diff --git a/bin/tests/system/autosign/ns1/keygen.sh b/bin/tests/system/autosign/ns1/keygen.sh index ce32ee0e3d..20ca32f27b 100644 --- a/bin/tests/system/autosign/ns1/keygen.sh +++ b/bin/tests/system/autosign/ns1/keygen.sh @@ -33,28 +33,12 @@ rm $zsknopriv.private ksksby=`$KEYGEN -3 -a RSASHA1 -q -P now -A now+15s -fk $zone` kskrev=`$KEYGEN -3 -a RSASHA1 -q -R now+15s -fk $zone` -cat $ksksby.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $ksksby > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf -cat $kskrev.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $kskrev > trusted.conf cp trusted.conf ../ns5/trusted.conf echo $zskact > ../active.key diff --git a/bin/tests/system/autosign/ns2/keygen.sh b/bin/tests/system/autosign/ns2/keygen.sh index 11ccceadeb..d55be53bd9 100644 --- a/bin/tests/system/autosign/ns2/keygen.sh +++ b/bin/tests/system/autosign/ns2/keygen.sh @@ -36,15 +36,7 @@ zonefile="${zone}.db" infile="${zonefile}.in" ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone` $KEYGEN -a RSASHA1 -3 -q $zone > /dev/null -cat $ksk.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < private.conf +keyfile_to_trusted_keys $ksk > private.conf cp private.conf ../ns4/private.conf $SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null 2>&1 diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index 1e4f97d106..4271f67c30 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -254,6 +254,41 @@ digcomp() { # Useful functions in test scripts # +# keyfile_to_keys_section: helper function for keyfile_to_*_keys() which +# converts keyfile data into a configuration section using the supplied +# parameters +keyfile_to_keys_section() { + section_name=$1 + key_prefix=$2 + shift + shift + echo "$section_name {" + for keyname in $*; do + awk '!/^; /{ + printf "\t\""$1"\" " + printf "'"$key_prefix"'" + printf $4 " " $5 " " $6 " \"" + for (i=7; i<=NF; i++) printf $i + printf "\";\n" + }' $keyname.key + done + echo "};" +} + +# keyfile_to_trusted_keys: convert key data contained in the keyfile(s) +# provided to a "trusted-keys" section suitable for including in a +# resolver's configuration file +keyfile_to_trusted_keys() { + keyfile_to_keys_section "trusted-keys" "" $* +} + +# keyfile_to_managed_keys: convert key data contained in the keyfile(s) +# provided to a "managed-keys" section suitable for including in a +# resolver's configuration file +keyfile_to_managed_keys() { + keyfile_to_keys_section "managed-keys" "initial-key " $* +} + # nextpart: read everything that's been appended to a file since the # last time 'nextpart' was called. nextpart () { diff --git a/bin/tests/system/conf.sh.win32 b/bin/tests/system/conf.sh.win32 index 1e9c02d697..07abc52d5a 100644 --- a/bin/tests/system/conf.sh.win32 +++ b/bin/tests/system/conf.sh.win32 @@ -231,6 +231,41 @@ digcomp() { # Useful functions in test scripts # +# keyfile_to_keys_section: helper function for keyfile_to_*_keys() which +# converts keyfile data into a configuration section using the supplied +# parameters +keyfile_to_keys_section() { + section_name=$1 + key_prefix=$2 + shift + shift + echo "$section_name {" + for keyname in $*; do + awk '!/^; /{ + printf "\t\""$1"\" " + printf "'"$key_prefix"'" + printf $4 " " $5 " " $6 " \"" + for (i=7; i<=NF; i++) printf $i + printf "\";\n" + }' $keyname.key + done + echo "};" +} + +# keyfile_to_trusted_keys: convert key data contained in the keyfile(s) +# provided to a "trusted-keys" section suitable for including in a +# resolver's configuration file +keyfile_to_trusted_keys() { + keyfile_to_keys_section "trusted-keys" "" $* +} + +# keyfile_to_managed_keys: convert key data contained in the keyfile(s) +# provided to a "managed-keys" section suitable for including in a +# resolver's configuration file +keyfile_to_managed_keys() { + keyfile_to_keys_section "managed-keys" "initial-key " $* +} + # nextpart: read everything that's been appended to a file since the # last