1#!/bin/sh -e 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14SYSTEMTESTTOP=.. 15. $SYSTEMTESTTOP/conf.sh 16 17status=0 18n=0 19fail() { 20 echo_i "failed" 21 status=$((status + 1)) 22} 23 24runcmd() { 25 "$@" 1> out.$n 2> err.$n 26 echo $? 27} 28 29testcase() { 30 n=$((n + 1)) 31 echo_i "$name ($n)" 32 expect=$1 33 shift 34 result=$(runcmd "$@") 35 check_stdout 36 check_stderr 37 if [ "$expect" -ne "$result" ]; then 38 echo_d "exit status does not match $expect" 39 fail 40 fi 41 unset name err out 42} 43 44check_stderr() { 45 if [ -n "${err:=}" ]; then 46 grep -E "$err" err.$n >/dev/null && return 0 47 echo_d "stderr did not match '$err'" 48 else 49 [ -s err.$n ] || return 0 50 fi 51 cat err.$n | cat_d 52 fail 53} 54 55check_stdout() { 56 $DIFF out.$n "${out:-empty}" >/dev/null && return 57 echo_d "stdout did not match '$out'" 58 ( echo "wanted" 59 cat "$out" 60 echo "got" 61 cat out.$n 62 ) | cat_d 63 fail 64} 65 66Z=cds.test 67 68name='usage' 69err='Usage' 70testcase 1 $CDS 71 72name='need a DS file' 73err='DS pathname' 74testcase 1 $CDS $Z 75 76name='name of dsset in directory' 77err="./dsset-$Z.: file not found" 78testcase 1 $CDS -d . $Z 79 80name='load a file' 81err='could not find DS records' 82testcase 1 $CDS -d empty $Z 83 84name='load DS records' 85err='path to file containing child data must be specified' 86testcase 1 $CDS -d DS.1 $Z 87 88name='missing DNSKEY' 89err='could not find signed DNSKEY RRset' 90testcase 1 $CDS -f db.null -d DS.1 $Z 91 92name='sigs too old' 93err='could not validate child DNSKEY RRset' 94testcase 1 $CDS -f sig.null -d DS.1 $Z 95 96name='sigs too old, verbosely' 97err='skip RRSIG by key [0-9]+: too old' 98testcase 1 $CDS -v1 -f sig.null -d DS.1 $Z 99 100name='old sigs are allowed' 101err='found RRSIG by key' 102out=DS.1 103testcase 0 $CDS -v1 -s -7200 -f sig.null -d DS.1 $Z 104 105name='no CDS/CDNSKEY records' 106out=DS.1 107testcase 0 $CDS -s -7200 -f sig.null -d DS.1 $Z 108 109name='no child records, verbosely' 110err='has neither CDS nor CDNSKEY records' 111out=DS.1 112testcase 0 $CDS -v1 -s -7200 -f sig.null -d DS.1 $Z 113 114name='unsigned CDS' 115err='missing RRSIG CDS records' 116testcase 1 $CDS -f brk.unsigned-cds -d DS.1 $Z 117 118name='correct signature inception time' 119$CDS -v3 -s -7200 -f sig.cds.1 -d DS.1 $Z 1>xout 2>xerr 120testcase 0 $PERL checktime.pl 3600 xerr 121 122name='in-place reads modification time' 123testcase 0 $CDS -f sig.cds.1 -i.bak -d DS.inplace $Z 124 125name='in-place output correct modification time' 126testcase 0 $PERL checkmtime.pl 3600 DS.inplace 127 128name='in-place backup correct modification time' 129testcase 0 $PERL checkmtime.pl 7200 DS.inplace.bak 130 131name='in-place correct output' 132testcase 0 $DIFF DS.1 DS.inplace 133 134name='in-place backup unmodified' 135testcase 0 $DIFF DS.1 DS.inplace.bak 136 137name='one mangled DS' 138err='found RRSIG by key' 139out=DS.1 140testcase 0 $CDS -v1 -s -7200 -f sig.cds.1 -d DS.broke1 $Z 141 