git.ipfire.org Git - thirdparty/bind9.git/commit

author	Matthijs Mekking <matthijs@isc.org>
	Fri, 14 Mar 2025 09:23:37 +0000 (10:23 +0100)
committer	Matthijs Mekking <matthijs@isc.org>
	Thu, 10 Apr 2025 21:18:34 +0000 (21:18 +0000)
commit	ed04954aa423219068eb36fa50b591727524533a
tree	37bff3512b6760d77493d257d27076f8ce0b8e77	tree \| snapshot
parent	1629a1e304c1280afb54bc1342053c32cb5150c0	commit \| diff

Introduce class KeyProperties

In isctest.kasp, introduce a new class 'KeyProperties' that can be used
to check if a Key matches expected properties. Properties are for the
time being divided in three parts: 'properties' that contain some
attributes of the expected properties (such as are we dealing with a
legacy key, is the private key available, and other things that do not
fit the metadata exactly), 'metadata' that contains expected metadata
(such as 'Algorithm', 'Lifetime', 'Length'), and 'timing', which is
metadata of the class KeyTimingMetadata.

The 'default()' method fills in the expected properties for the default
DNSSEC policy.

The 'set_expected_times()' sets the expected timing metadata, derived
from when the key was created. This method can take an offset to push
the expected timing metadata a duration in the future or back into the
past. If 'pregenerated=True', derive the expected timing metadata from
the 'Publish' metadata derived from the keyfile, rather than from the
'Created' metadata.

The calculations in the 'Ipub', 'IpubC' and 'Iret' methods are derived
from RFC 7583 DNSSEC Key Rollover Timing Considerations.

(cherry picked from commit 0b9fbca18e1bcc0e5b613fc2c49908a7550a976d)