2919. [func] Add autosign-ksk and autosign-zsk virtual time tests.

[RT #20840]

CHANGES

@@ -1,3 +1,6 @@
+2919.	[func]		Add autosign-ksk and autosign-zsk virtual time tests.
+			[RT #20840]
+
 2918.	[maint]		Add AAAA address for I.ROOT-SERVERS.NET.
 
 2917.	[func]		Virtual time test framework. [RT #20801]

bin/tests/virtual-time/autosign-ksk/clean.sh

@@ -0,0 +1,26 @@
+# Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.2 2010/06/21 02:31:45 marka Exp $
+
+#
+# Clean up after virtual time tests.
+#
+rm -f */K* */dsset-* */*.signed */*.jnl */tmp*
+rm -f dig.out.*
+rm -f random.data*
+rm -f */named.memstats
+rm -f */*vtwrapper.*
+rm -f ns1/example.db
+rm -f ns1/keyname

bin/tests/virtual-time/autosign-ksk/ns1/.cvsignore

@@ -0,0 +1 @@
+named.run

bin/tests/virtual-time/autosign-ksk/ns1/example.db.in

@@ -0,0 +1,12 @@
+$TTL 60	; 1 mn (to avoid to delay activation with ttl > prepublish)
+@			IN SOA	ns root (
+				2000042100   	; serial
+				600         	; refresh
+				600         	; retry
+				12000   	; expire
+				600       	; minimum
+				)
+			NS	ns
+ns			A	10.53.0.1
+
+txt			TXT	"recursed"

bin/tests/virtual-time/autosign-ksk/ns1/named.conf

@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.2 2010/06/21 02:31:45 marka Exp $ */
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.1;
+	notify-source 10.53.0.1;
+	transfer-source 10.53.0.1;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.1; };
+	listen-on-v6 { none; };
+	recursion no;
+	notify no;
+	dnssec-enable yes;
+	dnssec-validation yes;
+	sig-validity-interval 20;
+};
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-md5;
+};
+
+controls {
+	inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
+};
+
+zone "." {
+	type master;
+	file "root.db";
+};
+
+zone "example." {
+	type master;
+	file "example.db.signed";
+	allow-query { any; };
+	allow-update { any; };
+	auto-dnssec maintain;	
+};
+

bin/tests/virtual-time/autosign-ksk/ns1/root.db

@@ -0,0 +1,30 @@
+; Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.2 2010/06/21 02:31:45 marka Exp $
+
+$TTL 300
+. 			IN SOA	gson.nominum.com. a.root.servers.nil. (
+				2000082401 ; serial
+				1800       ; refresh (30 minutes)
+				1800       ; retry (30 minutes)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+.			NS	a.root-servers.nil.
+a.root-servers.nil.	A	10.53.0.1
+
+example		NS	ns.example
+ns.example		A	10.53.0.1
+

bin/tests/virtual-time/autosign-ksk/ns1/sign.sh

@@ -0,0 +1,40 @@
+#!/bin/sh -e
+#
+# Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: sign.sh,v 1.2 2010/06/21 02:31:45 marka Exp $
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+RANDFILE=../random.data1
+RANDFILE2=../random.data2
+
+zone=example.
+infile=example.db.in
+zonefile=example.db
+
+zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
+kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -f KSK -n zone $zone`
+
+cat $infile $zskname.key $kskname.key > $zonefile
+
+$SIGNER -P -e +1000d -r $RANDFILE -o $zone $zonefile > /dev/null
+
+# ksk
+keyname=`$KEYGEN -q -r $RANDFILE2 -a RSASHA1 -b 1024 -n zone \
+	-f KSK -P +20 -A +1h -R +6h -I +1d -D +1mo $zone`
+
+echo $keyname > keyname

bin/tests/virtual-time/autosign-ksk/ns1/wrap.sh

@@ -0,0 +1,24 @@
+# Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: wrap.sh,v 1.2 2010/06/21 02:31:45 marka Exp $
+
+#
+# Wrapper for named
+#
+
+LD_PRELOAD=../../libvtwrapper.so
+export LD_PRELOAD
+
+exec $*

bin/tests/virtual-time/autosign-ksk/setup.sh

@@ -0,0 +1,28 @@
+#!/bin/sh -e
+#
+# Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.2 2010/06/21 02:31:45 marka Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+. ./clean.sh
+
+../../../tools/genrandom 800 random.data
+dd if=random.data of=random.data1 bs=1k count=400 2> /dev/null
+dd if=random.data of=random.data2 bs=1k skip=400 2> /dev/null
+
+cd ns1 && sh sign.sh
+

