/NSEC test zone +# +zone=secure.optout.example. +infile=secure.optout.example.db.in +zonefile=secure.optout.example.db + +keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# OPTOUT/NSEC3 test zone +# +zone=nsec3.optout.example. +infile=nsec3.optout.example.db.in +zonefile=nsec3.optout.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# OPTOUT/OPTOUT test zone +# +zone=optout.optout.example. +infile=optout.optout.example.db.in +zonefile=optout.optout.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A optout nsec3 zone. +# +zone=optout.example. +infile=optout.example.db.in +zonefile=optout.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A nsec3 zone (non-optout) with unknown hash algorithm. +# +zone=nsec3-unknown.example. +infile=nsec3-unknown.example.db.in +zonefile=nsec3-unknown.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A optout nsec3 zone. +# +zone=optout-unknown.example. +infile=optout-unknown.example.db.in +zonefile=optout-unknown.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null + +# +# A multiple parameter nsec3 zone. +# +zone=multiple.example. +infile=multiple.example.db.in +zonefile=multiple.example.db + +keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone` + +cat $infile $keyname.key >$zonefile + +$SIGNER -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 - -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null +mv $zonefile.signed $zonefile +$SIGNER -3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null |