From: Michał Kępień Date: Fri, 28 Jun 2019 11:11:26 +0000 (+0200) Subject: Add and use keyfile_to_key_id() helper function X-Git-Tag: v9.11.9~9^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=621f8aa90a4925bc774c4ae64f71f29296e4c53e;p=thirdparty%2Fbind9.git Add and use keyfile_to_key_id() helper function When trying to extract the key ID from a key file name, some test code incorrectly attempts to strip all leading zeros. This breaks tests when keys with ID 0 are generated. Add a new helper shell function, keyfile_to_key_id(), which properly handles keys with ID 0 and use it in test code whenever a key ID needs to be extracted from a key file name. (cherry picked from commit 7d6eaad1bdadf5595ade06430faadb8361bb731a) --- diff --git a/bin/tests/system/autosign/tests.sh b/bin/tests/system/autosign/tests.sh index fd237cd4c99..267f1e68298 100755 --- a/bin/tests/system/autosign/tests.sh +++ b/bin/tests/system/autosign/tests.sh @@ -283,7 +283,7 @@ sleep 3 echo_i "checking that expired RRSIGs from missing key are not deleted ($n)" ret=0 -missing=`sed 's/^K.*+007+0*\([0-9]\)/\1/' < missingzsk.key` +missing=`keyfile_to_key_id \`cat missingzsk.key\`` $JOURNALPRINT ns3/nozsk.example.db.jnl | \ awk '{if ($1 == "del" && $5 == "RRSIG" && $12 == id) {exit 1}} END {exit 0}' id=$missing || ret=1 n=`expr $n + 1` @@ -292,7 +292,7 @@ status=`expr $status + $ret` echo_i "checking that expired RRSIGs from inactive key are not deleted ($n)" ret=0 -inactive=`sed 's/^K.*+007+0*\([0-9]\)/\1/' < inactivezsk.key` +inactive=`keyfile_to_key_id \`cat inactivezsk.key\`` $JOURNALPRINT ns3/inaczsk.example.db.jnl | \ awk '{if ($1 == "del" && $5 == "RRSIG" && $12 == id) {exit 1}} END {exit 0}' id=$inactive || ret=1 n=`expr $n + 1` @@ -842,7 +842,7 @@ status=`expr $status + $ret` echo_i "checking for unpublished key ($n)" ret=0 -id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < unpub.key` +id=`keyfile_to_key_id \`cat unpub.key\`` $DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` @@ -851,7 +851,7 @@ status=`expr $status + $ret` echo_i "checking for activated but unpublished key ($n)" ret=0 -id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < activate-now-publish-1day.key` +id=`keyfile_to_key_id \`cat activate-now-publish-1day.key\`` $DIG $DIGOPTS +multi dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` @@ -860,7 +860,7 @@ status=`expr $status + $ret` echo_i "checking that standby key does not sign records ($n)" ret=0 -id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < standby.key` +id=`keyfile_to_key_id \`cat standby.key\`` $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` @@ -869,7 +869,7 @@ status=`expr $status + $ret` echo_i "checking that deactivated key does not sign records ($n)" ret=0 -id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < inact.key` +id=`keyfile_to_key_id \`cat inact.key\`` $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` @@ -878,7 +878,7 @@ status=`expr $status + $ret` echo_i "checking insertion of public-only key ($n)" ret=0 -id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < nopriv.key` +id=`keyfile_to_key_id \`cat nopriv.key\`` file="ns1/`cat nopriv.key`.key" keydata=`grep DNSKEY $file` $NSUPDATE > /dev/null 2>&1 < dig.out.ns1.test$n || ret=1 grep '; key id = '"$id"'$' dig.out.ns1.test$n > /dev/null && ret=1 n=`expr $n + 1` @@ -978,9 +978,9 @@ rm -f $file echo_i "preparing ZSK roll" starttime=`$PERL -e 'print time(), "\n";'` oldfile=`cat active.key` -oldid=`sed 's/^K.