mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
Added gen-autotrust_addpend_2exceed (and gen-common)
This commit is contained in:
parent
ceef1639d4
commit
e5fd7dbcd1
306
testdata/gen/autotrust_addpend_2exceed.rpl.in
vendored
Normal file
306
testdata/gen/autotrust_addpend_2exceed.rpl.in
vendored
Normal file
@ -0,0 +1,306 @@
|
||||
; config options
|
||||
server:
|
||||
target-fetch-policy: "0 0 0 0 0"
|
||||
log-time-ascii: yes
|
||||
fake-sha1: yes
|
||||
trust-anchor-signaling: no
|
||||
stub-zone:
|
||||
name: "."
|
||||
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
|
||||
; initial content (say from dig example.com DNSKEY > example.com.key)
|
||||
AUTOTRUST_FILE example.com
|
||||
PUBKEY1
|
||||
PUBKEY2
|
||||
AUTOTRUST_END
|
||||
CONFIG_END
|
||||
|
||||
SCENARIO_BEGIN Test autotrust with ADDPEND twice and exceeded time
|
||||
; should work even though not signed with old key at latest time.
|
||||
|
||||
; K-ROOT
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 193.0.14.129
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR AA
|
||||
SECTION QUESTION
|
||||
. IN NS
|
||||
SECTION ANSWER
|
||||
. IN NS k.root-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
k.root-servers.net IN A 193.0.14.129
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR
|
||||
SECTION QUESTION
|
||||
com. IN NS
|
||||
SECTION AUTHORITY
|
||||
com. IN NS a.gtld-servers.net.
|
||||
SECTION ADDITIONAL
|
||||
a.gtld-servers.net. IN A 192.5.6.30
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; a.gtld-servers.net.
|
||||
RANGE_BEGIN 0 100
|
||||
ADDRESS 192.5.6.30
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode subdomain
|
||||
ADJUST copy_id copy_query
|
||||
REPLY QR
|
||||
SECTION QUESTION
|
||||
example.com. IN NS
|
||||
SECTION AUTHORITY
|
||||
example.com. IN NS ns.example.com.
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. IN A 1.2.3.4
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com. KSK PUBKEY1_ID
|
||||
RANGE_BEGIN 0 10
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
ADJUST copy_id
|
||||
REPLY QR AA
|
||||
SECTION QUESTION
|
||||
www.example.com. IN A
|
||||
SECTION ANSWER
|
||||
www.example.com. 3600 IN A 10.20.30.40
|
||||
SIG1a_PUBKEY2
|
||||
SECTION AUTHORITY
|
||||
example.com. 3600 IN NS ns.example.com.
|
||||
SIG1b_PUBKEY2
|
||||
SECTION ADDITIONAL
|
||||
ns.example.com. 3600 IN A 1.2.3.4
|
||||
SIG1c_PUBKEY2
|
||||
ENTRY_END
|
||||
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
ADJUST copy_id
|
||||
REPLY QR AA
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
; KSK 1
|
||||
PUBKEY1
|
||||
; ZSK 1
|
||||
PUBKEY2
|
||||
; signatures
|
||||
SIG2_PUBKEY2
|
||||
SIG2_PUBKEY1
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com. KSK PUBKEY1_ID and PUBKEY3_ID
|
||||
RANGE_BEGIN 11 40
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
ADJUST copy_id
|
||||
REPLY QR AA
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
; KSK 1
|
||||
PUBKEY1
|
||||
; KSK 2
|
||||
PUBKEY3
|
||||
; ZSK 1
|
||||
PUBKEY2
|
||||
; signatures
|
||||
SIG3_PUBKEY2
|
||||
SIG3_PUBKEY1
|
||||
SIG3_PUBKEY3
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com. KSK PUBKEY3_ID
|
||||
RANGE_BEGIN 41 50
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
ADJUST copy_id
|
||||
REPLY QR AA
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
