upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-28 04:34:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'matthijs-keymgr2kasp-rework' into 'main'

Browse source 
Update keymgr2kasp system test

Closes #2631

See merge request isc-projects/bind9!4894
This commit is contained in:
Matthijs Mekking 2021-04-15 12:45:25 +00:00
commit 2aad659550
3 changed files with 23 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
bin/tests/system/keymgr2kasp/ns4/named.conf.in
View file

@ -34,13 +34,13 @@ controls {
};
key "external" {
algorithm "hmac-sha1";
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
algorithm "hmac-sha1";
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "internal" {
algorithm "hmac-sha1";
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
algorithm "hmac-sha1";
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
view "ext" {

28
bin/tests/system/keymgr2kasp/ns4/named2.conf.in
View file

@ -33,16 +33,6 @@ controls {
inet 10.53.0.4 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
};
key "external" {
algorithm "hmac-sha1";
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "internal" {
algorithm "hmac-sha1";
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
dnssec-policy "rsasha256" {
keys {
zsk key-directory lifetime P3M algorithm 8 1024;
@ -64,7 +54,19 @@ dnssec-policy "rsasha256" {
parent-propagation-delay 3h;
};
view "external-view" {
key "external" {
algorithm "hmac-sha1";
secret "YPfMoAk6h+3iN8MDRQC004iSNHY=";
};
key "internal" {
algorithm "hmac-sha1";
secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
};
view "ext" {
match-clients { key "external"; };
zone "view-rsasha256.kasp" {
type master;
file "view-rsasha256.kasp.ext.db";
@ -72,7 +74,9 @@ view "external-view" {
};
};
view "internal-view" {
view "int" {
match-clients { key "internal"; };
zone "view-rsasha256.kasp" {
type master;
file "view-rsasha256.kasp.int.db";

6
bin/tests/system/keymgr2kasp/tests.sh
View file

@ -866,7 +866,7 @@ set_keystate "KEY3" "STATE_ZRRSIG" "hidden"
TSIG="hmac-sha1:external:$VIEW1"
check_keys
wait_for_done_signing
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "external-view"
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "ext"
set_keytimes_view_migration
# Set expected key times:
@ -923,11 +923,11 @@ check_keytimes
check_apex
dnssec_verify
# Various signing policy checks (external).
# Various signing policy checks (internal).
TSIG="hmac-sha1:internal:$VIEW2"
check_keys
wait_for_done_signing
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "internal-view"
check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "int"
set_keytimes_view_migration
check_keytimes
check_apex