2902. [func] Add regression test for change 2897. [RT #21040]

diff --git a/CHANGES b/CHANGES
index 7fc042f8bf6645646d2cd397dfc32391b308ab3b..1c4e87b0ca4adc42c4fe39727f6d4826faf7626a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2902.  [func]          Add regression test for change 2897. [RT #21040]
+
 2901.  [port]          Use AC_C_FLEXIBLE_ARRAY_MEMBER. [RT #21316]
 
 2900.  [bug]           The placeholder negative caching element was not

diff --git a/bin/tests/system/autosign/clean.sh b/bin/tests/system/autosign/clean.sh
index 212cda4923668b7e57256df7994847f46f29eee7..f1b26dca42a15cb0208bf092db06f866dc2eb11a 100644 (file)
--- a/bin/tests/system/autosign/clean.sh
+++ b/bin/tests/system/autosign/clean.sh
@@ -14,11 +14,11 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.5 2010/01/18 23:48:39 tbox Exp $
+# $Id: clean.sh,v 1.6 2010/05/19 07:45:38 marka Exp $
 
 rm -f */K* */dsset-* */*.signed */trusted.conf */tmp* */*.jnl */*.bk
 rm -f active.key inact.key del.key unpub.key standby.key rev.key
-rm -f nopriv.key vanishing.key
+rm -f nopriv.key vanishing.key del1.key del2.key
 rm -f nsupdate.out
 rm -f */core
 rm -f */example.bk

diff --git a/bin/tests/system/autosign/ns3/keygen.sh b/bin/tests/system/autosign/ns3/keygen.sh
index 2433fed16883e7177a6d51f1aa158fd8fc78e12f..19e23ab3e46451cb7d219781d403fd2e3ad4b4ff 100644 (file)
--- a/bin/tests/system/autosign/ns3/keygen.sh
+++ b/bin/tests/system/autosign/ns3/keygen.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: keygen.sh,v 1.6 2010/01/18 23:48:40 tbox Exp $
+# $Id: keygen.sh,v 1.7 2010/05/19 07:45:38 marka Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -174,7 +174,8 @@ $KEYGEN -q -a RSASHA512 -b 1024 -r $RANDFILE $zone > /dev/null
 $SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null 2>&1
 
 #
-# secure-to-insecure transition test zone.
+# secure-to-insecure transition test zone; used to test removal of
+# keys via nsupdate
 #
 zone=secure-to-insecure.example
 zonefile="${zone}.db"
@@ -182,3 +183,16 @@ infile="${zonefile}.in"
 ksk=`$KEYGEN -q -r $RANDFILE -fk $zone`
 $KEYGEN -q -r $RANDFILE $zone > /dev/null
 $SIGNER -S -o $zone -f $zonefile $infile > /dev/null 2>&1
+
+#
+# another secure-to-insecure transition test zone; used to test
+# removal of keys on schedule.
+#
+zone=secure-to-insecure2.example
+zonefile="${zone}.db"
+infile="${zonefile}.in"
+ksk=`$KEYGEN -q -3 -r $RANDFILE -fk $zone`
+echo $ksk > ../del1.key
+zsk=`$KEYGEN -q -3 -r $RANDFILE $zone`
+echo $zsk > ../del2.key
+$SIGNER -S -3 beef -o $zone -f $zonefile $infile > /dev/null 2>&1

diff --git a/bin/tests/system/autosign/ns3/named.conf b/bin/tests/system/autosign/ns3/named.conf
index 6b3e9988281c25c5052dd369b8d33a92bbf94a67..a22d475a49a02448d8f61d32a4bfde6b32113e77 100644 (file)
--- a/bin/tests/system/autosign/ns3/named.conf
+++ b/bin/tests/system/autosign/ns3/named.conf
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.5 2010/01/18 23:48:40 tbox Exp $ */
+/* $Id: named.conf,v 1.6 2010/05/19 07:45:38 marka Exp $ */
 
 // NS3
 
@@ -163,6 +163,14 @@ zone "secure-to-insecure.example" {
        dnssec-secure-to-insecure yes;
 };
 
+zone "secure-to-insecure2.example" {
+       type master;
+       file "secure-to-insecure2.example.db";
+       allow-update { any; };
+        auto-dnssec maintain;
+       dnssec-secure-to-insecure yes;
+};
+
 zone "oldsigs.example" {
        type master;
        file "oldsigs.example.db";

diff --git a/bin/tests/system/autosign/ns3/secure-to-insecure2.example.db.in b/bin/tests/system/autosign/ns3/secure-to-insecure2.example.db.in
new file mode 100644 (file)
index 0000000..01608e1
--- /dev/null
+++ b/bin/tests/system/autosign/ns3/secure-to-insecure2.example.db.in
@@ -0,0 +1,31 @@
+; Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: secure-to-insecure2.example.db.in,v 1.2 2010/05/19 07:45:38 marka Exp $
+
+$TTL 300       ; 5 minutes
+@                      IN SOA  mname1. . (
+                               2000042407 ; serial
+                               20         ; refresh (20 seconds)
+                               20         ; retry (20 seconds)
+                               1814400    ; expire (3 weeks)
+                               3600       ; minimum (1 hour)
+                               )
+                       NS      ns
+ns                     A       10.53.0.3
+
+a                      A       10.0.0.1
+b                      A       10.0.0.2
+d                      A       10.0.0.4
+z                      A       10.0.0.26

diff --git a/bin/tests/system/autosign/tests.sh b/bin/tests/system/autosign/tests.sh
index c611c8725c1e945619453e9727aab67a315333e6..7ec220276a4b4866e2d3d6604f897a239e866ef2 100644 (file)
--- a/bin/tests/system/autosign/tests.sh
+++ b/bin/tests/system/autosign/tests.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.8 2010/05/14 04:38:52 marka Exp $
+# $Id: tests.sh,v 1.9 2010/05/19 07:45:38 marka Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -614,7 +614,7 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
-echo "I:checking secure-to-insecure transition ($n)"
+echo "I:checking secure-to-insecure transition, nsupdate ($n)"
 $NSUPDATE > /dev/null 2>&1 <<END       || status=1
 server 10.53.0.3 5300
 zone secure-to-insecure.example
@@ -629,6 +629,20 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking secure-to-insecure transition, scheduled ($n)"
+file="ns3/`cat del1.key`.key"
+$SETTIME -I now -D now $file > /dev/null
+file="ns3/`cat del2.key`.key"
+$SETTIME -I now -D now $file > /dev/null
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sign secure-to-insecure2.example. 2>&1 | sed 's/^/I:ns3 /'
+sleep 2
+$DIG $DIGOPTS axfr secure-to-insecure2.example @10.53.0.3 > dig.out.ns3.test$n || ret=1
+egrep 'RRSIG.*'" $newid "'\. ' dig.out.ns3.test$n > /dev/null && ret=1
+egrep '(DNSKEY|NSEC3)' dig.out.ns3.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:preparing to test key change corner cases"
 echo "I:removing a private key file"
 file="ns1/`cat vanishing.key`.private"