; KSK 2
|
||||
PUBKEY3
|
||||
; ZSK 1
|
||||
PUBKEY2
|
||||
; signatures
|
||||
SIG4_PUBKEY2
|
||||
SIG4_PUBKEY3
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com. KSK PUBKEY1_ID-REVOKED and PUBKEY3_ID
|
||||
RANGE_BEGIN 51 60
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
ADJUST copy_id
|
||||
REPLY QR AA
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
; KSK 1
|
||||
PUBKEY4
|
||||
; KSK 2
|
||||
PUBKEY3
|
||||
; ZSK 1
|
||||
PUBKEY2
|
||||
; signatures
|
||||
SIG5_PUBKEY2
|
||||
SIG5_PUBKEY4
|
||||
; wrong keytag:
|
||||
SIG5_PUBKEY1
|
||||
SIG5_PUBKEY3
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; ns.example.com. KSK PUBKEY3_ID
|
||||
RANGE_BEGIN 61 70
|
||||
ADDRESS 1.2.3.4
|
||||
ENTRY_BEGIN
|
||||
MATCH opcode qname qtype
|
||||
ADJUST copy_id
|
||||
REPLY QR AA
|
||||
SECTION QUESTION
|
||||
example.com. IN DNSKEY
|
||||
SECTION ANSWER
|
||||
; KSK 2
|
||||
PUBKEY3
|
||||
; ZSK 1
|
||||
PUBKEY2
|
||||
; signatures
|
||||
SIG6_PUBKEY2
|
||||
SIG6_PUBKEY3
|
||||
ENTRY_END
|
||||
RANGE_END
|
||||
|
||||
; set date/time to Aug 24 07:46:40 (2009).
|
||||
STEP 5 TIME_PASSES ELAPSE 1251100000
|
||||
STEP 6 TRAFFIC ; the initial probe
|
||||
STEP 7 ASSIGN t0 = ${time}
|
||||
STEP 8 ASSIGN probe0 = ${range 4800 ${timeout} 5400}
|
||||
|
||||
; the auto probing should have been done now.
|
||||
STEP 10 CHECK_AUTOTRUST example.com
|
||||
FILE_BEGIN
|
||||
; autotrust trust anchor file
|
||||
;;id: example.com. 1
|
||||
;;last_queried: ${$t0} ;;${ctime $t0}
|
||||
;;last_success: ${$t0} ;;${ctime $t0}
|
||||
;;next_probe_time: ${$t0 + $probe0} ;;${ctime $t0 + $probe0}
|
||||
;;query_failed: 0
|
||||
;;query_interval: 5400
|
||||
;;retry_time: 3600
|
||||
PUBKEY1 ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
FILE_END
|
||||
|
||||
; key prepublished. First poll. 30 days later
|
||||
STEP 11 TIME_PASSES EVAL ${30*24*3600}
|
||||
STEP 12 TRAFFIC
|
||||
STEP 13 ASSIGN t1 = ${time}
|
||||
STEP 14 ASSIGN probe1 = ${range 4800 ${timeout} 5400}
|
||||
STEP 15 CHECK_AUTOTRUST example.com
|
||||
FILE_BEGIN
|
||||
; autotrust trust anchor file
|
||||
;;id: example.com. 1
|
||||
;;last_queried: ${$t1} ;;${ctime $t1}
|
||||
;;last_success: ${$t1} ;;${ctime $t1}
|
||||
;;next_probe_time: ${$t1 + $probe1} ;;${ctime $t1 + $probe1}
|
||||
;;query_failed: 0
|
||||
;;query_interval: 5400
|
||||
;;retry_time: 3600
|
||||
PUBKEY3 ;;state=1 [ ADDPEND ] ;;count=1 ;;lastchange=${$t1} ;;${ctime $t1}
|
||||
PUBKEY1 ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
FILE_END
|
||||
|
||||
; Second poll. 10 days later
|
||||
STEP 21 TIME_PASSES EVAL ${10*24*3600}
|
||||
STEP 22 TRAFFIC
|
||||
STEP 23 ASSIGN t2 = ${time}
|
||||
STEP 24 ASSIGN probe2 = ${range 4800 ${timeout} 5400}
|
||||
STEP 25 CHECK_AUTOTRUST example.com
|
||||
FILE_BEGIN
|
||||
; autotrust trust anchor file
|
||||
;;id: example.com. 1
|
||||
;;last_queried: ${$t2} ;;${ctime $t2}
|
||||
;;last_success: ${$t2} ;;${ctime $t2}
|
||||
;;next_probe_time: ${$t2 + $probe2} ;;${ctime $t2 + $probe2}
|
||||
;;query_failed: 0
|
||||
;;query_interval: 5400
|
||||
;;retry_time: 3600
|
||||
PUBKEY3 ;;state=1 [ ADDPEND ] ;;count=2 ;;lastchange=${$t1} ;;${ctime $t1}
|
||||
PUBKEY1 ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t0} ;;${ctime $t0}
|
||||
FILE_END
|
||||
|
||||
; t3 is removed third poll time.
