Commit 723acfdc authored by Diane Trout's avatar Diane Trout

Update tests/small-key to test if small keys are fixed on upgrade

parent c6ba746a
#!/bin/sh
TRIGGER=/etc/dnssec-trigger
if [ \! -e ${TRIGGER} ]; then
mkdir ${TRIGGER}
fi
install_small_keys () {
TRIGGER=$1
if [ -e ${TRIGGER}/dnssec_trigger_control.key ]; then
echo "Package already installlled"
exit 1
fi
cat >${TRIGGER}/dnssec_trigger_control.key <<EOF
cat >${TRIGGER}/dnssec_trigger_control.key <<EOF
-----BEGIN RSA PRIVATE KEY-----
MIIBzQIBAAJhAMxEajRTflLFuWx/xNuKbogeiycNNMSD+ZzgS0lCtb4EMfx5jbPE
1SAleqY/SvlPM7V7/duNqiLRVbouChnTS+/NUnONqO2K5r4O38i66PpyD+Q14vAU
......@@ -24,7 +17,7 @@ t9aG3ATguPmg9tjVxSWDvZSj6ZlBX0PS6LCyjxzZAjEAkYwXKlDEZWtSrSQ/rzPf
Gu4MMkM55jVy30XCCD5AGDVIpE1tzhBaRlH7rcxku/hK
-----END RSA PRIVATE KEY-----
EOF
cat >${TRIGGER}/dnssec_trigger_control.pem <<EOF
cat >${TRIGGER}/dnssec_trigger_control.pem <<EOF
-----BEGIN CERTIFICATE-----
MIIBazCB9gIJALWPLptjkjP3MA0GCSqGSIb3DQEBBAUAMBkxFzAVBgNVBAMMDmRu
c3NlYy10cmlnZ2VyMB4XDTE5MDEwMzA1MjAyMFoXDTM4MDkyMDA1MjAyMFowITEf
......@@ -36,7 +29,7 @@ XmgKqTgDgFDi+5ObHLa5DvPFZRD0lSGJJfqEYwJXm/SsnCsdAjpvVJIu2jkSU0KV
nO+a4PxNkzCE4E+GNk8AhS3OGLoookSFWrjL/elW5w==
-----END CERTIFICATE-----
EOF
cat >${TRIGGER}/dnssec_trigger_server.key <<EOF
cat >${TRIGGER}/dnssec_trigger_server.key <<EOF
-----BEGIN RSA PRIVATE KEY-----
MIIBygIBAAJhAMFwfA7NctBmcDduhfiwBhLOwtihG2h5zQ//a395JJ2wzxjD+Or0
3hU1IHPfsb8sQPwyroKdKu3mLXu4/PhyTUXWXZtiiAfM8uNJMFmQF4G4GsiNcfyR
......@@ -50,7 +43,7 @@ N8OdLlIBDCHXRrqNtbg8UW40IhpnuHdhmrNMsQIwY9Tdci7Rzp31Rg9YRAQ0+Dip
IkgotaeLvsskBdjoyI+NyOFaiHj5ljJPU1DF08/F
-----END RSA PRIVATE KEY-----
EOF
cat >${TRIGGER}/dnssec_trigger_server.pem <<EOF
cat >${TRIGGER}/dnssec_trigger_server.pem <<EOF
-----BEGIN CERTIFICATE-----
MIIBYzCB7gIJALSLw2fGm5doMA0GCSqGSIb3DQEBBAUAMBkxFzAVBgNVBAMMDmRu
c3NlYy10cmlnZ2VyMB4XDTE5MDEwMzA1MjAyMFoXDTM4MDkyMDA1MjAyMFowGTEX
......@@ -62,15 +55,54 @@ AgMBAAEwDQYJKoZIhvcNAQEEBQADYQBWAGiChxzTQZLUIFDrb5Gv211KcjFHCGC7
7BpIdRCdWa5UQV5QS9vcP5COeWxQc4U=
-----END CERTIFICATE-----
EOF
}
was_key_upgraded () {
TRIGGER=$1
STATE=$2
TRIGGER_CONTROL="${TRIGGER}/dnssec_trigger_control.key"
OLD_SHA="eaf403126c164543a4f20850ab94fbe125440c528dba96395cb19795ee9c4757 ${TRIGGER_CONTROL}"
SHA=`sha256sum ${TRIGGER_CONTROL}`
if [ "${SHA}" = "${OLD_SHA}" ]; then
echo "Key was not replaced on ${STATE}"
echo "OLD ${OLD_SHA}"
echo "NEW ${SHA}"
return 1
else
echo "Key was replaced on ${STATE}"
return 0
fi
}
TRIGGER=/etc/dnssec-trigger
if [ \! -e ${TRIGGER} ]; then
mkdir ${TRIGGER}
fi
if [ -e ${TRIGGER}/dnssec_trigger_control.key ]; then
echo "Package already installed"
exit 1
fi
install_small_keys ${TRIGGER}
dpkg -i ../../binaries/dnssec-trigger.deb 2>&1
if was_key_upgraded ${TRIGGER} "install" ; then
echo "PASS"
else
echo "FAIL"
exit 1
fi
SHA=`sha256sum ${TRIGGER}/dnssec_trigger_control.key`
if [ "${SHA}" = "eaf403126c164543a4f20850ab94fbe125440c528dba96395cb19795ee9c4757" ]; then
echo "Key was not replaced on upgrade"
exit 1
# do upgrades work?
service dnssec-triggerd stop
install_small_keys ${TRIGGER}
dpkg -i ../../binaries/dnssec-trigger.deb 2>&1
if was_key_upgraded ${TRIGGER} "upgrade" ; then
echo "PASS"
else
echo "Key was replaced on upgrade"
echo "FAIL"
exit 1
fi
exit 0
\ No newline at end of file
exit 0
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment