From: Kees Monshouwer <mind04@monshouwer.org>
Date: Thu, 20 Jan 2022 10:43:23 +0000 (+0100)
Subject: auth: test CDS with multiple keys
X-Git-Tag: auth-4.7.0-alpha1~51^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cb2a86367849ad12226e186d12b96106e44ed854;p=thirdparty%2Fpdns.git

auth: test CDS with multiple keys
---

diff --git a/regression-tests.nobackend/default-publish-cds/command b/regression-tests.nobackend/default-publish-cds/command
index 61f4873208..47f161a9de 100755
--- a/regression-tests.nobackend/default-publish-cds/command
+++ b/regression-tests.nobackend/default-publish-cds/command
@@ -29,7 +29,8 @@ rm -f pdns*.pid
 rm -f default-publish-cds/bind-dnssec.db
 
 $PDNSUTIL --config-dir=default-publish-cds create-bind-db default-publish-cds/bind-dnssec.db
-$PDNSUTIL --config-dir default-publish-cds/ import-zone-key minimal.com ../regression-tests/secure-delegated.dnssec-parent.com.private
+$PDNSUTIL --config-dir=default-publish-cds import-zone-key minimal.com default-publish-cds/key1
+$PDNSUTIL --config-dir=default-publish-cds import-zone-key minimal.com default-publish-cds/key2 passive
 
 $PDNS --config-dir=default-publish-cds &
 bindwait
diff --git a/regression-tests.nobackend/default-publish-cds/expected_result b/regression-tests.nobackend/default-publish-cds/expected_result
index 3ea28c5d8f..3c1643231b 100644
--- a/regression-tests.nobackend/default-publish-cds/expected_result
+++ b/regression-tests.nobackend/default-publish-cds/expected_result
@@ -1,41 +1,48 @@
 1
-0	minimal.com.	IN	CDS	86400	54319 8 4 ff159f2cc251c9850b24bedb9158f33b292137d228a2a8686c2a178e29e1097f80210813beba035bb065bbe1ffbb2229
-0	minimal.com.	IN	RRSIG	86400	CDS 8 2 86400 [expiry] [inception] [keytag] minimal.com. ...
+2
+0	minimal.com.	IN	CDS	86400	19988 13 4 b6c8e1ae21490b6a8cdf999383247214490a0b501cad0da434940fa61e2532325bee9b3db253905ecb37614cc6058005
+0	minimal.com.	IN	CDS	86400	44631 13 4 1a7a856b72dab4cd8d2173319574e36a91040eff134f6613e0699229013766ea57ffe5720260d5b2da2b1ab19b6bc216
+0	minimal.com.	IN	RRSIG	86400	CDS 13 2 86400 [expiry] [inception] [keytag] minimal.com. ...
 2	.	IN	OPT	32768	
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='minimal.com.', qtype=CDS
 minimal.com.	120	IN	NS	ns1.example.com.
 minimal.com.	120	IN	NS	ns2.example.com.
 minimal.com.	120	IN	NSEC	minimal.com. NS SOA RRSIG NSEC DNSKEY CDS
-minimal.com.	120	IN	RRSIG	NS 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
-minimal.com.	120	IN	RRSIG	NSEC 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
-minimal.com.	120	IN	RRSIG	SOA 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	120	IN	RRSIG	NS 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	120	IN	RRSIG	NSEC 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	120	IN	RRSIG	SOA 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
 minimal.com.	120	IN	SOA	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 minimal.com.	120	IN	SOA	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
-minimal.com.	86400	IN	CDS	54319 8 4 ff159f2cc251c9850b24bedb9158f33b292137d228a2a8686c2a178e29e1097f80210813beba035bb065bbe1ffbb2229
-minimal.com.	86400	IN	DNSKEY	257 3 8 ...
-minimal.com.	86400	IN	RRSIG	CDS 8 2 86400 [expiry] [inception] [keytag] minimal.com. ...
-minimal.com.	86400	IN	RRSIG	DNSKEY 8 2 86400 [expiry] [inception] [keytag] minimal.com. ...
-0	minimal.com.	IN	CDS	86400	54319 8 2 c5359d2a312ff6c28883b5d6404c76666262c26bd3dadfed63afb366e6f09c24
-0	minimal.com.	IN	RRSIG	86400	CDS 8 2 86400 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	86400	IN	CDS	19988 13 4 b6c8e1ae21490b6a8cdf999383247214490a0b501cad0da434940fa61e2532325bee9b3db253905ecb37614cc6058005
+minimal.com.	86400	IN	CDS	44631 13 4 1a7a856b72dab4cd8d2173319574e36a91040eff134f6613e0699229013766ea57ffe5720260d5b2da2b1ab19b6bc216
+minimal.com.	86400	IN	DNSKEY	257 3 13 ...
