- TRAFFIC keyword for testbound. Simplifies test generation.

${range lower val upper} to check probe timeout values. - test with 5011-prepublish rollover and revocation. - fix revocation of RR for autotrust, stray exclamation mark. git-svn-id: file:///svn/unbound/trunk@1804 be551aaa-1e26-0410-a405-d3ace91eadb9
2024-09-21 06:37:08 +00:00 · 2009-09-02 13:11:52 +00:00 · 2009-09-02 13:11:52 +00:00 · 8e2ef1caeb
commit 8e2ef1caeb
parent c7bea9d33a
13 changed files with 430 additions and 35 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,3 +1,9 @@
+2 September 2009: Wouter
+	- TRAFFIC keyword for testbound. Simplifies test generation.
+	  ${range lower val upper} to check probe timeout values.
+	- test with 5011-prepublish rollover and revocation.
+	- fix revocation of RR for autotrust, stray exclamation mark.
+
 1 September 2009: Wouter
 	- testbound variable arithmetic.
 	- autotrust probe time is randomised.
--- a/testcode/fake_event.c
+++ b/testcode/fake_event.c
@ -133,6 +133,7 @@ repevt_string(enum replay_event_type t)
 	case repevt_autotrust_check: return "CHECK_AUTOTRUST";
 	case repevt_error:	 return "ERROR";
 	case repevt_assign:	 return "ASSIGN";
+	case repevt_traffic:	 return "TRAFFIC";
 	default:		 return "UNKNOWN";
 	}
 }
@ -512,7 +513,7 @@ autotrust_check(struct replay_runtime* runtime, struct replay_moment* mom)
 		expanded = macro_process(runtime->vars, runtime, p->str);
 		if(!expanded) 
 			fatal_exit("could not expand macro line %d", lineno);
-		if(verbosity >= VERB_ALGO && strcmp(p->str, expanded) != 0)
+		if(verbosity >= 7 && strcmp(p->str, expanded) != 0)
 			log_info("expanded '%s' to '%s'", p->str, expanded);
 		if(strcmp(expanded, line) != 0) {
 			log_err("mismatch in file %s, line %d", name, lineno);
@ -614,6 +615,9 @@ do_moment_and_advance(struct replay_runtime* runtime)
 		moment_assign(runtime, runtime->now);
 		advance_moment(runtime);
 		break;
+	case repevt_traffic:
+		advance_moment(runtime);
+		break;
 	default:
 		fatal_exit("testbound: unknown event type %d", 
 			runtime->now->evt_type);
@ -626,7 +630,7 @@ run_scenario(struct replay_runtime* runtime)
 {
 	struct entry* entry = NULL;
 	struct fake_pending* pending = NULL;
-	int max_rounds = 50;
+	int max_rounds = 5000;
 	int rounds = 0;
 	runtime->now = runtime->scenario->mom_first;
 	log_info("testbound: entering fake runloop");
--- a/testcode/replay.c
+++ b/testcode/replay.c
@ -322,6 +322,8 @@ replay_moment_read(char* remain, FILE* in, const char* name, int* lineno,
 		read_file_content(in, lineno, mom);
 	} else if(parse_keyword(&remain, "ERROR")) {
 		mom->evt_type = repevt_error;
+	} else if(parse_keyword(&remain, "TRAFFIC")) {
+		mom->evt_type = repevt_traffic;
 	} else if(parse_keyword(&remain, "ASSIGN")) {
 		mom->evt_type = repevt_assign;
 		read_assign_step(remain, mom);
@ -681,28 +683,34 @@ perform_arith(double x, char op, double y, double* res)

 /** do macro arithmetic on two numbers and operand */
 static char*
-do_macro_arith(char* at, size_t remain, char** arithstart)
+do_macro_arith(char* orig, size_t remain, char** arithstart)
 {
 	double x, y, result;
 	char operator;
 	int skip;
 	char buf[32];
+	char* at;
 	/* not yet done? we want number operand number expanded first. */
 	if(!*arithstart) {
 		/* remember start pos of expr, skip the first number */
+		at = orig;
 		*arithstart = at;
 		while(*at && (isdigit((int)*at) || *at == '.'))
