From 19a7a1e557f1e40a195da0855827671185e743c2 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Tue, 5 Jul 2022 18:39:43 +1000
Subject: [PATCH] Convert hmac-sha256 references in system tests to
 DEFAULT_HMAC

where a future change from hmac-sha256 would be applicable.  This
change involves dnssec, nsupdate and rndc system tests.
---
 bin/tests/system/cookie/ans9/ans.py                      | 4 ++--
 bin/tests/system/cookie/ns1/named.conf.in                | 2 +-
 bin/tests/system/cookie/tests.sh                         | 2 +-
 bin/tests/system/dnssec/ns4/named5.conf.in               | 2 +-
 bin/tests/system/nsupdate/ns9/named.conf.in              | 2 +-
 bin/tests/system/nsupdate/tests.sh                       | 4 ++--
 bin/tests/system/rndc/clean.sh                           | 7 ++++---
 bin/tests/system/rndc/ns2/named.conf.in                  | 2 +-
 .../rndc/ns2/{secondkey.conf => secondkey.conf.in}       | 2 +-
 bin/tests/system/rndc/ns3/named.conf.in                  | 2 +-
 bin/tests/system/rndc/setup.sh                           | 1 +
 bin/tests/system/rrl/{broken.conf => broken.conf.in}     | 4 ++--
 bin/tests/system/rrl/clean.sh                            | 9 +++++----
 bin/tests/system/rrl/setup.sh                            | 1 +
 14 files changed, 24 insertions(+), 20 deletions(-)
 rename bin/tests/system/rndc/ns2/{secondkey.conf => secondkey.conf.in} (95%)
 rename bin/tests/system/rrl/{broken.conf => broken.conf.in} (97%)

diff --git a/bin/tests/system/cookie/ans9/ans.py b/bin/tests/system/cookie/ans9/ans.py
index 550909466a..a508fa5e62 100644
--- a/bin/tests/system/cookie/ans9/ans.py
+++ b/bin/tests/system/cookie/ans9/ans.py
@@ -45,8 +45,8 @@ def logquery(type, qname):
 try:
     keyring = dns.tsigkeyring.from_text(
         {
-            "foo": {"hmac-sha256", "aaaaaaaaaaaa"},
-            "fake": {"hmac-sha256", "aaaaaaaaaaaa"},
+            "foo": {os.getenv("DEFAULT_HMAC", "hmac-sha256"), "aaaaaaaaaaaa"},
+            "fake": {os.getenv("DEFAULT_HMAC", "hmac-sha256"), "aaaaaaaaaaaa"},
         }
     )
 except:
diff --git a/bin/tests/system/cookie/ns1/named.conf.in b/bin/tests/system/cookie/ns1/named.conf.in
index 130430326f..e9c28c6754 100644
--- a/bin/tests/system/cookie/ns1/named.conf.in
+++ b/bin/tests/system/cookie/ns1/named.conf.in
@@ -18,7 +18,7 @@ key rndc_key {
 
 key foo {
 	secret "aaaaaaaaaaaa";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };
 
 server 10.53.0.10 {
diff --git a/bin/tests/system/cookie/tests.sh b/bin/tests/system/cookie/tests.sh
index ac3bd087cd..2e5de5ae90 100755
--- a/bin/tests/system/cookie/tests.sh
+++ b/bin/tests/system/cookie/tests.sh
@@ -474,7 +474,7 @@ then
   echo_i "check that TSIG test server is correctly configured ($n)"
   ret=0
   pat="; COOKIE: ................................ (good)"
-  key=hmac-sha256:foo:aaaaaaaaaaaa
+  key="${DEFAULT_HMAC}:foo:aaaaaaaaaaaa"
   #UDP
   $DIG $DIGOPTS @10.53.0.10 -y $key +notcp tsig. > dig.out.test$n.1
   grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
diff --git a/bin/tests/system/dnssec/ns4/named5.conf.in b/bin/tests/system/dnssec/ns4/named5.conf.in
index f1b817a75f..e457062d64 100644
--- a/bin/tests/system/dnssec/ns4/named5.conf.in
+++ b/bin/tests/system/dnssec/ns4/named5.conf.in
@@ -35,5 +35,5 @@ controls {
 
 key auth {
 	secret "1234abcd8765";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };
diff --git a/bin/tests/system/nsupdate/ns9/named.conf.in b/bin/tests/system/nsupdate/ns9/named.conf.in
index 6a7ff88b1a..0b70745ebd 100644
--- a/bin/tests/system/nsupdate/ns9/named.conf.in
+++ b/bin/tests/system/nsupdate/ns9/named.conf.in
@@ -32,7 +32,7 @@ key rndc_key {
 
 key subkey {
 	secret "1234abcd8765";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };
 
 controls {
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index 0863d0a1ad..a7a37c55d1 100755
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -739,7 +739,7 @@ n=`expr $n + 1`
 ret=0
 echo_i "check 'grant' in deny name + grant subdomain ($n)"
 $NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
-key hmac-sha256:subkey 1234abcd8765
+key $DEFAULT_HMAC:subkey 1234abcd8765
 server 10.53.0.9 ${PORT}
 zone denyname.example
 update add foo.denyname.example 3600 IN TXT added
@@ -753,7 +753,7 @@ n=`expr $n + 1`
 ret=0
 echo_i "check 'deny' in deny name + grant subdomain ($n)"
 $NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
-key hmac-sha256:subkey 1234abcd8765
+key $DEFAULT_HMAC:subkey 1234abcd8765
 server 10.53.0.9 ${PORT}
 zone denyname.example
 update add denyname.example 3600 IN TXT added
diff --git a/bin/tests/system/rndc/clean.sh b/bin/tests/system/rndc/clean.sh
index d18b5a54f2..7d08f5badc 100644
--- a/bin/tests/system/rndc/clean.sh
+++ b/bin/tests/system/rndc/clean.sh
@@ -12,11 +12,15 @@
 # information regarding copyright ownership.
 
