###############################################################################
# Key properties #
###############################################################################
-ID=0
-EXPECT=1
-ROLE=2
-KSK=3
-ZSK=4
-LIFETIME=5
-ALG_NUM=6
-ALG_STR=7
-ALG_LEN=8
-PUBLISHED=9
-ACTIVE=10
-RETIRED=11
-REVOKED=12
-REMOVED=13
-GOAL=14
-STATE_DNSKEY=15
-STATE_ZRRSIG=16
-STATE_KRRSIG=17
-STATE_DS=18
-EXPECT_ZRRSIG=19
-EXPECT_KRRSIG=20
+# ID=0
+# EXPECT=1
+# ROLE=2
+# KSK=3
+# ZSK=4
+# LIFETIME=5
+# ALG_NUM=6
+# ALG_STR=7
+# ALG_LEN=8
+# PUBLISHED=9
+# ACTIVE=10
+# RETIRED=11
+# REVOKED=12
+# REMOVED=13
+# GOAL=14
+# STATE_DNSKEY=15
+# STATE_ZRRSIG=16
+# STATE_KRRSIG=17
+# STATE_DS=18
+# EXPECT_ZRRSIG=19
+# EXPECT_KRRSIG=20
+
+key_key() {
+ echo "${1}__${2}"
+}
+
+key_get() {
+ eval "echo \${$(key_key "$1" "$2")}"
+}
+
+key_set() {
+ eval "$(key_key "$1" "$2")='$3'"
+}
# Clear key state.
#
# This will update either the KEY1, KEY2, or KEY3 array.
key_clear() {
- _key=( [$ID]="no" [$EXPECT]="no" \
- [$ROLE]="none" [$KSK]="no" [$ZSK]="no" \
- [$LIFETIME]="0" [$ALG_NUM]="0" \
- [$ALG_STR]="none" [$ALG_LEN]="0" \
- [$PUBLISHED]="none" [$ACTIVE]="none" \
- [$RETIRED]="none" [$REVOKED]="none" \
- [$REMOVED]="none" \
- [$GOAL]="none" [$STATE_DNSKEY]="none" \
- [$STATE_KRRSIG]="none" [$STATE_ZRRSIG]="none" \
- [$STATE_DS]="none" \
- [$EXPECT_ZRRSIG]="no" [$EXPECT_KRRSIG]="no")
-
- if [ $1 == "KEY1" ]; then
- KEY1=(${_key[*]})
- elif [ $1 == "KEY2" ]; then
- KEY2=(${_key[*]})
- elif [ $1 == "KEY3" ]; then
- KEY3=(${_key[*]})
- fi
+ key_set "$1" "ID" 'no'
+ key_set "$1" "EXPECT" 'no'
+ key_set "$1" "ROLE" 'none'
+ key_set "$1" "KSK" 'no'
+ key_set "$1" "ZSK" 'no'
+ key_set "$1" "LIFETIME" '0'
+ key_set "$1" "ALG_NUM" '0'
+ key_set "$1" "ALG_STR" 'none'
+ key_set "$1" "ALG_LEN" '0'
+ key_set "$1" "PUBLISHED" 'none'
+ key_set "$1" "ACTIVE" 'none'
+ key_set "$1" "RETIRED" 'none'
+ key_set "$1" "REVOKED" 'none'
+ key_set "$1" "REMOVED" 'none'
+ key_set "$1" "GOAL" 'none'
+ key_set "$1" "STATE_DNSKEY" 'none'
+ key_set "$1" "STATE_KRRSIG" 'none'
+ key_set "$1" "STATE_ZRRSIG" 'none'
+ key_set "$1" "STATE_DS" 'none'
+ key_set "$1" "EXPECT_ZRRSIG" 'no'
+ key_set "$1" "EXPECT_KRRSIG" 'no'
}
# Start clear.
#
# This will update either the KEY1, KEY2 or KEY3 array.
key_properties() {
- if [ $1 == "KEY1" ]; then
- KEY1[$EXPECT]="yes"
- KEY1[$ROLE]=$2
- KEY1[$KSK]="no"
- KEY1[$ZSK]="no"
- test $2 == "ksk" && KEY1[$KSK]="yes"
- test $2 == "zsk" && KEY1[$ZSK]="yes"
- test $2 == "csk" && KEY1[$KSK]="yes"
- test $2 == "csk" && KEY1[$ZSK]="yes"
- KEY1[$LIFETIME]=$3
- KEY1[$ALG_NUM]=$4
- KEY1[$ALG_STR]=$5
- KEY1[$ALG_LEN]=$6
- KEY1[$EXPECT_ZRRSIG]=$7
- KEY1[$EXPECT_KRRSIG]=$8
- elif [ $1 == "KEY2" ]; then
- KEY2[$EXPECT]="yes"
- KEY2[$ROLE]=$2
- KEY2[$KSK]="no"
- KEY2[$ZSK]="no"
- test $2 == "ksk" && KEY2[$KSK]="yes"
- test $2 == "zsk" && KEY2[$ZSK]="yes"
- test $2 == "csk" && KEY2[$KSK]="yes"
- test $2 == "csk" && KEY2[$ZSK]="yes"
- KEY2[$LIFETIME]=$3
- KEY2[$ALG_NUM]=$4
- KEY2[$ALG_STR]=$5
- KEY2[$ALG_LEN]=$6
- KEY2[$EXPECT_ZRRSIG]=$7
- KEY2[$EXPECT_KRRSIG]=$8
- elif [ $1 == "KEY3" ]; then
- KEY3[$EXPECT]="yes"
- KEY3[$ROLE]=$2
- KEY3[$KSK]="no"
- KEY3[$ZSK]="no"
- test $2 == "ksk" && KEY3[$KSK]="yes"
- test $2 == "zsk" && KEY3[$ZSK]="yes"
- test $2 == "csk" && KEY3[$KSK]="yes"
- test $2 == "csk" && KEY3[$ZSK]="yes"
- KEY3[$LIFETIME]=$3
- KEY3[$ALG_NUM]=$4
- KEY3[$ALG_STR]=$5
- KEY3[$ALG_LEN]=$6
- KEY3[$EXPECT_ZRRSIG]=$7
- KEY3[$EXPECT_KRRSIG]=$8
- fi
+ key_set "$1" "EXPECT" "yes"
+ key_set "$1" "ROLE" "$2"
+ key_set "$1" "KSK" "no"
+ key_set "$1" "ZSK" "no"
+ test $2 == "ksk" && key_set "$1" "KSK" "yes"
+ test $2 == "zsk" && key_set "$1" "ZSK" "yes"
+ test $2 == "csk" && key_set "$1" "KSK" "yes"
+ test $2 == "csk" && key_set "$1" "ZSK" "yes"
+ key_set "$1" "LIFETIME" "$3"
+ key_set "$1" "ALG_NUM" "$4"
+ key_set "$1" "ALG_STR" "$5"
+ key_set "$1" "ALG_LEN" "$6"
+ key_set "$1" "EXPECT_ZRRSIG" "$7"
+ key_set "$1" "EXPECT_KRRSIG" "$8"
}
# Set key timing metadata. Set to "none" to unset.
#
# This will update either the KEY1, KEY2 or KEY3 array.
key_timings() {
- if [ $1 == "KEY1" ]; then
- KEY1[$EXPECT]="yes"
- KEY1[$PUBLISHED]=$2
- KEY1[$ACTIVE]=$3
- KEY1[$RETIRED]=$4
- KEY1[$REVOKED]=$5
- KEY1[$REMOVED]=$6
- elif [ $1 == "KEY2" ]; then
- KEY2[$EXPECT]="yes"
- KEY2[$PUBLISHED]=$2
- KEY2[$ACTIVE]=$3
- KEY2[$RETIRED]=$4
- KEY2[$REVOKED]=$5
- KEY2[$REMOVED]=$6
- elif [ $1 == "KEY3" ]; then
- KEY3[$EXPECT]="yes"
- KEY3[$PUBLISHED]=$2
- KEY3[$ACTIVE]=$3
- KEY3[$RETIRED]=$4
- KEY3[$REVOKED]=$5
- KEY3[$REMOVED]=$6
- fi
+ key_set "$1" "EXPECT" "yes"
+ key_set "$1" "PUBLISHED" "$2"
+ key_set "$1" "ACTIVE" "$3"
+ key_set "$1" "RETIRED" "$4"
+ key_set "$1" "REVOKED" "$5"
+ key_set "$1" "REMOVED" "$6"