time 'nextpart' was called. nextpart () { diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh index 71244d7faf..d1404b78b8 100755 --- a/bin/tests/system/dlv/ns1/sign.sh +++ b/bin/tests/system/dlv/ns1/sign.sh @@ -32,14 +32,5 @@ $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signe echo_i "signed $zone" -grep -v '^;' $keyname2.key | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname2 > trusted.conf cp trusted.conf ../ns5 - diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh index 70557b0f27..a85f7860f7 100755 --- a/bin/tests/system/dlv/ns3/sign.sh +++ b/bin/tests/system/dlv/ns3/sign.sh @@ -280,16 +280,7 @@ cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile $SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err echo_i "signed $zone" - -grep -v '^;' $keyname2.key | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted-dlv.conf +keyfile_to_trusted_keys $keyname2 > trusted-dlv.conf cp trusted-dlv.conf ../ns5 cp $dssets ../ns2 diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh index 683583543f..50ca8839d0 100644 --- a/bin/tests/system/dnssec/ns1/sign.sh +++ b/bin/tests/system/dnssec/ns1/sign.sh @@ -34,32 +34,17 @@ cat $infile $keyname.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null # Configure the resolving server with a trusted key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf - -# ...or with a managed key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < managed.conf +keyfile_to_trusted_keys $keyname > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf cp trusted.conf ../ns6/trusted.conf cp trusted.conf ../ns7/trusted.conf + +# ...or with a managed key. +keyfile_to_managed_keys $keyname > managed.conf cp managed.conf ../ns4/managed.conf + # # Save keyid for managed key id test. # diff --git a/bin/tests/system/dnssec/ns5/sign.sh b/bin/tests/system/dnssec/ns5/sign.sh index dcbd972a92..62d79bfd07 100644 --- a/bin/tests/system/dnssec/ns5/sign.sh +++ b/bin/tests/system/dnssec/ns5/sign.sh @@ -19,15 +19,7 @@ zonefile=root.db.signed keyname=`$KEYGEN -a RSASHA1 -qfk $zone` # copy the KSK out first, then revoke it -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < revoked.conf +keyfile_to_managed_keys $keyname > revoked.conf $SETTIME -R now ${keyname}.key > /dev/null diff --git a/bin/tests/system/dsdigest/ns1/sign.sh b/bin/tests/system/dsdigest/ns1/sign.sh index 51c08899be..12ba92625c 100644 --- a/bin/tests/system/dsdigest/ns1/sign.sh +++ b/bin/tests/system/dsdigest/ns1/sign.sh @@ -29,16 +29,7 @@ cat $infile $key1.key $key2.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null # Configure the resolving server with a trusted key. - -cat $key2.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $key2 > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf diff --git a/bin/tests/system/ecdsa/ns1/sign.sh b/bin/tests/system/ecdsa/ns1/sign.sh index d679ae8170..a81a3eb61d 100644 --- a/bin/tests/system/ecdsa/ns1/sign.sh +++ b/bin/tests/system/ecdsa/ns1/sign.sh @@ -25,14 +25,5 @@ cat $infile $key1.key $key2.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err # Configure the resolving server with a trusted key. - -cat $key1.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $key1 > trusted.conf cp trusted.conf ../ns2/trusted.conf diff --git a/bin/tests/system/eddsa/ns1/sign.sh b/bin/tests/system/eddsa/ns1/sign.sh index 8a807abae4..85a6cc5030 100644 --- a/bin/tests/system/eddsa/ns1/sign.sh +++ b/bin/tests/system/eddsa/ns1/sign.sh @@ -26,16 +26,7 @@ cat $infile $key1.key $key2.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err # Configure the resolving server with a trusted key. - -cat $key1.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $key1 > trusted.conf cp trusted.conf ../ns2/trusted.conf cd ../ns2 && $SHELL sign.sh diff --git a/bin/tests/system/inline/ns1/sign.sh b/bin/tests/system/inline/ns1/sign.sh index 03a55ad761..97d8291758 100644 --- a/bin/tests/system/inline/ns1/sign.sh +++ b/bin/tests/system/inline/ns1/sign.sh @@ -20,14 +20,5 @@ keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` $SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1 [ $? = 0 ] || cat signer.out -cat ${keyname}.