From 2392b8bc7d706307cff6f59fa2b93b39d5749c11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 13 Jun 2018 07:47:12 +0200 Subject: [PATCH 1/3] Add helper functions for converting keyfile data into configuration sections Add a set of helper functions for system test scripts which enable converting key data from a set of keyfiles to either a "trusted-keys" section or a "managed-keys" section suitable for including in a resolver's configuration file. --- bin/tests/system/conf.sh.in | 35 ++++++++++++++++++++++++++++++++++ bin/tests/system/conf.sh.win32 | 35 ++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in index 1e4f97d106..4271f67c30 100644 --- a/bin/tests/system/conf.sh.in +++ b/bin/tests/system/conf.sh.in @@ -254,6 +254,41 @@ digcomp() { # Useful functions in test scripts # +# keyfile_to_keys_section: helper function for keyfile_to_*_keys() which +# converts keyfile data into a configuration section using the supplied +# parameters +keyfile_to_keys_section() { + section_name=$1 + key_prefix=$2 + shift + shift + echo "$section_name {" + for keyname in $*; do + awk '!/^; /{ + printf "\t\""$1"\" " + printf "'"$key_prefix"'" + printf $4 " " $5 " " $6 " \"" + for (i=7; i<=NF; i++) printf $i + printf "\";\n" + }' $keyname.key + done + echo "};" +} + +# keyfile_to_trusted_keys: convert key data contained in the keyfile(s) +# provided to a "trusted-keys" section suitable for including in a +# resolver's configuration file +keyfile_to_trusted_keys() { + keyfile_to_keys_section "trusted-keys" "" $* +} + +# keyfile_to_managed_keys: convert key data contained in the keyfile(s) +# provided to a "managed-keys" section suitable for including in a +# resolver's configuration file +keyfile_to_managed_keys() { + keyfile_to_keys_section "managed-keys" "initial-key " $* +} + # nextpart: read everything that's been appended to a file since the # last time 'nextpart' was called. nextpart () { diff --git a/bin/tests/system/conf.sh.win32 b/bin/tests/system/conf.sh.win32 index 1e9c02d697..07abc52d5a 100644 --- a/bin/tests/system/conf.sh.win32 +++ b/bin/tests/system/conf.sh.win32 @@ -231,6 +231,41 @@ digcomp() { # Useful functions in test scripts # +# keyfile_to_keys_section: helper function for keyfile_to_*_keys() which +# converts keyfile data into a configuration section using the supplied +# parameters +keyfile_to_keys_section() { + section_name=$1 + key_prefix=$2 + shift + shift + echo "$section_name {" + for keyname in $*; do + awk '!/^; /{ + printf "\t\""$1"\" " + printf "'"$key_prefix"'" + printf $4 " " $5 " " $6 " \"" + for (i=7; i<=NF; i++) printf $i + printf "\";\n" + }' $keyname.key + done + echo "};" +} + +# keyfile_to_trusted_keys: convert key data contained in the keyfile(s) +# provided to a "trusted-keys" section suitable for including in a +# resolver's configuration file +keyfile_to_trusted_keys() { + keyfile_to_keys_section "trusted-keys" "" $* +} + +# keyfile_to_managed_keys: convert key data contained in the keyfile(s) +# provided to a "managed-keys" section suitable for including in a +# resolver's configuration file +keyfile_to_managed_keys() { + keyfile_to_keys_section "managed-keys" "initial-key " $* +} + # nextpart: read everything that's been appended to a file since the # last time 'nextpart' was called. nextpart () { From 120af964ce6e7ce4ddeeb399aad70f7d08e6b96f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 13 Jun 2018 07:47:12 +0200 Subject: [PATCH 2/3] Replace duplicated code snippet with calls to helper functions Reduce code duplication by replacing a code snippet repeated throughout system tests using "trusted-keys" and/or "managed-keys" configuration sections with calls to keyfile_to_{managed,trusted}_keys() helper functions. --- bin/tests/system/autosign/ns1/keygen.sh | 20 ++----------- bin/tests/system/autosign/ns2/keygen.sh | 10 +------ bin/tests/system/dlv/ns1/sign.sh | 11 +------ bin/tests/system/dlv/ns3/sign.sh | 11 +------ bin/tests/system/dnssec/ns1/sign.sh | 25 ++++------------ bin/tests/system/dnssec/ns5/sign.sh | 10 +------ bin/tests/system/dsdigest/ns1/sign.sh | 11 +------ bin/tests/system/ecdsa/ns1/sign.sh | 11 +------ bin/tests/system/eddsa/ns1/sign.sh | 11 +------ bin/tests/system/inline/ns1/sign.sh | 11 +------ bin/tests/system/legacy/ns7/sign.sh | 10 +------ bin/tests/system/mkeys/ns1/sign.sh | 22 ++------------ bin/tests/system/mkeys/tests.sh | 12 +------- bin/tests/system/pending/ns1/sign.sh | 11 +------ bin/tests/system/resolver/ns6/keygen.sh | 12 ++------ bin/tests/system/rootkeysentinel/ns1/sign.sh | 11 +------ bin/tests/system/rsabigexponent/ns1/sign.sh | 11 +------ bin/tests/system/sfcache/ns1/sign.sh | 22 ++------------ bin/tests/system/staticstub/ns3/sign.sh | 22 ++------------ bin/tests/system/synthfromdnssec/ns1/sign.sh | 10 +------ bin/tests/system/wildcard/ns1/sign.sh | 30 ++------------------ 21 files changed, 34 insertions(+), 270 deletions(-) diff --git a/bin/tests/system/autosign/ns1/keygen.sh b/bin/tests/system/autosign/ns1/keygen.sh index ce32ee0e3d..20ca32f27b 100644 --- a/bin/tests/system/autosign/ns1/keygen.sh +++ b/bin/tests/system/autosign/ns1/keygen.sh @@ -33,28 +33,12 @@ rm $zsknopriv.private ksksby=`$KEYGEN -3 -a RSASHA1 -q -P now -A now+15s -fk $zone` kskrev=`$KEYGEN -3 -a RSASHA1 -q -R now+15s -fk $zone` -cat $ksksby.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $ksksby > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf -cat $kskrev.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $kskrev > trusted.conf cp trusted.conf ../ns5/trusted.conf echo $zskact > ../active.key diff --git a/bin/tests/system/autosign/ns2/keygen.sh b/bin/tests/system/autosign/ns2/keygen.sh index 11ccceadeb..d55be53bd9 100644 --- a/bin/tests/system/autosign/ns2/keygen.sh +++ b/bin/tests/system/autosign/ns2/keygen.sh @@ -36,15 +36,7 @@ zonefile="${zone}.db" infile="${zonefile}.in" ksk=`$KEYGEN -a RSASHA1 -3 -q -fk $zone` $KEYGEN -a RSASHA1 -3 -q $zone > /dev/null -cat $ksk.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < private.conf +keyfile_to_trusted_keys $ksk > private.conf cp private.conf ../ns4/private.conf $SIGNER -S -3 beef -A -o $zone -f $zonefile $infile > /dev/null 2>&1 diff --git a/bin/tests/system/dlv/ns1/sign.sh b/bin/tests/system/dlv/ns1/sign.sh index 71244d7faf..d1404b78b8 100755 --- a/bin/tests/system/dlv/ns1/sign.sh +++ b/bin/tests/system/dlv/ns1/sign.sh @@ -32,14 +32,5 @@ $SIGNER -g -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signe echo_i "signed $zone" -grep -v '^;' $keyname2.key | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname2 > trusted.conf cp trusted.conf ../ns5 - diff --git a/bin/tests/system/dlv/ns3/sign.sh b/bin/tests/system/dlv/ns3/sign.sh index 70557b0f27..a85f7860f7 100755 --- a/bin/tests/system/dlv/ns3/sign.sh +++ b/bin/tests/system/dlv/ns3/sign.sh @@ -280,16 +280,7 @@ cat $infile $dlvsets $keyname1.key $keyname2.key >$zonefile $SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err echo_i "signed $zone" - -grep -v '^;' $keyname2.key | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted-dlv.conf +keyfile_to_trusted_keys $keyname2 > trusted-dlv.conf cp trusted-dlv.conf ../ns5 cp $dssets ../ns2 diff --git a/bin/tests/system/dnssec/ns1/sign.sh b/bin/tests/system/dnssec/ns1/sign.sh index 683583543f..50ca8839d0 100644 --- a/bin/tests/system/dnssec/ns1/sign.sh +++ b/bin/tests/system/dnssec/ns1/sign.sh @@ -34,32 +34,17 @@ cat $infile $keyname.