Check that sig-signing-type works

* showprivate needed to be extended to support the alternate type

* checkprivate updated to error when expected records are not present

diff --git a/bin/tests/system/autosign/ns2/named.conf.in b/bin/tests/system/autosign/ns2/named.conf.in
index 5cdf863a1a233a6ad2dcd524b7b551b57a3d10b1..753e65d9218dbb39bb469e96bce23c53e07186db 100644 (file)
--- a/bin/tests/system/autosign/ns2/named.conf.in
+++ b/bin/tests/system/autosign/ns2/named.conf.in
@@ -46,6 +46,7 @@ zone "example" {
        allow-transfer { any; };
        allow-update { any; };
        auto-dnssec maintain;
+       sig-signing-type 65280;
 };
 
 zone "bar" {

diff --git a/bin/tests/system/autosign/tests.sh b/bin/tests/system/autosign/tests.sh
index c7bab90f1ea9ee243a4864803ccba500ce46d1d5..1e026836687ede2c1181002a4e296917ad0b82d7 100755 (executable)
--- a/bin/tests/system/autosign/tests.sh
+++ b/bin/tests/system/autosign/tests.sh
@@ -18,9 +18,13 @@ DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
 RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
 
 # convert private-type records to readable form
+# $1 is the zone
+# $2 is the server
+# $3 is ignored
+# $4 is the alternate type
 showprivate () {
     echo "-- $@ --"
-    $DIG $DIGOPTS +nodnssec +short @$2 -t type65534 $1 | cut -f3 -d' ' |
+    $DIG $DIGOPTS +nodnssec +short @$2 -t ${4:-type65534} $1 | cut -f3 -d' ' |
         while read record; do
             $PERL -e 'my $rdata = pack("H*", @ARGV[0]);
                 die "invalid record" unless length($rdata) == 5;
@@ -34,11 +38,15 @@ showprivate () {
 }
 
 # check that signing records are marked as complete
+# if $3 is 1 then we are expecting "(incomplete)"
+# if $3 is 2 then we are not expecting either "(complete)" or "(incomplete)"
+# if $4 is present then that specifies any alternate type to check
 checkprivate () {
     _ret=0
     expected="${3:-0}"
     x=`showprivate "$@"`
-    echo $x | grep incomplete > /dev/null && _ret=1
+    echo $x | grep "(complete)" > /dev/null || _ret=2
+    echo $x | grep "(incomplete)" > /dev/null && _ret=1
 
     if [ $_ret = $expected ]; then
         return 0
@@ -1144,25 +1152,25 @@ echo_i "checking that signing records have been marked as complete ($n)"
 ret=0
 checkprivate . 10.53.0.1 || ret=1
 checkprivate bar 10.53.0.2 || ret=1
-checkprivate example 10.53.0.2 || ret=1
-checkprivate private.secure.example 10.53.0.3 || ret=1
+checkprivate example 10.53.0.2 0 type65280 || ret=1 # sig-signing-type 65280
+checkprivate private.secure.example 10.53.0.3 2 || ret=1 # pre-signed
 checkprivate nsec3.example 10.53.0.3 || ret=1
 checkprivate nsec3.nsec3.example 10.53.0.3 || ret=1
 checkprivate nsec3.optout.example 10.53.0.3 || ret=1
-checkprivate nsec3-to-nsec.example 10.53.0.3 || ret=1
+checkprivate nsec3-to-nsec.example 10.53.0.3 2 || ret=1 # automatically removed
 checkprivate nsec.example 10.53.0.3 || ret=1
-checkprivate oldsigs.example 10.53.0.3 || ret=1
+checkprivate oldsigs.example 10.53.0.3 2 || ret=1 # pre-signed
 checkprivate optout.example 10.53.0.3 || ret=1
 checkprivate optout.nsec3.example 10.53.0.3 || ret=1
 checkprivate optout.optout.example 10.53.0.3 || ret=1
-checkprivate prepub.example 10.53.0.3 1 || ret=1
+checkprivate prepub.example 10.53.0.3 1 || ret=1 # expecting incomplete
 checkprivate rsasha256.example 10.53.0.3 || ret=1
 checkprivate rsasha512.example 10.53.0.3 || ret=1
 checkprivate secure.example 10.53.0.3 || ret=1
 checkprivate secure.nsec3.example 10.53.0.3 || ret=1
 checkprivate secure.optout.example 10.53.0.3 || ret=1
-checkprivate secure-to-insecure2.example 10.53.0.3 || ret=1
-checkprivate secure-to-insecure.example 10.53.0.3 || ret=1
+checkprivate secure-to-insecure2.example 10.53.0.3 2|| ret=1 # automatically removed
+checkprivate secure-to-insecure.example 10.53.0.3 2 || ret=1 # automatically removed
 checkprivate ttl1.example 10.53.0.3 || ret=1
 checkprivate ttl2.example 10.53.0.3 || ret=1
 checkprivate ttl3.example 10.53.0.3 || ret=1