142name='other mangled DS' 143err='found RRSIG by key' 144out=DS.1 145testcase 0 $CDS -v1 -s -7200 -f sig.cds.1 -d DS.broke2 $Z 146 147name='both mangled DS' 148err='could not validate child DNSKEY RRset' 149testcase 1 $CDS -v1 -s -7200 -f sig.cds.1 -d DS.broke12 $Z 150 151name='mangle RRSIG CDS by ZSK' 152err='found RRSIG by key' 153out=DS.1 154testcase 0 $CDS -v1 -s -7200 -f brk.rrsig.cds.zsk -d DS.1 $Z 155 156name='mangle RRSIG CDS by KSK' 157err='could not validate child CDS RRset' 158testcase 1 $CDS -v1 -s -7200 -f brk.rrsig.cds.ksk -d DS.1 $Z 159 160name='mangle CDS 1' 161err='could not validate child DNSKEY RRset with new DS records' 162testcase 1 $CDS -s -7200 -f sig.cds-mangled -d DS.1 $Z 163 164name='inconsistent digests' 165err='do not cover each key with the same set of digest types' 166testcase 1 $CDS -s -7200 -f sig.bad-digests -d DS.1 $Z 167 168name='inconsistent algorithms' 169err='missing signature for algorithm' 170testcase 1 $CDS -s -7200 -f sig.bad-algos -d DS.1 $Z 171 172name='add DS records' 173out=DS.both 174$CDS -s -7200 -f sig.cds.both -d DS.1 $Z >DS.out 175# sort to allow for numerical vs lexical order of key tags 176testcase 0 sort DS.out 177 178name='update add' 179out=UP.add2 180testcase 0 $CDS -u -s -7200 -f sig.cds.both -d DS.1 $Z 181 182name='remove DS records' 183out=DS.2 184testcase 0 $CDS -s -7200 -f sig.cds.2 -d DS.both $Z 185 186name='update del' 187out=UP.del1 188testcase 0 $CDS -u -s -7200 -f sig.cds.2 -d DS.both $Z 189 190name='swap DS records' 191out=DS.2 192testcase 0 $CDS -s -7200 -f sig.cds.2 -d DS.1 $Z 193 194name='update swap' 195out=UP.swap 196testcase 0 $CDS -u -s -7200 -f sig.cds.2 -d DS.1 $Z 197 198name='TTL from -T' 199out=DS.ttl2 200testcase 0 $CDS -T 3600 -s -7200 -f sig.cds.2 -d DS.1 $Z 201 202name='update TTL from -T' 203out=UP.swapttl 204testcase 0 $CDS -u -T 3600 -s -7200 -f sig.cds.2 -d DS.1 $Z 205 206name='update TTL from dsset' 207out=UP.swapttl 208testcase 0 $CDS -u -s -7200 -f sig.cds.2 -d DS.ttl1 $Z 209 210name='TTL from -T overrides dsset' 211out=DS.ttlong2 212testcase 0 $CDS -T 7200 -s -7200 -f sig.cds.2 -d DS.ttl1 $Z 213 214name='stable DS record order (changes)' 215out=DS.1 216testcase 0 $CDS -s -7200 -f sig.cds.rev1 -d DS.2 $Z 217 218name='CDNSKEY default algorithm' 219out=DS.2-2 220testcase 0 $CDS -s -7200 -f sig.cdnskey.2 -d DS.1 $Z 221 222name='CDNSKEY SHA1' 223out=DS.2-1 224testcase 0 $CDS -a SHA1 -s -7200 -f sig.cdnskey.2 -d DS.1 $Z 225 226name='CDNSKEY two algorithms' 227out=DS.2 228testcase 0 $CDS -a SHA1 -a SHA256 -s -7200 -f sig.cdnskey.2 -d DS.1 $Z 229 230name='CDNSKEY two algorithms, reversed' 231out=DS.2 232testcase 0 $CDS -a SHA256 -a SHA1 -s -7200 -f sig.cdnskey.2 -d DS.1 $Z 233 234name='CDNSKEY and CDS' 235out=DS.2 236testcase 0 $CDS -s -7200 -f sig.cds.cdnskey.2 -d DS.1 $Z 237 238name='prefer CDNSKEY' 239out=DS.2-2 240testcase 0 $CDS -D -s -7200 -f sig.cds.cdnskey.2 -d DS.1 $Z 241 242echo_i "exit status: $status" 243[ $status -eq 0 ] || exit 1 244