Check that 'nsupdate -y' works for all HMAC algorithms

(cherry picked from commit 4b01ba44ead4333fbdd28468ae2a6734681b93c7)

diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index a78de4d3b115391d0ffde3a3909b8de39221d98b..b35d79769eff1e7aa51259ad3b7529d75af1b3c1 100755 (executable)
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -796,7 +796,7 @@ fi
 
 n=`expr $n + 1`
 ret=0
-echo_i "check TSIG key algorithms ($n)"
+echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
 for alg in md5 sha1 sha224 sha256 sha384 sha512; do
     $NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
 server 10.53.0.1 ${PORT}
@@ -813,6 +813,26 @@ if [ $ret -ne 0 ]; then
     status=1
 fi
 
+n=`expr $n + 1`
+ret=0
+echo_i "check TSIG key algorithms (nsupdate -y) ($n)"
+for alg in md5 sha1 sha224 sha256 sha384 sha512; do
+    secret=$(sed -n 's/.*secret "\(.*\)";.*/\1/p' ns1/${alg}.key)
+    $NSUPDATE -y "hmac-${alg}:${alg}-key:$secret" <<END > /dev/null || ret=1
+server 10.53.0.1 ${PORT}
+update add ${alg}.keytests.nil. 600 A 10.10.10.50
+send
+END
+done
+sleep 2
+for alg in md5 sha1 sha224 sha256 sha384 sha512; do
+    $DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.50 > /dev/null 2>&1 || ret=1
+done
+if [ $ret -ne 0 ]; then
+    echo_i "failed"
+    status=1
+fi
+
 n=`expr $n + 1`
 ret=0
 echo_i "check that ttl is capped by max-ttl ($n)"