}
# Set key state metadata. Set to "none" to unset.
#
# This will update either the KEY1, KEY2, OR KEY3 array.
key_states() {
- if [ $1 == "KEY1" ]; then
- KEY1[$EXPECT]="yes"
- KEY1[$GOAL]=$2
- KEY1[$STATE_DNSKEY]=$3
- KEY1[$STATE_ZRRSIG]=$4
- KEY1[$STATE_KRRSIG]=$5
- KEY1[$STATE_DS]=$6
- elif [ $1 == "KEY2" ]; then
- KEY2[$EXPECT]="yes"
- KEY2[$GOAL]=$2
- KEY2[$STATE_DNSKEY]=$3
- KEY2[$STATE_ZRRSIG]=$4
- KEY2[$STATE_KRRSIG]=$5
- KEY2[$STATE_DS]=$6
- elif [ $1 == "KEY3" ]; then
- KEY3[$EXPECT]="yes"
- KEY3[$GOAL]=$2
- KEY3[$STATE_DNSKEY]=$3
- KEY3[$STATE_ZRRSIG]=$4
- KEY3[$STATE_KRRSIG]=$5
- KEY3[$STATE_DS]=$6
- fi
+ key_set "$1" "EXPECT" "yes"
+ key_set "$1" "GOAL" "$2"
+ key_set "$1" "STATE_DNSKEY" "$3"
+ key_set "$1" "STATE_ZRRSIG" "$4"
+ key_set "$1" "STATE_KRRSIG" "$5"
+ key_set "$1" "STATE_DS" "$6"
}
# Check the key $1 with id $2.
# STATE_FILE="${BASE_FILE}.state"
# KEY_ID=$(echo $1 | sed 's/^0*//')
check_key() {
- if [ $1 == "KEY1" ]; then
- _key=(${KEY1[*]})
- elif [ $1 == "KEY2" ]; then
- _key=(${KEY2[*]})
- elif [ $1 == "KEY3" ]; then
- _key=(${KEY3[*]})
- fi
-
- _dir=$DIR
- _zone=$ZONE
- _role="${_key[$ROLE]}"
+ _dir="$DIR"
+ _zone="$ZONE"
+ _role=$(key_get "$1" ROLE)
_key_idpad=$2
_key_id=$(echo $_key_idpad | sed 's/^0*//')
- _alg_num="${_key[$ALG_NUM]}"
- _alg_numpad=$(printf "%03d" $_alg_num)
- _alg_string="${_key[$ALG_STR]}"
- _length="${_key[$ALG_LEN]}"
- _dnskey_ttl=$DNSKEY_TTL
- _lifetime="${_key[$LIFETIME]}"
-
- _published="${_key[$PUBLISHED]}"
- _active="${_key[$ACTIVE]}"
- _retired="${_key[$RETIRED]}"
- _revoked="${_key[$REVOKED]}"
- _removed="${_key[$REMOVED]}"
-
- _goal="${_key[$GOAL]}"
- _state_dnskey="${_key[$STATE_DNSKEY]}"
- _state_zrrsig="${_key[$STATE_ZRRSIG]}"
- _state_krrsig="${_key[$STATE_KRRSIG]}"
- _state_ds="${_key[$STATE_DS]}"
+ _alg_num=$(key_get "$1" ALG_NUM)
+ _alg_numpad=$(printf "%03d" $_alg_num)
+ _alg_string=$(key_get "$1" ALG_STR)
+ _length=$(key_get "$1" "ALG_LEN")
+ _dnskey_ttl="$DNSKEY_TTL"
+ _lifetime=$(key_get "$1" LIFETIME)
+
+ _published=$(key_get "$1" PUBLISHED)
+ _active=$(key_get "$1" ACTIVE)
+ _retired=$(key_get "$1" RETIRED)
+ _revoked=$(key_get "$1" REVOKED)
+ _removed=$(key_get "$1" REMOVED)
+
+ _goal=$(key_get "$1" GOAL)
+ _state_dnskey=$(key_get "$1" STATE_DNSKEY)
+ _state_zrrsig=$(key_get "$1" STATE_ZRRSIG)
+ _state_krrsig=$(key_get "$1" STATE_KRRSIG)
+ _state_ds=$(key_get "$1" STATE_DS)
_ksk="no"
_zsk="no"
_zone=$ZONE
_key_idpad=$1
_key_id=$(echo $_key_idpad | sed 's/^0*//')
- _alg_num="${KEY1[$ALG_NUM]}"
+ _alg_num=$(key_get KEY1 ALG_NUM)
_alg_numpad=$(printf "%03d" $_alg_num)
BASE_FILE="${_dir}/K${_zone}.+${_alg_numpad}+${_key_idpad}"
key_properties "KEY1" "csk" "31536000" "13" "ECDSAP256SHA256" "256" "yes" "yes"
key_timings "KEY1" "none" "none" "none" "none" "none"