 			at++;
 		return at;
 	}
 	/* move back to start */
-	remain += (size_t)(at - *arithstart);
+	remain += (size_t)(orig - *arithstart);
 	at = *arithstart;

 	/* parse operands */
 	if(sscanf(at, " %lf %c %lf%n", &x, &operator, &y, &skip) != 3) {
-		log_err("cannot parse arithmetic: %s", at);
-		return NULL;
+		*arithstart = NULL;
+		return do_macro_arith(orig, remain, arithstart);
+	}
+	if(isdigit((int)operator)) {
+		*arithstart = orig;
+		return at+skip; /* do nothing, but setup for later number */
 	}

 	/* calculate result */
@ -721,6 +729,24 @@ do_macro_arith(char* at, size_t remain, char** arithstart)
 	return at;
 }

+/** Do range macro on expanded buffer */
+static char*
+do_macro_range(char* buf)
+{
+	double x, y, z;
+	if(sscanf(buf, " %lf %lf %lf", &x, &y, &z) != 3) {
+		log_err("range func requires 3 args: %s", buf);
+		return NULL;
+	}
+	if(x <= y && y <= z) {
+		char res[1024];
+		snprintf(res, sizeof(res), "%.24g", y);
+		return strdup(res);
+	}
+	fatal_exit("value %.24g not in range [%.24g, %.24g]", y, x, z);
+	return NULL;
+}
+
 static char*
 macro_expand(rbtree_t* store, struct replay_runtime* runtime, char** text)
 {
@ -752,6 +778,10 @@ macro_expand(rbtree_t* store, struct replay_runtime* runtime, char** text)
 		strncmp(buf, "ctime\t", 6) == 0) {
 		at += 6;
 		dofunc = 1;
+	} else if(strncmp(buf, "range ", 6) == 0 ||
+		strncmp(buf, "range\t", 6) == 0) {
+		at += 6;
+		dofunc = 1;
 	}

 	/* actual macro text expansion */
@ -778,6 +808,8 @@ macro_expand(rbtree_t* store, struct replay_runtime* runtime, char** text)
 		/* post process functions, buf has the argument(s) */
 		if(strncmp(buf, "ctime", 5) == 0) {
 			return do_macro_ctime(buf+6);	
+		} else if(strncmp(buf, "range", 5) == 0) {
+			return do_macro_range(buf+6);	
 		}
 	}
 	return strdup(buf);
@ -949,5 +981,17 @@ void testbound_selftest(void)
 	log_assert( v && strcmp(v, "108") == 0);
 	free(v);

+	v = macro_process(store, NULL, "${1 2 33 2 1}");
+	log_assert( v && strcmp(v, "1 2 33 2 1") == 0);
+	free(v);
+
+	v = macro_process(store, NULL, "${123 3 + 5}");
+	log_assert( v && strcmp(v, "123 8") == 0);
+	free(v);
+
+	v = macro_process(store, NULL, "${123 glug 3 + 5}");
+	log_assert( v && strcmp(v, "123 glug 8") == 0);
+	free(v);
+
 	macro_store_delete(store);
 }
--- a/testcode/replay.h
+++ b/testcode/replay.h
@ -70,6 +70,9 @@
 *      o TIME_PASSES ELAPSE [seconds] - increase 'now' time counter, can be 
 *      			a floating point number.
 *        TIME_PASSES EVAL [macro] - expanded for seconds to move time.
+ *      o TRAFFIC - like CHECK_ANSWER, causes traffic to flow.
+ *		actually the traffic flows before this step is taken.
+ *		the step waits for traffic to stop.
 *      o CHECK_AUTOTRUST [id] - followed by FILE_BEGIN [to match] FILE_END.
 *      	The file contents is macro expanded before match.
 *      o ERROR
@ -83,11 +86,16 @@
 * ${..} is macro expanded from its expression.  Text substitution.
 * 	o $var replaced with its value.  var is identifier [azAZ09_]*
 * 	o number is that number.
+ * 	o ${variables and arithmetic }
 * 	o +, -, / and *.  Note, evaluated left-to-right. Use ${} for brackets.
- *	o ${time} is the current time.
- *	o ${ctime value} is the text ctime(value), i.e. Fri 3 Aug 2009, ...
- *		must have one space after 'ctime'.
- *	o ${timeout} is the time until next timeout in the comm_timer list.
+ * 	  So again, no precedence rules, so 2+3*4 === ${2+3}*4 === 20.
+ * 	  Do 2+${3*4} to get 24.
+ * 	o ${function params}
+ *		o ${time} is the current time for the simulated unbound.
+ *		o ${ctime value} is the text ctime(value), Fri 3 Aug 2009, ...
+ *		o ${timeout} is the time until next timeout in comm_timer list.
+ *		o ${range lower value upper} checks if lower<=value<=upper
+ *			returns value if check succeeds.
 *
 * ; Example file
 * SCENARIO_BEGIN Example scenario
@ -187,7 +195,9 @@ struct replay_moment {
 		/** an error happens to outbound query */
 		repevt_error,
 		/** assignment to a variable */
-		repevt_assign
+		repevt_assign,
+		/** cause traffic to flow */
+		repevt_traffic
 	} 
 		/** variable with what is to happen this moment */
 		evt_type;
--- a/testdata/Kexample.com.+005+16486.ds
+++ b/testdata/Kexample.com.+005+16486.ds
@ -0,0 +1 @@
+example.com.	3600	IN	DS	16486 5 1 9adff86d0a468b5989a686df8076269b3a31ba54 ; xokit-zevek-tydyg-kydoh-nydap-kicet-zybil-konon-ruvef-covuh-gyxex
--- a/testdata/Kexample.com.+005+16486.key
+++ b/testdata/Kexample.com.+005+16486.key
@ -0,0 +1 @@
+example.com.	3600	IN	DNSKEY	257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b}
--- a/testdata/Kexample.com.+005+16486.private
+++ b/testdata/Kexample.com.+005+16486.private
@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: qz9wCEIVe8FSBNI1kK9CnSkvHV1j7utdHSEfj/cRSBaayZthSkjWoPTGHAoP+hgYTACbb3V/JYn1zShXFcMQrw==
+PublicExponent: AQAB
+PrivateExponent: lT++xpPB4ZAFicojgSweZJbmRzODy1E6YA7kUTbFywrrClEi6vjb88AshqZsPuDnI4iOZ2Cy56qN9SZTD2WokQ==
+Prime1: 29ChQQp9Dd7jH8L+QxEowJGOxwo2WD8rLOjvdz7FBos=
+Prime2: x3AbQo22FBaEbB1Z6rM31WsLNhNNgHvD2G1gpXD2Ru0=
+Exponent1: Sj0eGQ9nyOV8I+ABa7lB4DfI1uRWElvTQymwpr9mX50=
+Exponent2: ZnWUu6NcKIPM8lI98JK0G4OL1fMivOBYpCbFIRmgnJ0=
+Coefficient: N2jmFfQh8jhGIlrUvOlJFdDnAFNxEy/C5gXRJpNHHBM=
--- a/testdata/Kexample.com.+005+60946.ds
+++ b/testdata/Kexample.com.+005+60946.ds
@ -0,0 +1 @@
+example.com.	3600	IN	DS	60946 5 1 f48a5c8c1eceb7df2d68d1ad29151a77d5650505 ; xutam-pulim-seles-votit-zorek-mygep-tipyc-hakol-luhik-hecib-hoxax
--- a/testdata/Kexample.com.+005+60946.key
+++ b/testdata/Kexample.com.+005+60946.key
@ -0,0 +1 @@
+example.com.	3600	IN	DNSKEY	257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
--- a/testdata/Kexample.com.+005+60946.private
+++ b/testdata/Kexample.com.+005+60946.private
@ -0,0 +1,10 @@
+Private-key-format: v1.2
+Algorithm: 5 (RSASHA1)
+Modulus: 6JpSJQilYx9jPkvSx8lNlae430jIFfh6b1WOyipBOw4PUcNCk1vhu68mjuk3ZoELE1Lt7Q4vx7aZUHoItn7x6Q==
+PublicExponent: AQAB
+PrivateExponent: Y21D28y8VYifNYvXx8rGvUf6gIdt7+ZM/7ZE2SoCxCjHkHQqWh9k1l5xEjCDZ7YOyFyQAbowMhEsr6C+11UvOQ==
+Prime1: /4r1mlWLh3x1afMpWPxIfeNFsRHeyujk7GBuCZ0MlkM=
+Prime2: 6QTa08YMv3JQrdEe8n+zZvMDkOhS/1wltFBn+mt9cmM=
+Exponent1: 4AWFDBiEanEsSYaXL+By+JF+Lh3Zb4696Y8byCe6uhs=
+Exponent2: p7bo0bgggMMEsrZrcdrcA2Mx0+CDrGxkbu3YiPNI7UU=
+Coefficient: ahJU2OH7E2Q1yhzja925x7g4r289nD/GGIHz47e0ysk=
--- a/testdata/autotrust_init.rpl
+++ b/testdata/autotrust_init.rpl
@ -99,7 +99,9 @@ RANGE_END
 ; set date/time to Aug 24 09:46:40  (2009).