|
||||
|
||||
; 21 days later, hold down has lapsed.
|
||||
STEP 41 TIME_PASSES EVAL ${21*24*3600}
|
||||
STEP 42 TRAFFIC
|
||||
STEP 43 ASSIGN t4 = ${time}
|
||||
STEP 44 ASSIGN probe4 = ${range 4800 ${timeout} 5400}
|
||||
STEP 45 CHECK_AUTOTRUST example.com
|
||||
FILE_BEGIN
|
||||
; autotrust trust anchor file
|
||||
;;id: example.com. 1
|
||||
;;last_queried: ${$t4} ;;${ctime $t4}
|
||||
;;last_success: ${$t4} ;;${ctime $t4}
|
||||
;;next_probe_time: ${$t4 + $probe4} ;;${ctime $t4 + $probe4}
|
||||
;;query_failed: 0
|
||||
;;query_interval: 5400
|
||||
;;retry_time: 3600
|
||||
PUBKEY3 ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
|
||||
PUBKEY1 ;;state=3 [ MISSING ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
|
||||
FILE_END
|
||||
|
||||
; 30 days later, the old key is revoked
|
||||
STEP 51 TIME_PASSES EVAL ${30*24*3600}
|
||||
STEP 52 TRAFFIC
|
||||
STEP 53 ASSIGN t5 = ${time}
|
||||
STEP 54 ASSIGN probe5 = ${range 4800 ${timeout} 5400}
|
||||
STEP 55 CHECK_AUTOTRUST example.com
|
||||
FILE_BEGIN
|
||||
; autotrust trust anchor file
|
||||
;;id: example.com. 1
|
||||
;;last_queried: ${$t5} ;;${ctime $t5}
|
||||
;;last_success: ${$t5} ;;${ctime $t5}
|
||||
;;next_probe_time: ${$t5 + $probe5} ;;${ctime $t5 + $probe5}
|
||||
;;query_failed: 0
|
||||
;;query_interval: 5400
|
||||
;;retry_time: 3600
|
||||
PUBKEY3 ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
|
||||
PUBKEY4 ;;state=4 [ REVOKED ] ;;count=0 ;;lastchange=${$t5} ;;${ctime $t5}
|
||||
FILE_END
|
||||
|
||||
; 370 days later, the old key is removed from storage
|
||||
STEP 61 TIME_PASSES EVAL ${370*24*3600}
|
||||
STEP 62 TRAFFIC
|
||||
STEP 63 ASSIGN t6 = ${time}
|
||||
STEP 64 ASSIGN probe6 = ${range 4800 ${timeout} 5400}
|
||||
STEP 65 CHECK_AUTOTRUST example.com
|
||||
FILE_BEGIN
|
||||
; autotrust trust anchor file
|
||||
;;id: example.com. 1
|
||||
;;last_queried: ${$t6} ;;${ctime $t6}
|
||||
;;last_success: ${$t6} ;;${ctime $t6}
|
||||
;;next_probe_time: ${$t6 + $probe6} ;;${ctime $t6 + $probe6}
|
||||
;;query_failed: 0
|
||||
;;query_interval: 5400
|
||||
;;retry_time: 3600
|
||||
PUBKEY3 ;;state=2 [ VALID ] ;;count=0 ;;lastchange=${$t4} ;;${ctime $t4}
|
||||
FILE_END
|
||||
|
||||
|
||||
SCENARIO_END
|
26
testdata/gen/gen-autotrust_10key
vendored
26
testdata/gen/gen-autotrust_10key
vendored
@ -1,14 +1,9 @@
|
||||
#!/bin/sh
|
||||
|
||||
KEYDIR=keys
|
||||
. ./gen-common
|
||||
|
||||
KEYNAME=autotrust_10key
|
||||
|
||||
LDNS_KEYGEN=ldns-keygen
|
||||
LDNS_SIGNZONE=ldns-signzone
|
||||
SECALG=8 # RSA/SHA-256
|
||||
|
||||
TMPZONE=tmpzone
|
||||
|
||||
replace_keys()
|
||||
{
|
||||
pubkey1=$(cat "$KEYDIR/$KEYNAME-1.key")
|
||||
@ -42,23 +37,10 @@ replace_keys()
|
||||
|
||||
for i in 1 2 3 4 5 6 7 8 9 10 11 12 13
|
||||
do
|
||||
if [ -f "$KEYDIR/$KEYNAME-$i.key" ]
|
||||
then
|
||||
continue # Key already exists, remove to regenerate
|
||||
fi
|
||||
mkdir -p "$KEYDIR"
|
||||
keyname=$($LDNS_KEYGEN -a $SECALG -b 2048 -k example.com.)
