ksksby=`$KEYGEN -3 -a RSASHA1 -q -P now -A now+15s -fk $zone`
kskrev=`$KEYGEN -3 -a RSASHA1 -q -R now+15s -fk $zone`
-keyfile_to_static_keys $ksksby > trusted.conf
+keyfile_to_static_ds $ksksby > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
-keyfile_to_static_keys $kskrev > trusted.conf
+keyfile_to_static_ds $kskrev > trusted.conf
cp trusted.conf ../ns5/trusted.conf
echo $zskact > ../active.key
infile="${zonefile}.in"
ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone`
$KEYGEN -a RSASHA1 -3 -q $zone > /dev/null
-keyfile_to_static_keys $ksk > private.conf
+keyfile_to_static_ds $ksk > private.conf
cp private.conf ../ns4/private.conf
$SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null
}
# keyfile_to_keys_section: helper function for keyfile_to_*_keys() which
-# converts keyfile data into a configuration section using the supplied
-# parameters
-keyfile_to_keys_section() {
+# converts keyfile data into a key-style trust anchor configuration
+# section using the supplied parameters
+keyfile_to_keys() {
section_name=$1
key_prefix=$2
shift
echo "};"
}
+# keyfile_to_dskeys_section: helper function for keyfile_to_*_dskeys()
+# converts keyfile data into a DS-style trust anchor configuration
+# section using the supplied parameters
+keyfile_to_dskeys() {
+ section_name=$1
+ key_prefix=$2
+ shift
+ shift
+ echo "$section_name {"
+ for keyname in $*; do
+ $DSFROMKEY $keyname.key | \
+ awk '!/^; /{
+ printf "\t\""$1"\" "
+ printf "'"$key_prefix "'"
+ printf $4 " " $5 " " $6 " \""
+ for (i=7; i<=NF; i++) printf $i
+ printf "\";\n"
+ }'
+ done
+ echo "};"
+}
+
# keyfile_to_static_keys: convert key data contained in the keyfile(s)
-# provided to a *static* "dnssec-keys" section suitable for including in a
+# provided to a *static-key* "dnssec-keys" section suitable for including in a
# resolver's configuration file
keyfile_to_static_keys() {
- keyfile_to_keys_section "dnssec-keys" "static-key" $*
+ keyfile_to_keys "dnssec-keys" "static-key" $*
}
# keyfile_to_initial_keys: convert key data contained in the keyfile(s)
-# provided to an *initialzing* "dnssec-keys" section suitable for including
+# provided to an *initial-key* "dnssec-keys" section suitable for including
# in a resolver's configuration file
keyfile_to_initial_keys() {
- keyfile_to_keys_section "dnssec-keys" "initial-key" $*
+ keyfile_to_keys "dnssec-keys" "initial-key" $*
+}
+
+# keyfile_to_static_ds_keys: convert key data contained in the keyfile(s)
+# provided to a *static-ds* "dnssec-keys" section suitable for including in a
+# resolver's configuration file
+keyfile_to_static_ds() {
+ keyfile_to_dskeys "dnssec-keys" "static-ds" $*
+}
+
+# keyfile_to_initial_ds_keys: convert key data contained in the keyfile(s)
+# provided to an *initial-ds* "dnssec-keys" section suitable for including
+# in a resolver's configuration file
+keyfile_to_initial_ds() {
+ keyfile_to_dskeys "dnssec-keys" "initial-ds" $*
}
# keyfile_to_key_id: convert a key file name to a key ID
"$SIGNER" -P -g -o "$zone" "$zonefile" > /dev/null 2>&1
# Configure the resolving server with a staitc key.
-keyfile_to_static_keys "$ksk" > trusted.conf
+keyfile_to_static_ds "$ksk" > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
cp trusted.conf ../ns9/trusted.conf
# ...or with an initializing key.
-keyfile_to_initial_keys "$ksk" > managed.conf
+keyfile_to_initial_ds "$ksk" > managed.conf
cp managed.conf ../ns4/managed.conf
#
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -f KSK "$zone")
# copy the KSK out first, then revoke it
-keyfile_to_initial_keys "$keyname" > revoked.conf
+keyfile_to_initial_ds "$keyname" > revoked.conf
"$SETTIME" -R now "${keyname}.key" > /dev/null
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".")
-keyfile_to_static_keys "$keyname" > trusted.conf
+keyfile_to_static_ds "$keyname" > trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a static key.