bin/tests/virtual-time/autosign-ksk/tests.sh

@@ -0,0 +1,109 @@
+#!/bin/sh
+#
+# Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.2 2010/06/21 02:31:45 marka Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+n=0
+
+DIGOPTS="+noadd +nosea +nostat +nocmd +noauth +dnssec -p 5300"
+
+ksk=ns1/`cat ns1/keyname`.key
+kskpat=`awk '/DNSKEY/ { print $8 }' $ksk`
+kskid=`sed 's/^Kexample\.+005+0*//' < ns1/keyname`
+rkskid=`expr \( $kskid + 128 \) \% 65536`
+
+echo "I:checking for KSK not yet published ($n)"
+ret=0
+$DIG $DIGOPTS -t dnskey example. @10.53.0.1 > dig.out.ns1.test$n || ret=1
+# Note - this is looking for failure, hence the &&
+tr -d ' ' < dig.out.ns1.test$n | grep $kskpat > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# 5s real, 55s virtual, P +20
+sleep 4
+
+echo "I:checking for KSK published but not yet active ($n)"
+ret=0
+$DIG $DIGOPTS -t dnskey example. @10.53.0.1 > dig.out.ns1.test$n || ret=1
+tr -d ' ' < dig.out.ns1.test$n | grep $kskpat > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep 'RRSIG.*'" $kskid "'example\. ' dig.out.ns1.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ] ; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# 10s real, 2h15mn virtual, A +1h
+sleep 5
+
+echo "I:checking for KSK active ($n)"
+ret=0
+$DIG $DIGOPTS -t dnskey example. @10.53.0.1 > dig.out.ns1.test$n || ret=1
+tr -d ' ' < dig.out.ns1.test$n | grep $kskpat > /dev/null || ret=1
+grep 'RRSIG.*'" $kskid "'example\. ' dig.out.ns1.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ] ; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# 11s real, 6h7,m virtual, R +6h
+sleep 1
+
+echo "I:checking for KSK revoked ($n)"
+ret=0
+$DIG $DIGOPTS -t dnskey example. @10.53.0.1 > dig.out.ns1.test$n || ret=1
+tr -d ' ' < dig.out.ns1.test$n | grep $kskpat > /dev/null || ret=1
+awk 'BEGIN { $noksk=1 } \
+/DNSKEY/ { $5==385 && $noksk=0 } \
+END { exit $noksk }' < dig.out.ns1.test$n > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+grep 'RRSIG.*'" $kskid "'example\. ' dig.out.ns1.test$n > /dev/null && ret=1
+grep 'RRSIG.*'" $rkskid "'example\. ' dig.out.ns1.test$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ] ; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# 13s real, 45h virtual, I +1d
+sleep 2
+
+echo "I:checking for KSK retired but not yet deleted ($n)"
+ret=0
+$DIG $DIGOPTS -t dnskey example. @10.53.0.1 > dig.out.ns1.test$n || ret=1
+tr -d ' ' < dig.out.ns1.test$n | grep $kskpat > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ] ; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# 17s real, 103d virtual, D +1mo
+sleep 4
+
+echo "I:checking for KSK deleted ($n)"
+ret=0
+$DIG $DIGOPTS -t dnskey example. @10.53.0.1 > dig.out.ns1.test$n || ret=1
+# Note - this is looking for failure, hence the &&
+tr -d ' ' < dig.out.ns1.test$n | grep $kskpat > /dev/null && ret=1
+# Note - this is looking for failure, hence the &&
+grep 'RRSIG.*'" $rkskid "'example\. ' dig.out.ns1.test$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ] ; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+exit $status

bin/tests/virtual-time/autosign-zsk/clean.sh

@@ -0,0 +1,26 @@
+# Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: clean.sh,v 1.2 2010/06/21 02:31:45 marka Exp $
+
+#
+# Clean up after virtual time tests.
+#
+rm -f */K* */dsset-* */*.signed */*.jnl */tmp*
+rm -f dig.out.*
+rm -f random.data*
+rm -f */named.memstats
+rm -f */*vtwrapper.*
+rm -f ns1/example.db
+rm -f ns1/keyname