 STEP 5 TIME_PASSES ELAPSE 1251100000
 STEP 6 ASSIGN t0 = ${time}
-STEP 7 ASSIGN probe = ${timeout}
+; get probe time and check it. 4800 is about 10% less than 5400. And more than
+; the 3600 that a failure timeout would have.
+STEP 7 ASSIGN probe = ${range 4800 ${timeout} 5400}


 ; the auto probing should have been done now.
@ -159,27 +161,9 @@ FILE_END
 ; wait and see if autotrust probes (the unchanged) domain again.
 STEP 40 TIME_PASSES EVAL ${$probe}

-; do something to make time pass so that processing is performed.
-STEP 50 QUERY
-ENTRY_BEGIN
-REPLY RD DO
-SECTION QUESTION
-. IN NS
-ENTRY_END
+STEP 50 TRAFFIC

-STEP 60 CHECK_ANSWER
-ENTRY_BEGIN
-MATCH all
-REPLY QR RD RA NOERROR
-SECTION QUESTION
-. IN NS
-SECTION ANSWER
-.       3600    IN      NS      k.root-servers.net.
-SECTION ADDITIONAL
-k.root-servers.net.     3600    IN      A       193.0.14.129
-ENTRY_END
-
-STEP 65 ASSIGN probe2 = ${timeout}
+STEP 65 ASSIGN probe2 = ${range 4800 ${timeout} 5400}

 STEP 70 CHECK_AUTOTRUST example.com
 FILE_BEGIN
--- a/testdata/autotrust_rollover.rpl
+++ b/testdata/autotrust_rollover.rpl
@ -0,0 +1,323 @@
+; config options
+server:
+	target-fetch-policy: "0 0 0 0 0"
+	log-time-ascii: yes
+stub-zone:
+	name: "."
+	stub-addr: 193.0.14.129         # K.ROOT-SERVERS.NET.
+; initial content (say from dig example.com DNSKEY > example.com.key) 
+AUTOTRUST_FILE example.com
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
+example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+AUTOTRUST_END
+CONFIG_END
+
+SCENARIO_BEGIN Test autotrust with prepublish rollover
+
+; K-ROOT
+RANGE_BEGIN 0 100
+	ADDRESS 193.0.14.129
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id copy_query
+REPLY QR AA
+SECTION QUESTION
+. IN NS
+SECTION ANSWER
+. IN NS k.root-servers.net.
+SECTION ADDITIONAL
+k.root-servers.net IN A 193.0.14.129
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR
+SECTION QUESTION
+com. IN NS
+SECTION AUTHORITY
+com. IN NS a.gtld-servers.net.
+SECTION ADDITIONAL
+a.gtld-servers.net. IN A 192.5.6.30
+ENTRY_END
+RANGE_END
+
+; a.gtld-servers.net.
+RANGE_BEGIN 0 100
+	ADDRESS 192.5.6.30
+ENTRY_BEGIN
+MATCH opcode subdomain
+ADJUST copy_id copy_query
+REPLY QR
+SECTION QUESTION
+example.com. IN NS
+SECTION AUTHORITY
+example.com. IN NS ns.example.com.
+SECTION ADDITIONAL
+ns.example.com. IN A 1.2.3.4
+ENTRY_END
+RANGE_END
+
+; ns.example.com.  KSK 55582
+RANGE_BEGIN 0 10
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA
+SECTION QUESTION
+www.example.com. IN A
+SECTION ANSWER
+www.example.com.	3600	IN	A	10.20.30.40
+www.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
+SECTION AUTHORITY
+example.com.	3600	IN	NS	ns.example.com.
