mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-31 06:25:31 +00:00
0b9fbca18e
In isctest.kasp, introduce a new class 'KeyProperties' that can be used to check if a Key matches expected properties. Properties are for the time being divided in three parts: 'properties' that contain some attributes of the expected properties (such as are we dealing with a legacy key, is the private key available, and other things that do not fit the metadata exactly), 'metadata' that contains expected metadata (such as 'Algorithm', 'Lifetime', 'Length'), and 'timing', which is metadata of the class KeyTimingMetadata. The 'default()' method fills in the expected properties for the default DNSSEC policy. The 'set_expected_times()' sets the expected timing metadata, derived from when the key was created. This method can take an offset to push the expected timing metadata a duration in the future or back into the past. If 'pregenerated=True', derive the expected timing metadata from the 'Publish' metadata derived from the keyfile, rather than from the 'Created' metadata. The calculations in the 'Ipub', 'IpubC' and 'Iret' methods are derived from RFC 7583 DNSSEC Key Rollover Timing Considerations.