8ba25b126a
git-svn-id: https://unbound.nlnetlabs.nl/svn/trunk@4264 be551aaa-1e26-0410-a405-d3ace91eadb9
163 lines
3.7 KiB
Plaintext
163 lines
3.7 KiB
Plaintext
# #-- 10-unbound-anchor.test --#
|
|
# source the master var file when it's there
|
|
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
|
|
# use .tpkg.var.test for in test variable passing
|
|
[ -f .tpkg.var.test ] && source .tpkg.var.test
|
|
|
|
PRE="../.."
|
|
OPTS="-u 127.0.0.1 -P $PETAL_PORT -C ub.conf -v -a root.key -c root.pem -n petal"
|
|
DS=`cat K.+005+37348.ds`
|
|
|
|
# check that the root.key file works.
|
|
function check_works() {
|
|
if $PRE/unbound-host -C ub.conf -f root.key -t DNSKEY -v . | grep "(secure)" >/dev/null; then
|
|
echo OK
|
|
else
|
|
echo "not OK"
|
|
cat fwd.log
|
|
cat petal.log
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# check that the root.key file works, but insecurely.
|
|
function check_insecure() {
|
|
if $PRE/unbound-host -C ub.conf -f root.key -t DNSKEY -v . | grep "(insecure)" >/dev/null; then
|
|
echo OK
|
|
else
|
|
echo "not OK"
|
|
cat fwd.log
|
|
cat petal.log
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
# test with good start key, and must do 5011 (no URL possible)
|
|
echo "*** TEST 1 ***"
|
|
echo $DS > root.key
|
|
$PRE/unbound-anchor -x "notexist.xml" -s "notexist.p7s" $OPTS
|
|
if test $? != 0; then
|
|
echo "Exitcode not OK"
|
|
exit 1
|
|
fi
|
|
check_works
|
|
# save for test 5
|
|
cp root.key root.key.probed
|
|
|
|
# force update with the cert.
|
|
echo "*** TEST 2 ***"
|
|
cp test_cert.pem root.pem
|
|
$PRE/unbound-anchor -F -x "root.xml" -s "root.p7s" $OPTS
|
|
if test $? != 1; then
|
|
echo "Exitcode not OK"
|
|
exit 1
|
|
fi
|
|
check_works
|
|
|
|
# 5011 fails
|
|
echo "*** TEST 3 ***"
|
|
echo ". IN DS 37000 5 1 b00000000000000000000100f0000000000000b2" > root.key
|
|
$PRE/unbound-anchor -x "root.xml" -s "root.p7s" $OPTS
|
|
if test $? != 1; then
|
|
echo "Exitcode not OK"
|
|
exit 1
|
|
fi
|
|
check_works
|
|
|
|
# cert fails (bad p7s).
|
|
echo "*** TEST 4 ***"
|
|
echo ". IN DS 44444 5 1 b00000000000000000000100f0000000000000b2" > root.key
|
|
$PRE/unbound-anchor -F -x "bad.xml" -s "bad.p7s" $OPTS
|
|
if test $? != 0; then
|
|
echo "Exitcode not OK"
|
|
exit 1
|
|
fi
|
|
if grep "DS 44444" root.key >/dev/null ; then
|
|
echo OK
|
|
else
|
|
echo "keyfile changed"
|
|
exit 1
|
|
fi
|
|
|
|
# cert fails (bad name).
|
|
echo "*** TEST 4b ***"
|
|
echo ". IN DS 44444 5 1 b00000000000000000000100f0000000000000b2" > root.key
|
|
$PRE/unbound-anchor -F -x "bad.xml" -s "bad.p7s" $OPTS -n "not-it"
|
|
if test $? != 0; then
|
|
echo "Exitcode not OK"
|
|
exit 1
|
|
fi
|
|
if grep "DS 44444" root.key >/dev/null ; then
|
|
echo OK
|
|
else
|
|
echo "keyfile changed"
|
|
exit 1
|
|
fi
|
|
|
|
# 5011 fails, and probe-time too recent.
|
|
echo "*** TEST 5 ***"
|
|
# break the probed key.
|
|
sed -e 's/bp0KIK3J3/b00KIK0J0/' < root.key.probed > root.key
|
|
$PRE/unbound-anchor -x "notexist.xml" -s "notexist.p7s" $OPTS
|
|
if test $? != 0; then
|
|
echo "Exitcode not OK"
|
|
exit 1
|
|
fi
|
|
if grep "b00KIK0J0" root.key >/dev/null ; then
|
|
echo OK
|
|
else
|
|
echo "keyfile changed"
|
|
exit 1
|
|
fi
|
|
|
|
# 5011 fails, and probe time is very, very old.
|
|
echo "*** TEST 6 ***"
|
|
mv root.key bla.key
|
|
# last probe was Sun Sep 9 03:46:40 2001
|
|
sed -e 's/;;last_success: .*$/;;last_success: 1000000000/' < bla.key > root.key
|
|
rm bla.key
|
|
$PRE/unbound-anchor -x "root.xml" -s "root.p7s" $OPTS
|
|
if test $? != 1; then
|
|
echo "Exitcode not OK"
|
|
exit 1
|
|
fi
|
|
check_works
|
|
|
|
# 5011 update probe is only needed.
|
|
echo "*** TEST 7 ***"
|
|
$PRE/unbound-anchor -x "notexist.xml" -s "notexist.p7s" $OPTS
|
|
if test $? != 0; then
|
|
echo "Exitcode not OK"
|
|
exit 1
|
|
fi
|
|
check_works
|
|
|
|
# root goes to insecure (0 anchors).
|
|
echo "*** TEST 8 ***"
|
|
$PRE/unbound-anchor -F -x "no_more_keys.xml" -s "no_more_keys.p7s" $OPTS
|
|
if test $? != 1; then
|
|
echo "Exitcode not OK"
|
|
exit 1
|
|
fi
|
|
if grep ";;REVOKED" root.key >/dev/null; then echo "REVOKED"; else
|
|
echo "not revoked"; exit 1; fi
|
|
check_insecure
|
|
|
|
# insecure input file
|
|
echo "*** TEST 9 ***"
|
|
$PRE/unbound-anchor -x "notexist.xml" -s "notexist.p7s" $OPTS
|
|
if test $? != 0; then
|
|
echo "Exitcode not OK"
|
|
exit 1
|
|
fi
|
|
if grep ";;REVOKED" root.key >/dev/null; then echo "REVOKED"; else
|
|
echo "not revoked"; exit 1; fi
|
|
check_insecure
|
|
|
|
|
|
echo "logs"
|
|
cat fwd.log
|
|
cat petal.log
|
|
|
|
exit 0
|