+example.com.	3600	IN	RRSIG	NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
+SECTION ADDITIONAL
+ns.example.com.	3600	IN	A	1.2.3.4
+ns.example.com.	3600	IN	RRSIG	A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
+ENTRY_END
+
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+; KSK 1
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
+; ZSK 1
+example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+; signatures
+example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20090924111500 20090821111500 30899 example.com. b/HK231jIQLX8IhlZfup3r0yhpXaasbPE6LzxoEVVvWaTZWcLmeV8jDIcn0qO7Yvs7bIJN20lwVAV0GcHH3hWQ== ;{id = 30899}
+example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20090924111500 20090821111500 55582 example.com. PCHme1QLoULxqjhg5tMlpR0qJlBfstEUVq18TtNoKQe9le1YhJ9caheXcTWoK+boLhXxg9u6Yyvq8FboQh0OjA== ;{id = 55582}
+ENTRY_END
+RANGE_END
+
+; ns.example.com.  KSK 55582 and 60946
+RANGE_BEGIN 11 40
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+; KSK 1
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
+; KSK 2
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
+; ZSK 1
+example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+; signatures
+example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091024111500 20090921111500 30899 example.com. rkaCUpTFPWVu4Om5oMTR+39Mct6ZMs56xrE0rbxMMOokfvIQheIxsAEc5BFJeA/2y5WTewl6diCD6yQXCybrDg== ;{id = 30899}
+example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091024111500 20090921111500 55582 example.com. CoMon+lWPAsUvgfpCTDPx8Zn8dQpky3lu2O6T+oJ2Mat9a/u1YwGhSQHGPn7ZNG/4vKM97tx84sSlUGz3geD1w== ;{id = 55582}
+example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091024111500 20090921111500 60946 example.com. o+Cbs7DcYPYlSLd4hi3vkSVQpXGnKgKSi9MpHGfu1Uahv5190U2DUOxP1du/HOYbf+IHYL8zLbMZjVEG5wgnTg== ;{id = 60946}
+ENTRY_END
+RANGE_END
+
+; ns.example.com.  KSK 55582 and 60946 (signatures updated)
+RANGE_BEGIN 41 50
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+; KSK 1
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
+; KSK 2
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
+; ZSK 1
+example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+; signatures
+example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091124111500 20091018111500 30899 example.com. rkaCUpTFPWVu4Om5oMTR+39Mct6ZMs56xrE0rbxMMOokfvIQheIxsAEc5BFJeA/2y5WTewl6diCD6yQXCybrDg== ;{id = 30899}
+example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091124111500 20091018111500 55582 example.com. v/HJbdpeVMpbhwYXrT1EDGpAFMvEgdKQII1cAbP6o8KHYNKDh8TIJ25/pXe3daEXfej6/Z5kpqJ79okPKUoi1Q== ;{id = 55582}
+example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091124111500 20091018111500 60946 example.com. HgXol1hdvbomOM1CFRW8qsHd3D0qOnN72EeMHTcpxIBBiuNLKZn4n1M14Voxj3vo0eAMNuG/y7EjQkxKvSsaDA== ;{id = 60946}
+ENTRY_END
+RANGE_END
+
+; ns.example.com.  KSK 55582-REVOKED and 60946
+RANGE_BEGIN 51 60
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+; KSK 1
+example.com.	10800	IN	DNSKEY	385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b}
+; KSK 2
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
+; ZSK 1
+example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+; signatures
+example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091224111500 20091118111500 30899 example.com. qLKZUJEi3ajSJ4/b7xl0BwhzW6JtjsojpZ+2nUx1PvaeQVoTmyWxjxc2tAmJGcBPqMqzeY470xvyMDvGTOiQCQ== ;{id = 30899}
+example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091224111500 20091118111500 55710 example.com. EW2YB+2yNX9LTNDPVwkcGnRTTx38pOiwBaixdwxmDgqWKXLDLM6Kd2Xv9tveS39RnSZ5H1inRXE55q+rL6Re3g== ;{id = 55710}
+; wrong keytag:
+;example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091224111500 20091118111500 55582 example.com. nH/6HauVJI4GGz78UoK/38cOOrEqsYZP0jFzfCC3OyIlclVTjAFvjVPlVMGK7sA5Nw1v20YtFTQkXZgbrRuInQ== ;{id = 55582}
+example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20091224111500 20091118111500 60946 example.com. xKSBZr4vOsEUKlVoNb6SOV69DM7xFOJI4gPFKq5Tv4APIMJ/9G3odoDmNcLCVyYGzhoDik5hciJnZio6UHgzAA== ;{id = 60946}
+ENTRY_END
+RANGE_END
+
+; ns.example.com.  KSK 60946
+RANGE_BEGIN 61 70
+	ADDRESS 1.2.3.4
+ENTRY_BEGIN
+MATCH opcode qname qtype
+ADJUST copy_id
+REPLY QR AA
+SECTION QUESTION
+example.com. IN DNSKEY
+SECTION ANSWER
+; KSK 2
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b}
+; ZSK 1
+example.com.	10800	IN	DNSKEY	256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
+; signatures
+example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20101224111500 20101118111500 30899 example.com. TfFGz1kDtkn3ixbKMJvQDZ0uGw/eW+inIiPqQVPQtO2WiocKrnYnzwv/AqwnFvEar70dF15/zffNIF+ipOS5/g== ;{id = 30899}
+example.com.	10800	IN	RRSIG	DNSKEY 5 2 10800 20101224111500 20101118111500 60946 example.com. X0Ci//w0czN/J5RvypHGqp56n1tLdapi92ODAqjM7QpZXbSHaJ7wfPG1PZzvdxHUZUVyf8uy2stjg/XoLGHMWA== ;{id = 60946}
+ENTRY_END
+RANGE_END
+
+; set date/time to Aug 24 09:46:40  (2009).
