Similar to rollover-going-insecure.
--- /dev/null
+../rollover/ns1
\ No newline at end of file
--- /dev/null
+../rollover/ns2
\ No newline at end of file
--- /dev/null
+../../rollover-going-insecure/ns3/kasp.conf
\ No newline at end of file
+++ /dev/null
-../../rollover-going-insecure/ns3/kasp.conf.j2
\ No newline at end of file
+++ /dev/null
-../../rollover/ns3/template.db.in
\ No newline at end of file
--- /dev/null
+../../rollover/ns3/template.db.j2.manual
\ No newline at end of file
--- /dev/null
+../../_common/trusted.conf.j2
\ No newline at end of file
+++ /dev/null
-#!/bin/sh -e
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-# shellcheck source=conf.sh
-. ../conf.sh
-
-cd "ns3"
-
-setup() {
- zone="$1"
- echo_i "setting up zone: $zone"
- zonefile="${zone}.db"
- infile="${zone}.db.infile"
-}
-
-# Make lines shorter by storing key states in environment variables.
-H="HIDDEN"
-R="RUMOURED"
-O="OMNIPRESENT"
-U="UNRETENTIVE"
-
-# These zones are going straight to "none" policy. This is undefined behavior.
-T="now-10d"
-S="now-12955mi"
-csktimes="-P $T -A $T -P sync $S"
-
-setup going-straight-to-none.kasp
-echo "$zone" >>zones
-CSK=$($KEYGEN -k default $csktimes $zone 2>keygen.out.$zone.1)
-$SETTIME -s -g $O -k $O $TactN -z $O $TactN -r $O $TactN -d $O $TactN "$CSK" >settime.out.$zone.1 2>&1
-cat template.db.in "${CSK}.key" >"$infile"
-private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >>"$infile"
-cp $infile $zonefile
-$SIGNER -S -z -x -s now-1h -e now+2w -o $zone -O raw -f "${zonefile}.signed" $infile >signer.out.$zone.1 2>&1
-
-setup going-straight-to-none-dynamic.kasp
-echo "$zone" >>zones
-CSK=$($KEYGEN -k default $csktimes $zone 2>keygen.out.$zone.1)
-$SETTIME -s -g $O -k $O $TactN -z $O $TactN -r $O $TactN -d $O $TactN "$CSK" >settime.out.$zone.1 2>&1
-cat template.db.in "${CSK}.key" >"$infile"
-private_type_record $zone $DEFAULT_ALGORITHM_NUMBER "$CSK" >>"$infile"
-cp $infile $zonefile
-$SIGNER -S -z -x -s now-1h -e now+2w -o $zone -O full -f "${zonefile}.signed" $infile >signer.out.$zone.1 2>&1
DURATION,
DEFAULT_CONFIG,
)
+from rollover.setup import (
+ configure_root,
+ configure_tld,
+ configure_straight2none,
+)
+
+
+def bootstrap():
+ data = {
+ "tlds": [],
+ "trust_anchors": [],
+ }
+
+ tlds = []
+ tld_name = "kasp"
+ delegations = configure_straight2none(tld_name)
+ tld = configure_tld(tld_name, delegations)
+ tlds.append(tld)
+ data["tlds"].append(tld_name)
+ ta = configure_root(tlds)
+ data["trust_anchors"].append(ta)
+ return data
@pytest.mark.parametrize(
DURATION,
DEFAULT_CONFIG,
)
+from rollover.setup import (
+ configure_root,
+ configure_tld,
+ configure_straight2none,
+)
+
+
+def bootstrap():
+ data = {
+ "tlds": [],
+ "trust_anchors": [],
+ }
+
+ tlds = []
+ tld_name = "kasp"
+ delegations = configure_straight2none(tld_name)
+ tld = configure_tld(tld_name, delegations)
+ tlds.append(tld)
+ data["tlds"].append(tld_name)
+ ta = configure_root(tlds)
+ data["trust_anchors"].append(ta)
+ return data
@pytest.fixture(scope="module", autouse=True)
return zones
+def configure_straight2none(tld: str) -> List[Zone]:
+ # These zones are going straight to "none" policy. This is undefined behavior.
+ zones = []
+ keygen = CmdHelper("KEYGEN", "-k default")
+ settime = CmdHelper("SETTIME", "-s")
+
+ TpubN = "now-10d"
+ TsbmN = "now-12955mi"
+ keytimes = f"-P {TpubN} -A {TpubN} -P sync {TsbmN}"
+
+ zonename = f"going-straight-to-none.{tld}"
+ zones.append(Zone(zonename, f"{zonename}.db", Nameserver("ns3", "10.53.0.3")))
+ isctest.log.info(f"setup {zonename}")
+ # Key generation.
+ csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
+ settime(
+ f"-g OMNIPRESENT -k OMNIPRESENT {TpubN} -r OMNIPRESENT {TpubN} -z OMNIPRESENT {TpubN} -d OMNIPRESENT {TpubN} {csk_name}",
+ cwd="ns3",
+ )
+ # Signing.
+ render_and_sign_zone(zonename, [csk_name], extra_options="-z")
+
+ zonename = f"going-straight-to-none-dynamic.{tld}"
+ zones.append(
+ Zone(zonename, f"{zonename}.db.signed", Nameserver("ns3", "10.53.0.3"))
+ )
+ isctest.log.info(f"setup {zonename}")
+ # Key generation.
+ csk_name = keygen(f"-f KSK {keytimes} {zonename}", cwd="ns3").strip()
+ settime(
+ f"-g OMNIPRESENT -k OMNIPRESENT {TpubN} -r OMNIPRESENT {TpubN} -z OMNIPRESENT {TpubN} -d OMNIPRESENT {TpubN} {csk_name}",
+ cwd="ns3",
+ )
+ # Signing.
+ render_and_sign_zone(zonename, [csk_name], extra_options="-z -O full")
+
+ return zones
+
+
def configure_ksk_doubleksk(tld: str) -> List[Zone]:
# The zones at ksk-doubleksk.$tld represent the various steps of a KSK
# Double-KSK rollover.
projects / thirdparty / bind9.git / commitdiff