key_states "KEY1" "none" "none" "none" "none" "none"
-id=$(get_keyids $DIR $ZONE "${KEY1[$ALG_NUM]}")
+id=$(get_keyids $DIR $ZONE $(key_get KEY1 ALG_NUM))
check_key "KEY1" $id
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
key_timings "KEY3" "none" "none" "none" "none" "none"
key_states "KEY3" "none" "none" "none" "none" "none"
-ids=$(get_keyids $DIR $ZONE "${KEY1[$ALG_NUM]}")
+ids=$(get_keyids $DIR $ZONE $(key_get KEY1 ALG_NUM))
for id in $ids; do
# There are three key files with the same algorithm.
# Check them until a match is found.
$KEYGEN -k $POLICY $ZONE > keygen.out.$POLICY.test$n 2>/dev/null || ret=1
lines=$(cat keygen.out.default.test$n | wc -l)
test "$lines" -eq 1 || log_error "wrong number of keys created for policy default: $lines"
-id=$(get_keyids $DIR $ZONE "${KEY1[$ALG_NUM]}")
+id=$(get_keyids $DIR $ZONE $(key_get KEY1 ALG_NUM))
check_key "KEY1" $id
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
$KEYGEN -k $POLICY $ZONE > keygen.out.$POLICY.test$n 2>/dev/null || ret=1
lines=$(cat keygen.out.$POLICY.test$n | wc -l)
test "$lines" -eq 1 || log_error "wrong number of keys created for policy default: $lines"
-id=$(get_keyids $DIR $ZONE "${KEY1[$ALG_NUM]}")
+id=$(get_keyids $DIR $ZONE $(key_get KEY1 ALG_NUM))
check_key "KEY1" $id
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
n=$((n+1))
echo_i "check key is created for zone ${ZONE} ($n)"
ret=0
-id=$(get_keyids $DIR $ZONE "${KEY1[$ALG_NUM]}")
+id=$(get_keyids $DIR $ZONE $(key_get KEY1 ALG_NUM))
check_key "KEY1" $id
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
ret=0
dig_with_opts $ZONE @${SERVER} $qtype > dig.out.$DIR.test$n || log_error "dig ${ZONE} ${qtype} failed"
grep "status: NOERROR" dig.out.$DIR.test$n > /dev/null || log_error "mismatch status in DNS response"
-grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${qtype}.*257.*.3.*${KEY1[$ALG_NUM]}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${qtype} record in response"
+grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${qtype}.*257.*.3.*${KEY1__ALG_NUM}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${qtype} record in response"
lines=$(get_keys_which_signed $qtype dig.out.$DIR.test$n | wc -l)
test "$lines" -eq 1 || log_error "bad number ($lines) of RRSIG records in DNS response"
get_keys_which_signed $qtype dig.out.$DIR.test$n | grep "^${KEY_ID}$" > /dev/null || log_error "${qtype} RRset not signed with key ${KEY_ID}"
echo_i "check keys are created for zone ${ZONE} ($n)"
ret=0
- _key_algnum="${KEY1[$ALG_NUM]}"
+ _key_algnum=$(key_get KEY1 ALG_NUM)
n=$((n+1))
echo_i "check number of keys with algorithm ${_key_algnum} for zone ${ZONE} in dir ${DIR} ($n)"
_log=0
# Clear key ids.
- KEY1[$ID]="0"
- KEY2[$ID]="0"
- KEY3[$ID]="0"