+STEP 5 TIME_PASSES ELAPSE 1251100000
+STEP 6 TRAFFIC   ; the initial probe
+STEP 7 ASSIGN t0 = ${time}
+STEP 8 ASSIGN probe0 = ${range 4800 ${timeout} 5400}
+
+; the auto probing should have been done now.
+STEP 10 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t0} ;;${ctime $t0}
+;;last_success: ${$t0} ;;${ctime $t0}
+;;next_probe_time: ${$t0 + $probe0} ;;${ctime $t0 + $probe0}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
+FILE_END
+
+; key prepublished.  First poll. 30 days later
+STEP 11 TIME_PASSES EVAL ${30*24*3600}
+STEP 12 TRAFFIC
+STEP 13 ASSIGN t1 = ${time}
+STEP 14 ASSIGN probe1 = ${range 4800 ${timeout} 5400}
+STEP 15 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t1} ;;${ctime $t1}
+;;last_success: ${$t1} ;;${ctime $t1}
+;;next_probe_time: ${$t1 + $probe1} ;;${ctime $t1 + $probe1}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t1} ;;${ctime $t1}
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
+FILE_END
+
+; Second poll. 10 days later
+STEP 21 TIME_PASSES EVAL ${10*24*3600}
+STEP 22 TRAFFIC
+STEP 23 ASSIGN t2 = ${time}
+STEP 24 ASSIGN probe2 = ${range 4800 ${timeout} 5400}
+STEP 25 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t2} ;;${ctime $t2}
+;;last_success: ${$t2} ;;${ctime $t2}
+;;next_probe_time: ${$t2 + $probe2} ;;${ctime $t2 + $probe2}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=2 ;;lastchange=${$t1} ;;${ctime $t1}
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
+FILE_END
+
+; Third poll. 10 days later
+STEP 31 TIME_PASSES EVAL ${10*24*3600}
+STEP 32 TRAFFIC
+STEP 33 ASSIGN t3 = ${time}
+STEP 34 ASSIGN probe3 = ${range 4800 ${timeout} 5400}
+STEP 35 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t3} ;;${ctime $t3}
+;;last_success: ${$t3} ;;${ctime $t3}
+;;next_probe_time: ${$t3 + $probe3} ;;${ctime $t3 + $probe3}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=1 [ ADDPEND ] ;;count=3 ;;lastchange=${$t1} ;;${ctime $t1}
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
+FILE_END
+
+; 11 days later, hold down has lapsed.