 rm -f dig.out.*.test*
+rm -f ns*/*.nta
+rm -f ns*/managed-keys.bind* ns*/*.mkeys*
+rm -f ns*/named.conf
 rm -f ns*/named.lock
 rm -f ns*/named.memstats
 rm -f ns*/named.run ns*/named.run.prev
 rm -f ns2/named.stats
 rm -f ns2/nil.db ns2/other.db ns2/static.db ns2/*.jnl
+rm -f ns2/secondkey.conf
 rm -f ns2/session.key
 rm -f ns3/named_dump.db*
 rm -f ns4/*.nta
@@ -25,9 +29,6 @@ rm -f ns4/key?.conf
 rm -f ns6/huge.zone.db
 rm -f ns7/include.db ns7/test.db ns7/*.jnl
 rm -f ns7/named_dump.db*
-rm -f ns*/named.conf
 rm -f nsupdate.out.*.test*
 rm -f python.out.*.test*
 rm -f rndc.out.*.test*
-rm -f ns*/managed-keys.bind* ns*/*.mkeys*
-rm -f ns*/*.nta
diff --git a/bin/tests/system/rndc/ns2/named.conf.in b/bin/tests/system/rndc/ns2/named.conf.in
index 117a5f4f1a..be1af2538c 100644
--- a/bin/tests/system/rndc/ns2/named.conf.in
+++ b/bin/tests/system/rndc/ns2/named.conf.in
@@ -27,7 +27,7 @@ key rndc_key {
 
 key secondkey {
 	secret "abcd1234abcd8765";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };
 
 controls {
diff --git a/bin/tests/system/rndc/ns2/secondkey.conf b/bin/tests/system/rndc/ns2/secondkey.conf.in
similarity index 95%
rename from bin/tests/system/rndc/ns2/secondkey.conf
rename to bin/tests/system/rndc/ns2/secondkey.conf.in
index 1b6af7b8db..4f881537c2 100644
--- a/bin/tests/system/rndc/ns2/secondkey.conf
+++ b/bin/tests/system/rndc/ns2/secondkey.conf.in
@@ -17,5 +17,5 @@ options {
 
 key secondkey {
 	secret "abcd1234abcd8765";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };
diff --git a/bin/tests/system/rndc/ns3/named.conf.in b/bin/tests/system/rndc/ns3/named.conf.in
index 3078e9003d..fd97ca2c57 100644
--- a/bin/tests/system/rndc/ns3/named.conf.in
+++ b/bin/tests/system/rndc/ns3/named.conf.in
@@ -25,7 +25,7 @@ key rndc_key {
 
 key secondkey {
 	secret "abcd1234abcd8765";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };
 
 controls {
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
index 4dd6fa739e..3c4de1292d 100644
--- a/bin/tests/system/rndc/setup.sh
+++ b/bin/tests/system/rndc/setup.sh
@@ -34,6 +34,7 @@ awk 'END { for (i = 1; i <= '${size}'; i++)
      printf "host%d IN A 10.53.0.6\n", i; }' < /dev/null >> ns6/huge.zone.db
 
 copy_setports ns2/named.conf.in ns2/named.conf
+copy_setports ns2/secondkey.conf.in ns2/secondkey.conf
 copy_setports ns3/named.conf.in ns3/named.conf
 copy_setports ns4/named.conf.in ns4/named.conf
 copy_setports ns5/named.conf.in ns5/named.conf
diff --git a/bin/tests/system/rrl/broken.conf b/bin/tests/system/rrl/broken.conf.in
similarity index 97%
rename from bin/tests/system/rrl/broken.conf
rename to bin/tests/system/rrl/broken.conf.in
index bf98736ee5..d830402493 100644
--- a/bin/tests/system/rrl/broken.conf
+++ b/bin/tests/system/rrl/broken.conf.in
@@ -38,9 +38,9 @@ options {
 
 key rndc_key {
 	secret "1234abcd8765";
-	algorithm hmac-sha256;
+	algorithm @DEFAULT_HMAC@;
 };
+
 controls {
 	inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; };
 };
-
diff --git a/bin/tests/system/rrl/clean.sh b/bin/tests/system/rrl/clean.sh
index abb10bd744..8a9d2c22b8 100644
--- a/bin/tests/system/rrl/clean.sh
+++ b/bin/tests/system/rrl/clean.sh
@@ -11,10 +11,11 @@
 
 # Clean up after rrl tests.
 
-rm -f dig.out* *mdig.out*
 rm -f  */named.memstats */named.run */named.stats */log-* */session.key
-rm -f ns3/bl*.db */*.jnl */*.core */*.pid
-rm -f ns*/named.lock
-rm -f ns*/named.conf
+rm -f broken.conf
 rm -f broken.out
+rm -f dig.out* *mdig.out*
 rm -f ns*/managed-keys.bind*
+rm -f ns*/named.conf
+rm -f ns*/named.lock
+rm -f ns3/bl*.db */*.jnl */*.core */*.pid
diff --git a/bin/tests/system/rrl/setup.sh b/bin/tests/system/rrl/setup.sh
index 49a642683d..752b02ceed 100644
--- a/bin/tests/system/rrl/setup.sh
+++ b/bin/tests/system/rrl/setup.sh
@@ -15,6 +15,7 @@
 
 $SHELL clean.sh
 
+copy_setports broken.conf.in broken.conf
 copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf