Add and use keyfile_to_key_id() helper function

When trying to extract the key ID from a key file name, some test code
incorrectly attempts to strip all leading zeros.  This breaks tests when
keys with ID 0 are generated.  Add a new helper shell function,
keyfile_to_key_id(), which properly handles keys with ID 0 and use it in
test code whenever a key ID needs to be extracted from a key file name.

(cherry picked from commit 7d6eaad1bdadf5595ade06430faadb8361bb731a)

diff --git a/bin/tests/system/autosign/tests.sh b/bin/tests/system/autosign/tests.sh
index fd237cd4c998935fdb2450f33445031b099df292..267f1e682989160ba814b1162236e1f2fbb7d2ba 100755 (executable)
--- a/bin/tests/system/autosign/tests.sh
+++ b/bin/tests/system/autosign/tests.sh
@@ -283,7 +283,7 @@ sleep 3
 
 echo_i "checking that expired RRSIGs from missing key are not deleted ($n)"
 ret=0
-missing=`sed 's/^K.*+007+0*\([0-9]\)/\1/' < missingzsk.key`
+missing=`keyfile_to_key_id \`cat missingzsk.key\``
 $JOURNALPRINT ns3/nozsk.example.db.jnl | \
    awk '{if ($1 == "del" && $5 == "RRSIG" && $12 == id) {exit 1}} END {exit 0}' id=$missing || ret=1
 n=`expr $n + 1`
@@ -292,7 +292,7 @@ status=`expr $status + $ret`
 
 echo_i "checking that expired RRSIGs from inactive key are not deleted ($n)"
 ret=0
-inactive=`sed 's/^K.*+007+0*\([0-9]\)/\1/' < inactivezsk.key`
+inactive=`keyfile_to_key_id \`cat inactivezsk.key\``
 $JOURNALPRINT ns3/inaczsk.example.db.jnl | \
    awk '{if ($1 == "del" && $5 == "RRSIG" && $12 == id) {exit 1}} END {exit 0}' id=$inactive || ret=1
 n=`expr $n + 1`
@@ -842,7 +842,7 @@ status=`expr $status + $ret`
 
 echo_i "checking for unpublished key ($n)"
 ret=0
-id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < unpub.key`
+id=`keyfile_to_key_id \`cat unpub.key\``
 $DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -851,7 +851,7 @@ status=`expr $status + $ret`
 
 echo_i "checking for activated but unpublished key ($n)"
 ret=0
-id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < activate-now-publish-1day.key`
+id=`keyfile_to_key_id \`cat activate-now-publish-1day.key\``
 $DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -860,7 +860,7 @@ status=`expr $status + $ret`
 
 echo_i "checking that standby key does not sign records ($n)"
 ret=0
-id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < standby.key`
+id=`keyfile_to_key_id \`cat standby.key\``
 $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -869,7 +869,7 @@ status=`expr $status + $ret`
 
 echo_i "checking that deactivated key does not sign records  ($n)"
 ret=0
-id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < inact.key`
+id=`keyfile_to_key_id \`cat inact.key\``
 $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -878,7 +878,7 @@ status=`expr $status + $ret`
 
 echo_i "checking insertion of public-only key ($n)"
 ret=0
-id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < nopriv.key`
+id=`keyfile_to_key_id \`cat nopriv.key\``
 file="ns1/`cat nopriv.key`.key"
 keydata=`grep DNSKEY $file`
 $NSUPDATE > /dev/null 2>&1 <<END       || status=1
@@ -897,7 +897,7 @@ status=`expr $status + $ret`
 
 echo_i "checking key deletion ($n)"
 ret=0
-id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < del.key`
+id=`keyfile_to_key_id \`cat del.key\``
 $DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -978,9 +978,9 @@ rm -f $file
 echo_i "preparing ZSK roll"
 starttime=`$PERL -e 'print time(), "\n";'`
 oldfile=`cat active.key`
-oldid=`sed 's/^K.+007+0*\([0-9]\)/\1/' < active.key`
+oldid=`keyfile_to_key_id \`cat active.key\``
 newfile=`cat standby.key`
-newid=`sed 's/^K.+007+0*\([0-9]\)/\1/' < standby.key`
+newid=`keyfile_to_key_id \`cat standby.key\``
 $SETTIME -K ns1 -I now+2s -D now+25 $oldfile > /dev/null
 $SETTIME -K ns1 -i 0 -S $oldfile $newfile > /dev/null
 
@@ -1142,7 +1142,7 @@ status=`expr $status + $ret`
 
 echo_i "checking private key file removal caused no immediate harm ($n)"
 ret=0
-id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < vanishing.key`
+id=`keyfile_to_key_id \`cat vanishing.key\``
 $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null || ret=1
 n=`expr $n + 1`

diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 5292e65e7ab992f2f90c64eac40e688bef0c3e9b..ee228485381b0e747c7f816cbc1d163cc62b8822 100644 (file)
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -328,6 +328,15 @@ keyfile_to_managed_keys() {
     keyfile_to_keys_section "managed-keys" "initial-key " $*
 }
 
+# keyfile_to_key_id: convert a key file name to a key ID
+#
+# For a given key file name (e.g. "Kexample.+013+06160") provided as $1,
+# print the key ID with leading zeros stripped ("6160" for the
+# aforementioned example).
+keyfile_to_key_id() {
+       echo "$1" | sed "s/.*+0\{0,4\}//"
+}
+
 # nextpart: read everything that's been appended to a file since the
 # last time 'nextpart' was called.
 nextpart () {

diff --git a/bin/tests/system/conf.sh.win32 b/bin/tests/system/conf.sh.win32
index 5396401bcdd7aea9dee6369470d1105d19419ab9..118830cfd39df6c44ca3f4e5df21e30384d0f299 100644 (file)
--- a/bin/tests/system/conf.sh.win32
+++ b/bin/tests/system/conf.sh.win32
@@ -300,6 +300,15 @@ keyfile_to_managed_keys() {
     keyfile_to_keys_section "managed-keys" "initial-key " $*
 }
 
+# keyfile_to_key_id: convert a key file name to a key ID
+#
+# For a given key file name (e.g. "Kexample.+013+06160") provided as $1,
+# print the key ID with leading zeros stripped ("6160" for the
+# aforementioned example).
+keyfile_to_key_id() {
+       echo "$1" | sed "s/.*+0\{0,4\}//"
+}
+
 # nextpart: read everything that's been appended to a file since the
 # last time 'nextpart' was called.
 nextpart () {

diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh
index 313d098ab923173345960fa0a9a03e922ec6fbea..a6da85767883b67c0b1aa4bd5873f2b6d4d3a7a6 100644 (file)
--- a/bin/tests/system/dnssec/ns1/sign.sh
+++ b/bin/tests/system/dnssec/ns1/sign.sh
@@ -51,4 +51,4 @@ cp managed.conf ../ns4/managed.conf
 #
 #  Save keyid for managed key id test.
 #
-echo "$keyname" | sed -e 's/.*[+]//' -e 's/^0*//' > managed.key.id
+keyfile_to_key_id "$keyname" > managed.key.id

diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh
index b93651aee88eb2f30ffbaad5e17b65d366b33b22..13fb92438e334abd08a2c5a3e927f4a564dc642c 100644 (file)
--- a/bin/tests/system/dnssec/ns2/sign.sh
+++ b/bin/tests/system/dnssec/ns2/sign.sh
@@ -281,8 +281,8 @@ zonefile=${zone}.db
 key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone`
 key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
 # Save key id's for checking active key usage
-echo $key1 | sed -e 's/.*[+]//' -e 's/^0*//' > $zone.ksk.id
-echo $key2 | sed -e 's/.*[+]//' -e 's/^0*//' > $zone.zsk.id
+keyfile_to_key_id "$key1" > $zone.ksk.id
+keyfile_to_key_id "$key2" > $zone.zsk.id
 echo ${key1} > $zone.ksk.key
 echo ${key2} > $zone.zsk.key
 # Add CDS and CDNSKEY records

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index 51dc1178db96af7e65f0815388327e7099719825..d07881d7fe869414fb4e419de3b0c2789689ec8e 100644 (file)
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -1545,9 +1545,9 @@ ret=0
 zone=example
 key1=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a RSASHA1 -b 1024 -n zone $zone`
 key2=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
-keyid2=`echo $key2 | sed 's/^Kexample.+005+0*\([0-9]\)/\1/'`
+keyid2=`keyfile_to_key_id $key2`
 key3=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone`
-keyid3=`echo $key3 | sed 's/^Kexample.+005+0*\([0-9]\)/\1/'`
+keyid3=`keyfile_to_key_id $key3`
 (
 cd signer
 cat example.db.in $key1.key $key2.key > example.db
@@ -3706,7 +3706,7 @@ status=$((status+ret))
 
 # Roll the ZSK.
 zsk2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -K ns2 -n zone $zone`
-echo "$zsk2" | sed -e 's/.*[+]//' -e 's/^0*//' > ns2/$zone.zsk.id2
+keyfile_to_key_id "$zsk2" > ns2/$zone.zsk.id2
 ZSK_ID2=`cat ns2/$zone.zsk.id2`
 
 echo_i "load new ZSK $ZSK_ID2 for $zone ($n)"
@@ -3775,7 +3775,7 @@ mv ns2/$KSK.private.bak ns2/$KSK.private
 
 # Roll the ZSK again.
 zsk3=`$KEYGEN -q  -r $RANDFILE -a RSASHA1 -b 1024 -K ns2 -n zone $zone`
-echo "$zsk3" | sed -e 's/.*[+]//' -e 's/^0*//' > ns2/$zone.zsk.id3
+keyfile_to_key_id "$zsk3" > ns2/$zone.zsk.id3
 ZSK_ID3=`cat ns2/$zone.zsk.id3`
 
 echo_i "load new ZSK $ZSK_ID3 for $zone ($n)"

diff --git a/bin/tests/system/metadata/tests.sh b/bin/tests/system/metadata/tests.sh
index 5eb093801601761429e7b70ad94f570d9136caf6..b60496948b29711aafb7bf4e5d176bdbbc5f627f 100644 (file)
--- a/bin/tests/system/metadata/tests.sh
+++ b/bin/tests/system/metadata/tests.sh
@@ -20,14 +20,14 @@ n=1
 echo_i "setting key timers"
 $SETTIME -A now+15s `cat rolling.key` > /dev/null
 
-inact=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < inact.key`
-ksk=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < ksk.key`
-pending=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < pending.key`
-postrev=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < postrev.key`
-prerev=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < prerev.key`
-rolling=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < rolling.key`
-standby=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < standby.key`
-zsk=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < zsk.key`
+inact=`keyfile_to_key_id \`cat inact.key\``
+ksk=`keyfile_to_key_id \`cat ksk.key\``
+pending=`keyfile_to_key_id \`cat pending.key\``
+postrev=`keyfile_to_key_id \`cat postrev.key\``
+prerev=`keyfile_to_key_id \`cat prerev.key\``
+rolling=`keyfile_to_key_id \`cat rolling.key\``
+standby=`keyfile_to_key_id \`cat standby.key\``
+zsk=`keyfile_to_key_id \`cat zsk.key\``
 
 echo_i "signing zones"
 $SIGNER -Sg -o $czone $cfile > /dev/null 2>&1

diff --git a/bin/tests/system/mkeys/ns1/sign.sh b/bin/tests/system/mkeys/ns1/sign.sh
index e5e7ec05d623b283096d9c5d4842fd0d359aac66..e88da0e36065b99a8838b084fd0e7aff418133c2 100644 (file)
--- a/bin/tests/system/mkeys/ns1/sign.sh
+++ b/bin/tests/system/mkeys/ns1/sign.sh
@@ -37,6 +37,4 @@ cp unsupported.key "${unsupportedkey}.key"
 #
 echo "$keyname" > managed.key
 echo "$zskkeyname" > zone.key
-keyid=`expr $keyname : 'K\.+00.+\([0-9]*\)'`
-keyid=`expr $keyid + 0`
-echo "$keyid" > managed.key.id
+keyfile_to_key_id $keyname > managed.key.id

diff --git a/bin/tests/system/mkeys/tests.sh b/bin/tests/system/mkeys/tests.sh
index eacfd45bcedcce57248c67774d7497d906faa4c4..313a171f42be83b89dad05a4554a9feb7a84c448 100644 (file)
--- a/bin/tests/system/mkeys/tests.sh
+++ b/bin/tests/system/mkeys/tests.sh
@@ -473,7 +473,7 @@ n=`expr $n + 1`
 echo_i "revoke key with bad signature, check revocation is ignored ($n)"
 ret=0
 revoked=`$REVOKE -K ns1 $original`
-rkeyid=`expr $revoked : 'ns1/K\.+00.+0*\([1-9]*[0-9]*[0-9]\)'`
+rkeyid=`keyfile_to_key_id $revoked`
 rm -f ns1/root.db.signed.jnl
 # We need to activate at least one valid DNSKEY to prevent dnssec-signzone from
 # failing.  Alternatively, we could use -P to disable post-sign verification,

