From: Matthijs Mekking <matthijs@isc.org>
Date: Fri, 14 Mar 2025 09:38:43 +0000 (+0100)
Subject: Update class Key
X-Git-Tag: v9.21.8~31^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97f6b7ad11c3c1d6c1ceeaada5776759649afa49;p=thirdparty%2Fbind9.git

Update class Key

Because we want to check the metadata in all three files, a new
value in the Key class is added: 'privatefile'. The 'get_metadata'
function is adapted so that we can also check metadata in other files.

Introduce methods to easily retrieve the TTL and public DNSKEY record
from the keyfile.

When checking if the CDS is equal to the expected value, use the DNSKEY
TTL instead of hardcoded 3600.
---

diff --git a/bin/tests/system/isctest/kasp.py b/bin/tests/system/isctest/kasp.py
index 6ff95be99d3..fe31c991c89 100644
--- a/bin/tests/system/isctest/kasp.py
+++ b/bin/tests/system/isctest/kasp.py
@@ -276,6 +276,7 @@ class Key:
         else:
             self.keydir = Path(keydir)
         self.path = str(self.keydir / name)
+        self.privatefile = f"{self.path}.private"
         self.keyfile = f"{self.path}.key"
         self.statefile = f"{self.path}.state"
         self.tag = int(self.name[-5:])
@@ -298,21 +299,43 @@ class Key:
             )
         return None
 
-    def get_metadata(self, metadata: str, must_exist=True) -> str:
+    def get_metadata(
+        self, metadata: str, file=None, comment=False, must_exist=True
+    ) -> str:
+        if file is None:
+            file = self.statefile
         value = "undefined"
-        regex = rf"{metadata}:\s+(.*)"
-        with open(self.statefile, "r", encoding="utf-8") as file:
-            for line in file:
+        regex = rf"{metadata}:\s+(\S+).*"
+        if comment:
+            # The expected metadata is prefixed with a ';'.
+            regex = rf";\s+{metadata}:\s+(\S+).*"
+        with open(file, "r", encoding="utf-8") as fp:
+            for line in fp:
                 match = re.match(regex, line)
                 if match is not None:
                     value = match.group(1)
                     break
         if must_exist and value == "undefined":
             raise ValueError(
-                'state metadata "{metadata}" for key "{self.name}" undefined'
+                f'metadata "{metadata}" for key "{self.name}" in file "{file}" undefined'
             )
         return value
 
+    def ttl(self) -> int:
+        with open(self.keyfile, "r", encoding="utf-8") as file:
+            for line in file:
+                if line.startswith(";"):
+                    continue
+                return int(line.split()[1])
+        return 0
+
+    def dnskey(self):
+        with open(self.keyfile, "r", encoding="utf-8") as file:
+            for line in file:
+                if "DNSKEY" in line:
+                    return line.strip()
+        return "undefined"
+
     def is_ksk(self) -> bool:
         return self.get_metadata("KSK") == "yes"
 
@@ -346,7 +369,7 @@ class Key:
         dsfromkey_command = [
             os.environ.get("DSFROMKEY"),
             "-T",
-            "3600",
+            str(self.ttl()),
             "-a",
             alg,
             "-C",