echo_i "generating keys"
# active zsk
-zsk=`$KEYGEN -q -a rsasha1 $czone`
+zsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $czone)
echo $zsk > zsk.key
# not yet published or active
-pending=`$KEYGEN -q -a rsasha1 -P none -A none $czone`
+pending=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -P none -A none $czone)
echo $pending > pending.key
# published but not active
-standby=`$KEYGEN -q -a rsasha1 -A none $czone`
+standby=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -A none $czone)
echo $standby > standby.key
# inactive
-inact=`$KEYGEN -q -a rsasha1 -P now-24h -A now-24h -I now $czone`
+inact=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -P now-24h -A now-24h -I now $czone)
echo $inact > inact.key
# active ksk
-ksk=`$KEYGEN -q -a rsasha1 -fk $czone`
+ksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $czone)
echo $ksk > ksk.key
# published but not YET active; will be active in 15 seconds
-rolling=`$KEYGEN -q -a rsasha1 -fk $czone`
+rolling=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $czone)
$SETTIME -A now+15s $rolling > /dev/null
echo $rolling > rolling.key
# revoked
-revoke1=`$KEYGEN -q -a rsasha1 -fk $czone`
+revoke1=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $czone)
echo $revoke1 > prerev.key
-revoke2=`$REVOKE $revoke1`
+revoke2=$($REVOKE $revoke1)
echo $revoke2 | sed -e 's#\./##' -e "s/\.key.*$//" > postrev.key
-pzsk=`$KEYGEN -q -a rsasha1 $pzone`
+pzsk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $pzone)
echo $pzsk > parent.zsk.key
-pksk=`$KEYGEN -q -a rsasha1 -fk $pzone`
+pksk=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -fk $pzone)
echo $pksk > parent.ksk.key
-oldstyle=`$KEYGEN -Cq -a rsasha1 $pzone`
+oldstyle=$($KEYGEN -Cq -a ${DEFAULT_ALGORITHM} $pzone)
echo $oldstyle > oldstyle.key
n=1
echo_i "setting key timers"
-$SETTIME -A now+15s `cat rolling.key` > /dev/null
+$SETTIME -A now+15s $(cat rolling.key) > /dev/null
inact=$(keyfile_to_key_id "$(cat inact.key)")
ksk=$(keyfile_to_key_id "$(cat ksk.key)")
ret=0
grep "DNSKEY $ksk"'$' sigs > /dev/null || ret=1
grep "SOA $ksk"'$' sigs > /dev/null && ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking that ZSK signed ($n)"
ret=0
grep "SOA $zsk"'$' sigs > /dev/null || ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking that standby ZSK did not sign ($n)"
ret=0
grep " $standby"'$' sigs > /dev/null && ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking that inactive key did not sign ($n)"
ret=0
grep " $inact"'$' sigs > /dev/null && ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking that pending key was not published ($n)"
ret=0
grep " $pending"'$' keys > /dev/null && ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking that standby KSK did not sign but is delegated ($n)"
ret=0
grep " $rolling"'$' sigs > /dev/null && ret=1
grep " $rolling"'$' keys > /dev/null || ret=1
egrep "DS[ ]*$rolling[ ]" ${pfile}.signed > /dev/null || ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking that key was revoked ($n)"
ret=0
grep " $prerev"'$' keys > /dev/null && ret=1
grep " $postrev"'$' keys > /dev/null || ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking that revoked key self-signed ($n)"
ret=0
grep "DNSKEY $postrev"'$' sigs > /dev/null || ret=1
grep "SOA $postrev"'$' sigs > /dev/null && ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "waiting 20 seconds for key changes to occur"
sleep 20
echo_i "checking that standby KSK is now active ($n)"
ret=0
grep "DNSKEY $rolling"'$' sigs > /dev/null && ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking update of an old-style key ($n)"
ret=0
# printing metadata should not work with an old-style key
-$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 && ret=1
-$SETTIME -f `cat oldstyle.key` > /dev/null 2>&1 || ret=1
+$SETTIME -pall $(cat oldstyle.key) > /dev/null 2>&1 && ret=1
+$SETTIME -f $(cat oldstyle.key) > /dev/null 2>&1 || ret=1
# but now it should
-$SETTIME -pall `cat oldstyle.key` > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
+$SETTIME -pall $(cat oldstyle.key) > /dev/null 2>&1 || ret=1
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking warning about permissions change on key with dnssec-settime ($n)"
-uname=`uname -o 2> /dev/null`
+uname=$(uname -o 2> /dev/null)
if [ Cygwin = "$uname" ]; then
echo_i "Cygwin detected, skipping"
else
ret=0
# settime should print a warning about changing the permissions
- chmod 644 `cat oldstyle.key`.private
- $SETTIME -P none `cat oldstyle.key` > settime1.test$n 2>&1 || ret=1
+ chmod 644 $(cat oldstyle.key).private
+ $SETTIME -P none $(cat oldstyle.key) > settime1.test$n 2>&1 || ret=1
grep "warning: Permissions on the file.*have changed" settime1.test$n > /dev/null 2>&1 || ret=1
- $SETTIME -P none `cat oldstyle.key` > settime2.test$n 2>&1 || ret=1
+ $SETTIME -P none $(cat oldstyle.key) > settime2.test$n 2>&1 || ret=1
grep "warning: Permissions on the file.*have changed" settime2.test$n > /dev/null 2>&1 && ret=1
- n=`expr $n + 1`
+ n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
- status=`expr $status + $ret`
+ status=$((status + ret))
fi
echo_i "checking warning about delete date < inactive date with dnssec-settime ($n)"
ret=0
# settime should print a warning about delete < inactive
-$SETTIME -I now+15s -D now `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+$SETTIME -I now+15s -D now $(cat oldstyle.key) > tmp.out 2>&1 || ret=1
grep "warning" tmp.out > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking no warning about delete date < inactive date with dnssec-settime when delete date is unset ($n)"
ret=0
-$SETTIME -D none `cat oldstyle.key` > tmp.out 2>&1 || ret=1
-$SETTIME -p all `cat oldstyle.key` > tmp.out 2>&1 || ret=1
+$SETTIME -D none $(cat oldstyle.key) > tmp.out 2>&1 || ret=1
+$SETTIME -p all $(cat oldstyle.key) > tmp.out 2>&1 || ret=1
grep "warning" tmp.out > /dev/null 2>&1 && ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking warning about delete date < inactive date with dnssec-keygen ($n)"
ret=0
# keygen should print a warning about delete < inactive
-$KEYGEN -q -a rsasha1 -I now+15s -D now $czone > tmp.out 2>&1 || ret=1
+$KEYGEN -q -a ${DEFAULT_ALGORITHM} -I now+15s -D now $czone > tmp.out 2>&1 || ret=1
grep "warning" tmp.out > /dev/null 2>&1 || ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking correct behavior setting activation without publication date ($n)"
ret=0
-key=`$KEYGEN -q -a rsasha1 -A +1w $czone`
-pub=`$SETTIME -upP $key | awk '{print $2}'`
-act=`$SETTIME -upA $key | awk '{print $2}'`
+key=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -A +1w $czone)
+pub=$($SETTIME -upP $key | awk '{print $2}')
+act=$($SETTIME -upA $key | awk '{print $2}')
[ $pub -eq $act ] || ret=1
-key=`$KEYGEN -q -a rsasha1 -A +1w -i 1d $czone`
-pub=`$SETTIME -upP $key | awk '{print $2}'`
-act=`$SETTIME -upA $key | awk '{print $2}'`
+key=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -A +1w -i 1d $czone)
+pub=$($SETTIME -upP $key | awk '{print $2}')
+act=$($SETTIME -upA $key | awk '{print $2}')
[ $pub -lt $act ] || ret=1
-key=`$KEYGEN -q -a rsasha1 -A +1w -P never $czone`
-pub=`$SETTIME -upP $key | awk '{print $2}'`
+key=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} -A +1w -P never $czone)
+pub=$($SETTIME -upP $key | awk '{print $2}')
[ $pub = "UNSET" ] || ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking calculation of dates for a successor key ($n)"
ret=0
-oldkey=`$KEYGEN -a RSASHA1 -q $czone`
-newkey=`$KEYGEN -a RSASHA1 -q $czone`
+oldkey=$($KEYGEN -a ${DEFAULT_ALGORITHM} -q $czone)
+newkey=$($KEYGEN -a ${DEFAULT_ALGORITHM} -q $czone)
$SETTIME -A -2d -I +2d $oldkey > settime1.test$n 2>&1 || ret=1
$SETTIME -i 1d -S $oldkey $newkey > settime2.test$n 2>&1 || ret=1
$SETTIME -pA $newkey | grep "1970" > /dev/null && ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
-key=`$KEYGEN -q -a RSASHA1 $czone`
+key=$($KEYGEN -q -a ${DEFAULT_ALGORITHM} $czone)
echo_i "checking -p output time is accepted ($n)"
-t=`$SETTIME -pA $key | sed 's/.*: //'`
+t=$($SETTIME -pA $key | sed 's/.*: //')
$SETTIME -Psync "$t" $key > settime2.test$n 2>&1 || ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking -up output time is accepted ($n)"
-t=`$SETTIME -upA $key | sed 's/.*: //'`
+t=$($SETTIME -upA $key | sed 's/.*: //')
$SETTIME -Dsync "$t" $key > settime2.test$n 2>&1 || ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "checking -p unset time is accepted ($n)"
# The Delete timing metadata is unset.
-t=`$SETTIME -pD $key | sed 's/.*: //'`
+t=$($SETTIME -pD $key | sed 's/.*: //')
$SETTIME -Psync "$t" $key > settime2.test$n 2>&1 || ret=1
-n=`expr $n + 1`
+n=$((n + 1))
if [ $ret != 0 ]; then echo_i "failed"; fi
-status=`expr $status + $ret`
+status=$((status + ret))
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
projects / thirdparty / bind9.git / commitdiff
