1#!/bin/sh
2
3# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4#
5# SPDX-License-Identifier: MPL-2.0
6#
7# This Source Code Form is subject to the terms of the Mozilla Public
8# License, v. 2.0.  If a copy of the MPL was not distributed with this
9# file, you can obtain one at https://mozilla.org/MPL/2.0/.
10#
11# See the COPYRIGHT file distributed with this work for additional
12# information regarding copyright ownership.
13
14SYSTEMTESTTOP=../..
15. $SYSTEMTESTTOP/conf.sh
16
17SYSTESTDIR=wildcard
18
19dssets=
20
21# RFC 4592 example zone.
22cp allwild.db.in allwild.db
23cp example.db.in example.db
24
25zone=nsec
26infile=nsec.db.in
27zonefile=nsec.db
28outfile=nsec.db.signed
29dssets="$dssets dsset-${zone}${TP}"
30
31keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
32keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
33
34cat $infile $keyname1.key $keyname2.key > $zonefile
35
36$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
37echo_i "signed $zone"
38
39zone=private.nsec
40infile=private.nsec.db.in
41zonefile=private.nsec.db
42outfile=private.nsec.db.signed
43
44keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
45keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
46
47cat $infile $keyname1.key $keyname2.key > $zonefile
48
49$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
50echo_i "signed $zone"
51
52keyfile_to_static_ds $keyname2 > private.nsec.conf
53
54zone=nsec3
55infile=nsec3.db.in
56zonefile=nsec3.db
57outfile=nsec3.db.signed
58dssets="$dssets dsset-${zone}${TP}"
59
60keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
61keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
62
63cat $infile $keyname1.key $keyname2.key > $zonefile
64
65$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
66echo_i "signed $zone"
67
68zone=private.nsec3
69infile=private.nsec3.db.in
70zonefile=private.nsec3.db
71outfile=private.nsec3.db.signed
72
73keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
74keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
75
76cat $infile $keyname1.key $keyname2.key > $zonefile
77
78$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
79echo_i "signed $zone"
80
81keyfile_to_static_ds $keyname2 > private.nsec3.conf
82
83zone=.
84infile=root.db.in
85zonefile=root.db
86outfile=root.db.signed
87
88keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
89keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null`
90
91cat $infile $keyname1.key $keyname2.key $dssets >$zonefile
92
93$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err
94echo_i "signed $zone"
95
96keyfile_to_static_ds $keyname2 > trusted.conf
97