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null # Configure the resolving server with a trusted key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf - -# ...or with a managed key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < managed.conf +keyfile_to_trusted_keys $keyname > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf cp trusted.conf ../ns6/trusted.conf cp trusted.conf ../ns7/trusted.conf + +# ...or with a managed key. +keyfile_to_managed_keys $keyname > managed.conf cp managed.conf ../ns4/managed.conf + # # Save keyid for managed key id test. # diff --git a/bin/tests/system/dnssec/ns5/sign.sh b/bin/tests/system/dnssec/ns5/sign.sh index dcbd972a92..62d79bfd07 100644 --- a/bin/tests/system/dnssec/ns5/sign.sh +++ b/bin/tests/system/dnssec/ns5/sign.sh @@ -19,15 +19,7 @@ zonefile=root.db.signed keyname=`$KEYGEN -a RSASHA1 -qfk $zone` # copy the KSK out first, then revoke it -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < revoked.conf +keyfile_to_managed_keys $keyname > revoked.conf $SETTIME -R now ${keyname}.key > /dev/null diff --git a/bin/tests/system/dsdigest/ns1/sign.sh b/bin/tests/system/dsdigest/ns1/sign.sh index 51c08899be..12ba92625c 100644 --- a/bin/tests/system/dsdigest/ns1/sign.sh +++ b/bin/tests/system/dsdigest/ns1/sign.sh @@ -29,16 +29,7 @@ cat $infile $key1.key $key2.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null # Configure the resolving server with a trusted key. - -cat $key2.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $key2 > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf diff --git a/bin/tests/system/ecdsa/ns1/sign.sh b/bin/tests/system/ecdsa/ns1/sign.sh index d679ae8170..a81a3eb61d 100644 --- a/bin/tests/system/ecdsa/ns1/sign.sh +++ b/bin/tests/system/ecdsa/ns1/sign.sh @@ -25,14 +25,5 @@ cat $infile $key1.key $key2.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err # Configure the resolving server with a trusted key. - -cat $key1.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $key1 > trusted.conf cp trusted.conf ../ns2/trusted.conf diff --git a/bin/tests/system/eddsa/ns1/sign.sh b/bin/tests/system/eddsa/ns1/sign.sh index 8a807abae4..85a6cc5030 100644 --- a/bin/tests/system/eddsa/ns1/sign.sh +++ b/bin/tests/system/eddsa/ns1/sign.sh @@ -26,16 +26,7 @@ cat $infile $key1.key $key2.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err # Configure the resolving server with a trusted key. - -cat $key1.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $key1 > trusted.conf cp trusted.conf ../ns2/trusted.conf cd ../ns2 && $SHELL sign.sh diff --git a/bin/tests/system/inline/ns1/sign.sh b/bin/tests/system/inline/ns1/sign.sh index 03a55ad761..97d8291758 100644 --- a/bin/tests/system/inline/ns1/sign.sh +++ b/bin/tests/system/inline/ns1/sign.sh @@ -20,14 +20,5 @@ keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` $SIGNER -S -x -T 1200 -o ${zone} root.db > signer.out 2>&1 [ $? = 0 ] || cat signer.out -cat ${keyname}.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf - +keyfile_to_trusted_keys $keyname > trusted.conf cp trusted.conf ../ns6/trusted.conf diff --git a/bin/tests/system/legacy/ns7/sign.sh b/bin/tests/system/legacy/ns7/sign.sh index 450bdd53d3..679c74de9c 100755 --- a/bin/tests/system/legacy/ns7/sign.sh +++ b/bin/tests/system/legacy/ns7/sign.sh @@ -28,13 +28,5 @@ cat $infile $keyname1.key $keyname2.key >$zonefile $SIGNER -g -o $zone -f $outfile -e +30y $zonefile > /dev/null 2> signer.err || cat signer.err -grep -v '^;' $keyname2.key | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname2 > trusted.conf cp trusted.conf ../ns1 diff --git a/bin/tests/system/mkeys/ns1/sign.sh b/bin/tests/system/mkeys/ns1/sign.sh index 211e7dfa3f..4b392cc147 100644 --- a/bin/tests/system/mkeys/ns1/sign.sh +++ b/bin/tests/system/mkeys/ns1/sign.sh @@ -21,29 +21,13 @@ zskkeyname=`$KEYGEN -a rsasha256 -q $zone` $SIGNER -Sg -o $zone $zonefile > /dev/null 2>/dev/null # Configure the resolving server with a managed trusted key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < managed.conf +keyfile_to_managed_keys $keyname > managed.conf cp managed.conf ../ns2/managed.conf cp managed.conf ../ns4/managed.conf cp managed.conf ../ns5/managed.conf -# Configure a trusted key statement (used by delve) -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +# Configure a trusted key statement (used by delv) +keyfile_to_trusted_keys $keyname > trusted.conf # # Save keyname and keyid for managed key id test. diff --git a/bin/tests/system/mkeys/tests.sh b/bin/tests/system/mkeys/tests.sh index c72811aaf0..9517456afb 100644 --- a/bin/tests/system/mkeys/tests.sh +++ b/bin/tests/system/mkeys/tests.sh @@ -298,17 +298,7 @@ status=`expr $status + $ret` echo_i "reinitialize trust anchors, add second key to bind.keys" $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} . ns2 rm -f ns2/managed-keys.bind* -cat ns1/$standby1.