+ key_set KEY1 ID 0
+ key_set KEY2 ID 0
+ key_set KEY3 ID 0
# Check key files.
_ids=$(get_keyids $DIR $ZONE "$_key_algnum")
# Check them until a match is found.
echo_i "check key $_id"
- if [ "0" == "${KEY1[$ID]}" ] && [ "${KEY1[$EXPECT]}" == "yes" ]; then
+ if [ "0" == "$(key_get KEY1 ID)" ] && [ "$(key_get KEY1 EXPECT)" == "yes" ]; then
ret=0
check_key "KEY1" $_id
- test "$ret" -eq 0 && KEY1[$ID]=$KEY_ID && continue
+ test "$ret" -eq 0 && key_set "$1" "ID" "$KEY_ID" && continue
fi
- if [ "0" == "${KEY2[$ID]}" ] && [ "${KEY2[$EXPECT]}" == "yes" ]; then
+ if [ "0" == "$(key_get KEY2 ID)" ] && [ "$(key_get KEY2 EXPECT)" == "yes" ]; then
ret=0
check_key "KEY2" $_id
- test "$ret" -eq 0 && KEY2[$ID]=$KEY_ID && continue
+ test "$ret" -eq 0 && key_set KEY2 "ID" "$KEY_ID" && continue
fi
- if [ "0" == "${KEY3[$ID]}" ] && [ "${KEY3[$EXPECT]}" == "yes" ]; then
+ if [ "0" == "$(key_get KEY3 ID)" ] && [ "$(key_get KEY3 EXPECT)" == "yes" ]; then
ret=0
check_key "KEY3" $_id
- test "$ret" -eq 0 && KEY3[$ID]=$KEY_ID && continue
+ test "$ret" -eq 0 && key_set KEY3 ID "$KEY_ID" && continue
fi
# This may be an unused key.
_log=1
ret=0
- if [ "${KEY1[$EXPECT]}" == "yes" ]; then
- test "0" == "${KEY1[$ID]}" && log_error "No KEY1 found for zone ${ZONE}"
+ if [ "$(key_get KEY1 EXPECT)" == "yes" ]; then
+ test "0" == "$(key_get KEY1 ID)" && log_error "No KEY1 found for zone ${ZONE}"
fi
- if [ "${KEY2[$EXPECT]}" == "yes" ]; then
- test "0" == "${KEY2[$ID]}" && log_error "No KEY2 found for zone ${ZONE}"
+ if [ "$(key_get KEY2 EXPECT)" == "yes" ]; then
+ test "0" == "$(key_get KEY2 ID)" && log_error "No KEY2 found for zone ${ZONE}"
fi
- if [ "${KEY3[$EXPECT]}" == "yes" ]; then
- test "0" == "${KEY3[$ID]}" && log_error "No KEY3 found for zone ${ZONE}"
+ if [ "$(key_get KEY3 EXPECT)" == "yes" ]; then
+ test "0" == "$(key_get KEY3 ID)" && log_error "No KEY3 found for zone ${ZONE}"
fi
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
_expect_type=$EXPECT_ZRRSIG
fi
- if [ "${KEY1[$_expect_type]}" == "yes" ] && [ "${KEY1[$_role]}" == "yes" ]; then
- get_keys_which_signed $_qtype $_file | grep "^${KEY1[$ID]}$" > /dev/null || log_error "${_qtype} RRset not signed with key ${KEY1[$ID]}"
- elif [ "${KEY1[$EXPECT]}" == "yes" ]; then
- get_keys_which_signed $_qtype $_file | grep "^${KEY1[$ID]}$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key ${KEY1[$ID]}"
+ if [ "$(key_get KEY1 _expect_type)" == "yes" ] && [ "$(key_get KEY1 _role)" == "yes" ]; then
+ get_keys_which_signed $_qtype $_file | grep "^$(key_get KEY1 ID)$" > /dev/null || log_error "${_qtype} RRset not signed with key $(key_get KEY1 ID)"
+ elif [ "$(key_get KEY1 EXPECT)" == "yes" ]; then
+ get_keys_which_signed $_qtype $_file | grep "^$(key_get KEY1 ID)$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key $(key_get KEY1 ID)"
fi
- if [ "${KEY2[$_expect_type]}" == "yes" ] && [ "${KEY2[$_role]}" == "yes" ]; then
- get_keys_which_signed $_qtype $_file | grep "^${KEY2[$ID]}$" > /dev/null || log_error "${_qtype} RRset not signed with key ${KEY2[$ID]}"
- elif [ "${KEY2[$EXPECT]}" == "yes" ]; then
- get_keys_which_signed $_qtype $_file | grep "^${KEY2[$ID]}$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key ${KEY2[$ID]}"
+ if [ "$(key_get KEY2 _expect_type)" == "yes" ] && [ "$(key_get KEY2 _role)" == "yes" ]; then
+ get_keys_which_signed $_qtype $_file | grep "^$(key_get KEY2 ID)$" > /dev/null || log_error "${_qtype} RRset not signed with key $(key_get KEY2 ID)"
+ elif [ "$(key_get KEY2 EXPECT)" == "yes" ]; then
+ get_keys_which_signed $_qtype $_file | grep "^$(key_get KEY2 ID)$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key $(key_get KEY2 ID)"
fi
- if [ "${KEY3[$_expect_type]}" == "yes" ] && [ "${KEY3[$_role]}" == "yes" ]; then
