Test the next key event after full sign

After a full sign we no longer have to need to take the sign delay into
account.

(cherry picked from commit acbf110b18)

bin/tests/system/isctest/kasp.py

@@ -72,11 +72,12 @@ def IpubC(config, rollover=True):
     return config["zone-propagation-delay"] + max(ttl1, ttl2)
 
 
-def Iret(config, zsk=True, ksk=False, rollover=True):
+def Iret(config, zsk=True, ksk=False, rollover=True, smooth=True):
     sign_delay = timedelta(0)
     safety_interval = timedelta(0)
     if rollover:
-        sign_delay = config["signatures-validity"] - config["signatures-refresh"]
+        if smooth:
+            sign_delay = config["signatures-validity"] - config["signatures-refresh"]
         safety_interval = config["retire-safety"]
 
     iretKSK = timedelta(0)
@@ -246,7 +247,9 @@ class KeyProperties:
         if "Lifetime" not in self.metadata or self.metadata["Lifetime"] == 0:
             return
 
-        iret = Iret(config, zsk=self.key.is_zsk(), ksk=self.key.is_ksk())
+        sigdel = self.key.get_timing("SigRemoved", must_exist=False)
+        smooth = sigdel is None
+        iret = Iret(config, zsk=self.key.is_zsk(), ksk=self.key.is_ksk(), smooth=smooth)
         self.timing["Removed"] = self.timing["Retired"] + iret
 
     def set_expected_keytimes(

bin/tests/system/rollover-zsk-prepub/tests_rollover_zsk_prepublication.py

@@ -41,7 +41,7 @@ POLICY = "zsk-prepub"
 ZSK_LIFETIME = TIMEDELTA["P30D"]
 LIFETIME_POLICY = int(ZSK_LIFETIME.total_seconds())
 IPUB = Ipub(CONFIG)
-IRET = Iret(CONFIG, rollover=True)
+IRET = Iret(CONFIG)
 KEYTTLPROP = CONFIG["dnskey-ttl"] + CONFIG["zone-propagation-delay"]
 OFFSETS = {}
 OFFSETS["step1-p"] = -int(TIMEDELTA["P7D"].total_seconds())
@@ -228,6 +228,7 @@ def test_zsk_prepub_step3(tld, alg, size, ns3):
         watcher.wait_for_line(f"zone {zone}/IN (signed): sending notifies")
 
     step["smooth"] = False
+    step["nextev"] = Iret(CONFIG, smooth=False)
     isctest.kasp.check_rollover_step(ns3, CONFIG, POLICY, step)