mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-27 20:25:55 -04:00
ef1ac155b0
Introduce rollover/setup.py for all setup related test code.
Introduce rollover/ns1 and rollover/ns2 to create a chain of trust to
all rollover related test zones. The tld zones in rollover/ns2 contain
a DSYNC record that at a later time will be used for testing Generalized
DNS Notifications.
Write a python version of private_type_record so we can put such
records in the zone via jinja2 templating.
(cherry picked from commit f31514e658)
150 lines
4.6 KiB
Python
150 lines
4.6 KiB
Python
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
from datetime import timedelta
|
|
import os
|
|
|
|
import pytest
|
|
|
|
from isctest.kasp import Ipub, IpubC, Iret
|
|
from isctest.vars.algorithms import Algorithm
|
|
|
|
pytestmark = pytest.mark.extra_artifacts(
|
|
[
|
|
"*.axfr*",
|
|
"dig.out*",
|
|
"K*.key*",
|
|
"K*.private*",
|
|
"ns*/*.db",
|
|
"ns*/*.db.infile",
|
|
"ns*/*.db.jnl",
|
|
"ns*/*.db.jbk",
|
|
"ns*/*.db.signed",
|
|
"ns*/*.db.signed.jnl",
|
|
"ns*/*.conf",
|
|
"ns*/dsset-*",
|
|
"ns*/K*.key",
|
|
"ns*/K*.private",
|
|
"ns*/K*.state",
|
|
"ns*/keygen.out.*",
|
|
"ns*/managed-keys.**",
|
|
"ns*/settime.out.*",
|
|
"ns*/signer.out.*",
|
|
"ns*/zones",
|
|
"ns1/root.db.in",
|
|
]
|
|
)
|
|
|
|
|
|
TIMEDELTA = {
|
|
0: timedelta(seconds=0),
|
|
"PT5M": timedelta(minutes=5),
|
|
"PT20M": timedelta(minutes=20),
|
|
"PT1H": timedelta(hours=1),
|
|
"PT2H": timedelta(hours=2),
|
|
"PT6H": timedelta(hours=6),
|
|
"PT12H": timedelta(hours=12),
|
|
"P1D": timedelta(days=1),
|
|
"P2D": timedelta(days=2),
|
|
"P5D": timedelta(days=5),
|
|
"P7D": timedelta(days=7),
|
|
"P10D": timedelta(days=10),
|
|
"P14D": timedelta(days=14),
|
|
"P30D": timedelta(days=30),
|
|
"P60D": timedelta(days=60),
|
|
"P90D": timedelta(days=90),
|
|
"P6M": timedelta(days=31 * 6),
|
|
"P1Y": timedelta(days=365),
|
|
}
|
|
DURATION = {isoname: int(delta.total_seconds()) for isoname, delta in TIMEDELTA.items()}
|
|
CDSS = ["CDNSKEY", "CDS (SHA-256)"]
|
|
DEFAULT_CONFIG = {
|
|
"dnskey-ttl": TIMEDELTA["PT1H"],
|
|
"ds-ttl": TIMEDELTA["P1D"],
|
|
"max-zone-ttl": TIMEDELTA["P1D"],
|
|
"parent-propagation-delay": TIMEDELTA["PT1H"],
|
|
"publish-safety": TIMEDELTA["PT1H"],
|
|
"purge-keys": TIMEDELTA["P90D"],
|
|
"retire-safety": TIMEDELTA["PT1H"],
|
|
"signatures-refresh": TIMEDELTA["P5D"],
|
|
"signatures-validity": TIMEDELTA["P14D"],
|
|
"zone-propagation-delay": TIMEDELTA["PT5M"],
|
|
}
|
|
UNSIGNING_CONFIG = DEFAULT_CONFIG.copy()
|
|
UNSIGNING_CONFIG["dnskey-ttl"] = TIMEDELTA["PT2H"]
|
|
ALGOROLL_CONFIG = {
|
|
"dnskey-ttl": TIMEDELTA["PT1H"],
|
|
"ds-ttl": TIMEDELTA["PT2H"],
|
|
"max-zone-ttl": TIMEDELTA["PT6H"],
|
|
"parent-propagation-delay": TIMEDELTA["PT1H"],
|
|
"publish-safety": TIMEDELTA["PT1H"],
|
|
"purge-keys": TIMEDELTA["P90D"],
|
|
"retire-safety": TIMEDELTA["PT2H"],
|
|
"signatures-refresh": TIMEDELTA["P5D"],
|
|
"signatures-validity": TIMEDELTA["P30D"],
|
|
"zone-propagation-delay": TIMEDELTA["PT1H"],
|
|
}
|
|
ALGOROLL_IPUB = Ipub(ALGOROLL_CONFIG)
|
|
ALGOROLL_IPUBC = IpubC(ALGOROLL_CONFIG, rollover=False)
|
|
ALGOROLL_IRET = Iret(ALGOROLL_CONFIG, rollover=False)
|
|
ALGOROLL_IRETKSK = Iret(ALGOROLL_CONFIG, zsk=False, ksk=True, rollover=False)
|
|
ALGOROLL_KEYTTLPROP = (
|
|
ALGOROLL_CONFIG["dnskey-ttl"] + ALGOROLL_CONFIG["zone-propagation-delay"]
|
|
)
|
|
ALGOROLL_OFFSETS = {}
|
|
ALGOROLL_OFFSETS["step2"] = -int(ALGOROLL_IPUB.total_seconds())
|
|
ALGOROLL_OFFSETS["step3"] = -int(ALGOROLL_IRET.total_seconds())
|
|
ALGOROLL_OFFSETS["step4"] = ALGOROLL_OFFSETS["step3"] - int(
|
|
ALGOROLL_IRETKSK.total_seconds()
|
|
)
|
|
ALGOROLL_OFFSETS["step5"] = ALGOROLL_OFFSETS["step4"] - int(
|
|
ALGOROLL_KEYTTLPROP.total_seconds()
|
|
)
|
|
ALGOROLL_OFFSETS["step6"] = ALGOROLL_OFFSETS["step5"] - int(
|
|
ALGOROLL_IRET.total_seconds()
|
|
)
|
|
ALGOROLL_OFFVAL = -DURATION["P7D"]
|
|
KSK_CONFIG = {
|
|
"dnskey-ttl": TIMEDELTA["PT2H"],
|
|
"ds-ttl": TIMEDELTA["PT1H"],
|
|
"max-zone-ttl": TIMEDELTA["P1D"],
|
|
"parent-propagation-delay": TIMEDELTA["PT1H"],
|
|
"publish-safety": TIMEDELTA["P1D"],
|
|
"purge-keys": TIMEDELTA["PT1H"],
|
|
"retire-safety": TIMEDELTA["P2D"],
|
|
"signatures-refresh": TIMEDELTA["P7D"],
|
|
"signatures-validity": TIMEDELTA["P14D"],
|
|
"zone-propagation-delay": TIMEDELTA["PT1H"],
|
|
}
|
|
KSK_LIFETIME = TIMEDELTA["P60D"]
|
|
KSK_LIFETIME_POLICY = int(KSK_LIFETIME.total_seconds())
|
|
KSK_IPUB = Ipub(KSK_CONFIG)
|
|
KSK_IPUBC = IpubC(KSK_CONFIG)
|
|
KSK_IRET = Iret(KSK_CONFIG, zsk=False, ksk=True)
|
|
KSK_KEYTTLPROP = KSK_CONFIG["dnskey-ttl"] + KSK_CONFIG["zone-propagation-delay"]
|
|
|
|
|
|
@pytest.fixture
|
|
def alg():
|
|
return os.environ["DEFAULT_ALGORITHM_NUMBER"]
|
|
|
|
|
|
@pytest.fixture
|
|
def size():
|
|
return os.environ["DEFAULT_BITS"]
|
|
|
|
|
|
def default_algorithm():
|
|
return Algorithm(
|
|
os.environ["DEFAULT_ALGORITHM"],
|
|
int(os.environ["DEFAULT_ALGORITHM_NUMBER"]),
|
|
int(os.environ["DEFAULT_BITS"]),
|
|
)
|