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf - +keyfile_to_trusted_keys $keyname > trusted.conf cp trusted.conf ../ns6/trusted.conf diff --git a/bin/tests/system/legacy/ns7/sign.sh b/bin/tests/system/legacy/ns7/sign.sh index 450bdd53d3..679c74de9c 100755 --- a/bin/tests/system/legacy/ns7/sign.sh +++ b/bin/tests/system/legacy/ns7/sign.sh @@ -28,13 +28,5 @@ cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err -grep -v '^;' $keyname2.key | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname2 > trusted.conf cp trusted.conf ../ns1 diff --git a/bin/tests/system/mkeys/ns1/sign.sh b/bin/tests/system/mkeys/ns1/sign.sh index 211e7dfa3f..4b392cc147 100644 --- a/bin/tests/system/mkeys/ns1/sign.sh +++ b/bin/tests/system/mkeys/ns1/sign.sh @@ -21,29 +21,13 @@ zskkeyname=`$KEYGEN -a rsasha256 -q $zone` $SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null # Configure the resolving server with a managed trusted key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < managed.conf +keyfile_to_managed_keys $keyname > managed.conf cp managed.conf ../ns2/managed.conf cp managed.conf ../ns4/managed.conf cp managed.conf ../ns5/managed.conf -# Configure a trusted key statement (used by delve) -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +# Configure a trusted key statement (used by delv) +keyfile_to_trusted_keys $keyname > trusted.conf # # Save keyname and keyid for managed key id test. diff --git a/bin/tests/system/mkeys/tests.sh b/bin/tests/system/mkeys/tests.sh index c72811aaf0..4709e19a16 100644 --- a/bin/tests/system/mkeys/tests.sh +++ b/bin/tests/system/mkeys/tests.sh @@ -84,6 +84,9 @@ mkeys_secroots_on() { $RNDCCMD 10.53.0.${nsidx} secroots | sed "s/^/ns${nsidx} /" | cat_i } +original=`cat ns1/managed.key` +originalid=`cat ns1/managed.key.id` + status=0 n=1 @@ -191,7 +194,7 @@ ret=0 echo_i "restore untrusted standby key, revoke original key ($n)" t1=$t2 $SETTIME -D none -K ns1 $standby1 > /dev/null -$SETTIME -R now -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -R now -K ns1 $original > /dev/null mkeys_loadkeys_on 1 # Less than a second may have passed since the last time ns2 received a # ./DNSKEY response from ns1. Ensure keys are refreshed at a different @@ -261,9 +264,9 @@ n=`expr $n + 1` ret=0 echo_i "restore revoked key, ensure same result ($n)" t1=$t2 -$SETTIME -R none -D now -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -R none -D now -K ns1 $original > /dev/null mkeys_loadkeys_on 1 -$SETTIME -D none -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -D none -K ns1 $original > /dev/null mkeys_loadkeys_on 1 # Less than a second may have passed since the last time ns2 received a # ./DNSKEY response from ns1. Ensure keys are refreshed at a different @@ -298,17 +301,7 @@ status=`expr $status + $ret` echo_i "reinitialize trust anchors, add second key to bind.keys" $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} . ns2 rm -f ns2/managed-keys.bind* -cat ns1/$standby1.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -local $originalkey = `grep initial-key ns2/managed1.conf`; -print < ns2/managed.conf +keyfile_to_managed_keys ns1/$original ns1/$standby1 > ns2/managed.conf nextpart ns2/named.run > /dev/null $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns2 @@ -349,7 +342,7 @@ n=`expr $n + 1` echo_i "revoke original key, add new standby ($n)" ret=0 standby2=`$KEYGEN -a rsasha256 -qfk -K ns1 .` -$SETTIME -R now -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -R now -K ns1 $original > /dev/null mkeys_loadkeys_on 1 mkeys_refresh_on 2 mkeys_status_on 2 > rndc.out.