bin/tests/virtual-time/autosign-zsk/ns1/.cvsignore

@@ -0,0 +1 @@
+named.run

bin/tests/virtual-time/autosign-zsk/ns1/example.db.in

@@ -0,0 +1,12 @@
+$TTL 60	; 1 mn (to avoid to delay activation with ttl > prepublish)
+@			IN SOA	ns root (
+				2000042100   	; serial
+				600         	; refresh
+				600         	; retry
+				12000   	; expire
+				600       	; minimum
+				)
+			NS	ns
+ns			A	10.53.0.1
+
+txt			TXT	"recursed"

bin/tests/virtual-time/autosign-zsk/ns1/named.conf

@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.2 2010/06/21 02:31:45 marka Exp $ */
+
+controls { /* empty */ };
+
+options {
+	query-source address 10.53.0.1;
+	notify-source 10.53.0.1;
+	transfer-source 10.53.0.1;
+	port 5300;
+	pid-file "named.pid";
+	listen-on { 10.53.0.1; };
+	listen-on-v6 { none; };
+	recursion no;
+	notify no;
+	dnssec-enable yes;
+	dnssec-validation yes;
+	sig-validity-interval 2;
+};
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-md5;
+};
+
+controls {
+	inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
+};
+
+zone "." {
+	type master;
+	file "root.db";
+};
+
+zone "example." {
+	type master;
+	file "example.db.signed";
+	allow-query { any; };
+	allow-update { any; };
+	auto-dnssec maintain;	
+};
+

bin/tests/virtual-time/autosign-zsk/ns1/root.db

@@ -0,0 +1,30 @@
+; Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+; $Id: root.db,v 1.2 2010/06/21 02:31:46 marka Exp $
+
+$TTL 300
+. 			IN SOA	gson.nominum.com. a.root.servers.nil. (
+				2000082401 ; serial
+				1800       ; refresh (30 minutes)
+				1800       ; retry (30 minutes)
+				1814400    ; expire (3 weeks)
+				3600       ; minimum (1 hour)
+				)
+.			NS	a.root-servers.nil.
+a.root-servers.nil.	A	10.53.0.1
+
+example		NS	ns.example
+ns.example		A	10.53.0.1
+

bin/tests/virtual-time/autosign-zsk/ns1/sign.sh

@@ -0,0 +1,40 @@
+#!/bin/sh -e
+#
+# Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: sign.sh,v 1.2 2010/06/21 02:31:46 marka Exp $
+
+SYSTEMTESTTOP=../..
+. $SYSTEMTESTTOP/conf.sh
+
+RANDFILE=../random.data1
+RANDFILE2=../random.data2
+
+zone=example.
+infile=example.db.in
+zonefile=example.db
+
+zskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
+kskname=`$KEYGEN -q -r $RANDFILE -a RSASHA1 -b 1024 -f KSK -n zone $zone`
+
+cat $infile $zskname.key $kskname.key > $zonefile
+
+$SIGNER -P -e +1000d -r $RANDFILE -o $zone $zonefile > /dev/null
+
+# zsk, no -R
+keyname=`$KEYGEN -q -r $RANDFILE2 -a RSASHA1 -b 768 -n zone \
+	-P +20 -A +1h -I +1d -D +1mo $zone`
+
+echo $keyname > keyname

bin/tests/virtual-time/autosign-zsk/ns1/wrap.sh

@@ -0,0 +1,24 @@
+# Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: wrap.sh,v 1.2 2010/06/21 02:31:46 marka Exp $
+
+#
+# Wrapper for named
+#
+
+LD_PRELOAD=../../libvtwrapper.so
+export LD_PRELOAD
+
+exec $*

bin/tests/virtual-time/autosign-zsk/setup.sh

@@ -0,0 +1,28 @@
+#!/bin/sh -e
+#
+# Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: setup.sh,v 1.2 2010/06/21 02:31:45 marka Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+. ./clean.sh
+
+../../../tools/genrandom 800 random.data
+dd if=random.data of=random.data1 bs=1k count=400 2> /dev/null
+dd if=random.data of=random.data2 bs=1k skip=400 2> /dev/null
+
+cd ns1 && sh sign.sh
+