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -local $originalkey = `grep initial-key ns2/managed1.conf`; -print < ns2/managed.conf +keyfile_to_managed_keys ns1/`cat ns1/managed.key` ns1/$standby1 > ns2/managed.conf nextpart ns2/named.run > /dev/null $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns2 diff --git a/bin/tests/system/pending/ns1/sign.sh b/bin/tests/system/pending/ns1/sign.sh index 6e7c38854b..fa0350a5be 100644 --- a/bin/tests/system/pending/ns1/sign.sh +++ b/bin/tests/system/pending/ns1/sign.sh @@ -28,16 +28,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -g -o $zone $zonefile > /dev/null 2>&1 # Configure the resolving server with a trusted key. - -cat $keyname2.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname2 > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf diff --git a/bin/tests/system/resolver/ns6/keygen.sh b/bin/tests/system/resolver/ns6/keygen.sh index d7ec73438c..d6272c815f 100644 --- a/bin/tests/system/resolver/ns6/keygen.sh +++ b/bin/tests/system/resolver/ns6/keygen.sh @@ -30,13 +30,5 @@ zsk=`$KEYGEN -q -a rsasha256 $zone` cat $ksk.key $zsk.key dsset-ds.example.net$TP >> $zonefile $SIGNER -P -o $zone $zonefile > /dev/null 2>&1 -# Configure a trusted key statement (used by delve) -cat $ksk.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < ../ns5/trusted.conf +# Configure a trusted key statement (used by delv) +keyfile_to_trusted_keys $ksk > ../ns5/trusted.conf diff --git a/bin/tests/system/rootkeysentinel/ns1/sign.sh b/bin/tests/system/rootkeysentinel/ns1/sign.sh index 0fb350ab13..b364237efa 100644 --- a/bin/tests/system/rootkeysentinel/ns1/sign.sh +++ b/bin/tests/system/rootkeysentinel/ns1/sign.sh @@ -28,16 +28,7 @@ cat $infile $keyname.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null # Configure the resolving server with a trusted key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf - +keyfile_to_trusted_keys $keyname > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns4/trusted.conf diff --git a/bin/tests/system/rsabigexponent/ns1/sign.sh b/bin/tests/system/rsabigexponent/ns1/sign.sh index 1fcb872940..2af6a14515 100755 --- a/bin/tests/system/rsabigexponent/ns1/sign.sh +++ b/bin/tests/system/rsabigexponent/ns1/sign.sh @@ -25,16 +25,7 @@ cat $infile $keyname.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null # Configure the resolving server with a trusted key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf - +keyfile_to_trusted_keys $keyname > trusted.conf cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns3/trusted.conf diff --git a/bin/tests/system/sfcache/ns1/sign.sh b/bin/tests/system/sfcache/ns1/sign.sh index eddee27ed2..2a37597cf7 100644 --- a/bin/tests/system/sfcache/ns1/sign.sh +++ b/bin/tests/system/sfcache/ns1/sign.sh @@ -27,24 +27,8 @@ cat $infile $keyname.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null # Configure the resolving server with a trusted key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname > trusted.conf +cp trusted.conf ../ns2/trusted.conf # ...or with a managed key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < managed.conf -cp trusted.conf ../ns2/trusted.conf +keyfile_to_managed_keys $keyname > managed.conf diff --git a/bin/tests/system/staticstub/ns3/sign.sh b/bin/tests/system/staticstub/ns3/sign.sh index 60ddc8b425..0d1ab35f51 100755 --- a/bin/tests/system/staticstub/ns3/sign.sh +++ b/bin/tests/system/staticstub/ns3/sign.sh @@ -27,16 +27,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -g -o $zone $zonefile > /dev/null 2>&1 # Configure the resolving server with a trusted key. - -cat $keyname2.