$n 2>&1 @@ -435,7 +428,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "revoke all keys, confirm roll to insecure ($n)" ret=0 -$SETTIME -D now -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -D now -K ns1 $original > /dev/null $SETTIME -R now -K ns1 $standby1 > /dev/null $SETTIME -R now -K ns1 $standby2 > /dev/null mkeys_loadkeys_on 1 @@ -471,7 +464,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` echo_i "reset the root server" -$SETTIME -D none -R none -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -D none -R none -K ns1 $original > /dev/null $SETTIME -D now -K ns1 $standby1 > /dev/null $SETTIME -D now -K ns1 $standby2 > /dev/null $SIGNER -Sg -K ns1 -N unixtime -o . ns1/root.db > /dev/null 2>/dev/null @@ -498,9 +491,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "revoke key with bad signature, check revocation is ignored ($n)" ret=0 -orig=`cat ns1/managed.key` -keyid=`cat ns1/managed.key.id` -revoked=`$REVOKE -K ns1 $orig` +revoked=`$REVOKE -K ns1 $original` rkeyid=`expr $revoked : 'ns1/K\.+00.+0*\([1-9]*[0-9]*[0-9]\)'` rm -f ns1/root.db.signed.jnl # We need to activate at least one valid DNSKEY to prevent dnssec-signzone from @@ -525,8 +516,8 @@ mkeys_status_on 2 > rndc.out.$n 2>&1 count=`grep -c "keyid: " rndc.out.$n` [ "$count" -eq 1 ] || { echo "'keyid:' count ($count) != 1"; ret=1; } # it's the original key id -count=`grep -c "keyid: $keyid" rndc.out.$n` -[ "$count" -eq 1 ] || { echo "'keyid: $keyid' count ($count) != 1"; ret=1; } +count=`grep -c "keyid: $originalid" rndc.out.$n` +[ "$count" -eq 1 ] || { echo "'keyid: $originalid' count ($count) != 1"; ret=1; } # not revoked count=`grep -c "REVOKE" rndc.out.$n` [ "$count" -eq 0 ] || { echo "'REVOKE' count ($count) != 0"; ret=1; } @@ -552,7 +543,7 @@ echo_i "restore DNSKEY rrset, check validation succeeds again ($n)" ret=0 rm -f ${revoked}.key ${revoked}.private rm -f ns1/root.db.signed.jnl -$SETTIME -D none -R none -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -D none -R none -K ns1 $original > /dev/null $SETTIME -D now -K ns1 $standby1 > /dev/null # Less than a second may have passed since ns1 was started. If we call # dnssec-signzone immediately, ns1/root.db.signed will not be reloaded by the @@ -593,7 +584,7 @@ mkeys_status_on 2 > rndc.out.$n 2>&1 count=`grep -c "keyid: " rndc.out.$n` [ "$count" -eq 1 ] || ret=1 # it's the original key id -count=`grep -c "keyid: $keyid" rndc.out.$n` +count=`grep -c "keyid: $originalid" rndc.out.$n` [ "$count" -eq 1 ] || ret=1 # not revoked count=`grep -c "REVOKE" rndc.out.$n` @@ -631,7 +622,7 @@ mkeys_status_on 2 > rndc.out.$n 2>&1 count=`grep -c "keyid: " rndc.out.$n` [ "$count" -eq 1 ] || ret=1 # it's the original key id -count=`grep -c "keyid: $keyid" rndc.out.$n` +count=`grep -c "keyid: $originalid" rndc.out.$n` [ "$count" -eq 1 ] || ret=1 # not revoked count=`grep -c "REVOKE" rndc.out.$n` diff --git a/bin/tests/system/pending/ns1/sign.sh b/bin/tests/system/pending/ns1/sign.sh index 6e7c38854b..fa0350a5be 100644 --- a/bin/tests/system/pending/ns1/sign.sh +++ b/bin/tests/system/pending/ns1/sign.sh @@ -28,16 +28,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -g -o $zone $zonefile > /dev/null 2>&1 # Configure the resolving server with a trusted key. - -cat $keyname2.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname2 > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf diff --git a/bin/tests/system/resolver/ns6/keygen.sh b/bin/tests/system/resolver/ns6/keygen.sh index d7ec73438c..d6272c815f 100644 --- a/bin/tests/system/resolver/ns6/keygen.sh +++ b/bin/tests/system/resolver/ns6/keygen.sh @@ -30,13 +30,5 @@ zsk=`$KEYGEN -q -a rsasha256 $zone` cat $ksk.key $zsk.key dsset-ds.example.net$TP >> $zonefile $SIGNER -P -o $zone $zonefile > /dev/null 2>&1 -# Configure a trusted key statement (used by delve) -cat $ksk.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < ../ns5/trusted.conf +# Configure a trusted key statement (used by delv) +keyfile_to_trusted_keys $ksk > ../ns5/trusted.conf diff --git a/bin/tests/system/rootkeysentinel/ns1/sign.sh b/bin/tests/system/rootkeysentinel/ns1/sign.sh index 0fb350ab13..b364237efa 100644 --- a/bin/tests/system/rootkeysentinel/ns1/sign.sh +++ b/bin/tests/system/rootkeysentinel/ns1/sign.sh @@ -28,16 +28,7 @@ cat $infile $keyname.