tests: dnssec/dnskey_timestamps migrate to new key format

8061acdc · Jan Včelák · e704de66 · e704de66 · e704de66 · e704de66
Commit 8061acdc authored Dec 15, 2014 by Jan Včelák 🚀
11 changed files
--- a/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/enabled_ksk.key
+++ b/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/enabled_ksk.key
-example.com. IN DNSKEY 257 3 7 AwEAAbvXqLB1/wIPCdK+9ZU/bc0HlmxGUQDmWPMPswuIak77QGXhPUrA fqaaDTPG73WsS1UDSCCiqjsbLXjmWMTBYnE=
--- a/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/enabled_ksk.private
+++ b/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/enabled_ksk.private
-Private-key-format: v1.3
-Algorithm: 7 (NSEC3RSASHA1)
-Modulus: u9eosHX/Ag8J0r71lT9tzQeWbEZRAOZY8w+zC4hqTvtAZeE9SsB+ppoNM8bvdaxLVQNIIKKqOxsteOZYxMFicQ==
-PublicExponent: AQAB
-PrivateExponent: tXq84oeNsRqAXhjaQbB/T8gV31PsLNdfdq1jSTAprVVOmHSkCfKq30FOdIXnlLum2kypxejpdHGocI1rqZLzBQ==
-Prime1: 6g826H+Tc14Rq7ZVm310Q00kvgHJWkwbaAyOK5weXns=
-Prime2: zXNc16CmvEfQ/i3JhEhbb1I8o7QGsOk9v8MP/DEzpQM=
-Exponent1: XwRwKPBpfoMor0mk9St3wD6X9N6qzBJradD3AjMtjPM=
-Exponent2: zBl4+DV+rrjhpEE0WpfPTe3yk+Z6ZzGuyFwt+ymd1qU=
-Coefficient: HMTnrV7i4Tm3I8HjrJsz/Tb38YVrz3PQPVkEpUXsBaI=
-Created: 19700101000001
-Publish: 19700101000001
-Activate: 19700101000001
--- a/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/enabled_zsk.key
+++ b/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/enabled_zsk.key
-example.com. IN DNSKEY 256 3 7 AwEAAaEKJNHrzrCitxCNzya1FMoXjfcwEFGELa1SvJFHYMqsvkaFtpkj BvGsOf24263lP/sINDtcZqbPZ3Z/VHM/j3s=
--- a/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/enabled_zsk.private
+++ b/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/enabled_zsk.private
-Private-key-format: v1.3
-Algorithm: 7 (NSEC3RSASHA1)
-Modulus: oQok0evOsKK3EI3PJrUUyheN9zAQUYQtrVK8kUdgyqy+RoW2mSMG8aw5/bjbreU/+wg0O1xmps9ndn9Ucz+Pew==
-PublicExponent: AQAB
-PrivateExponent: Mhw+8tdmnI41WsBVylykmHIV6eoZ2dPAhuNs6+QDGW2C5IYTefTllC5GdHS68DjsP67oUEqTnPZI61oHtsi6WQ==
-Prime1: 0gsSz0cU8A0xQ88aQbHOi3eZEXvtoj0LecrbIy+ACI8=
-Prime2: xEZIYq6Bb2rnNqwDLH7FRAphY88mnKZmMbbNSoyjyFU=
-Exponent1: wEgI2R3OSg8ZqWS/OaKnXT+ILdxQZ3QQvFb7ExPZ1ns=
-Exponent2: qGnOLq6h7aKDJsxOJN3aEln92xCihwPY6It8d51Z48k=
-Coefficient: YeNurpSYJlSuE5IebVebybzRcDrrZpHD5kueq1SMzg0=
-Created: 19700101000001
-Publish: 19700101000001
-Activate: 19700101000001
