Commit e8dc08c7 authored by Libor Peltan's avatar Libor Peltan

tests: ksk_rollover: got rid of hardcoded kasp db

parent 2693e45d
$ORIGIN com.
$TTL 1200
@ SOA ns admin 20110101 25 25 80 600
ns AAAA ::0
example.com. 3600 DS 27322 8 2 DA744E0CAC4B8406AA6353B847B4E5B0AC2D5F046F1B6F642C77C1FF09174FB3
-----BEGIN PRIVATE KEY-----
MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAsatFQBhDF7De8gcm
gBjOo8R67dcm82kqR/67oa2MRPxGpVWarP6hqnL7Mv3O0GpSY6NOnrt6pPFidqZz
LCu9mQIDAQABAkEAntjEB3QpuCq4iad+8pQ7XAw05CSyfHoQBWJomzqw6JMuBRgj
kbI/eY3bEeUTooxbhp15fiSMXaWrUEw4shvPoQIhAOpCmJrMOV+zSOit3Yn+6YZn
zOFasPqJ19qfb6C6hPL9AiEAwig380u+PGH5F7Pq/GhL5WPOzoXAVoU5R9oMHVhw
nc0CIDTxBgH9432ATBrhqC6WoHoSnVfUoiiM3G55F8YwQPmVAiACLW9LNDtC9BpW
ELd+8zB+txrXqBpbHg1hZ+mg3qAMtQIhAKi/8hknI6vmY+M1PCzXSrGcWNoS4Dea
qfg6gvgVpOXs
-----END PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALCNz4NxUMMDEOqm
ZPgyOi9q7APWvrRozxKJa1s97AxtDRebXTzUppwz4wCrPTgsdq6W4MRL8k6QUq4S
HKBHcmzGqsC/kzYkeQrJPN9tmJj7pT2Sbdw3fQlSTIJ0wY0bAL0OcZXCU8NhicGW
dW1El5TgruHUmKL+ZyqYS2E6uc4lAgMBAAECgYA5aTPEe1GWyGV02DzXFIYlKzCq
IueKhNZpIbR+TAl5FPD/7y6HfGLdQmYbrpNOs+634Sofys51S6sHHa6fU/xZ5o6u
ncvdsj6cJp0Fj7780bXe6f9og8ySNjIGi1ZXUZrT06N46Wm/oNFwHwCN3KRmvuG3
CKMD4vDZqcnL4GsH1QJBANbA++ytMqC3csRytEOQGzz2n2fvMLjCbyPY1e4G6YDk
frDWKr4L3zfJ/k1h9FgZ7y/9HhC05z1jI/R9ISgfYycCQQDSdp08lE9uzXgx2Mkr
G5KHvYSXwd/FcieADOjTNunN29bJofI+YLJdON/VhNxWZwwCiuSdiGhTwKPgdrHU
RWPTAkAW8po46Sz+xXuLCGLA0XZHpmbUOVfwdj5gCzyY6b4r2r668LeyhRw+HuSA
qlXs0CCh9R8wU9Rd1+kwp+pSGkCDAkBTgiUZqG9sM7MBdFc9947ItXYrEQ5NNeJe
eMDZLezPde9fyhZokc20F6EZA8K5teGaEKptp3Zd5Q4hPneJFo9pAkEAgN+kvV/w
56mZ5djTUonBRe12DDBlu6tFuA+ryIG+QAZVBtUm9EkWQpSkskZKNQ3smBd+9mm+
4OV/R/ecvZYPQQ==
-----END PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQChN3w1Vhe8/Ql6
Ap2uEUbF10ty7WcK3wDZ3wEXCuEXhZLS/4jun5UtIuSvFcpXDjbzRHqa/ZQ5kX05
fo3xHUsTQU1CMPdQ8UNEnE17UbE4psC/5/KHAk3NWnW26gJ32QL1GZjEHKweukAP
MYAWcv0FMgaTJbJYKjdy7jIppXy61du9Ut8i8qADCmxbVofGH0eWp7lnXcaqYvBf
zcUDyszgarvVJgctZJjrWarZDR+8eX/1xi7Yq40K1C8sppF3RN2pUzvMH1zFkI6f
YRiCdBMIOWbWHBow+yStYaeC52tUlZxOoKGQQ2JJ80ky9Zsw/AdXXQ5JLjdWRW1f
l36LwEvDAgMBAAECggEAWxgF+AFAgoob27Q0spGSguGnATaBndPqIDFw5TtBes//
6Xd4QRUs7ocj3oaagVxH0mdkO8WDBpBdyKnovFAIBsZESF1wsWzRzKfg5AiB8ffP
O+Bs2rqDicBOeV96q4uUrzeaaV2mJ+qnna4jqQuqSlA9BNItFsIr+KX89ClM9ChT
SML/oqbfbuE8ZCKlFuLYL6RFDlnlM/v/Lypvt+ruNcZXXwSE31wFb6JTCjjmemD1
vEbzUV3wDMzTMqf5n4KHszE5bUReVyA4TKBXcKWpnPGkzVIvOsEE2Pb8pjk2rDgv
Yb3vtEK0v2tvvWYXVvZn6mL5cvQBnuEG3a2tuq8G4QKBgQDFn2mPNcEM2C+Zeodx
nt1yC46v6+kf/CbQf2bOZBKaqDiO2K4lywr6+8qxzIcOo2og+ORxQGIz5W+2MM3R
xBrVCh74vvsLgc/Vb909JcFLMqOqHCGhCqNbisrQQC9Zpk305cq2ipAAZIjPy3OD
ZGGmS3WKlO+Gt1El2E+eUzBbEwKBgQDQ1vzWzBHAz0BQQIcgUaKVNp3B4PKXMi8w
WzkzA7hnFhNummZAsHujSfaN8m1Tp9HrYocVrD4xyNckARl17vYw0RU3uyyhNihh
/cxgCDEMDIIHlsbgc/uGnfuWqbRu+G5bO/lhGqF9vcnhlhcJwFrQUJD4XRS+d/zD
edZ/bYEykQKBgQCAPZIifJ9p1mANGJYMBStudlGBl3UQbHBDnGj6RbZM5hzNlY5s
t/XIKNy/xBlgRmr4OosDcuRHCPwVHlZxaPCAjrDKeiQus25K8ux+YaGtSo8qNFce
Sej33nj96qjPZDvyT6vcCM6pcpPVRBERknJLl2wPIdbNdOgTxurjstgOQQKBgQCx
SUC8y+JqTsZnGlBb5FFj4EiONPtb1TNwFpD5OLhLctcuNo6FbgyXcwuGNv4OXVH8
Q9kvUdg+hSP2IaTOk/yVNnmPpSre9E3V2hGsmGeitd+Qt7O/CVbGUckpfol5BxcQ
