From: Ondřej Surý Date: Thu, 7 Nov 2019 08:35:34 +0000 (+0100) Subject: Replace bash array with concatenated evaluated shell variables X-Git-Tag: v9.15.6~24^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a9de38eb68e0ac17ff4572959741982388cee6f;p=thirdparty%2Fbind9.git Replace bash array with concatenated evaluated shell variables --- diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh index 5fa2178e995..e577b5699ad 100644 --- a/bin/tests/system/kasp/tests.sh +++ b/bin/tests/system/kasp/tests.sh @@ -32,51 +32,65 @@ SHA256="R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY=" ############################################################################### # Key properties # ############################################################################### -ID=0 -EXPECT=1 -ROLE=2 -KSK=3 -ZSK=4 -LIFETIME=5 -ALG_NUM=6 -ALG_STR=7 -ALG_LEN=8 -PUBLISHED=9 -ACTIVE=10 -RETIRED=11 -REVOKED=12 -REMOVED=13 -GOAL=14 -STATE_DNSKEY=15 -STATE_ZRRSIG=16 -STATE_KRRSIG=17 -STATE_DS=18 -EXPECT_ZRRSIG=19 -EXPECT_KRRSIG=20 +# ID=0 +# EXPECT=1 +# ROLE=2 +# KSK=3 +# ZSK=4 +# LIFETIME=5 +# ALG_NUM=6 +# ALG_STR=7 +# ALG_LEN=8 +# PUBLISHED=9 +# ACTIVE=10 +# RETIRED=11 +# REVOKED=12 +# REMOVED=13 +# GOAL=14 +# STATE_DNSKEY=15 +# STATE_ZRRSIG=16 +# STATE_KRRSIG=17 +# STATE_DS=18 +# EXPECT_ZRRSIG=19 +# EXPECT_KRRSIG=20 + +key_key() { + echo "${1}__${2}" +} + +key_get() { + eval "echo \${$(key_key "$1" "$2")}" +} + +key_set() { + eval "$(key_key "$1" "$2")='$3'" +} # Clear key state. # # This will update either the KEY1, KEY2, or KEY3 array. key_clear() { - _key=( [$ID]="no" [$EXPECT]="no" \ - [$ROLE]="none" [$KSK]="no" [$ZSK]="no" \ - [$LIFETIME]="0" [$ALG_NUM]="0" \ - [$ALG_STR]="none" [$ALG_LEN]="0" \ - [$PUBLISHED]="none" [$ACTIVE]="none" \ - [$RETIRED]="none" [$REVOKED]="none" \ - [$REMOVED]="none" \ - [$GOAL]="none" [$STATE_DNSKEY]="none" \ - [$STATE_KRRSIG]="none" [$STATE_ZRRSIG]="none" \ - [$STATE_DS]="none" \ - [$EXPECT_ZRRSIG]="no" [$EXPECT_KRRSIG]="no") - - if [ $1 == "KEY1" ]; then - KEY1=(${_key[*]}) - elif [ $1 == "KEY2" ]; then - KEY2=(${_key[*]}) - elif [ $1 == "KEY3" ]; then - KEY3=(${_key[*]}) - fi + key_set "$1" "ID" 'no' + key_set "$1" "EXPECT" 'no' + key_set "$1" "ROLE" 'none' + key_set "$1" "KSK" 'no' + key_set "$1" "ZSK" 'no' + key_set "$1" "LIFETIME" '0' + key_set "$1" "ALG_NUM" '0' + key_set "$1" "ALG_STR" 'none' + key_set "$1" "ALG_LEN" '0' + key_set "$1" "PUBLISHED" 'none' + key_set "$1" "ACTIVE" 'none' + key_set "$1" "RETIRED" 'none' + key_set "$1" "REVOKED" 'none' + key_set "$1" "REMOVED" 'none' + key_set "$1" "GOAL" 'none' + key_set "$1" "STATE_DNSKEY" 'none' + key_set "$1" "STATE_KRRSIG" 'none' + key_set "$1" "STATE_ZRRSIG" 'none' + key_set "$1" "STATE_DS" 'none' + key_set "$1" "EXPECT_ZRRSIG" 'no' + key_set "$1" "EXPECT_KRRSIG" 'no' } # Start clear. @@ -164,52 +178,20 @@ zone_properties() { # # This will update either the KEY1, KEY2 or KEY3 array. key_properties() { - if [ $1 == "KEY1" ]; then - KEY1[$EXPECT]="yes" - KEY1[$ROLE]=$2 - KEY1[$KSK]="no" - KEY1[$ZSK]="no" - test $2 == "ksk" && KEY1[$KSK]="yes" - test $2 == "zsk" && KEY1[$ZSK]="yes" - test $2 == "csk" && KEY1[$KSK]="yes" - test $2 == "csk" && KEY1[$ZSK]="yes" - KEY1[$LIFETIME]=$3 - KEY1[$ALG_NUM]=$4 - KEY1[$ALG_STR]=$5 - KEY1[$ALG_LEN]=$6 - KEY1[$EXPECT_ZRRSIG]=$7 - KEY1[$EXPECT_KRRSIG]=$8 - elif [ $1 == "KEY2" ]; then - KEY2[$EXPECT]="yes" - KEY2[$ROLE]=$2 - KEY2[$KSK]="no" - KEY2[$ZSK]="no" - test $2 == "ksk" && KEY2[$KSK]="yes" - test $2 == "zsk" && KEY2[$ZSK]="yes" - test $2 == "csk" && KEY2[$KSK]="yes" - test $2 == "csk" && KEY2[$ZSK]="yes" - KEY2[$LIFETIME]=$3 - KEY2[$ALG_NUM]=$4 - KEY2[$ALG_STR]=$5 - KEY2[$ALG_LEN]=$6 - KEY2[$EXPECT_ZRRSIG]=$7 - KEY2[$EXPECT_KRRSIG]=$8 - elif [ $1 == "KEY3" ]; then - KEY3[$EXPECT]="yes" - KEY3[$ROLE]=$2 - KEY3[$KSK]="no" - KEY3[$ZSK]="no" - test $2 == "ksk" && KEY3[$KSK]="yes" - test $2 == "zsk" && KEY3[$ZSK]="yes" - test $2 == "csk" && KEY3[$KSK]="yes" - test $2 == "csk" && KEY3[$ZSK]="yes" - KEY3[$LIFETIME]=$3 - KEY3[$ALG_NUM]=$4 - KEY3[$ALG_STR]=$5 - KEY3[$ALG_LEN]=$6 - KEY3[$EXPECT_ZRRSIG]=$7 - KEY3[$EXPECT_KRRSIG]=$8 - fi + key_set "$1" "EXPECT" "yes" + key_set "$1" "ROLE" "$2" + key_set "$1" "KSK" "no" + key_set "$1" "ZSK" "no" + test $2 == "ksk" && key_set "$1" "KSK" "yes" + test $2 == "zsk" && key_set "$1" "ZSK" "yes" + test $2 == "csk" && key_set "$1" "KSK" "yes" + test $2 == "csk" && key_set "$1" "ZSK" "yes" + key_set "$1" "LIFETIME" "$3" + key_set "$1" "ALG_NUM" "$4" + key_set "$1" "ALG_STR" "$5" + key_set "$1" "ALG_LEN" "$6" + key_set "$1" "EXPECT_ZRRSIG" "$7" + key_set "$1" "EXPECT_KRRSIG" "$8" } # Set key timing metadata. Set to "none" to unset. @@ -224,28 +206,12 @@ key_properties() { # # This will update either the KEY1, KEY2 or KEY3 array. key_timings() { - if [ $1 == "KEY1" ]; then - KEY1[$EXPECT]="yes" - KEY1[$PUBLISHED]=$2 - KEY1[$ACTIVE]=$3 - KEY1[$RETIRED]=$4 - KEY1[$REVOKED]=$5 - KEY1[$REMOVED]=$6 - elif [ $1 == "KEY2" ]; then - KEY2[$EXPECT]="yes" - KEY2[$PUBLISHED]=$2 - KEY2[$ACTIVE]=$3 - KEY2[$RETIRED]=$4 - KEY2[$REVOKED]=$5 - KEY2[$REMOVED]=$6 - elif [ $1 == "KEY3" ]; then - KEY3[$EXPECT]="yes" - KEY3[$PUBLISHED]=$2 - KEY3[$ACTIVE]=$3 - KEY3[$RETIRED]=$4 - KEY3[$REVOKED]=$5 - KEY3[$REMOVED]=$6 - fi + key_set "$1" "EXPECT" "yes" + key_set "$1" "PUBLISHED" "$2" + key_set "$1" "ACTIVE" "$3" + key_set "$1" "RETIRED" "$4" + key_set "$1" "REVOKED" "$5" + key_set "$1" "REMOVED" "$6" } # Set key state metadata. Set to "none" to unset. @@ -258,28 +224,12 @@ key_timings() { # # This will update either the