|
||||
< "$keyname".key sed 's/IN/3600 IN/' > "$KEYDIR/$KEYNAME-$i.key"
|
||||
rm -f "$keyname".key
|
||||
mv "$keyname".private "$KEYDIR/$KEYNAME-$i.private"
|
||||
mv "$keyname".ds "$KEYDIR/$KEYNAME-$i.ds"
|
||||
gen_key_ksk "$KEYDIR/$KEYNAME-$i"
|
||||
done
|
||||
|
||||
echo 'example.com. IN SOA host.example.com. user.example.com. (1 7200 3600 2419200 3600)' > $TMPZONE
|
||||
cat "$KEYDIR/$KEYNAME"-*.key >> $TMPZONE
|
||||
$LDNS_SIGNZONE -e 20091124111500 -i 20091018111500 $TMPZONE "$KEYDIR/$KEYNAME-2"
|
||||
sig1=$(grep 'RRSIG[ ]*DNSKEY' < $TMPZONE.signed )
|
||||
rm -f "$TMPZONE" "$TMPZONE.signed"
|
||||
sig1=$(sig_keys 2 20091124111500 20091018111500 1 2 3 4 5 6 7 8 9 10 11 12 13)
|
||||
|
||||
< autotrust_10key.rpl.in \
|
||||
replace_keys |
|
||||
|
78
testdata/gen/gen-autotrust_addpend_2exceed
vendored
Executable file
78
testdata/gen/gen-autotrust_addpend_2exceed
vendored
Executable file
@ -0,0 +1,78 @@
|
||||
#!/bin/sh
|
||||
|
||||
. ./gen-common
|
||||
|
||||
KEYNAME=autotrust_addpend_2exceed
|
||||
|
||||
replace_keys()
|
||||
{
|
||||
pubkey1=$(cat "$KEYDIR/$KEYNAME-1.key")
|
||||
pubkey2=$(cat "$KEYDIR/$KEYNAME-2.key")
|
||||
pubkey3=$(cat "$KEYDIR/$KEYNAME-3.key")
|
||||
pubkey4=$(cat "$KEYDIR/$KEYNAME-4.key")
|
||||
|
||||
pubkey1_id=$(key_id "$pubkey1")
|
||||
pubkey3_id=$(key_id "$pubkey3")
|
||||
|
||||
sed "s@PUBKEY1_ID@$pubkey1_id@ ; \
|
||||
s@PUBKEY3_ID@$pubkey3_id@ ; \
|
||||
s@PUBKEY1@$pubkey1@ ; \
|
||||
s@PUBKEY2@$pubkey2@ ; \
|
||||
s@PUBKEY3@$pubkey3@ ; \
|
||||
s@PUBKEY4@$pubkey4@"
|
||||
}
|
||||
|
||||
gen_key_ksk "$KEYDIR/$KEYNAME-1"
|
||||
gen_key_zsk "$KEYDIR/$KEYNAME-2"
|
||||
gen_key_ksk "$KEYDIR/$KEYNAME-3"
|
||||
gen_key_ksk_revoked "$KEYDIR/$KEYNAME-1" "$KEYDIR/$KEYNAME-4"
|
||||
|
||||
|
||||
echo 'example.com. IN SOA host.example.com. user.example.com. (1 7200 3600 2419200 3600)' > $TMPZONE
|
||||
echo 'www.example.com. 3600 IN A 10.20.30.40' >>$TMPZONE
|
||||
echo 'example.com. 3600 IN NS ns.example.com.' >>$TMPZONE
|
||||
echo 'ns.example.com. 3600 IN A 1.2.3.4' >>$TMPZONE
|
||||
$LDNS_SIGNZONE -e 20090924111500 -i 20090821111500 $TMPZONE "$KEYDIR/$KEYNAME-2"
|
||||
sig1a_pubkey2=$(grep 'www.example.com.*RRSIG[ ]*A' < $TMPZONE.signed )
|
||||
sig1b_pubkey2=$(grep 'IN[ ]*RRSIG[ ]*NS[ ]' < $TMPZONE.signed )
|
||||
sig1c_pubkey2=$(grep 'ns.example.com.*RRSIG[ ]*A' < $TMPZONE.signed )
|
||||
rm -f "$TMPZONE" "$TMPZONE.signed"
|
||||
|
||||
sig2_pubkey2=$(sig_keys 2 20090924111500 20090821111500 1 2)
|
||||
sig2_pubkey1=$(sig_keys 1 20090924111500 20090821111500 1 2)
|
||||
|
||||
sig3_pubkey2=$(sig_keys 2 20091024111500 20090921111500 1 3 2)
|
||||
sig3_pubkey1=$(sig_keys 1 20091024111500 20090921111500 1 3 2)
|
||||
sig3_pubkey3=$(sig_keys 3 20091024111500 20090921111500 1 3 2)
|
||||
|
||||
sig4_pubkey2=$(sig_keys 2 20091124111500 20091018111500 3 2)
|
||||
sig4_pubkey3=$(sig_keys 3 20091124111500 20091018111500 3 2)
|
||||
|
||||
sig5_pubkey2=$(sig_keys 2 20091224111500 20091118111500 4 3 2)
|
||||
sig5_pubkey4=$(sig_keys 4 20091224111500 20091118111500 4 3 2)
|
||||
sig5_pubkey1=$(sig_keys 1 20091224111500 20091118111500 4 3 2)
|
||||
sig5_pubkey3=$(sig_keys 3 20091224111500 20091118111500 4 3 2)
|
||||
|
||||
sig6_pubkey2=$(sig_keys 2 20101224111500 20101118111500 3 2)
|
||||
sig6_pubkey3=$(sig_keys 3 20101224111500 20101118111500 3 2)
|
||||
|
||||
< $KEYNAME.rpl.in \
|
||||
sed "s@SIG1a_PUBKEY2@$sig1a_pubkey2@ ; \
|
||||
s@SIG1b_PUBKEY2@$sig1b_pubkey2@ ; \
|
||||
s@SIG1c_PUBKEY2@$sig1c_pubkey2@ ; \
|
||||
s@SIG2_PUBKEY2@$sig2_pubkey2@ ; \
|
||||
s@SIG2_PUBKEY1@$sig2_pubkey1@ ; \
|
||||
s@SIG3_PUBKEY2@$sig3_pubkey2@ ; \
|
||||
s@SIG3_PUBKEY1@$sig3_pubkey1@ ; \
|
||||
s@SIG3_PUBKEY3@$sig3_pubkey3@ ; \
|
||||
s@SIG4_PUBKEY2@$sig4_pubkey2@ ; \
|
||||
s@SIG4_PUBKEY3@$sig4_pubkey3@ ; \
|
||||
s@SIG5_PUBKEY2@$sig5_pubkey2@ ; \
|
||||
s@SIG5_PUBKEY4@$sig5_pubkey4@ ; \
|
||||
s@SIG5_PUBKEY1@$sig5_pubkey1@ ; \
|
||||
s@SIG5_PUBKEY3@$sig5_pubkey3@ ; \
|
||||
s@SIG6_PUBKEY2@$sig6_pubkey2@ ; \
|
||||
s@SIG6_PUBKEY3@$sig6_pubkey3@ ; \
|
||||
" |
|
||||
replace_keys \
|
||||
> ../$KEYNAME.rpl
|
107
testdata/gen/gen-common
vendored
Normal file
107
testdata/gen/gen-common
vendored
Normal file
@ -0,0 +1,107 @@
|
||||
#!/bin/sh
|
||||
|
||||
KEYDIR=keys
|
||||
|
||||
LDNS_KEYGEN=ldns-keygen
|
||||
LDNS_SIGNZONE=ldns-signzone
|
||||
SECALG=8 # RSA/SHA-256
|
||||
SECBITS=2048
|
||||
|
||||
TMPZONE=tmpzone
|
||||
|
||||
key_id()
|
||||
{
|
||||
expr "$1" : '.*{id = \([0-9]*\).*'
|
||||
}
|
||||
|
||||
gen_key_ksk()
|
||||
{
|
||||
if [ $# -ne 1 ]; then
|
||||
echo >&2 "Usage: gen_key_ksk <file-name>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
key_file="$1"
|
||||
|
||||
|
||||
if [ -f "$key_file.key" ]
|
||||
then
|
||||
return # Key already exists, remove to regenerate
|
||||
fi
|
||||
mkdir -p "$KEYDIR"
|
||||
tmp_keyname=$($LDNS_KEYGEN -a $SECALG -b $SECBITS -k example.com.)
