From bbedadf76ab670b01887fb9b41097120ea4fdf14 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Wed, 15 Dec 2010 18:44:37 +0000
Subject: [PATCH] 2985.	[bug]		Add a regression test for change
 #2896. [RT #21324]

---
 CHANGES                                  |  2 ++
 bin/tests/system/autosign/ns3/keygen.sh  | 11 +++++-
 bin/tests/system/autosign/ns3/named.conf |  9 ++++-
 bin/tests/system/autosign/tests.sh       | 43 ++++++++++++++++++++++--
 4 files changed, 61 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 8f0d16abeb..5c5f05d3fa 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+2985.	[bug]		Add a regression test for change #2896. [RT #21324]
+
 2984.	[bug]		Don't run MX checks when the target of the MX record
 			is ".".  [RT #22645]
 
diff --git a/bin/tests/system/autosign/ns3/keygen.sh b/bin/tests/system/autosign/ns3/keygen.sh
index 19e23ab3e4..8c0b162bd6 100644
--- a/bin/tests/system/autosign/ns3/keygen.sh
+++ b/bin/tests/system/autosign/ns3/keygen.sh
@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: keygen.sh,v 1.7 2010/05/19 07:45:38 marka Exp $
+# $Id: keygen.sh,v 1.8 2010/12/15 18:44:37 each Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -196,3 +196,12 @@ echo $ksk > ../del1.key
 zsk=`$KEYGEN -q -3 -r $RANDFILE $zone`
 echo $zsk > ../del2.key
 $SIGNER -S -3 beef -o $zone -f $zonefile $infile > /dev/null 2>&1
+
+#
+# Introducing a pre-published key test.
+#
+zone=prepub.example
+zonefile="${zone}.db"
+$KEYGEN -3 -q -r $RANDFILE -fk $zone > /dev/null
+$KEYGEN -3 -q -r $RANDFILE $zone > /dev/null
+$SIGNER -S -3 beef -o $zone -f $zonefile $infile > /dev/null 2>&1
diff --git a/bin/tests/system/autosign/ns3/named.conf b/bin/tests/system/autosign/ns3/named.conf
index a22d475a49..be43563bcd 100644
--- a/bin/tests/system/autosign/ns3/named.conf
+++ b/bin/tests/system/autosign/ns3/named.conf
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.6 2010/05/19 07:45:38 marka Exp $ */
+/* $Id: named.conf,v 1.7 2010/12/15 18:44:37 each Exp $ */
 
 // NS3
 
@@ -178,4 +178,11 @@ zone "oldsigs.example" {
 	auto-dnssec maintain;
 };
 
+zone "prepub.example" {
+	type master;
+	file "prepub.example.db";
+	allow-update { any; };
+	auto-dnssec maintain;
+};
+
 include "trusted.conf";
diff --git a/bin/tests/system/autosign/tests.sh b/bin/tests/system/autosign/tests.sh
index 6da87b9e17..02d5a88cd7 100644
--- a/bin/tests/system/autosign/tests.sh
+++ b/bin/tests/system/autosign/tests.sh
@@ -14,11 +14,13 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.11 2010/08/16 22:21:06 marka Exp $
+# $Id: tests.sh,v 1.12 2010/12/15 18:44:37 each Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
+RANDFILE=random.data
+
 status=0
 n=0
 
@@ -587,7 +589,7 @@ status=`expr $status + $ret`
 
 echo "I:checking that standby key does not sign records ($n)"
 ret=0
-id=`sed 's/^K.+007+0*//' < standby.key`
+ed=`sed 's/^K.+007+0*//' < standby.key`
 $DIG $DIGOPTS dnskey . @10.53.0.1 > dig.out.ns1.test$n || ret=1
 grep 'RRSIG.*'" $id "'\. ' dig.out.ns1.test$n > /dev/null && ret=1
 n=`expr $n + 1`
@@ -660,6 +662,32 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking that serial number and RRSIGs are both updated (rt21045) ($n)"
+ret=0
+oldserial=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '$0 !~ /SOA/ {print $3}'`
+oldinception=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '/SOA/ {print $6}' | sort -u`
+
+$KEYGEN -3 -q -r $RANDFILE -K ns3 -P 0 -A +6d -I +38d -D +45d prepub.example > /dev/null
+
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 sign prepub.example 2>&1 | sed 's/^/I:ns1 /'
+newserial=$oldserial
+try=0
+while [ $oldserial -eq $newserial -a $try -lt 42 ]
+do
+	newserial=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 |
+		 awk '$0 !~ /SOA/ {print $3}'`
+	sleep 1
+	try=`expr $try + 1`
+done
+newinception=`$DIG $DIGOPTS +short soa prepub.example @10.53.0.3 | awk '/SOA/ {print $6}' | sort -u`
+#echo "$oldserial : $newserial"
+#echo "$oldinception : $newinception"
+
+[ "$oldserial" = "$newserial" ] && ret=1
+[ "$oldinception" = "$newinception" ] && ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:preparing to test key change corner cases"
 echo "I:removing a private key file"
 file="ns1/`cat vanishing.key`.private"
@@ -673,6 +701,9 @@ newid=`sed 's/^K.+007+0*//' < standby.key`
 $SETTIME -K ns1 -I now -D now+15 $oldfile > /dev/null
 $SETTIME -K ns1 -i 0 -S $oldfile $newfile > /dev/null
 
+# note previous zone serial number
+oldserial=`$DIG $DIGOPTS +short soa . @10.53.0.1 | awk '{print $3}'`
+
 $RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 loadkeys . 2>&1 | sed 's/^/I:ns1 /'
 
 echo "I:revoking key to duplicated key ID"
@@ -715,6 +746,14 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:checking SOA serial number has been incremented ($n)"
+ret=0
+newserial=`$DIG $DIGOPTS +short soa . @10.53.0.1 | awk '{print $3}'`
+[ "$newserial" != "$oldserial" ] || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:waiting for former active key to be removed"
 sleep 10