+007+0*\([0-9]\)/\1/' < active.key` +oldid=`keyfile_to_key_id \`cat active.key\`` newfile=`cat standby.key` -newid=`sed 's/^K.+007+0*\([0-9]\)/\1/' < standby.key` +newid=`keyfile_to_key_id \`cat standby.key\`` $SETTIME -K ns1 -I now+2s -D now+25 $oldfile > /dev/null $SETTIME -K ns1 -i 0 -S $oldfile $newfile > /dev/null @@ -1142,7 +1142,7 @@ status=`expr $status + $ret` echo_i "checking private key file removal caused no immediate harm ($n)" ret=0 -id=`sed 's/^K.+007+0*\([0-9]\)/\1/' < vanishing.key` +id=`keyfile_to_key_id \`cat vanishing.key\`` $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null || ret=1 n=`expr $n + 1` diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index 5292e65e7ab..ee228485381 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -328,6 +328,15 @@ keyfile_to_managed_keys() { keyfile_to_keys_section "managed-keys" "initial-key " $* } +# keyfile_to_key_id: convert a key file name to a key ID +# +# For a given key file name (e.g. "Kexample.+013+06160") provided as $1, +# print the key ID with leading zeros stripped ("6160" for the +# aforementioned example). +keyfile_to_key_id() { + echo "$1" | sed "s/.*+0\{0,4\}//" +} + # nextpart: read everything that's been appended to a file since the # last time 'nextpart' was called. nextpart () { diff --git a/bin/tests/system/conf.sh.win32 b/bin/tests/system/conf.sh.win32 index 5396401bcdd..118830cfd39 100644 --- a/bin/tests/system/conf.sh.win32 +++ b/bin/tests/system/conf.sh.win32 @@ -300,6 +300,15 @@ keyfile_to_managed_keys() { keyfile_to_keys_section "managed-keys" "initial-key " $* } +# keyfile_to_key_id: convert a key file name to a key ID +# +# For a given key file name (e.g. "Kexample.+013+06160") provided as $1, +# print the key ID with leading zeros stripped ("6160" for the +# aforementioned example). +keyfile_to_key_id() { + echo "$1" | sed "s/.*+0\{0,4\}//" +} + # nextpart: read everything that's been appended to a file since the # last time 'nextpart' was called. nextpart () { diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh index 313d098ab92..a6da8576788 100644 --- a/bin/tests/system/dnssec/ns1/sign.sh +++ b/bin/tests/system/dnssec/ns1/sign.sh @@ -51,4 +51,4 @@ cp managed.conf ../ns4/managed.conf # # Save keyid for managed key id test. # -echo "$keyname" | sed -e 's/.*[+]//' -e 's/^0*//' > managed.key.id +keyfile_to_key_id "$keyname" > managed.key.id diff --git a/bin/tests/system/dnssec/ns2/sign.sh b/bin/tests/system/dnssec/ns2/sign.sh index b93651aee88..13fb92438e3 100644 --- a/bin/tests/system/dnssec/ns2/sign.sh +++ b/bin/tests/system/dnssec/ns2/sign.sh @@ -281,8 +281,8 @@ zonefile=${zone}.db key1=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone -fk $zone` key2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` # Save key id's for checking active key usage -echo $key1 | sed -e 's/.