+minimal.com.	86400	IN	DNSKEY	257 3 13 ...
+minimal.com.	86400	IN	RRSIG	CDS 13 2 86400 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	86400	IN	RRSIG	DNSKEY 13 2 86400 [expiry] [inception] [keytag] minimal.com. ...
+0	minimal.com.	IN	CDS	86400	19988 13 2 f317da762321935edfca118cd5dac67b8ef5d8826f63c4399ddf7fbe2415734e
+0	minimal.com.	IN	CDS	86400	44631 13 2 25b688fbaf349a706bf0d8b02ac858f0567cf601ca1a9d7f34bb08c43928093e
+0	minimal.com.	IN	RRSIG	86400	CDS 13 2 86400 [expiry] [inception] [keytag] minimal.com. ...
 2	.	IN	OPT	32768	
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='minimal.com.', qtype=CDS
 minimal.com.	120	IN	NS	ns1.example.com.
 minimal.com.	120	IN	NS	ns2.example.com.
 minimal.com.	120	IN	NSEC	minimal.com. NS SOA RRSIG NSEC DNSKEY CDS
-minimal.com.	120	IN	RRSIG	NS 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
-minimal.com.	120	IN	RRSIG	NSEC 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
-minimal.com.	120	IN	RRSIG	SOA 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	120	IN	RRSIG	NS 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	120	IN	RRSIG	NSEC 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	120	IN	RRSIG	SOA 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
 minimal.com.	120	IN	SOA	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 minimal.com.	120	IN	SOA	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
-minimal.com.	86400	IN	CDS	54319 8 2 c5359d2a312ff6c28883b5d6404c76666262c26bd3dadfed63afb366e6f09c24
-minimal.com.	86400	IN	DNSKEY	257 3 8 ...
-minimal.com.	86400	IN	RRSIG	CDS 8 2 86400 [expiry] [inception] [keytag] minimal.com. ...
-minimal.com.	86400	IN	RRSIG	DNSKEY 8 2 86400 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	86400	IN	CDS	19988 13 2 f317da762321935edfca118cd5dac67b8ef5d8826f63c4399ddf7fbe2415734e
+minimal.com.	86400	IN	CDS	44631 13 2 25b688fbaf349a706bf0d8b02ac858f0567cf601ca1a9d7f34bb08c43928093e
+minimal.com.	86400	IN	DNSKEY	257 3 13 ...
+minimal.com.	86400	IN	DNSKEY	257 3 13 ...
+minimal.com.	86400	IN	RRSIG	CDS 13 2 86400 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	86400	IN	RRSIG	DNSKEY 13 2 86400 [expiry] [inception] [keytag] minimal.com. ...
 1	minimal.com.	IN	NSEC	120	minimal.com. NS SOA RRSIG NSEC DNSKEY
-1	minimal.com.	IN	RRSIG	120	NSEC 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
-1	minimal.com.	IN	RRSIG	120	SOA 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
+1	minimal.com.	IN	RRSIG	120	NSEC 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
+1	minimal.com.	IN	RRSIG	120	SOA 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
 1	minimal.com.	IN	SOA	120	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 2	.	IN	OPT	32768	
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
@@ -43,27 +50,31 @@ Reply to question for qname='minimal.com.', qtype=CDS
 minimal.com.	120	IN	NS	ns1.example.com.
 minimal.com.	120	IN	NS	ns2.example.com.
 minimal.com.	120	IN	NSEC	minimal.com. NS SOA RRSIG NSEC DNSKEY
-minimal.com.	120	IN	RRSIG	NS 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
-minimal.com.	120	IN	RRSIG	NSEC 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
-minimal.com.	120	IN	RRSIG	SOA 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	120	IN	RRSIG	NS 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	120	IN	RRSIG	NSEC 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	120	IN	RRSIG	SOA 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
 minimal.com.	120	IN	SOA	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 minimal.com.	120	IN	SOA	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
-minimal.com.	86400	IN	DNSKEY	257 3 8 ...
-minimal.com.	86400	IN	RRSIG	DNSKEY 8 2 86400 [expiry] [inception] [keytag] minimal.com. ...