--- a/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/keys/712d0d0d57fa0aa006b5e20cd84e23941e5f3ab2.pem
+++ b/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/keys/712d0d0d57fa0aa006b5e20cd84e23941e5f3ab2.pem
+-----BEGIN PRIVATE KEY-----
+MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAybrKa545nAsfsu9m
+RYuyTg0WmUquP2MIwHCCRFHBTX7x9oxuj78yXtCZghZjm+GSl698kMBwm0V/2JbG
+pApgDwIDAQABAkB1bfzDZNnYUkljmiSIu2dSNCBBn82LLJU9oMDUEFtcRk7gdyS2
+taDBh6eCZVUsGErDg4kCHIQdrFjD0MuouXIBAiEA6NqaRS0mkuHiO2J+4XTCRzMV
+w3Bu+K88BfqFIkDQKoECIQDdyCx66rvJ8YApy7Tt86hM/chNjFg+j4ZknxM3RF2i
+jwIgFmJNSjEY8C2+ra6+O7YZpvaGNQ9t24Ic5wY6HhzU5gECIQDRcLIguf/xa3E/
+BzKr7Agp/Rfls/25xsyBxX/eF1/dnQIhAI+z7XQNd/cZUD1TwdziKBuWBDcYp/qH
+DmKe/7Xh+MZJ
+-----END PRIVATE KEY-----
--- a/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/keys/7a3500c7feac3fd99f09a208a83b97f7455fa3e0.pem
+++ b/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/keys/7a3500c7feac3fd99f09a208a83b97f7455fa3e0.pem
+-----BEGIN PRIVATE KEY-----
+MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAu9eosHX/Ag8J0r71
+lT9tzQeWbEZRAOZY8w+zC4hqTvtAZeE9SsB+ppoNM8bvdaxLVQNIIKKqOxsteOZY
+xMFicQIDAQABAkEAtXq84oeNsRqAXhjaQbB/T8gV31PsLNdfdq1jSTAprVVOmHSk
+CfKq30FOdIXnlLum2kypxejpdHGocI1rqZLzBQIhAOoPNuh/k3NeEau2VZt9dENN
+JL4ByVpMG2gMjiucHl57AiEAzXNc16CmvEfQ/i3JhEhbb1I8o7QGsOk9v8MP/DEz
+pQMCIF8EcCjwaX6DKK9JpPUrd8A+l/TeqswSa2nQ9wIzLYzzAiEAzBl4+DV+rrjh
+pEE0WpfPTe3yk+Z6ZzGuyFwt+ymd1qUCIBzE561e4uE5tyPB46ybM/029/GFa89z
+0D1ZBKVF7AWi
+-----END PRIVATE KEY-----
--- a/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/keys/f3b8db9d60fb412d0363dd0c0ac2ea72dc212777.pem
+++ b/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/keys/f3b8db9d60fb412d0363dd0c0ac2ea72dc212777.pem
+-----BEGIN PRIVATE KEY-----
+MIIBVQIBADANBgkqhkiG9w0BAQEFAASCAT8wggE7AgEAAkEAoQok0evOsKK3EI3P
+JrUUyheN9zAQUYQtrVK8kUdgyqy+RoW2mSMG8aw5/bjbreU/+wg0O1xmps9ndn9U
+cz+PewIDAQABAkAyHD7y12acjjVawFXKXKSYchXp6hnZ08CG42zr5AMZbYLkhhN5
+9OWULkZ0dLrwOOw/ruhQSpOc9kjrWge2yLpZAiEA0gsSz0cU8A0xQ88aQbHOi3eZ
+EXvtoj0LecrbIy+ACI8CIQDERkhiroFvauc2rAMsfsVECmFjzyacpmYxts1KjKPI
+VQIhAMBICNkdzkoPGalkvzmip10/iC3cUGd0ELxW+xMT2dZ7AiEAqGnOLq6h7aKD
+JsxOJN3aEln92xCihwPY6It8d51Z48kCIGHjbq6UmCZUrhOSHm1Xm8m80XA662aR
+w+ZLnqtUjM4N
+-----END PRIVATE KEY-----
--- a/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/test.key
+++ b/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/test.key