-keyfile_to_static_keys $key2 > trusted.conf
+keyfile_to_static_ds $key2 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
# Configure the resolving server with a static key.
-keyfile_to_static_keys $key1 > trusted.conf
+keyfile_to_static_ds $key1 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
# Configure the resolving server with a static key.
-keyfile_to_static_keys $key1 > trusted.conf
+keyfile_to_static_ds $key1 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cd ../ns2 && $SHELL sign.sh
keyname=`cat keygen.out`
rm -f keygen.out
-keyfile_to_static_keys $keyname > trusted.conf
+keyfile_to_static_ds $keyname > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns5/trusted.conf
$SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out
[ $? = 0 ] || cat signer.out
-keyfile_to_static_keys $keyname > trusted.conf
+keyfile_to_static_ds $keyname > trusted.conf
cp trusted.conf ../ns6/trusted.conf
$SIGNER -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err
-keyfile_to_static_keys $keyname2 > trusted.conf
+keyfile_to_static_ds $keyname2 > trusted.conf
cp trusted.conf ../ns1
$SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null
# Configure the resolving server with an initializing key.
-keyfile_to_initial_keys $keyname > managed.conf
+keyfile_to_initial_ds $keyname > managed.conf
cp managed.conf ../ns2/managed.conf
cp managed.conf ../ns4/managed.conf
cp managed.conf ../ns5/managed.conf
# Configure a static key to be used by delv.
-keyfile_to_static_keys $keyname > trusted.conf
+keyfile_to_static_ds $keyname > trusted.conf
# Prepare an unsupported algorithm key.
unsupportedkey=Kunknown.+255+00000
cp "../ns1/${rootkey}.key" .
# Configure the resolving server with an initializing key.
+# (We use key-format trust anchors here because otherwise the
+# unsupported algorithm test won't work.)
keyfile_to_initial_keys $unsupportedkey $rsakey $rootkey > managed.conf
echo_i "reinitialize trust anchors, add second key to bind.keys"
$PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} mkeys ns2
rm -f ns2/managed-keys.bind*
-keyfile_to_initial_keys ns1/$original ns1/$standby1 > ns2/managed.conf
+keyfile_to_initial_ds ns1/$original ns1/$standby1 > ns2/managed.conf
nextpart ns2/named.run > /dev/null
$PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} mkeys ns2
$SIGNER -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a static key.
-keyfile_to_static_keys $keyname2 > trusted.conf
+keyfile_to_static_ds $keyname2 > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
$SIGNER -P -o $zone $zonefile > /dev/null
# Configure a static key to be used by delv
-keyfile_to_static_keys $ksk > ../ns5/trusted.conf
+keyfile_to_static_ds $ksk > ../ns5/trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a static key.
-keyfile_to_static_keys $keyname > trusted.conf
+keyfile_to_static_ds $keyname > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
cp trusted.conf ../ns4/trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a static key.
-keyfile_to_static_keys $keyname > trusted.conf
+keyfile_to_static_ds $keyname > trusted.conf
cp trusted.conf ../ns2/trusted.conf
cp trusted.conf ../ns3/trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a static key.
-keyfile_to_static_keys "$keyname" > trusted.conf
+keyfile_to_static_ds "$keyname" > trusted.conf
cp trusted.conf ../ns2/trusted.conf
# ...or with an initializing key.
-keyfile_to_initial_keys "$keyname" > managed.conf
+keyfile_to_initial_ds "$keyname" > managed.conf
keyname=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone ".")
-keyfile_to_static_keys "$keyname" > trusted.conf
+keyfile_to_static_ds "$keyname" > trusted.conf
$SIGNER -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a trusted key.
-keyfile_to_static_keys $keyname2 > trusted.conf
+keyfile_to_static_ds $keyname2 > trusted.conf
zone=undelegated
infile=undelegated.db.in
$SIGNER -g -o $zone $zonefile > /dev/null
-keyfile_to_static_keys $keyname2 >> trusted.conf
+keyfile_to_static_ds $keyname2 >> trusted.conf
cp trusted.conf ../ns2/trusted.conf
$SIGNER -P -g -o $zone $zonefile > /dev/null
# Configure the resolving server with a static key.
-keyfile_to_static_keys "$keyname" > trusted.conf
+keyfile_to_static_ds "$keyname" > trusted.conf
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
-keyfile_to_static_keys $keyname2 > private.nsec.conf
+keyfile_to_static_ds $keyname2 > private.nsec.conf
zone=nsec3
infile=nsec3.db.in
$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
-keyfile_to_static_keys $keyname2 > private.nsec3.conf
+keyfile_to_static_ds $keyname2 > private.nsec3.conf
zone=.
infile=root.db.in
$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
echo_i "signed $zone"
-keyfile_to_static_keys $keyname2 > trusted.conf
+keyfile_to_static_ds $keyname2 > trusted.conf
projects / thirdparty / bind9.git / commitdiff