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname2 > trusted.conf zone=undelegated infile=undelegated.db.in @@ -47,14 +38,5 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -g -o $zone $zonefile > /dev/null 2>&1 -cat $keyname2.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print <> trusted.conf - +keyfile_to_trusted_keys $keyname2 >> trusted.conf cp trusted.conf ../ns2/trusted.conf diff --git a/bin/tests/system/synthfromdnssec/ns1/sign.sh b/bin/tests/system/synthfromdnssec/ns1/sign.sh index 4e396dfc3a..b82ed7b5bb 100644 --- a/bin/tests/system/synthfromdnssec/ns1/sign.sh +++ b/bin/tests/system/synthfromdnssec/ns1/sign.sh @@ -32,12 +32,4 @@ cat $infile $keyname.key > $zonefile $SIGNER -P -g -o $zone $zonefile > /dev/null # Configure the resolving server with a trusted key. -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname > trusted.conf diff --git a/bin/tests/system/wildcard/ns1/sign.sh b/bin/tests/system/wildcard/ns1/sign.sh index 18d78e694d..463139decc 100755 --- a/bin/tests/system/wildcard/ns1/sign.sh +++ b/bin/tests/system/wildcard/ns1/sign.sh @@ -57,15 +57,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err echo_i "signed $zone" -grep -v '^;' $keyname2.key | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < private.nsec.conf +keyfile_to_trusted_keys $keyname2 > private.nsec.conf zone=nsec3. infile=nsec3.db.in @@ -94,15 +86,7 @@ cat $infile $keyname1.key $keyname2.key > $zonefile $SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err echo_i "signed $zone" -grep -v '^;' $keyname2.key | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < private.nsec3.conf +keyfile_to_trusted_keys $keyname2 > private.nsec3.conf zone=. infile=root.db.in @@ -117,12 +101,4 @@ cat $infile $keyname1.key $keyname2.key $dssets >$zonefile $SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err echo_i "signed $zone" -grep -v '^;' $keyname2.key | $PERL -n -e ' -local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; -local $key = join("", @rest); -print < trusted.conf +keyfile_to_trusted_keys $keyname2 > trusted.conf From 68f056b2a07098896d3f6898ba9927fea3158fef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micha=C5=82=20K=C4=99pie=C5=84?= Date: Wed, 13 Jun 2018 07:47:12 +0200 Subject: [PATCH 3/3] Add helper variables in mkeys system test The keyfile and key ID for the original managed key do not change throughout the mkeys system test. Keep them in helper variables to prevent calling "cat" multiple times and improve code readability. --- bin/tests/system/mkeys/tests.sh | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/bin/tests/system/mkeys/tests.sh b/bin/tests/system/mkeys/tests.sh index 9517456afb..4709e19a16 100644 --- a/bin/tests/system/mkeys/tests.sh +++ b/bin/tests/system/mkeys/tests.sh @@ -84,6 +84,9 @@ mkeys_secroots_on() { $RNDCCMD 10.53.0.${nsidx} secroots | sed "s/^/ns${nsidx} /" | cat_i } +original=`cat ns1/managed.key` +originalid=`cat ns1/managed.key.id` + status=0 n=1 @@ -191,7 +194,7 @@ ret=0 echo_i "restore untrusted standby key, revoke original key ($n)" t1=$t2 $SETTIME -D none -K ns1 $standby1 > /dev/null -$SETTIME -R now -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -R now -K ns1 $original > /dev/null mkeys_loadkeys_on 1 # Less than a second may have passed since the last time ns2 received a # ./DNSKEY response from ns1. Ensure keys are refreshed at a different @@ -261,9 +264,9 @@ n=`expr $n + 1` ret=0 echo_i "restore revoked key, ensure same result ($n)" t1=$t2 -$SETTIME -R none -D now -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -R none -D now -K ns1 $original > /dev/null mkeys_loadkeys_on 1 -$SETTIME -D