Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

Open Menu /external/bsd/unbound/dist/testdata/10-unbound-anchor.tdir/10-unbound-anchor.test 
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
# #-- 10-unbound-anchor.test --#
# source the master var file when it's there
[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
# use .tpkg.var.test for in test variable passing
[ -f .tpkg.var.test ] && source .tpkg.var.test

PRE="../.."
OPTS="-u 127.0.0.1 -P $PETAL_PORT -C ub.conf -v -a root.key -c root.pem -n petal"
DS=`cat K.+005+37348.ds`

# check that the root.key file works.
function check_works() {
	if $PRE/unbound-host -C ub.conf -f root.key -t DNSKEY -v . | grep "(secure)" >/dev/null; then
		echo OK
	else
		echo "not OK"
		cat fwd.log
		cat petal.log
		exit 1
	fi
}

# check that the root.key file works, but insecurely.
function check_insecure() {
	if $PRE/unbound-host -C ub.conf -f root.key -t DNSKEY -v . | grep "(insecure)" >/dev/null; then
		echo OK
	else
		echo "not OK"
		cat fwd.log
		cat petal.log
		exit 1
	fi
}

# test with good start key, and must do 5011 (no URL possible)
echo "*** TEST 1 ***"
echo $DS > root.key
$PRE/unbound-anchor -x "notexist.xml" -s "notexist.p7s" $OPTS
if test $? != 0; then
	echo "Exitcode not OK"
	exit 1
fi
check_works
# save for test 5
cp root.key root.key.probed

# force update with the cert.
echo "*** TEST 2 ***"
cp test_cert.pem root.pem
$PRE/unbound-anchor -F -x "root.xml" -s "root.p7s" $OPTS
if test $? != 1; then
	echo "Exitcode not OK"
	exit 1
fi
check_works

# 5011 fails
echo "*** TEST 3 ***"
echo ".	IN DS 37000 5 1 b00000000000000000000100f0000000000000b2" > root.key
$PRE/unbound-anchor -x "root.xml" -s "root.p7s" $OPTS
if test $? != 1; then
	echo "Exitcode not OK"
	exit 1
fi
check_works

# cert fails (bad p7s).
echo "*** TEST 4 ***"
echo ".	IN DS 44444 5 1 b00000000000000000000100f0000000000000b2" > root.key
$PRE/unbound-anchor -F -x "bad.xml" -s "bad.p7s" $OPTS
if test $? != 0; then
	echo "Exitcode not OK"
	exit 1
fi
if grep "DS 44444" root.key >/dev/null ; then
	echo OK
else
	echo "keyfile changed"
	exit 1
fi

# cert fails (bad name).
echo "*** TEST 4b ***"
echo ".	IN DS 44444 5 1 b00000000000000000000100f0000000000000b2" > root.key
$PRE/unbound-anchor -F -x "bad.xml" -s "bad.p7s" $OPTS -n "not-it"
if test $? != 0; then
	echo "Exitcode not OK"
	exit 1
fi
if grep "DS 44444" root.key >/dev/null ; then
	echo OK
else
	echo "keyfile changed"
	exit 1
fi

# 5011 fails, and probe-time too recent.
echo "*** TEST 5 ***"
# break the probed key.
sed -e 's/bp0KIK3J3/b00KIK0J0/' < root.key.probed > root.key
$PRE/unbound-anchor -x "notexist.xml" -s "notexist.p7s" $OPTS
if test $? != 0; then
	echo "Exitcode not OK"
	exit 1
fi
if grep "b00KIK0J0" root.key >/dev/null ; then
	echo OK
else
	echo "keyfile changed"
	exit 1
fi

# 5011 fails, and probe time is very, very old.
echo "*** TEST 6 ***"
mv root.key bla.key
# last probe was Sun Sep  9 03:46:40 2001
sed -e 's/;;last_success: .*$/;;last_success: 1000000000/' < bla.key > root.key
rm bla.key
$PRE/unbound-anchor -x "root.xml" -s "root.p7s" $OPTS
if test $? != 1; then
	echo "Exitcode not OK"
	exit 1
fi
check_works

# 5011 update probe is only needed.
echo "*** TEST 7 ***"
$PRE/unbound-anchor -x "notexist.xml" -s "notexist.p7s" $OPTS
if test $? != 0; then
	echo "Exitcode not OK"
	exit 1
fi
check_works

# root goes to insecure (0 anchors).
echo "*** TEST 8 ***"
$PRE/unbound-anchor -F -x "no_more_keys.xml" -s "no_more_keys.p7s" $OPTS
if test $? != 1; then
	echo "Exitcode not OK"
	exit 1
fi
if grep ";;REVOKED" root.key >/dev/null; then echo "REVOKED"; else
	echo "not revoked"; exit 1; fi
check_insecure

# insecure input file
echo "*** TEST 9 ***"
$PRE/unbound-anchor -x "notexist.xml" -s "notexist.p7s" $OPTS
if test $? != 0; then
	echo "Exitcode not OK"
	exit 1
fi
if grep ";;REVOKED" root.key >/dev/null; then echo "REVOKED"; else
	echo "not revoked"; exit 1; fi
check_insecure


echo "logs"
cat fwd.log
cat petal.log

exit 0