From 43ded45ae9af1b5ad93a68444ac289574ae703a2 Mon Sep 17 00:00:00 2001 From: Matthijs Mekking Date: Fri, 14 Mar 2025 17:28:28 +0100 Subject: [PATCH] Two more kasp test cases converted to pytest The zone 'pregenerated.kasp' is a case where there already exist more keys than required. For this we set the 'pregenerated' setting. This will change the 'keydir_to_keylist' function behavior: Only keys in use are considered. A key is in use if all of the states are either undefined, or set to 'hidden'. The 'some-keys.kasp' zone is similar to 'pregenerated.kasp', except only some keys have been pregenerated. --- bin/tests/system/kasp/tests.sh | 34 ----------------------------- bin/tests/system/kasp/tests_kasp.py | 25 +++++++++++++++++++-- 2 files changed, 23 insertions(+), 36 deletions(-) diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh index e419e74b99..ec9e72e300 100644 --- a/bin/tests/system/kasp/tests.sh +++ b/bin/tests/system/kasp/tests.sh @@ -487,40 +487,6 @@ set_keystate "KEY3" "STATE_ZRRSIG" "rumoured" # Three keys only. key_clear "KEY4" -# -# Zone: some-keys.kasp. -# -set_zone "some-keys.kasp" -set_policy "rsasha256" "3" "1234" -set_server "ns3" "10.53.0.3" -# Key properties, timings and states same as above. - -check_keys -check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" -set_keytimes_algorithm_policy "pregenerated" -check_keytimes -check_apex -check_subdomain -dnssec_verify - -# -# Zone: pregenerated.kasp. -# -# There are more pregenerated keys than needed, hence the number of keys is -# six, not three. -set_zone "pregenerated.kasp" -set_policy "rsasha256" "6" "1234" -set_server "ns3" "10.53.0.3" -# Key properties, timings and states same as above. - -check_keys -check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" -set_keytimes_algorithm_policy "pregenerated" -check_keytimes -check_apex -check_subdomain -dnssec_verify - # # Zone: rumoured.kasp. # diff --git a/bin/tests/system/kasp/tests_kasp.py b/bin/tests/system/kasp/tests_kasp.py index 33bfaba388..0f93a690ee 100644 --- a/bin/tests/system/kasp/tests_kasp.py +++ b/bin/tests/system/kasp/tests_kasp.py @@ -174,6 +174,9 @@ def test_kasp_cases(servers): zone = test["zone"] policy = test["policy"] ttl = int(test["config"]["dnskey-ttl"].total_seconds()) + pregenerated = False + if test.get("pregenerated"): + pregenerated = test["pregenerated"] isctest.log.info(f"check test case zone {zone} policy {policy}") @@ -182,7 +185,9 @@ def test_kasp_cases(servers): ttl=ttl, keys=test["key-properties"] ) # Key files. - keys = isctest.kasp.keydir_to_keylist(zone, test["config"]["key-directory"]) + keys = isctest.kasp.keydir_to_keylist( + zone, test["config"]["key-directory"], in_use=pregenerated + ) ksks = [k for k in keys if k.is_ksk()] zsks = [k for k in keys if not k.is_ksk()] @@ -192,7 +197,9 @@ def test_kasp_cases(servers): offset = test["offset"] if "offset" in test else None for kp in expected: - kp.set_expected_keytimes(test["config"], offset=offset) + kp.set_expected_keytimes( + test["config"], offset=offset, pregenerated=pregenerated + ) isctest.kasp.check_keytimes(keys, expected) @@ -248,6 +255,13 @@ def test_kasp_cases(servers): "config": kasp_config, "key-properties": fips_properties(8), }, + { + "zone": "pregenerated.kasp", + "policy": "rsasha256", + "config": kasp_config, + "pregenerated": True, + "key-properties": fips_properties(8), + }, { "zone": "rsasha256.kasp", "policy": "rsasha256", @@ -260,6 +274,13 @@ def test_kasp_cases(servers): "config": kasp_config, "key-properties": fips_properties(10), }, + { + "zone": "some-keys.kasp", + "policy": "rsasha256", + "config": kasp_config, + "pregenerated": True, + "key-properties": fips_properties(8), + }, { "zone": "unlimited.kasp", "policy": "unlimited",