- get_keys_which_signed $_qtype $_file | grep "^${KEY3[$ID]}$" > /dev/null || log_error "${_qtype} RRset not signed with key ${KEY3[$ID]}"
- elif [ "${KEY3[$EXPECT]}" == "yes" ]; then
- get_keys_which_signed $_qtype $_file | grep "^${KEY3[$ID]}$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key ${KEY3[$ID]}"
+ if [ "$(key_get KEY3 _expect_type)" == "yes" ] && [ "$(key_get KEY3 _role)" == "yes" ]; then
+ get_keys_which_signed $_qtype $_file | grep "^$(key_get KEY3 ID)$" > /dev/null || log_error "${_qtype} RRset not signed with key $(key_get KEY3 ID)"
+ elif [ "$(key_get KEY3 EXPECT)" == "yes" ]; then
+ get_keys_which_signed $_qtype $_file | grep "^$(key_get KEY3 ID)$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key $(key_get KEY3 ID)"
fi
}
check_cds() {
_qtype="CDS"
- _key_algnum="${KEY1[$ALG_NUM]}"
+ _key_algnum="$(key_get KEY1 ALG_NUM)"
n=$((n+1))
echo_i "check ${_qtype} rrset is signed correctly for zone ${ZONE} ($n)"
dig_with_opts $ZONE @${SERVER} $_qtype > dig.out.$DIR.test$n || log_error "dig ${ZONE} ${_qtype} failed"
grep "status: NOERROR" dig.out.$DIR.test$n > /dev/null || log_error "mismatch status in DNS response"
- if [ "${KEY1[$STATE_DS]}" == "rumoured" ] || [ "${KEY1[$STATE_DS]}" == "omnipresent" ]; then
- grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*${KEY1[$ID]}.*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key ${KEY1[$ID]}"
+ if [ "$(key_get KEY1 STATE_DS)" == "rumoured" ] || [ "$(key_get KEY1 STATE_DS)" == "omnipresent" ]; then
+ grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY1 ID).*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY1 ID)"
check_signatures $_qtype dig.out.$DIR.test$n $KSK
- elif [ "${KEY1[$EXPECT]}" == "yes" ]; then
- grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*${KEY1[$ID]}.*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key ${KEY1[$ID]}"
+ elif [ "$(key_get KEY1 EXPECT)" == "yes" ]; then
+ grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY1 ID).*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY1 ID)"
fi
- if [ "${KEY2[$STATE_DS]}" == "rumoured" ] || [ "${KEY2[$STATE_DS]}" == "omnipresent" ]; then
- grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*${KEY2[$ID]}.*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key ${KEY2[$ID]}"
+ if [ "$(key_get KEY2 STATE_DS)" == "rumoured" ] || [ "$(key_get KEY2 STATE_DS)" == "omnipresent" ]; then
+ grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY2 ID).*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY2 ID)"
check_signatures $_qtype dig.out.$DIR.test$n $KSK
- elif [ "${KEY2[$EXPECT]}" == "yes" ]; then
- grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*${KEY2[$ID]}.*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key ${KEY2[$ID]}"
+ elif [ "$(key_get KEY2 EXPECT)" == "yes" ]; then
+ grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY2 ID).*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY2 ID)"
fi
- if [ "${KEY3[$STATE_DS]}" == "rumoured" ] || [ "${KEY3[$STATE_DS]}" == "omnipresent" ]; then
- grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*${KEY3[$ID]}.*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key ${KEY3[$ID]}"
+ if [ "$(key_get KEY3 STATE_DS)" == "rumoured" ] || [ "$(key_get KEY3 STATE_DS)" == "omnipresent" ]; then
+ grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY3 ID).*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY3 ID)"
check_signatures $_qtype dig.out.$DIR.test$n $KSK
- elif [ "${KEY3[$EXPECT]}" == "yes" ]; then
- grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*${KEY3[$ID]}.*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key ${KEY3[$ID]}"
+ elif [ "$(key_get KEY3 EXPECT)" == "yes" ]; then
+ grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY3 ID).*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY3 ID)"
fi
test "$ret" -eq 0 || echo_i "failed"