BlrOzz+2se32vmZyVcQCQdK/tK0OgGeoPf8UkA50sQKBgQCFSadZ5PZtSczXBEGA
k8Nz6oCdaP/cLhQ1MhnfSQoZ8A5zDWh2fbHZn0O47O83hYbOE4CqZCfR+ggADJcf
uDSf4350BK7anOUMRkDFBYhOQvqfSmsyv4IgBdpCrcukr7Fg4ro4an5z5y+sTjRu
bppY9M62CUM/beqMo35rkOkwJQ==
-----END PRIVATE KEY-----
-----BEGIN PRIVATE KEY-----
MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAutVJp9CRJ6aeTv5D
x1sFrCA+/tuz2MMK/hi5WQCcSS75oLevaLzP77J4n1dBlw8m6aEe48wBHmC5d1Gu
QRtKZQIDAQABAkBicO09Obyxuq3hC0HlMYV8mwT2Pga16JbLKXXHenXebLT4DCVv
Q+LgOf4DNCiJOdnJXx1XwS+TF/3IRvbEykyhAiEA9LtKmpIfP8qYSn1JoyC24UI0
sTCw5xomt40HMhp6tr0CIQDDb4iiYFQjL52jC2Ny0L5lDI+dn068MAPDTDZIUQ4Q
yQIhAIObMGxdBfb9ENaF95KE5jPOsZ1TzN4KfyWX7nWwLauVAiEAnufGGfjnEID7
1IFDCC0QUgtHjqrkkwEbXiVOkbhODnkCIADJlx7W1l0D0JujsDx544NqiMrIbB+N
YV2d3dJxFNgX
-----END PRIVATE KEY-----
......@@ -64,25 +64,18 @@ child.dnssec(child_zone).propagation_delay = 17
child.dnssec(child_zone).ksk_sbm_check = [ parent ]
child.dnssec(child_zone).ksk_sbm_check_interval = 2
# install KASP db (one always enabled, one for testing)
shutil.copytree(os.path.join(t.data_dir, "keys"), child.keydir)
# parameters
ZONE = "example.com."
KSK1 = "38b3062a04178cde79f72fc1c77fbb3fb327ffc6"
KSK2 = "1cc322baeb75cecf96babba98140206bbe28a682"
ZSK1 = "a61d2dfce7bcd667cc2be53ab3d668d4a9e3c563"
ZSK2 = "246d81610c3e3e1cf99ffa1eecd95f1deee01f0e"
t.rel_sleep(0)
# note that some of these paraneters will be immediately or later modified by automated key management
child.key_set(ZONE, KSK1, created="t-2y", publish="t-2y", ready="t-1y", active="t-1y", retire="t+10y", remove="t+20y")
KSK1 = child.key_gen(ZONE, ksk="true", created="t-2y", publish="t-2y", ready="t-1y", active="t-1y", retire="t+10y", remove="t+20y")
# KSK1's retire and remove shall be reconfigured by Knot to soon as KSK2 takes place
child.key_set(ZONE, KSK2, created="t+0", publish="t+0", ready="t+1h", active="t+10y", retire="t+11y", remove="t+12y")
child.key_set(ZONE, ZSK1, created="t-20", publish="t-20", ready="t-10", active="t-10", retire="t+15y", remove="t+20y")
KSK2 = child.key_gen(ZONE, ksk="true", created="t+0", publish="t+0", ready="t+1h", active="t+10y", retire="t+11y", remove="t+12y")
ZSK1 = child.key_gen(ZONE, ksk="false", created="t-20", publish="t-20", ready="t-10", active="t-10", retire="t+15y", remove="t+20y")
# ZSK1 simply valid for all the time
child.key_set(ZONE, ZSK2, created="t-2", publish="t-2", ready="t+14y", active="t+14y", retire="t+31y", remove="t+36y")
ZSK2 = child.key_gen(ZONE, ksk="false", created="t-2", publish="t-2", ready="t+14y", active="t+14y", retire="t+31y", remove="t+36y")
# ZSK2 only reason: prevents Knot from publishing another ZSK
t.start()
......@@ -94,11 +87,13 @@ t.rel_sleep(19)
check_zone5(child, 4, 2, 1, "new KSK ready")
parent.update_zonefile(parent_zone, version=1)
parent.reload()
parent.zone_wait(parent_zone)
cds = child.dig(ZONE, "CDS")
cds_rdata = cds.resp.answer[0].to_rdataset()[0].to_text()
up = parent.update(parent_zone)
up.add(ZONE, 3600, "DS", cds_rdata)
up.send("NOERROR")
t.sleep(21)
t.sleep(23)
check_zone5(child, 2, 1, 0, "old KSK retired")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment