bind/backport-0021-Add-test-configurations-with-invalid-dnssec-policy-c.patch

From 38d930e5cb11d398a01f68f3c1658b4c22759583 Mon Sep 17 00:00:00 2001
From: Mark Andrews <marka@isc.org>
Date: Tue, 15 Feb 2022 16:24:52 +1100
Subject: [PATCH] Add test configurations with invalid dnssec-policy clauses

bad-ksk-without-zsk.conf only has a ksk defined without a
matching zsk for the same algorithm.

bad-zsk-without-ksk.conf only has a zsk defined without a
matching ksk for the same algorithm.

bad-unpaired-keys.conf has two keys of different algorithms
one ksk only and the other zsk only

(cherry picked from commit f23e86b96b77bb9fd485a2c8f6d3cd8a02afd7bd)
Conflict: NA
Reference: https://gitlab.isc.org/isc-projects/bind9/-/commit/38d930e5cb11d398a01f68f3c1658b4c22759583
---
 .../system/checkconf/bad-ksk-without-zsk.conf | 24 +++++++++++++++++
 .../system/checkconf/bad-unpaired-keys.conf   | 27 +++++++++++++++++++
 .../system/checkconf/bad-zsk-without-ksk.conf | 24 +++++++++++++++++
 3 files changed, 75 insertions(+)
 create mode 100644 bin/tests/system/checkconf/bad-ksk-without-zsk.conf
 create mode 100644 bin/tests/system/checkconf/bad-unpaired-keys.conf
 create mode 100644 bin/tests/system/checkconf/bad-zsk-without-ksk.conf

diff --git a/bin/tests/system/checkconf/bad-ksk-without-zsk.conf b/bin/tests/system/checkconf/bad-ksk-without-zsk.conf
new file mode 100644
index 0000000000..66e1b7f0c8
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-ksk-without-zsk.conf
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy ksk-without-zsk {
+	keys {
+		ksk lifetime 30d algorithm 13;
+	};
+};
+
+zone "example" {
+	type primary;
+	file "example.db";
+	dnssec-policy ksk-without-zsk;
+};
diff --git a/bin/tests/system/checkconf/bad-unpaired-keys.conf b/bin/tests/system/checkconf/bad-unpaired-keys.conf
new file mode 100644
index 0000000000..63b6dc2c65
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-unpaired-keys.conf
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy unpaired-keys {
+	keys {
+		/* zsk without ksk */
+		zsk lifetime 30d algorithm 13;
+		/* ksk without zsk */
+		ksk lifetime 30d algorithm 7;
+	};
+};
+
+zone "example" {
+	type primary;
+	file "example.db";
+	dnssec-policy unpaired-keys;
+};
diff --git a/bin/tests/system/checkconf/bad-zsk-without-ksk.conf b/bin/tests/system/checkconf/bad-zsk-without-ksk.conf
new file mode 100644
index 0000000000..31b031cdc8
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-zsk-without-ksk.conf
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+dnssec-policy zsk-without-ksk {
+	keys {
+		zsk lifetime 30d algorithm 13;
+	};
+};
+
+zone "example" {
+	type primary;
+	file "example.db";
+	dnssec-policy zsk-without-ksk;
+};
-- 
2.23.0