none -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -D none -K ns1 $original > /dev/null mkeys_loadkeys_on 1 # Less than a second may have passed since the last time ns2 received a # ./DNSKEY response from ns1. Ensure keys are refreshed at a different @@ -298,7 +301,7 @@ status=`expr $status + $ret` echo_i "reinitialize trust anchors, add second key to bind.keys" $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} . ns2 rm -f ns2/managed-keys.bind* -keyfile_to_managed_keys ns1/`cat ns1/managed.key` ns1/$standby1 > ns2/managed.conf +keyfile_to_managed_keys ns1/$original ns1/$standby1 > ns2/managed.conf nextpart ns2/named.run > /dev/null $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} . ns2 @@ -339,7 +342,7 @@ n=`expr $n + 1` echo_i "revoke original key, add new standby ($n)" ret=0 standby2=`$KEYGEN -a rsasha256 -qfk -K ns1 .` -$SETTIME -R now -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -R now -K ns1 $original > /dev/null mkeys_loadkeys_on 1 mkeys_refresh_on 2 mkeys_status_on 2 > rndc.out.$n 2>&1 @@ -425,7 +428,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "revoke all keys, confirm roll to insecure ($n)" ret=0 -$SETTIME -D now -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -D now -K ns1 $original > /dev/null $SETTIME -R now -K ns1 $standby1 > /dev/null $SETTIME -R now -K ns1 $standby2 > /dev/null mkeys_loadkeys_on 1 @@ -461,7 +464,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` echo_i "reset the root server" -$SETTIME -D none -R none -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -D none -R none -K ns1 $original > /dev/null $SETTIME -D now -K ns1 $standby1 > /dev/null $SETTIME -D now -K ns1 $standby2 > /dev/null $SIGNER -Sg -K ns1 -N unixtime -o . ns1/root.db > /dev/null 2>/dev/null @@ -488,9 +491,7 @@ status=`expr $status + $ret` n=`expr $n + 1` echo_i "revoke key with bad signature, check revocation is ignored ($n)" ret=0 -orig=`cat ns1/managed.key` -keyid=`cat ns1/managed.key.id` -revoked=`$REVOKE -K ns1 $orig` +revoked=`$REVOKE -K ns1 $original` rkeyid=`expr $revoked : 'ns1/K\.+00.+0*\([1-9]*[0-9]*[0-9]\)'` rm -f ns1/root.db.signed.jnl # We need to activate at least one valid DNSKEY to prevent dnssec-signzone from @@ -515,8 +516,8 @@ mkeys_status_on 2 > rndc.out.$n 2>&1 count=`grep -c "keyid: " rndc.out.$n` [ "$count" -eq 1 ] || { echo "'keyid:' count ($count) != 1"; ret=1; } # it's the original key id -count=`grep -c "keyid: $keyid" rndc.out.$n` -[ "$count" -eq 1 ] || { echo "'keyid: $keyid' count ($count) != 1"; ret=1; } +count=`grep -c "keyid: $originalid" rndc.out.$n` +[ "$count" -eq 1 ] || { echo "'keyid: $originalid' count ($count) != 1"; ret=1; } # not revoked count=`grep -c "REVOKE" rndc.out.$n` [ "$count" -eq 0 ] || { echo "'REVOKE' count ($count) != 0"; ret=1; } @@ -542,7 +543,7 @@ echo_i "restore DNSKEY rrset, check validation succeeds again ($n)" ret=0 rm -f ${revoked}.key ${revoked}.private rm -f ns1/root.db.signed.jnl -$SETTIME -D none -R none -K ns1 `cat ns1/managed.key` > /dev/null +$SETTIME -D none -R none -K ns1 $original > /dev/null $SETTIME -D now -K ns1 $standby1 > /dev/null # Less than a second may have passed since ns1 was started. If we call # dnssec-signzone immediately, ns1/root.db.signed will not be reloaded by the @@ -583,7 +584,7 @@ mkeys_status_on 2 > rndc.out.$n 2>&1 count=`grep -c "keyid: " rndc.out.$n` [ "$count" -eq 1 ] || ret=1 # it's the original key id -count=`grep -c "keyid: $keyid" rndc.out.$n` +count=`grep -c "keyid: $originalid" rndc.out.$n` [ "$count" -eq 1 ] || ret=1 # not revoked count=`grep -c "REVOKE" rndc.out.$n` @@ -621,7 +622,7 @@ mkeys_status_on 2 > rndc.out.$n 2>&1 count=`grep -c "keyid: " rndc.out.$n` [ "$count" -eq 1 ] || ret=1 # it's the original key id -count=`grep -c "keyid: $keyid" rndc.out.$n` +count=`grep -c "keyid: $originalid" rndc.out.$n` [ "$count" -eq 1 ] || ret=1 # not revoked count=`grep -c "REVOKE" rndc.out.$n`