bin/tests/virtual-time/autosign-zsk/tests.sh

@@ -0,0 +1,100 @@
+#!/bin/sh
+#
+# Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# $Id: tests.sh,v 1.2 2010/06/21 02:31:45 marka Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+
+status=0
+n=0
+
+DIGOPTS="+noadd +nosea +nostat +nocmd +noauth +dnssec -p 5300"
+
+zsk=ns1/`cat ns1/keyname`.key
+zskpat=`awk '/DNSKEY/ { print $8 }' $zsk`
+zskid=`sed 's/^Kexample\.+005+0*//' < ns1/keyname`
+
+echo "I:checking for ZSK not yet published ($n)"
+ret=0
+$DIG $DIGOPTS -t dnskey example. @10.53.0.1 > dig.out.ns1.key$n || ret=1
+# Note - this is looking for failure, hence the &&
+tr -d ' ' < dig.out.ns1.key$n | grep $zskpat > /dev/null && ret=1
+$DIG $DIGOPTS -t txt txt.example. @10.53.0.1 > dig.out.ns1.txt$n || ret=1
+# Note - this is looking for failure, hence the &&
+grep 'RRSIG.*'" $zskid "'example\. ' dig.out.ns1.txt$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# 5s real, 55s virtual, P +20
+sleep 4
+
+echo "I:checking for ZSK published but not yet active ($n)"
+ret=0
+$DIG $DIGOPTS -t dnskey example. @10.53.0.1 > dig.out.ns1.key$n || ret=1
+tr -d ' ' < dig.out.ns1.key$n | grep $zskpat > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+$DIG $DIGOPTS -t txt txt.example. @10.53.0.1 > dig.out.ns1.txt$n || ret=1
+grep 'RRSIG.*'" $zskid "'example\. ' dig.out.ns1.txt$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ] ; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# 10s real, 2h15mn virtual, A +1h
+sleep 5
+
+echo "I:checking for ZSK active ($n)"
+ret=0
+$DIG $DIGOPTS -t dnskey example. @10.53.0.1 > dig.out.ns1.key$n || ret=1
+tr -d ' ' < dig.out.ns1.key$n | grep $zskpat > /dev/null || ret=1
+$DIG $DIGOPTS -t txt txt.example. @10.53.0.1 > dig.out.ns1.txt$n || ret=1
+grep 'RRSIG.*'" $zskid "'example\. ' dig.out.ns1.txt$n > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ] ; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# 13s real, 45h virtual, I +1d
+sleep 3
+
+echo "I:checking for ZSK retired but not yet deleted ($n)"
+ret=0
+$DIG $DIGOPTS -t dnskey example. @10.53.0.1 > dig.out.ns1.key$n || ret=1
+tr -d ' ' < dig.out.ns1.key$n | grep $zskpat > /dev/null || ret=1
+# Note - this is looking for failure, hence the &&
+$DIG $DIGOPTS -t txt txt.example. @10.53.0.1 > dig.out.ns1.txt$n || ret=1
+grep 'RRSIG.*'" $zskid "'example\. ' dig.out.ns1.txt$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ] ; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+# 17s real, 103d virtual, D +1mo
+sleep 4
+
+echo "I:checking for ZSK deleted ($n)"
+ret=0
+$DIG $DIGOPTS -t dnskey example. @10.53.0.1 > dig.out.ns1.key$n || ret=1
+# Note - this is looking for failure, hence the &&
+tr -d ' ' < dig.out.ns1.key$n | grep $zskpat > /dev/null && ret=1
+# Note - this is looking for failure, hence the &&
+$DIG $DIGOPTS -t txt txt.example. @10.53.0.1 > dig.out.ns1.txt$n || ret=1
+grep 'RRSIG.*'" $zskid "'example\. ' dig.out.ns1.txt$n > /dev/null && ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ] ; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:exit status: $status"
+exit $status

bin/tests/virtual-time/conf.sh.in

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: conf.sh.in,v 1.2 2010/06/17 05:38:05 marka Exp $
+# $Id: conf.sh.in,v 1.3 2010/06/21 02:31:45 marka Exp $
 
 #
 # Common configuration data for system tests, to be sourced into
@@ -43,7 +43,7 @@ DSFROMKEY=$TOP/bin/dnssec/dnssec-dsfromkey
 CHECKZONE=$TOP/bin/check/named-checkzone
 CHECKCONF=$TOP/bin/check/named-checkconf
 
-SUBDIRS="autosign slave"
+SUBDIRS="slave autosign-zsk autosign-ksk"
 
 # PERL will be an empty string if no perl interpreter was found.
 PERL=@PERL@