# Test DNSKEY query.
_qtype="DNSKEY"
- _key_algnum="${KEY1[$ALG_NUM]}"
+ _key_algnum="$(key_get KEY1 ALG_NUM)"
n=$((n+1))
echo_i "check ${_qtype} rrset is signed correctly for zone ${ZONE} ($n)"
ret=0
dig_with_opts $ZONE @${SERVER} $_qtype > dig.out.$DIR.test$n || log_error "dig ${ZONE} ${_qtype} failed"
grep "status: NOERROR" dig.out.$DIR.test$n > /dev/null || log_error "mismatch status in DNS response"
- if [ "${KEY1[$STATE_DNSKEY]}" == "rumoured" ] || [ "${KEY1[$STATE_DNSKEY]}" == "omnipresent" ]; then
- grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key ${KEY1[$ID]}"
+ if [ "$(key_get KEY1 STATE_DNSKEY)" == "rumoured" ] || [ "$(key_get KEY1 STATE_DNSKEY)" == "omnipresent" ]; then
+ grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY1 ID)"
check_signatures $_qtype dig.out.$DIR.test$n $KSK
numkeys=$((numkeys+1))
- elif [ "${KEY1[$EXPECT]}" == "yes" ]; then
- grep "${ZONE}\.*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key ${KEY1[$ID]}"
+ elif [ "$(key_get KEY1 EXPECT)" == "yes" ]; then
+ grep "${ZONE}\.*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY1 ID)"
fi
- if [ "${KEY2[$STATE_DNSKEY]}" == "rumoured" ] || [ "${KEY2[$STATE_DNSKEY]}" == "omnipresent" ]; then
- grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key ${KEY2[$ID]}"
+ if [ "$(key_get KEY2 STATE_DNSKEY)" == "rumoured" ] || [ "$(key_get KEY2 STATE_DNSKEY)" == "omnipresent" ]; then
+ grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY2 ID)"
check_signatures $_qtype dig.out.$DIR.test$n $KSK
numkeys=$((numkeys+1))
- elif [ "${KEY2[$EXPECT]}" == "yes" ]; then
- grep "${ZONE}\.*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key ${KEY2[$ID]}"
+ elif [ "$(key_get KEY2 EXPECT)" == "yes" ]; then
+ grep "${ZONE}\.*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY2 ID)"
fi
- if [ "${KEY3[$STATE_DNSKEY]}" == "rumoured" ] || [ "${KEY3[$STATE_DNSKEY]}" == "omnipresent" ]; then
- grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key ${KEY3[$ID]}"
+ if [ "$(key_get KEY3 STATE_DNSKEY)" == "rumoured" ] || [ "$(key_get KEY3 STATE_DNSKEY)" == "omnipresent" ]; then
+ grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY3 ID)"
check_signatures $_qtype dig.out.$DIR.test$n $KSK
numkeys=$((numkeys+1))
- elif [ "${KEY3[$EXPECT]}" == "yes" ]; then
- grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key ${KEY3[$ID]}"
+ elif [ "$(key_get KEY3 EXPECT)" == "yes" ]; then
+ grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY3 ID)"
fi
lines=$(get_keys_which_signed $_qtype dig.out.$DIR.test$n | wc -l)
projects / thirdparty / bind9.git / commitdiff