-example.com. IN DNSKEY 256 3 7 AwEAAcm6ymueOZwLH7LvZkWLsk4NFplKrj9jCMBwgkRRwU1+8faMbo+/ Ml7QmYIWY5vhkpevfJDAcJtFf9iWxqQKYA8=
--- a/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/test.private
+++ b/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/test.private
-Private-key-format: v1.3
-Algorithm: 7 (NSEC3RSASHA1)
-Modulus: ybrKa545nAsfsu9mRYuyTg0WmUquP2MIwHCCRFHBTX7x9oxuj78yXtCZghZjm+GSl698kMBwm0V/2JbGpApgDw==
-PublicExponent: AQAB
-PrivateExponent: dW38w2TZ2FJJY5okiLtnUjQgQZ/NiyyVPaDA1BBbXEZO4HcktrWgwYengmVVLBhKw4OJAhyEHaxYw9DLqLlyAQ==
-Prime1: 6NqaRS0mkuHiO2J+4XTCRzMVw3Bu+K88BfqFIkDQKoE=
-Prime2: 3cgseuq7yfGAKcu07fOoTP3ITYxYPo+GZJ8TN0Rdoo8=
-Exponent1: FmJNSjEY8C2+ra6+O7YZpvaGNQ9t24Ic5wY6HhzU5gE=
-Exponent2: 0XCyILn/8WtxPwcyq+wIKf0X5bP9ucbMgcV/3hdf3Z0=
-Coefficient: j7PtdA139xlQPVPB3OIoG5YENxin+ocOYp7/teH4xkk=
-Created: 19700101000001
-Publish: 20400101000000
-Activate: 20400101000000
--- a/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/zone_example.com.json
+++ b/tests-extra/tests/dnssec/dnskey_timestamps/data/keys/zone_example.com.json
+{
+  "keys": [
+    {
+      "id": "7a3500c7feac3fd99f09a208a83b97f7455fa3e0",
+      "keytag": 58041,
+      "algorithm": 7,
+      "public_key": "AwEAAbvXqLB1/wIPCdK+9ZU/bc0HlmxGUQDmWPMPswuIak77QGXhPUrAfqaaDTPG73WsS1UDSCCiqjsbLXjmWMTBYnE=",
+      "ksk": true,
+      "publish": "1970-01-01T00:00:01+0000",
+      "active": "1970-01-01T00:00:01+0000"
+    },
+    {
+      "id": "f3b8db9d60fb412d0363dd0c0ac2ea72dc212777",
+      "keytag": 29654,
+      "algorithm": 7,
+      "public_key": "AwEAAaEKJNHrzrCitxCNzya1FMoXjfcwEFGELa1SvJFHYMqsvkaFtpkjBvGsOf24263lP/sINDtcZqbPZ3Z/VHM/j3s=",
+      "ksk": false,
+      "publish": "1970-01-01T00:00:01+0000",
+      "active": "1970-01-01T00:00:01+0000"
+    },
+    {
+      "id": "712d0d0d57fa0aa006b5e20cd84e23941e5f3ab2",
+      "keytag": 55574,
+      "algorithm": 7,
+      "public_key": "AwEAAcm6ymueOZwLH7LvZkWLsk4NFplKrj9jCMBwgkRRwU1+8faMbo+/Ml7QmYIWY5vhkpevfJDAcJtFf9iWxqQKYA8=",
+      "ksk": false,
+      "publish": "2040-01-01T00:00:00+0000",
+      "active": "2040-01-01T00:00:00+0000"
+    }
+  ]
+}
--- a/tests-extra/tests/dnssec/dnskey_timestamps/test.py
+++ b/tests-extra/tests/dnssec/dnskey_timestamps/test.py
@@ -8,26 +8,23 @@ import collections
 import os
 import shutil
 import datetime
+import subprocess