KEY1, KEY2, OR KEY3 array. key_states() { - if [ $1 == "KEY1" ]; then - KEY1[$EXPECT]="yes" - KEY1[$GOAL]=$2 - KEY1[$STATE_DNSKEY]=$3 - KEY1[$STATE_ZRRSIG]=$4 - KEY1[$STATE_KRRSIG]=$5 - KEY1[$STATE_DS]=$6 - elif [ $1 == "KEY2" ]; then - KEY2[$EXPECT]="yes" - KEY2[$GOAL]=$2 - KEY2[$STATE_DNSKEY]=$3 - KEY2[$STATE_ZRRSIG]=$4 - KEY2[$STATE_KRRSIG]=$5 - KEY2[$STATE_DS]=$6 - elif [ $1 == "KEY3" ]; then - KEY3[$EXPECT]="yes" - KEY3[$GOAL]=$2 - KEY3[$STATE_DNSKEY]=$3 - KEY3[$STATE_ZRRSIG]=$4 - KEY3[$STATE_KRRSIG]=$5 - KEY3[$STATE_DS]=$6 - fi + key_set "$1" "EXPECT" "yes" + key_set "$1" "GOAL" "$2" + key_set "$1" "STATE_DNSKEY" "$3" + key_set "$1" "STATE_ZRRSIG" "$4" + key_set "$1" "STATE_KRRSIG" "$5" + key_set "$1" "STATE_DS" "$6" } # Check the key $1 with id $2. @@ -293,37 +243,29 @@ key_states() { # STATE_FILE="${BASE_FILE}.state" # KEY_ID=$(echo $1 | sed 's/^0*//') check_key() { - if [ $1 == "KEY1" ]; then - _key=(${KEY1[*]}) - elif [ $1 == "KEY2" ]; then - _key=(${KEY2[*]}) - elif [ $1 == "KEY3" ]; then - _key=(${KEY3[*]}) - fi - - _dir=$DIR - _zone=$ZONE - _role="${_key[$ROLE]}" + _dir="$DIR" + _zone="$ZONE" + _role=$(key_get "$1" ROLE) _key_idpad=$2 _key_id=$(echo $_key_idpad | sed 's/^0*//') - _alg_num="${_key[$ALG_NUM]}" - _alg_numpad=$(printf "%03d" $_alg_num) - _alg_string="${_key[$ALG_STR]}" - _length="${_key[$ALG_LEN]}" - _dnskey_ttl=$DNSKEY_TTL - _lifetime="${_key[$LIFETIME]}" - - _published="${_key[$PUBLISHED]}" - _active="${_key[$ACTIVE]}" - _retired="${_key[$RETIRED]}" - _revoked="${_key[$REVOKED]}" - _removed="${_key[$REMOVED]}" - - _goal="${_key[$GOAL]}" - _state_dnskey="${_key[$STATE_DNSKEY]}" - _state_zrrsig="${_key[$STATE_ZRRSIG]}" - _state_krrsig="${_key[$STATE_KRRSIG]}" - _state_ds="${_key[$STATE_DS]}" + _alg_num=$(key_get "$1" ALG_NUM) + _alg_numpad=$(printf "%03d" $_alg_num) + _alg_string=$(key_get "$1" ALG_STR) + _length=$(key_get "$1" "ALG_LEN") + _dnskey_ttl="$DNSKEY_TTL" + _lifetime=$(key_get "$1" LIFETIME) + + _published=$(key_get "$1" PUBLISHED) + _active=$(key_get "$1" ACTIVE) + _retired=$(key_get "$1" RETIRED) + _revoked=$(key_get "$1" REVOKED) + _removed=$(key_get "$1" REMOVED) + + _goal=$(key_get "$1" GOAL) + _state_dnskey=$(key_get "$1" STATE_DNSKEY) + _state_zrrsig=$(key_get "$1" STATE_ZRRSIG) + _state_krrsig=$(key_get "$1" STATE_KRRSIG) + _state_ds=$(key_get "$1" STATE_DS) _ksk="no" _zsk="no" @@ -474,7 +416,7 @@ key_unused() { _zone=$ZONE _key_idpad=$1 _key_id=$(echo $_key_idpad | sed 's/^0*//') - _alg_num="${KEY1[$ALG_NUM]}" + _alg_num=$(key_get KEY1 ALG_NUM) _alg_numpad=$(printf "%03d" $_alg_num) BASE_FILE="${_dir}/K${_zone}.+${_alg_numpad}+${_key_idpad}" @@ -536,7 +478,7 @@ _log=0 key_properties "KEY1" "csk" "31536000" "13" "ECDSAP256SHA256" "256" "yes" "yes" key_timings "KEY1" "none" "none" "none" "none" "none" key_states "KEY1" "none" "none" "none" "none" "none" -id=$(get_keyids $DIR $ZONE "${KEY1[$ALG_NUM]}") +id=$(get_keyids $DIR $ZONE $(key_get KEY1 ALG_NUM)) check_key "KEY1" $id test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -553,7 +495,7 @@ key_properties "KEY3" "zsk" "16070400" "8" "RSASHA256" "2000" "yes" "no" key_timings "KEY3" "none" "none" "none" "none" "none" key_states "KEY3" "none" "none" "none" "none" "none" -ids=$(get_keyids $DIR $ZONE "${KEY1[$ALG_NUM]}") +ids=$(get_keyids $DIR $ZONE $(key_get KEY1 ALG_NUM)) for id in $ids; do # There are three key files with the same algorithm. # Check them until a match is found. @@ -581,7 +523,7 @@ key_states "KEY1" "none" "none" "none" "none" "none" $KEYGEN -k $POLICY $ZONE > keygen.out.$POLICY.test$n 2>/dev/null || ret=1 lines=$(cat keygen.out.default.test$n | wc -l) test "$lines" -eq 1 || log_error "wrong number of keys created for policy default: $lines" -id=$(get_keyids $DIR $ZONE "${KEY1[$ALG_NUM]}") +id=$(get_keyids $DIR $ZONE $(key_get KEY1 ALG_NUM)) check_key "KEY1" $id test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -596,7 +538,7 @@ key_states "KEY1" "none" "none" "none" "none" "none" $KEYGEN -k $POLICY $ZONE > keygen.out.$POLICY.test$n 2>/dev/null || ret=1 lines=$(cat keygen.out.$POLICY.test$n | wc -l) test "$lines" -eq 1 || log_error "wrong number of keys created for policy default: $lines" -id=$(get_keyids $DIR $ZONE "${KEY1[$ALG_NUM]}") +id=$(get_keyids $DIR $ZONE $(key_get KEY1 ALG_NUM)) check_key "KEY1" $id test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -699,7 +641,7 @@ key_states "KEY1" "omnipresent" "rumoured" "rumoured" "rumoured" "hidden" n=$((n+1)) echo_i "check key is created for zone ${ZONE} ($n)" ret=0 -id=$(get_keyids $DIR $ZONE "${KEY1[$ALG_NUM]}") +id=$(get_keyids $DIR $ZONE $(key_get KEY1 ALG_NUM)) check_key "KEY1" $id test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -714,7 +656,7 @@ echo_i "check ${qtype} rrset is signed correctly for zone ${ZONE} ($n)" ret=0 dig_with_opts $ZONE @${SERVER} $qtype > dig.out.$DIR.test$n || log_error "dig ${ZONE} ${qtype} failed" grep "status: NOERROR" dig.out.$DIR.test$n > /dev/null || log_error "mismatch status in DNS response" -grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${qtype}.*257.*.3.*${KEY1[$ALG_NUM]}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${qtype} record in response" +grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${qtype}.*257.*.3.*${KEY1__ALG_NUM}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${qtype} record in response" lines=$(get_keys_which_signed $qtype dig.out.$DIR.test$n | wc -l) test "$lines" -eq 1 || log_error "bad number ($lines) of RRSIG records in DNS response" get_keys_which_signed $qtype dig.out.$DIR.test$n | grep "^${KEY_ID}$" > /dev/null || log_error "${qtype} RRset not signed with key ${KEY_ID}" @@ -804,7 +746,7 @@ check_keys() echo_i "check keys are created for zone ${ZONE} ($n)" ret=0 - _key_algnum="${KEY1[$ALG_NUM]}" + _key_algnum=$(key_get KEY1 ALG_NUM) n=$((n+1)) echo_i "check number of keys with algorithm ${_key_algnum} for zone ${ZONE} in dir ${DIR} ($n)" @@ -818,9 +760,9 @@ check_keys() _log=0 # Clear key ids. - KEY1[$ID]="0" - KEY2[$ID]="0" - KEY3[$ID]="0" + key_set KEY1 ID 0 + key_set KEY2 ID 0 + key_set KEY3 ID 0 # Check key files. _ids=$(get_keyids $DIR $ZONE "$_key_algnum") @@ -829,20 +771,20 @@ check_keys() # Check them until a match is found. echo_i "check key $_id" - if [ "0" == "${KEY1[$ID]}" ] && [ "${KEY1[$EXPECT]}" == "yes" ]; then + if [ "0" == "$(key_get KEY1 ID)" ] && [ "$(key_get KEY1 EXPECT)" == "yes" ]; then ret=0 check_key "KEY1" $_id - test "$ret" -eq 0 && KEY1[$ID]=$KEY_ID && continue + test "$ret" -eq 0 && key_set "$1" "ID" "$KEY_ID" && continue fi - if [ "0" == "${KEY2[$ID]}" ] && [ "${KEY2[$EXPECT]}" == "yes" ]; then + if [ "0" == "$(key_get KEY2 ID)" ] && [ "$(key_get KEY2 EXPECT)" == "yes" ]; then ret=0 check_key "KEY2" $_id - test "$ret" -eq 0 && KEY2[$ID]=$KEY_ID && continue + test "$ret" -eq 0 && key_set KEY2 "ID" "$KEY_ID" && continue fi - if [ "0" == "${KEY3[$ID]}" ] && [ "${KEY3[$EXPECT]}" == "yes" ]; then + if [ "0" == "$(key_get KEY3 ID)" ] && [ "$(key_get KEY3 EXPECT)" == "yes" ]; then ret=0 check_key "KEY3" $_id - test "$ret" -eq 0 && KEY3[$ID]=$KEY_ID && continue + test "$ret" -eq 0 && key_set KEY3 ID "$KEY_ID" && continue fi # This may be an unused key. @@ -858,14 +800,14 @@ check_keys() _log=1 ret=0 - if [ "${KEY1[$EXPECT]}" == "yes" ]; then - test "0" == "${KEY1[$ID]}" && log_error "No KEY1 found for zone ${ZONE}" + if [ "$(key_get KEY1 EXPECT)" == "yes" ]; then + test "0" == "$(key_get KEY1 ID)" && log_error "No KEY1 found for zone ${ZONE}" fi - if [ "${KEY2[$EXPECT]}" == "yes" ]; then - test "0" == "${KEY2[$ID]}" && log_error "No KEY2 found for zone ${ZONE}" + if [ "$(key_get KEY2 EXPECT)" == "yes" ]; then + test "0" == "$(key_get KEY2 ID)" && log_error "No KEY2 found for zone ${ZONE}" fi - if [ "${KEY3[$EXPECT]}" == "yes" ]; then - test "0" == "${KEY3[$ID]}" && log_error "No KEY3 found for zone ${ZONE}" + if [ "$(key_get KEY3 EXPECT)" == "yes" ]; then + test "0" == "$(key_get KEY3 ID)" && log_error "No KEY3 found for zone ${ZONE}" fi test "$ret" -eq 0 || echo_i "failed" status=$((status+ret)) @@ -884,22 +826,22 @@ check_signatures() { _expect_type=$EXPECT_ZRRSIG fi - if [ "${KEY1[$_expect_type]}" == "yes" ] && [ "${KEY1[$_role]}" == "yes" ]; then - get_keys_which_signed $_qtype $_file | grep "^${KEY1[$ID]}$" > /dev/null || log_error "${_qtype} RRset not signed with key ${KEY1[$ID]}" - elif [ "${KEY1[$EXPECT]}" == "yes" ]; then - get_keys_which_signed $_qtype $_file | grep "^${KEY1[$ID]}$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key ${KEY1[$ID]}" + if [ "$(key_get KEY1 _expect_type)" == "yes" ] && [ "$(key_get KEY1 _role)" == "yes" ]; then + get_keys_which_signed $_qtype $_file | grep "^$(key_get KEY1 ID)$" > /dev/null || log_error "${_qtype} RRset not signed with key $(key_get KEY1 ID)" + elif [ "$(key_get KEY1 EXPECT)" == "yes" ]; then + get_keys_which_signed $_qtype $_file | grep "^$(key_get KEY1 ID)$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key $(key_get KEY1 ID)" fi - if [ "${KEY2[$_expect_type]}" == "yes" ] && [ "${KEY2[$_role]}" == "yes" ]; then - get_keys_which_signed $_qtype $_file | grep "^${KEY2[$ID]}$" > /dev/null || log_error "${_qtype} RRset not signed with key ${KEY2[$ID]}" - elif [ "${KEY2[$EXPECT]}" == "yes" ]; then - get_keys_which_signed $_qtype $_file | grep "^${KEY2[$ID]}$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key ${KEY2[$ID]}" + if [ "$(key_get KEY2 _expect_type)" == "yes" ] && [ "$(key_get KEY2 _role)" == "yes" ]; then + get_keys_which_signed $_qtype $_file | grep "^$(key_get KEY2 ID)$" > /dev/null || log_error "${_qtype} RRset not signed with key $(key_get KEY2 ID)" + elif [ "$(key_get KEY2 EXPECT)" == "yes" ]; then + get_keys_which_signed $_qtype $_file | grep "^$(key_get KEY2 ID)$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key $(key_get KEY2 ID)" fi - if [ "${KEY3[$_expect_type]}" == "yes" ] && [ "${KEY3[$_role]}" == "yes" ]; then - get_keys_which_signed $_qtype $_file | grep "^${KEY3[$ID]}$" > /dev/null || log_error "${_qtype} RRset not signed with key ${KEY3[$ID]}" - elif [ "${KEY3[$EXPECT]}" == "yes" ]; then - get_keys_which_signed $_qtype $_file | grep "^${KEY3[$ID]}$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key ${KEY3[$ID]}" + if [ "$(key_get KEY3 _expect_type)" == "yes" ] && [ "$(key_get KEY3 _role)" == "yes" ]; then + get_keys_which_signed $_qtype $_file | grep "^$(key_get KEY3 ID)$" > /dev/null || log_error "${_qtype} RRset not signed with key $(key_get KEY3 ID)" + elif [ "$(key_get KEY3 EXPECT)" == "yes" ]; then + get_keys_which_signed $_qtype $_file | grep "^$(key_get KEY3 ID)$" > /dev/null && log_error "${_qtype} RRset signed unexpectedly with key $(key_get KEY3 ID)" fi } @@ -907,7 +849,7 @@ check_signatures() { check_cds() { _qtype="CDS" - _key_algnum="${KEY1[$ALG_NUM]}" + _key_algnum="$(key_get KEY1 ALG_NUM)" n=$((n+1)) echo_i "check ${_qtype} rrset is signed correctly for zone ${ZONE} ($n)" @@ -915,25 +857,25 @@ check_cds() { dig_with_opts $ZONE @${SERVER} $_qtype > dig.out.$DIR.test$n || log_error "dig ${ZONE} ${_qtype} failed" grep "status: NOERROR" dig.out.$DIR.test$n > /dev/null || log_error "mismatch status in DNS response" - if [ "${KEY1[$STATE_DS]}" == "rumoured" ] || [ "${KEY1[$STATE_DS]}" == "omnipresent" ]; then - grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*${KEY1[$ID]}.*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key ${KEY1[$ID]}" + if [ "$(key_get KEY1 STATE_DS)" == "rumoured" ] || [ "$(key_get KEY1 STATE_DS)" == "omnipresent" ]; then + grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY1 ID).*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY1 ID)" check_signatures $_qtype dig.out.$DIR.test$n $KSK - elif [ "${KEY1[$EXPECT]}" == "yes" ]; then - grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*${KEY1[$ID]}.*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key ${KEY1[$ID]}" + elif [ "$(key_get KEY1 EXPECT)" == "yes" ]; then + grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY1 ID).*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY1 ID)" fi - if [ "${KEY2[$STATE_DS]}" == "rumoured" ] || [ "${KEY2[$STATE_DS]}" == "omnipresent" ]; then - grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*${KEY2[$ID]}.*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key ${KEY2[$ID]}" + if [ "$(key_get KEY2 STATE_DS)" == "rumoured" ] || [ "$(key_get KEY2 STATE_DS)" == "omnipresent" ]; then + grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY2 ID).*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY2 ID)" check_signatures $_qtype dig.out.$DIR.test$n $KSK - elif [ "${KEY2[$EXPECT]}" == "yes" ]; then - grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*${KEY2[$ID]}.*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key ${KEY2[$ID]}" + elif [ "$(key_get KEY2 EXPECT)" == "yes" ]; then + grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY2 ID).*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY2 ID)" fi - if [ "${KEY3[$STATE_DS]}" == "rumoured" ] || [ "${KEY3[$STATE_DS]}" == "omnipresent" ]; then - grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*${KEY3[$ID]}.*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key ${KEY3[$ID]}" + if [ "$(key_get KEY3 STATE_DS)" == "rumoured" ] || [ "$(key_get KEY3 STATE_DS)" == "omnipresent" ]; then + grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY3 ID).*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY3 ID)" check_signatures $_qtype dig.out.$DIR.test$n $KSK - elif [ "${KEY3[$EXPECT]}" == "yes" ]; then - grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*${KEY3[$ID]}.*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key ${KEY3[$ID]}" + elif [ "$(key_get KEY3 EXPECT)" == "yes" ]; then + grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*$(key_get KEY3 ID).*${_key_algnum}.