1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14SYSTEMTESTTOP=../.. 15. $SYSTEMTESTTOP/conf.sh 16 17SYSTESTDIR=wildcard 18 19dssets= 20 21# RFC 4592 example zone. 22cp allwild.db.in allwild.db 23cp example.db.in example.db 24 25zone=nsec 26infile=nsec.db.in 27zonefile=nsec.db 28outfile=nsec.db.signed 29dssets="$dssets dsset-${zone}${TP}" 30 31keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 32keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 33 34cat $infile $keyname1.key $keyname2.key > $zonefile 35 36$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 37echo_i "signed $zone" 38 39zone=private.nsec 40infile=private.nsec.db.in 41zonefile=private.nsec.db 42outfile=private.nsec.db.signed 43 44keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 45keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 46 47cat $infile $keyname1.key $keyname2.key > $zonefile 48 49$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 50echo_i "signed $zone" 51 52keyfile_to_static_ds $keyname2 > private.nsec.conf 53 54zone=nsec3 55infile=nsec3.db.in 56zonefile=nsec3.db 57outfile=nsec3.db.signed 58dssets="$dssets dsset-${zone}${TP}" 59 60keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 61keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 62 63cat $infile $keyname1.key $keyname2.key > $zonefile 64 65$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 66echo_i "signed $zone" 67 68zone=private.nsec3 69infile=private.nsec3.db.in 70zonefile=private.nsec3.db 71outfile=private.nsec3.db.signed 72 73keyname1=`$KEYGEN -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 74keyname2=`$KEYGEN -f KSK -a NSEC3RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 75 76cat $infile $keyname1.key $keyname2.key > $zonefile 77 78$SIGNER -3 - -H 10 -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 79echo_i "signed $zone" 80 81keyfile_to_static_ds $keyname2 > private.nsec3.conf 82 83zone=. 84infile=root.db.in 85zonefile=root.db 86outfile=root.db.signed 87 88keyname1=`$KEYGEN -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 89keyname2=`$KEYGEN -f KSK -a RSASHA1 -b 1024 -n zone $zone 2> /dev/null` 90 91cat $infile $keyname1.key $keyname2.key $dssets >$zonefile 92 93$SIGNER -o $zone -f $outfile $zonefile > /dev/null 2> signer.err || cat signer.err 94echo_i "signed $zone" 95 96keyfile_to_static_ds $keyname2 > trusted.conf 97