mkeys: use $DEFAULT_ALGORITHM

(cherry picked from commit 78fa0829994fc2979fddb4617630739fc8784841)

diff --git a/bin/tests/system/mkeys/ns1/sign.sh b/bin/tests/system/mkeys/ns1/sign.sh
index 42ec7efb315e6317d4df1b847421678cb6b7e136..2dc7e45bcd9df3b5003cad5204114b6e2ffa8da5 100644 (file)
--- a/bin/tests/system/mkeys/ns1/sign.sh
+++ b/bin/tests/system/mkeys/ns1/sign.sh
@@ -15,8 +15,8 @@ SYSTEMTESTTOP=../..
 zone=.
 zonefile=root.db
 
-keyname=`$KEYGEN -qfk -r $RANDFILE $zone`
-zskkeyname=`$KEYGEN -q -r $RANDFILE $zone`
+keyname=`$KEYGEN -a ${DEFAULT_ALGORITHM} -b $DEFAULT_BITS -qfk -r $RANDFILE $zone`
+zskkeyname=`$KEYGEN -a ${DEFAULT_ALGORITHM} -b $DEFAULT_BITS -q -r $RANDFILE $zone`
 
 $SIGNER -Sg -r $RANDFILE -o $zone $zonefile > /dev/null 2>/dev/null
 

diff --git a/bin/tests/system/mkeys/ns6/setup.sh b/bin/tests/system/mkeys/ns6/setup.sh
index 716d0989c848bbbc8436c0bc567b6ac4f2b303dc..1553bb43a27edbf2e819aabd683c1a8696c22809 100644 (file)
--- a/bin/tests/system/mkeys/ns6/setup.sh
+++ b/bin/tests/system/mkeys/ns6/setup.sh
@@ -15,8 +15,8 @@ SYSTEMTESTTOP=../..
 zone=.
 zonefile=root.db
 
-# an RSA key
-rsakey=`$KEYGEN -a rsasha256 -b 2048 -r $RANDFILE -qfk rsasha256.`
+# a key for a trust island
+islandkey=$($KEYGEN -a ${DEFAULT_ALGORITHM} -b $DEFAULT_BITS -r $RANDFILE -qfk island.)
 
 # a key with unsupported algorithm
 unsupportedkey=Kunknown.+255+00000
@@ -27,4 +27,4 @@ rootkey=`cat ../ns1/managed.key`
 cp "../ns1/${rootkey}.key" .
 
 # Configure the resolving server with a managed trusted key.
-keyfile_to_managed_keys $unsupportedkey $rsakey $rootkey > managed.conf
+keyfile_to_managed_keys $unsupportedkey $islandkey $rootkey > managed.conf

diff --git a/bin/tests/system/mkeys/tests.sh b/bin/tests/system/mkeys/tests.sh
index 0e7a96e238ba9abcd0d649e51ed1dd996a592e1e..d5a79a65b5a0146f8f7732d68caec9f18690029e 100644 (file)
--- a/bin/tests/system/mkeys/tests.sh
+++ b/bin/tests/system/mkeys/tests.sh
@@ -142,7 +142,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "check new trust anchor can be added ($n)"
 ret=0
-standby1=`$KEYGEN -qfk -r $RANDFILE -K ns1 .`
+standby1=`$KEYGEN -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -qfk -r $RANDFILE -K ns1 .`
 mkeys_loadkeys_on 1 || ret=1
 mkeys_refresh_on 2 || ret=1
 mkeys_status_on 2 > rndc.out.$n 2>&1 || ret=1
@@ -334,7 +334,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "revoke original key, add new standby ($n)"
 ret=0
-standby2=`$KEYGEN -qfk -r $RANDFILE -K ns1 .`
+standby2=`$KEYGEN -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -qfk -r $RANDFILE -K ns1 .`
 $SETTIME -R now -K ns1 "$original" > /dev/null
 mkeys_loadkeys_on 1 || ret=1
 mkeys_refresh_on 2 || ret=1
@@ -366,7 +366,7 @@ status=`expr $status + $ret`
 n=`expr $n + 1`
 echo_i "revoke standby before it is trusted ($n)"
 ret=0
-standby3=`$KEYGEN -qfk -r $RANDFILE -K ns1 .`
+standby3=`$KEYGEN -a ${DEFAULT_ALGORITHM} -b ${DEFAULT_BITS} -qfk -r $RANDFILE -K ns1 .`
 mkeys_loadkeys_on 1 || ret=1
 mkeys_refresh_on 2 || ret=1
 mkeys_status_on 2 > rndc.out.1.$n 2>&1 || ret=1
@@ -665,7 +665,7 @@ ret=0
 # compare against the known key.
 tathex=`grep "query '_ta-[0-9a-f][0-9a-f]*/NULL/IN' approved" ns1/named.run | awk '{print $6; exit 0}' | sed -e 's/(_ta-\([0-9a-f][0-9a-f]*\)):/\1/'`
 tatkey=`$PERL -e 'printf("%d\n", hex(@ARGV[0]));' "$tathex"`
-realkey=`rndccmd 10.53.0.2 secroots - | sed -n 's#.*SHA1/\([0-9][0-9]*\) ; .*managed.*#\1#p'`
+realkey=`rndccmd 10.53.0.2 secroots - | sed -n "s#.*${DEFAULT_ALGORITHM}/\([0-9][0-9]*\) ; .*managed.*#\1#p"`
 [ "$tatkey" -eq "$realkey" ] || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
@@ -740,7 +740,7 @@ n=`expr $n + 1`
 echo_i "skipping unsupported algorithm in managed-keys ($n)"
 ret=0
 mkeys_status_on 6 > rndc.out.$n 2>&1 || ret=1
-# there should still be only two keys listed (for . and rsasha256.)
+# there should still be only two keys listed (for . and island.)
 count=`grep -c "keyid: " rndc.out.$n`
 [ "$count" -eq 2 ] || ret=1
 # two lines indicating trust status
@@ -767,7 +767,7 @@ ret=0
 mkeys_reload_on 1 || ret=1
 mkeys_refresh_on 6 || ret=1
 mkeys_status_on 6 > rndc.out.$n 2>&1 || ret=1
-# there should still be only two keys listed (for . and rsasha256.)
+# there should still be only two keys listed (for . and island.)
 count=`grep -c "keyid: " rndc.out.$n`
 [ "$count" -eq 2 ] || ret=1
 # two lines indicating trust status