*2" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY3 ID)" fi test "$ret" -eq 0 || echo_i "failed" @@ -946,35 +888,35 @@ check_apex() { # Test DNSKEY query. _qtype="DNSKEY" - _key_algnum="${KEY1[$ALG_NUM]}" + _key_algnum="$(key_get KEY1 ALG_NUM)" n=$((n+1)) echo_i "check ${_qtype} rrset is signed correctly for zone ${ZONE} ($n)" ret=0 dig_with_opts $ZONE @${SERVER} $_qtype > dig.out.$DIR.test$n || log_error "dig ${ZONE} ${_qtype} failed" grep "status: NOERROR" dig.out.$DIR.test$n > /dev/null || log_error "mismatch status in DNS response" - if [ "${KEY1[$STATE_DNSKEY]}" == "rumoured" ] || [ "${KEY1[$STATE_DNSKEY]}" == "omnipresent" ]; then - grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key ${KEY1[$ID]}" + if [ "$(key_get KEY1 STATE_DNSKEY)" == "rumoured" ] || [ "$(key_get KEY1 STATE_DNSKEY)" == "omnipresent" ]; then + grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY1 ID)" check_signatures $_qtype dig.out.$DIR.test$n $KSK numkeys=$((numkeys+1)) - elif [ "${KEY1[$EXPECT]}" == "yes" ]; then - grep "${ZONE}\.*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key ${KEY1[$ID]}" + elif [ "$(key_get KEY1 EXPECT)" == "yes" ]; then + grep "${ZONE}\.*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY1 ID)" fi - if [ "${KEY2[$STATE_DNSKEY]}" == "rumoured" ] || [ "${KEY2[$STATE_DNSKEY]}" == "omnipresent" ]; then - grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key ${KEY2[$ID]}" + if [ "$(key_get KEY2 STATE_DNSKEY)" == "rumoured" ] || [ "$(key_get KEY2 STATE_DNSKEY)" == "omnipresent" ]; then + grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY2 ID)" check_signatures $_qtype dig.out.$DIR.test$n $KSK numkeys=$((numkeys+1)) - elif [ "${KEY2[$EXPECT]}" == "yes" ]; then - grep "${ZONE}\.*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key ${KEY2[$ID]}" + elif [ "$(key_get KEY2 EXPECT)" == "yes" ]; then + grep "${ZONE}\.*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY2 ID)" fi - if [ "${KEY3[$STATE_DNSKEY]}" == "rumoured" ] || [ "${KEY3[$STATE_DNSKEY]}" == "omnipresent" ]; then - grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key ${KEY3[$ID]}" + if [ "$(key_get KEY3 STATE_DNSKEY)" == "rumoured" ] || [ "$(key_get KEY3 STATE_DNSKEY)" == "omnipresent" ]; then + grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null || log_error "missing ${_qtype} record in response for key $(key_get KEY3 ID)" check_signatures $_qtype dig.out.$DIR.test$n $KSK numkeys=$((numkeys+1)) - elif [ "${KEY3[$EXPECT]}" == "yes" ]; then - grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key ${KEY3[$ID]}" + elif [ "$(key_get KEY3 EXPECT)" == "yes" ]; then + grep "${ZONE}\..*${DNSKEY_TTL}.*IN.*${_qtype}.*257.*.3.*${_key_algnum}" dig.out.$DIR.test$n > /dev/null && log_error "unexpected ${_qtype} record in response for key $(key_get KEY3 ID)" fi lines=$(get_keys_which_signed $_qtype dig.out.$DIR.test$n | wc -l)