diff --git a/bin/tests/system/smartsign/tests.sh b/bin/tests/system/smartsign/tests.sh
index 547f2bfc0bc0821a5f0f7a0f8440dd697dd12be3..bd586ff6c462a589f2fe3c45702e9e10a081450b 100644 (file)
--- a/bin/tests/system/smartsign/tests.sh
+++ b/bin/tests/system/smartsign/tests.sh
@@ -66,19 +66,19 @@ czoneout=`$SIGNER -Sg -e now+1d -X now+2d -r $RANDFILE -o $czone $cfile 2>&1`
 echo_i "signing parent zone"
 pzoneout=`$SIGNER -Sg -r $RANDFILE -o $pzone $pfile 2>&1`
 
-czactive=`echo $czsk1 | sed 's/^K.*+005+0*\([0-9]\)/\1/'`
-czgenerated=`echo $czsk2 | sed 's/^K.*+005+0*\([0-9]\)/\1/'`
-czpublished=`echo $czsk3 | sed 's/^K.*+005+0*\([0-9]\)/\1/'`
-czinactive=`echo $czsk4 | sed 's/^K.*+005+0*\([0-9]\)/\1/'`
-czpredecessor=`echo $czsk5 | sed 's/^K.*+005+0*\([0-9]\)/\1/'`
-czsuccessor=`echo $czsk6 | sed 's/^K.*+005+0*\([0-9]\)/\1/'`
-ckactive=`echo $cksk1 | sed 's/^K.*+005+0*\([0-9]\)/\1/'`
-ckpublished=`echo $cksk2 | sed 's/^K.*+005+0*\([0-9]\)/\1/'`
-ckprerevoke=`echo $cksk3 | sed 's/^K.*+005+0*\([0-9]\)/\1/'`
-ckrevoked=`echo $cksk4 | sed 's/.*+005+0*\([0-9]*\)$/\1/'`
-
-pzid=`echo $pzsk | sed 's/^K.*+005+0*\([0-9]\)/\1/'`
-pkid=`echo $pksk | sed 's/^K.*+005+0*\([0-9]\)/\1/'`
+czactive=`keyfile_to_key_id $czsk1`
+czgenerated=`keyfile_to_key_id $czsk2`
+czpublished=`keyfile_to_key_id $czsk3`
+czinactive=`keyfile_to_key_id $czsk4`
+czpredecessor=`keyfile_to_key_id $czsk5`
+czsuccessor=`keyfile_to_key_id $czsk6`
+ckactive=`keyfile_to_key_id $cksk1`
+ckpublished=`keyfile_to_key_id $cksk2`
+ckprerevoke=`keyfile_to_key_id $cksk3`
+ckrevoked=`keyfile_to_key_id $cksk4`
+
+pzid=`keyfile_to_key_id $pzsk`
+pkid=`keyfile_to_key_id $pksk`
 
 echo_i "checking dnssec-signzone output matches expectations"
 ret=0

diff --git a/bin/tests/system/tkey/ns1/setup.sh b/bin/tests/system/tkey/ns1/setup.sh
index 0fb13d625d8977fed4bfed72f9e45a9df42fdde4..9b1bc451ce48d259c3fdbe938f458bcef1ef1523 100644 (file)
--- a/bin/tests/system/tkey/ns1/setup.sh
+++ b/bin/tests/system/tkey/ns1/setup.sh
@@ -13,6 +13,6 @@ SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
 
 keyname=`$KEYGEN -T KEY -a DH -b 768 -n host -r $RANDFILE server`
-keyid=`echo $keyname | $PERL -p -e 's/^.*\+0{0,4}//;'`
+keyid=`keyfile_to_key_id $keyname`
 rm -f named.conf
 sed -e "s;KEYID;$keyid;" -e "s;RANDFILE;$RANDFILE;" < named.conf.in > named.conf