 from dnstest.utils import *
 from dnstest.test import Test

-# change timestamps in DNSSEC key file
-def key_settime(filename, **new_values):
-    lines = open(filename).readlines()
+def keymgr(server, args):
+    cmd = subprocess.Popen([params.keymgr_bin, "--dir", server.keydir] + args)
+    (stdout, stderr) = cmd.communicate()
+    return (cmd.returncode, stdout, stderr)

-    values = collections.OrderedDict()
-    for line in lines:
-        key, sep, value = line.partition(":")
-        values[key.strip()] = value.strip()
-
-    for key, value in new_values.items():
-        values[key] = value
-
-    with open(filename, "w") as keyfile:
-        for key, value in values.items():
-            if value is not None:
-                keyfile.write("%s: %s\n" % (key, value))
+def key_set(server, zone, key_id, **new_values):
+    cmd = ["zone", "key", "set", zone, key_id]
+    for option, value in new_values.items():
+        cmd += [option, value]
+    (exitcode, _x, _y) = keymgr(server, cmd)
+    if exitcode != 0:
+        raise Failed("Unable to modify key timing values.")

 # check zone if keys are present and used for signing
 def check_zone(server, expect_dnskey, expect_rrsig, msg):
@@ -49,13 +46,6 @@ def check_zone(server, expect_dnskey, expect_rrsig, msg):

    detail_log(SEP)

-# return date 'offset' seconds in future
-def date_offset(offset):
-    delta = datetime.timedelta(seconds = offset)
-    current_time = datetime.datetime.utcnow()
-    future_time = current_time + delta
-    return datetime.datetime.strftime(future_time, "%Y%m%d%H%M%S")
-
 t = Test()

 knot = t.server("knot")
@@ -67,9 +57,8 @@ t.link(zone, knot)
 shutil.copytree(os.path.join(t.data_dir, "keys"), knot.keydir)

 # parameters
-key_file = os.path.join(knot.keydir, "test.private")
-date_past = "19700101000001"
-date_future = "20400101000000"
+ZONE = "example.com"
+KEYID = "712d0d0d57fa0aa006b5e20cd84e23941e5f3ab2"
 WAIT_SIGN = 2

 #
@@ -79,37 +68,37 @@ WAIT_SIGN = 2
 check_log("Common cases")

 # key not published, not active
-key_settime(key_file, Publish=date_future, Activate=date_future)
+key_set(knot, ZONE, KEYID, publish="+10y", active="+10y")
 t.start()
 t.sleep(WAIT_SIGN)
 check_zone(knot, False, False, "not published, not active")

 # key published, not active
-key_settime(key_file, Publish=date_past)
+key_set(knot, ZONE, KEYID, publish="-10y")
 knot.reload()
 t.sleep(WAIT_SIGN)
 check_zone(knot, True, False, "published, not active")

 # key published, active
-key_settime(key_file, Activate=date_past)
+key_set(knot, ZONE, KEYID, active="-10y")
 knot.reload()
 t.sleep(WAIT_SIGN)
 check_zone(knot, True, True, "published, active")

 # key published, inactive
-key_settime(key_file, Inactive=date_past)
+key_set(knot, ZONE, KEYID, retire="-10y")
 knot.reload()
 t.sleep(WAIT_SIGN)
 check_zone(knot, True, False, "published, inactive")

 # key deleted, inactive
-key_settime(key_file, Delete=date_past)
+key_set(knot, ZONE, KEYID, remove="-10y")
 knot.reload()
 t.sleep(WAIT_SIGN)
 check_zone(knot, False, False, "deleted, inactive")

 # key not published, active (algorithm rotation)
-key_settime(key_file, Publish=date_future, Activate=date_past, Inactive=None, Delete=None)
+key_set(knot, ZONE, KEYID, publish="+10y", active="-10y", retire="0", remove="0")
 knot.reload()
 t.sleep(WAIT_SIGN)
 check_zone(knot, False, True, "not published, active")
@@ -122,7 +111,7 @@ check_log("Planned events")

 # key about to be published
 event_in = 7
-key_settime(key_file, Publish=date_offset(event_in), Activate=date_future, Inactive=None, Delete=None)
+key_set(knot, ZONE, KEYID, publish=("+%d" % event_in), active="+10y", retire="0", remove="0")
 knot.reload()
 t.sleep(WAIT_SIGN)
 check_zone(knot, False, False, "to be published - pre")
@@ -130,7 +119,7 @@ t.sleep(event_in)
 check_zone(knot, True, False, "to be published - post")

 # key about to be activated
-key_settime(key_file, Publish=date_past, Activate=date_offset(event_in), Inactive=None, Delete=None)
+key_set(knot, ZONE, KEYID, publish="-10y", active=("+%d" % event_in), retire="0", remove="0")
 knot.reload()
 t.sleep(WAIT_SIGN)
 check_zone(knot, True, False, "to be activated - pre")
@@ -138,7 +127,7 @@ t.sleep(event_in)
 check_zone(knot, True, True, "to be activated - post")

 #key about to be inactivated
-key_settime(key_file, Publish=date_past, Activate=date_past, Inactive=date_offset(event_in), Delete=None)
+key_set(knot, ZONE, KEYID, publish="-10y", active="-10y", retire=("+%d" % event_in), remove="0")
 knot.reload()
 t.sleep(WAIT_SIGN)
 check_zone(knot, True, True, "to be inactivated - pre")
@@ -146,7 +135,7 @@ t.sleep(event_in)
 check_zone(knot, True, False, "to be inactivated - post")

 #key about to be deleted
-key_settime(key_file, Publish=date_past, Activate=date_past, Inactive=date_past, Delete=date_offset(event_in))
+key_set(knot, ZONE, KEYID, publish="-10y", active="-10y", retire="-10y", remove=("+%d" % event_in))
 knot.reload()
 t.sleep(WAIT_SIGN)
 check_zone(knot, True, False, "to be deleted - pre")