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null # Configure the resolving server with a trusted key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf - +keyfile_to_trusted_keys $keyname > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf diff --git a/bin/tests/system/rsabigexponent/ns1/sign.sh b/bin/tests/system/rsabigexponent/ns1/sign.sh index 1fcb872940..2af6a14515 100755 --- a/bin/tests/system/rsabigexponent/ns1/sign.sh +++ b/bin/tests/system/rsabigexponent/ns1/sign.sh @@ -25,16 +25,7 @@ cat $infile $keyname.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null # Configure the resolving server with a trusted key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf - +keyfile_to_trusted_keys $keyname > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf diff --git a/bin/tests/system/sfcache/ns1/sign.sh b/bin/tests/system/sfcache/ns1/sign.sh index eddee27ed2..2a37597cf7 100644 --- a/bin/tests/system/sfcache/ns1/sign.sh +++ b/bin/tests/system/sfcache/ns1/sign.sh @@ -27,24 +27,8 @@ cat $infile $keyname.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null # Configure the resolving server with a trusted key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname > trusted.conf +cp trusted.conf ../ns2/trusted.conf # ...or with a managed key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < managed.conf -cp trusted.conf ../ns2/trusted.conf +keyfile_to_managed_keys $keyname > managed.conf diff --git a/bin/tests/system/staticstub/ns3/sign.sh b/bin/tests/system/staticstub/ns3/sign.sh index 60ddc8b425..0d1ab35f51 100755 --- a/bin/tests/system/staticstub/ns3/sign.sh +++ b/bin/tests/system/staticstub/ns3/sign.sh @@ -27,16 +27,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -g -o $zone $zonefile > /dev/null 2>&1 # Configure the resolving server with a trusted key. - -cat $keyname2.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname2 > trusted.conf zone=undelegated infile=undelegated.db.in @@ -47,14 +38,5 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -g -o $zone $zonefile > /dev/null 2>&1 -cat $keyname2.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print <> trusted.conf - +keyfile_to_trusted_keys $keyname2 >> trusted.conf cp trusted.conf ../ns2/trusted.conf diff --git a/bin/tests/system/synthfromdnssec/ns1/sign.sh b/bin/tests/system/synthfromdnssec/ns1/sign.sh index 4e396dfc3a..b82ed7b5bb 100644 --- a/bin/tests/system/synthfromdnssec/ns1/sign.sh +++ b/bin/tests/system/synthfromdnssec/ns1/sign.sh @@ -32,12 +32,4 @@ cat $infile $keyname.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null # Configure the resolving server with a trusted key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname > trusted.conf diff --git a/bin/tests/system/wildcard/ns1/sign.sh b/bin/tests/system/wildcard/ns1/sign.sh index 18d78e694d..463139decc 100755 --- a/bin/tests/system/wildcard/ns1/sign.sh +++ b/bin/tests/system/wildcard/ns1/sign.sh @@ -57,15 +57,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err echo_i "signed $zone" -grep -v '^;' $keyname2.key | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < private.nsec.conf +keyfile_to_trusted_keys $keyname2 > private.nsec.conf zone=nsec3. infile=nsec3.db.in @@ -94,15 +86,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err echo_i "signed $zone" -grep -v '^;' $keyname2.key | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < private.nsec3.conf +keyfile_to_trusted_keys $keyname2 > private.nsec3.conf zone=. infile=root.db.in @@ -117,12 +101,4 @@ cat $infile $keyname1.key $keyname2.key $dssets >$zonefile $SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err echo_i "signed $zone" -grep -v '^;' $keyname2.key | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname2 > trusted.conf