Add test configurations with invalid dnssec-policy clauses

bad-ksk-without-zsk.conf only has a ksk defined without a
matching zsk for the same algorithm.

bad-zsk-without-ksk.conf only has a zsk defined without a
matching ksk for the same algorithm.

bad-unpaired-keys.conf has two keys of different algorithms
one ksk only and the other zsk only

diff --git a/bin/tests/system/checkconf/bad-ksk-without-zsk.conf b/bin/tests/system/checkconf/bad-ksk-without-zsk.conf
new file mode 100644 (file)
index 0000000..66e1b7f
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-ksk-without-zsk.conf
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy ksk-without-zsk {
+       keys {
+               ksk lifetime 30d algorithm 13;
+       };
+};
+
+zone "example" {
+       type primary;
+       file "example.db";
+       dnssec-policy ksk-without-zsk;
+};

diff --git a/bin/tests/system/checkconf/bad-unpaired-keys.conf b/bin/tests/system/checkconf/bad-unpaired-keys.conf
new file mode 100644 (file)
index 0000000..63b6dc2
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-unpaired-keys.conf
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy unpaired-keys {
+       keys {
+               /* zsk without ksk */
+               zsk lifetime 30d algorithm 13;
+               /* ksk without zsk */
+               ksk lifetime 30d algorithm 7;
+       };
+};
+
+zone "example" {
+       type primary;
+       file "example.db";
+       dnssec-policy unpaired-keys;
+};

diff --git a/bin/tests/system/checkconf/bad-zsk-without-ksk.conf b/bin/tests/system/checkconf/bad-zsk-without-ksk.conf
new file mode 100644 (file)
index 0000000..31b031c
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-zsk-without-ksk.conf
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy zsk-without-ksk {
+       keys {
+               zsk lifetime 30d algorithm 13;
+       };
+};
+
+zone "example" {
+       type primary;
+       file "example.db";
+       dnssec-policy zsk-without-ksk;
+};