|
||||
sed 's/IN/10800 IN/' < "$tmp_keyname".key > "$key_file.key"
|
||||
rm -f "$tmp_keyname".key
|
||||
mv "$tmp_keyname".private "$key_file.private"
|
||||
mv "$tmp_keyname".ds "$key_file.ds"
|
||||
}
|
||||
|
||||
gen_key_ksk_revoked()
|
||||
{
|
||||
if [ $# -ne 2 ]; then
|
||||
echo >&2 "Usage: gen_key_ksk_revoked <orig-file-name> <file-name>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
orig_key_file="$1"
|
||||
key_file="$2"
|
||||
|
||||
|
||||
if [ -f "$key_file.key" ]
|
||||
then
|
||||
return # Key already exists, remove to regenerate
|
||||
fi
|
||||
cp "$orig_key_file".key "$key_file".key
|
||||
cp "$orig_key_file".private "$key_file.private"
|
||||
mv "$orig_key_file".ds "$key_file.ds"
|
||||
ldns-revoke "$key_file.key"
|
||||
}
|
||||
|
||||
gen_key_zsk()
|
||||
{
|
||||
if [ $# -ne 1 ]; then
|
||||
echo >&2 "Usage: gen_key_zsk <file-name>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
key_file="$1"
|
||||
|
||||
|
||||
if [ -f "$key_file.key" ]
|
||||
then
|
||||
return # Key already exists, remove to regenerate
|
||||
fi
|
||||
mkdir -p "$KEYDIR"
|
||||
tmp_keyname=$($LDNS_KEYGEN -a $SECALG -b $SECBITS example.com.)
|
||||
sed 's/IN/10800 IN/' < "$tmp_keyname".key > "$key_file.key"
|
||||
rm -f "$tmp_keyname".key
|
||||
mv "$tmp_keyname".private "$key_file.private"
|
||||
}
|
||||
|
||||
sig_keys()
|
||||
{
|
||||
if [ $# -lt 4 ]; then
|
||||
echo >&2 'Usage: sig_keys <sig-key-nr> <endtime> <starttime> <key-nr>...'
|
||||
exit 1
|
||||
fi
|
||||
sig_key_nr="$1"
|
||||
shift
|
||||
endtime="$1"
|
||||
shift
|
||||
starttime="$1"
|
||||
shift
|
||||
echo 'example.com. IN SOA host.example.com. user.example.com. (1 7200 3600 2419200 3600)' > $TMPZONE
|
||||
while [ "$1" != "" ]
|
||||
do
|
||||
cat "$KEYDIR/$KEYNAME"-$1.key >> $TMPZONE
|
||||
shift
|
||||
done
|
||||
$LDNS_SIGNZONE -e $endtime -i $starttime $TMPZONE "$KEYDIR/$KEYNAME-$sig_key_nr"
|
||||
#echo '--- signed zone ---' >&2
|
||||
#cat $TMPZONE.signed >&2
|
||||
#echo '--- end signed zone ---' >&2
|
||||
sig=$(grep 'RRSIG[ ]*DNSKEY' < $TMPZONE.signed )
|
||||
rm -f "$TMPZONE" "$TMPZONE.signed"
|
||||
echo "$sig"
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user