+STEP 41 TIME_PASSES EVAL ${11*24*3600}
+STEP 42 TRAFFIC
+STEP 43 ASSIGN t4 = ${time}
+STEP 44 ASSIGN probe4 = ${range 4800 ${timeout} 5400}
+STEP 45 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t4} ;;${ctime $t4}
+;;last_success: ${$t4} ;;${ctime $t4}
+;;next_probe_time: ${$t4 + $probe4} ;;${ctime $t4 + $probe4}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
+FILE_END
+
+; 30 days later, the old key is revoked
+STEP 51 TIME_PASSES EVAL ${30*24*3600}
+STEP 52 TRAFFIC
+STEP 53 ASSIGN t5 = ${time}
+STEP 54 ASSIGN probe5 = ${range 4800 ${timeout} 5400}
+STEP 55 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t5} ;;${ctime $t5}
+;;last_success: ${$t5} ;;${ctime $t5}
+;;next_probe_time: ${$t5 + $probe5} ;;${ctime $t5 + $probe5}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
+example.com.	10800	IN	DNSKEY	385 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55710 (ksk), size = 512b} ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=${$t5} ;;${ctime $t5}
+FILE_END
+
+; 370 days later, the old key is removed from storage
+STEP 61 TIME_PASSES EVAL ${370*24*3600}
+STEP 62 TRAFFIC
+STEP 63 ASSIGN t6 = ${time}
+STEP 64 ASSIGN probe6 = ${range 4800 ${timeout} 5400}
+STEP 65 CHECK_AUTOTRUST example.com
+FILE_BEGIN
+; autotrust trust anchor file
+;;id: example.com. 1
+;;last_queried: ${$t6} ;;${ctime $t6}
+;;last_success: ${$t6} ;;${ctime $t6}
+;;next_probe_time: ${$t6 + $probe6} ;;${ctime $t6 + $probe6}
+;;query_failed: 0
+;;query_interval: 5400
+;;retry_time: 3600
+example.com.	10800	IN	DNSKEY	257 3 5 AwEAAeiaUiUIpWMfYz5L0sfJTZWnuN9IyBX4em9VjsoqQTsOD1HDQpNb4buvJo7pN2aBCxNS7e0OL8e2mVB6CLZ+8ek= ;{id = 60946 (ksk), size = 512b} ;;state=2 [  VALID  ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
+FILE_END
+
+
+SCENARIO_END
--- a/validator/autotrust.c
+++ b/validator/autotrust.c
@ -157,8 +157,7 @@ verbose_key(struct autr_ta* ta, enum verbosity_value level,
 		int keytag = (int)ldns_calc_keytag(ta->rr);
 		char msg[MAXSYSLOGMSGLEN];
 		vsnprintf(msg, sizeof(msg), format, args);
-		verbose(level, "autotrust %s key %d %s", str?str:"??", 
-			keytag, msg);
+		verbose(level, "%s key %d %s", str?str:"??", keytag, msg);
 		free(str);
 	}
 	va_end(args);
@ -908,6 +907,7 @@ rr_is_selfsigned_revoked(struct module_env* env, struct val_env* ve,
 	struct ub_packed_rrset_key* dnskey_rrset, size_t i)
 {
 	enum sec_status sec;
+	verbose(VERB_ALGO, "seen REVOKE flag, check self-signed, rr %d", i);
 	sec = dnskey_verify_rrset(env, ve, dnskey_rrset, dnskey_rrset, i);
 	return (sec == sec_status_secure);
 }
@ -934,7 +934,7 @@ revoke_dnskey(struct autr_ta* ta, int off)
        ldns_rdf* rdf;
        uint16_t flags;
 	log_assert(ta && ta->rr);
-	if(!ldns_rr_get_type(ta->rr) != LDNS_RR_TYPE_DNSKEY)
+	if(ldns_rr_get_type(ta->rr) != LDNS_RR_TYPE_DNSKEY)
 		return;
 	rdf = ldns_rr_dnskey_flags(ta->rr);
 	flags = ldns_read_uint16(ldns_rdf_data(rdf));
				`@ -0,0 +1 @@`
				`example.com. 3600 IN DS 16486 5 1 9adff86d0a468b5989a686df8076269b3a31ba54 ; xokit-zevek-tydyg-kydoh-nydap-kicet-zybil-konon-ruvef-covuh-gyxex`
				`@ -0,0 +1 @@`
				`example.com. 3600 IN DNSKEY 257 3 5 AwEAAas/cAhCFXvBUgTSNZCvQp0pLx1dY+7rXR0hH4/3EUgWmsmbYUpI1qD0xhwKD/oYGEwAm291fyWJ9c0oVxXDEK8= ;{id = 16486 (ksk), size = 512b}`
				`@ -0,0 +1 @@`
				`example.com. 3600 IN DS 60946 5 1 f48a5c8c1eceb7df2d68d1ad29151a77d5650505 ; xutam-pulim-seles-votit-zorek-mygep-tipyc-hakol-luhik-hecib-hoxax`