-0	minimal.com.	IN	CDS	86400	54319 8 4 ff159f2cc251c9850b24bedb9158f33b292137d228a2a8686c2a178e29e1097f80210813beba035bb065bbe1ffbb2229
-0	minimal.com.	IN	RRSIG	86400	CDS 8 2 86400 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	86400	IN	DNSKEY	257 3 13 ...
+minimal.com.	86400	IN	DNSKEY	257 3 13 ...
+minimal.com.	86400	IN	RRSIG	DNSKEY 13 2 86400 [expiry] [inception] [keytag] minimal.com. ...
+0	minimal.com.	IN	CDS	86400	19988 13 4 b6c8e1ae21490b6a8cdf999383247214490a0b501cad0da434940fa61e2532325bee9b3db253905ecb37614cc6058005
+0	minimal.com.	IN	CDS	86400	44631 13 4 1a7a856b72dab4cd8d2173319574e36a91040eff134f6613e0699229013766ea57ffe5720260d5b2da2b1ab19b6bc216
+0	minimal.com.	IN	RRSIG	86400	CDS 13 2 86400 [expiry] [inception] [keytag] minimal.com. ...
 2	.	IN	OPT	32768	
 Rcode: 0 (No Error), RD: 0, QR: 1, TC: 0, AA: 1, opcode: 0
 Reply to question for qname='minimal.com.', qtype=CDS
 minimal.com.	120	IN	NS	ns1.example.com.
 minimal.com.	120	IN	NS	ns2.example.com.
 minimal.com.	120	IN	NSEC	minimal.com. NS SOA RRSIG NSEC DNSKEY CDS
-minimal.com.	120	IN	RRSIG	NS 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
-minimal.com.	120	IN	RRSIG	NSEC 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
-minimal.com.	120	IN	RRSIG	SOA 8 2 120 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	120	IN	RRSIG	NS 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	120	IN	RRSIG	NSEC 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	120	IN	RRSIG	SOA 13 2 120 [expiry] [inception] [keytag] minimal.com. ...
 minimal.com.	120	IN	SOA	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
 minimal.com.	120	IN	SOA	ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
-minimal.com.	86400	IN	CDS	54319 8 4 ff159f2cc251c9850b24bedb9158f33b292137d228a2a8686c2a178e29e1097f80210813beba035bb065bbe1ffbb2229
-minimal.com.	86400	IN	DNSKEY	257 3 8 ...
-minimal.com.	86400	IN	RRSIG	CDS 8 2 86400 [expiry] [inception] [keytag] minimal.com. ...
-minimal.com.	86400	IN	RRSIG	DNSKEY 8 2 86400 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	86400	IN	CDS	19988 13 4 b6c8e1ae21490b6a8cdf999383247214490a0b501cad0da434940fa61e2532325bee9b3db253905ecb37614cc6058005
+minimal.com.	86400	IN	CDS	44631 13 4 1a7a856b72dab4cd8d2173319574e36a91040eff134f6613e0699229013766ea57ffe5720260d5b2da2b1ab19b6bc216
+minimal.com.	86400	IN	DNSKEY	257 3 13 ...
+minimal.com.	86400	IN	DNSKEY	257 3 13 ...
+minimal.com.	86400	IN	RRSIG	CDS 13 2 86400 [expiry] [inception] [keytag] minimal.com. ...
+minimal.com.	86400	IN	RRSIG	DNSKEY 13 2 86400 [expiry] [inception] [keytag] minimal.com. ...
diff --git a/regression-tests.nobackend/default-publish-cds/key1 b/regression-tests.nobackend/default-publish-cds/key1
new file mode 100644
index 0000000000..6965e3c107
--- /dev/null
+++ b/regression-tests.nobackend/default-publish-cds/key1
@@ -0,0 +1,4 @@
+Private-key-format: v1.2
+Algorithm: 13 (ECDSAP256SHA256)
+PrivateKey: ky+0MVyD61e2gbnozDIlDbujfP1SmCeMFkGkYAba6T4=
+
diff --git a/regression-tests.nobackend/default-publish-cds/key2 b/regression-tests.nobackend/default-publish-cds/key2
new file mode 100644
index 0000000000..ac9bcfe6ca
--- /dev/null
+++ b/regression-tests.nobackend/default-publish-cds/key2
@@ -0,0 +1,4 @@
+Private-key-format: v1.2
+Algorithm: 13 (ECDSAP256SHA256)
+PrivateKey: e5yv8lkvG2ZrLDu6M5siDqjcQTOeUy2yO8dBoWJrx4I=
+