*[+]//' -e 's/^0*//' > $zone.ksk.id -echo $key2 | sed -e 's/.*[+]//' -e 's/^0*//' > $zone.zsk.id +keyfile_to_key_id "$key1" > $zone.ksk.id +keyfile_to_key_id "$key2" > $zone.zsk.id echo ${key1} > $zone.ksk.key echo ${key2} > $zone.zsk.key # Add CDS and CDNSKEY records diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh index 51dc1178db9..d07881d7fe8 100644 --- a/bin/tests/system/dnssec/tests.sh +++ b/bin/tests/system/dnssec/tests.sh @@ -1545,9 +1545,9 @@ ret=0 zone=example key1=`$KEYGEN -K signer -q -r $RANDFILE -f KSK -a RSASHA1 -b 1024 -n zone $zone` key2=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` -keyid2=`echo $key2 | sed 's/^Kexample.+005+0*\([0-9]\)/\1/'` +keyid2=`keyfile_to_key_id $key2` key3=`$KEYGEN -K signer -q -r $RANDFILE -a RSASHA1 -b 1024 -n zone $zone` -keyid3=`echo $key3 | sed 's/^Kexample.+005+0*\([0-9]\)/\1/'` +keyid3=`keyfile_to_key_id $key3` ( cd signer cat example.db.in $key1.key $key2.key > example.db @@ -3706,7 +3706,7 @@ status=$((status+ret)) # Roll the ZSK. zsk2=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -K ns2 -n zone $zone` -echo "$zsk2" | sed -e 's/.*[+]//' -e 's/^0*//' > ns2/$zone.zsk.id2 +keyfile_to_key_id "$zsk2" > ns2/$zone.zsk.id2 ZSK_ID2=`cat ns2/$zone.zsk.id2` echo_i "load new ZSK $ZSK_ID2 for $zone ($n)" @@ -3775,7 +3775,7 @@ mv ns2/$KSK.private.bak ns2/$KSK.private # Roll the ZSK again. zsk3=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -K ns2 -n zone $zone` -echo "$zsk3" | sed -e 's/.*[+]//' -e 's/^0*//' > ns2/$zone.zsk.id3 +keyfile_to_key_id "$zsk3" > ns2/$zone.zsk.id3 ZSK_ID3=`cat ns2/$zone.zsk.id3` echo_i "load new ZSK $ZSK_ID3 for $zone ($n)" diff --git a/bin/tests/system/metadata/tests.sh b/bin/tests/system/metadata/tests.sh index 5eb09380160..b60496948b2 100644 --- a/bin/tests/system/metadata/tests.sh +++ b/bin/tests/system/metadata/tests.sh @@ -20,14 +20,14 @@ n=1 echo_i "setting key timers" $SETTIME -A now+15s `cat rolling.key` > /dev/null -inact=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < inact.key` -ksk=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < ksk.key` -pending=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < pending.key` -postrev=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < postrev.key` -prerev=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < prerev.key` -rolling=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < rolling.key` -standby=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < standby.key` -zsk=`sed 's/^K'${czone}'.+005+0*\([0-9]\)/\1/' < zsk.key` +inact=`keyfile_to_key_id \`cat inact.key\`` +ksk=`keyfile_to_key_id \`cat ksk.key\`` +pending=`keyfile_to_key_id \`cat pending.key\`` +postrev=`keyfile_to_key_id \`cat postrev.key\`` +prerev=`keyfile_to_key_id \`cat prerev.key\`` +rolling=`keyfile_to_key_id \`cat rolling.key\`` +standby=`keyfile_to_key_id \`cat standby.key\`` +zsk=`keyfile_to_key_id \`cat zsk.key\`` echo_i "signing zones" $SIGNER -Sg -o $czone $cfile > /dev/null 2>&1 diff --git a/bin/tests/system/mkeys/ns1/sign.sh b/bin/tests/system/mkeys/ns1/sign.sh index e5e7ec05d62..e88da0e3606 100644 --- a/bin/tests/system/mkeys/ns1/sign.sh +++ b/bin/tests/system/mkeys/ns1/sign.sh @@ -37,6 +37,4 @@ cp unsupported.key "${unsupportedkey}.key" # echo "$keyname" > managed.key echo "$zskkeyname" > zone.key -keyid=`expr $keyname : 'K\.+00.+\([0-9]*\)'` -keyid=`expr $keyid + 0` -echo "$keyid" > managed.key.id +keyfile_to_key_id $keyname > managed.key.id diff --git a/bin/tests/system/mkeys/tests.sh b/bin/tests/system/mkeys/tests.sh index eacfd45bced..313a171f42b 100644 --- a/bin/tests/system/mkeys/tests.sh +++ b/bin/tests/system/mkeys/tests.sh @@ -473,7 +473,7 @@ n=`expr $n + 1` echo_i "revoke key with bad signature, check revocation is ignored ($n)" ret=0 revoked=`$REVOKE -K ns1 $original` -rkeyid=`expr $revoked : 'ns1/K\.+00.+0*\([1-9]*[0-9]*[0-9]\)'` +rkeyid=`keyfile_to_key_id $revoked` rm -f ns1/root.db.signed.jnl # We need to activate at least one valid DNSKEY to prevent dnssec-signzone from # failing. Alternatively, we could use -P to disable post-sign verification, diff --git a/bin/tests/system/smartsign/tests.sh b/bin/tests/system/smartsign/tests.sh index 547f2bfc0bc..bd586ff6c46 100644 --- a/bin/tests/system/smartsign/tests.sh +++ b/bin/tests/system/smartsign/tests.sh @@ -66,19 +66,19 @@ czoneout=`$SIGNER -Sg -e now+1d -X now+2d -r $RANDFILE -o $czone $cfile 2>&1` echo_i "signing parent zone" pzoneout=`$SIGNER -Sg -r $RANDFILE -o $pzone $pfile 2>&1` -czactive=`echo $czsk1 | sed 's/^K.*+005+0*\([0-9]\)/\1/'` -czgenerated=`echo $czsk2 | sed 's/^K.*+005+0*\([0-9]\)/\1/'` -czpublished=`echo $czsk3 | sed 's/^K.*+005+0*\([0-9]\)/\1/'` -czinactive=`echo $czsk4 | sed 's/^K.*+005+0*\([0-9]\)/\1/'` -czpredecessor=`echo $czsk5 | sed 's/^K.*+005+0*\([0-9]\)/\1/'` -czsuccessor=`echo $czsk6 | sed 's/^K.*+005+0*\([0-9]\)/\1/'` -ckactive=`echo $cksk1 | sed 's/^K.*+005+0*\([0-9]\)/\1/'` -ckpublished=`echo $cksk2 | sed 's/^K.*+005+0*\([0-9]\)/\1/'` -ckprerevoke=`echo $cksk3 | sed 's/^K.*+005+0*\([0-9]\)/\1/'` -ckrevoked=`echo $cksk4 | sed 's/.*+005+0*\([0-9]*\)$/\1/'` - -pzid=`echo $pzsk | sed 's/^K.*+005+0*\([0-9]\)/\1/'` -pkid=`echo $pksk | sed 's/^K.*+005+0*\([0-9]\)/\1/'` +czactive=`keyfile_to_key_id $czsk1` +czgenerated=`keyfile_to_key_id $czsk2` +czpublished=`keyfile_to_key_id $czsk3` +czinactive=`keyfile_to_key_id $czsk4` +czpredecessor=`keyfile_to_key_id $czsk5` +czsuccessor=`keyfile_to_key_id $czsk6` +ckactive=`keyfile_to_key_id $cksk1` +ckpublished=`keyfile_to_key_id $cksk2` +ckprerevoke=`keyfile_to_key_id $cksk3` +ckrevoked=`keyfile_to_key_id $cksk4` + +pzid=`keyfile_to_key_id $pzsk` +pkid=`keyfile_to_key_id $pksk` echo_i "checking dnssec-signzone output matches expectations" ret=0 diff --git a/bin/tests/system/tkey/ns1/setup.sh b/bin/tests/system/tkey/ns1/setup.sh index 0fb13d625d8..9b1bc451ce4 100644 --- a/bin/tests/system/tkey/ns1/setup.sh +++ b/bin/tests/system/tkey/ns1/setup.sh @@ -13,6 +13,6 @@ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh keyname=`$KEYGEN -T KEY -a DH -b 768 -n host -r $RANDFILE server` -keyid=`echo $keyname | $PERL -p -e 's/^.*\+0{0,4}//;'` +keyid=`keyfile_to_key_id $keyname` rm -f named.conf sed -e "s;KEYID;$keyid;" -e "s;RANDFILE;$RANDFILE;" < named.conf.in > named.conf