From: Matthijs Mekking <matthijs@isc.org>
Date: Tue, 19 Aug 2025 13:10:59 +0000 (+0200)
Subject: Test the next key event after full sign
X-Git-Tag: v9.21.14~21^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=acbf110b1828946341ac22d568dacd4dfff9c387;p=thirdparty%2Fbind9.git

Test the next key event after full sign

After a full sign we no longer have to need to take the sign delay into
account.
---

diff --git a/bin/tests/system/isctest/kasp.py b/bin/tests/system/isctest/kasp.py
index b750cb1f785..6223e5cbb12 100644
--- a/bin/tests/system/isctest/kasp.py
+++ b/bin/tests/system/isctest/kasp.py
@@ -72,11 +72,12 @@ def IpubC(config, rollover=True):
     return config["zone-propagation-delay"] + max(ttl1, ttl2)
 
 
-def Iret(config, zsk=True, ksk=False, rollover=True):
+def Iret(config, zsk=True, ksk=False, rollover=True, smooth=True):
     sign_delay = timedelta(0)
     safety_interval = timedelta(0)
     if rollover:
-        sign_delay = config["signatures-validity"] - config["signatures-refresh"]
+        if smooth:
+            sign_delay = config["signatures-validity"] - config["signatures-refresh"]
         safety_interval = config["retire-safety"]
 
     iretKSK = timedelta(0)
@@ -246,7 +247,9 @@ class KeyProperties:
         if "Lifetime" not in self.metadata or self.metadata["Lifetime"] == 0:
             return
 
-        iret = Iret(config, zsk=self.key.is_zsk(), ksk=self.key.is_ksk())
+        sigdel = self.key.get_timing("SigRemoved", must_exist=False)
+        smooth = sigdel is None
+        iret = Iret(config, zsk=self.key.is_zsk(), ksk=self.key.is_ksk(), smooth=smooth)
         self.timing["Removed"] = self.timing["Retired"] + iret
 
     def set_expected_keytimes(
diff --git a/bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py b/bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py
index e5d842c5358..702c0f26ad4 100644
--- a/bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py
+++ b/bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py
@@ -41,7 +41,7 @@ POLICY = "zsk-prepub"
 ZSK_LIFETIME = TIMEDELTA["P30D"]
 LIFETIME_POLICY = int(ZSK_LIFETIME.total_seconds())
 IPUB = Ipub(CONFIG)
-IRET = Iret(CONFIG, rollover=True)
+IRET = Iret(CONFIG)
 KEYTTLPROP = CONFIG["dnskey-ttl"] + CONFIG["zone-propagation-delay"]
 OFFSETS = {}
 OFFSETS["step1-p"] = -int(TIMEDELTA["P7D"].total_seconds())
@@ -228,6 +228,7 @@ def test_zsk_prepub_step3(tld, alg, size, ns3):
         watcher.wait_for_line(f"zone {zone}/IN (signed): sending notifies")
 
     step["smooth"] = False
+    step["nextev"] = Iret(CONFIG, smooth=False)
     isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step)