|
|
@@ -1085,105 +1085,93 @@ TEST_F(TSIGTest, verifyMulti) {
|
|
|
|
|
|
// First, send query from the verify one to the normal one, so
|
|
|
// we initialize something like AXFR
|
|
|
- {
|
|
|
- SCOPED_TRACE("Query");
|
|
|
- ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
|
|
|
- tsig_verify_ctx.get());
|
|
|
- commonVerifyChecks(*tsig_ctx, tsig.get(),
|
|
|
- renderer.getData(), renderer.getLength(),
|
|
|
- TSIGError(Rcode::NOERROR()),
|
|
|
- TSIGContext::RECEIVED_REQUEST);
|
|
|
- }
|
|
|
-
|
|
|
- {
|
|
|
- SCOPED_TRACE("First message");
|
|
|
- ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
|
|
|
- tsig_ctx.get());
|
|
|
- commonVerifyChecks(*tsig_verify_ctx, tsig.get(),
|
|
|
- renderer.getData(), renderer.getLength(),
|
|
|
- TSIGError(Rcode::NOERROR()),
|
|
|
- TSIGContext::VERIFIED_RESPONSE);
|
|
|
- EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
|
|
|
- }
|
|
|
-
|
|
|
- {
|
|
|
- SCOPED_TRACE("Second message");
|
|
|
- ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
|
|
|
- tsig_ctx.get());
|
|
|
- commonVerifyChecks(*tsig_verify_ctx, tsig.get(),
|
|
|
- renderer.getData(), renderer.getLength(),
|
|
|
- TSIGError(Rcode::NOERROR()),
|
|
|
- TSIGContext::VERIFIED_RESPONSE);
|
|
|
- EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
|
|
|
- }
|
|
|
-
|
|
|
- {
|
|
|
- SCOPED_TRACE("Third message. Unsigned.");
|
|
|
- // Another message does not carry the TSIG on it. But it should
|
|
|
- // be OK, it's in the middle of stream.
|
|
|
- message.clear(Message::RENDER);
|
|
|
- message.setQid(1234);
|
|
|
- message.setOpcode(Opcode::QUERY());
|
|
|
- message.setRcode(Rcode::NOERROR());
|
|
|
- RRsetPtr answer_rrset(new RRset(test_name, test_class, RRType::A(),
|
|
|
- test_ttl));
|
|
|
- answer_rrset->addRdata(createRdata(RRType::A(), test_class,
|
|
|
- "192.0.2.1"));
|
|
|
- message.addRRset(Message::SECTION_ANSWER, answer_rrset);
|
|
|
- message.toWire(renderer);
|
|
|
- // Update the internal state. We abuse the knowledge of
|
|
|
- // internals here a little bit to generate correct test data
|
|
|
- tsig_ctx->update(renderer.getData(), renderer.getLength());
|
|
|
-
|
|
|
- commonVerifyChecks(*tsig_verify_ctx, NULL,
|
|
|
- renderer.getData(), renderer.getLength(),
|
|
|
- TSIGError(Rcode::NOERROR()),
|
|
|
- TSIGContext::VERIFIED_RESPONSE);
|
|
|
-
|
|
|
- EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
|
|
|
- }
|
|
|
-
|
|
|
- {
|
|
|
- SCOPED_TRACE("Fourth message. Signed again.");
|
|
|
- ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
|
|
|
- tsig_ctx.get());
|
|
|
- commonVerifyChecks(*tsig_verify_ctx, tsig.get(),
|
|
|
- renderer.getData(), renderer.getLength(),
|
|
|
- TSIGError(Rcode::NOERROR()),
|
|
|
- TSIGContext::VERIFIED_RESPONSE);
|
|
|
- EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
|
|
|
- }
|
|
|
-
|
|
|
- {
|
|
|
- SCOPED_TRACE("Filling in bunch of unsigned messages");
|
|
|
- for (size_t i = 0; i < 100; ++i) {
|
|
|
- SCOPED_TRACE(i);
|
|
|
- // Another message does not carry the TSIG on it. But it should
|
|
|
- // be OK, it's in the middle of stream.
|
|
|
- message.clear(Message::RENDER);
|
|
|
- message.setQid(1234);
|
|
|
- message.setOpcode(Opcode::QUERY());
|
|
|
- message.setRcode(Rcode::NOERROR());
|
|
|
- RRsetPtr answer_rrset(new RRset(test_name, test_class, RRType::A(),
|
|
|
- test_ttl));
|
|
|
- answer_rrset->addRdata(createRdata(RRType::A(), test_class,
|
|
|
- "192.0.2.1"));
|
|
|
- message.addRRset(Message::SECTION_ANSWER, answer_rrset);
|
|
|
- message.toWire(renderer);
|
|
|
- // Update the internal state. We abuse the knowledge of
|
|
|
- // internals here a little bit to generate correct test data
|
|
|
- tsig_ctx->update(renderer.getData(), renderer.getLength());
|
|
|
-
|
|
|
- // 99 unsigned messages is OK. But the 100th must be signed, according
|
|
|
- // to the RFC2845, section 4.4
|
|
|
- commonVerifyChecks(*tsig_verify_ctx, NULL,
|
|
|
- renderer.getData(), renderer.getLength(),
|
|
|
- i == 99 ? TSIGError::FORMERR() :
|
|
|
- TSIGError(Rcode::NOERROR()),
|
|
|
- TSIGContext::VERIFIED_RESPONSE);
|
|
|
-
|
|
|
- EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
|
|
|
- }
|
|
|
+ // SCOPED_TRACE("Query");
|
|
|
+ ConstTSIGRecordPtr tsigQ = createMessageAndSign(1234, test_name,
|
|
|
+ tsig_verify_ctx.get());
|
|
|
+ commonVerifyChecks(*tsig_ctx, tsigQ.get(),
|
|
|
+ renderer.getData(), renderer.getLength(),
|
|
|
+ TSIGError(Rcode::NOERROR()),
|
|
|
+ TSIGContext::RECEIVED_REQUEST);
|
|
|
+
|
|
|
+ // SCOPED_TRACE("First message");
|
|
|
+ ConstTSIGRecordPtr tsig1 = createMessageAndSign(1234, test_name,
|
|
|
+ tsig_ctx.get());
|
|
|
+ commonVerifyChecks(*tsig_verify_ctx, tsig1.get(),
|
|
|
+ renderer.getData(), renderer.getLength(),
|
|
|
+ TSIGError(Rcode::NOERROR()),
|
|
|
+ TSIGContext::VERIFIED_RESPONSE);
|
|
|
+ EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
|
|
|
+
|
|
|
+ // SCOPED_TRACE("Second message");
|
|
|
+ ConstTSIGRecordPtr tsig2 = createMessageAndSign(1234, test_name,
|
|
|
+ tsig_ctx.get());
|
|
|
+ commonVerifyChecks(*tsig_verify_ctx, tsig2.get(),
|
|
|
+ renderer.getData(), renderer.getLength(),
|
|
|
+ TSIGError(Rcode::NOERROR()),
|
|
|
+ TSIGContext::VERIFIED_RESPONSE);
|
|
|
+ EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
|
|
|
+
|
|
|
+ // SCOPED_TRACE("Third message. Unsigned.");
|
|
|
+ // Another message does not carry the TSIG on it. But it should
|
|
|
+ // be OK, it's in the middle of stream.
|
|
|
+ message.clear(Message::RENDER);
|
|
|
+ message.setQid(1234);
|
|
|
+ message.setOpcode(Opcode::QUERY());
|
|
|
+ message.setRcode(Rcode::NOERROR());
|
|
|
+ RRsetPtr answer_rrset(new RRset(test_name, test_class, RRType::A(),
|
|
|
+ test_ttl));
|
|
|
+ answer_rrset->addRdata(createRdata(RRType::A(), test_class,
|
|
|
+ "192.0.2.1"));
|
|
|
+ message.addRRset(Message::SECTION_ANSWER, answer_rrset);
|
|
|
+ message.toWire(renderer);
|
|
|
+ // Update the internal state. We abuse the knowledge of
|
|
|
+ // internals here a little bit to generate correct test data
|
|
|
+ tsig_ctx->update(renderer.getData(), renderer.getLength());
|
|
|
+
|
|
|
+ commonVerifyChecks(*tsig_verify_ctx, NULL,
|
|
|
+ renderer.getData(), renderer.getLength(),
|
|
|
+ TSIGError(Rcode::NOERROR()),
|
|
|
+ TSIGContext::VERIFIED_RESPONSE);
|
|
|
+
|
|
|
+ EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
|
|
|
+
|
|
|
+ // SCOPED_TRACE("Fourth message. Signed again.");
|
|
|
+ ConstTSIGRecordPtr tsig4 = createMessageAndSign(1234, test_name,
|
|
|
+ tsig_ctx.get());
|
|
|
+ commonVerifyChecks(*tsig_verify_ctx, tsig4.get(),
|
|
|
+ renderer.getData(), renderer.getLength(),
|
|
|
+ TSIGError(Rcode::NOERROR()),
|
|
|
+ TSIGContext::VERIFIED_RESPONSE);
|
|
|
+ EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
|
|
|
+
|
|
|
+ // SCOPED_TRACE("Filling in bunch of unsigned messages");
|
|
|
+ for (size_t i = 0; i < 100; ++i) {
|
|
|
+ // SCOPED_TRACE(i);
|
|
|
+ // Another message does not carry the TSIG on it. But it should
|
|
|
+ // be OK, it's in the middle of stream.
|
|
|
+ message.clear(Message::RENDER);
|
|
|
+ message.setQid(1234);
|
|
|
+ message.setOpcode(Opcode::QUERY());
|
|
|
+ message.setRcode(Rcode::NOERROR());
|
|
|
+ RRsetPtr answer_rrsetl(new RRset(test_name, test_class, RRType::A(),
|
|
|
+ test_ttl));
|
|
|
+ answer_rrsetl->addRdata(createRdata(RRType::A(), test_class,
|
|
|
+ "192.0.2.1"));
|
|
|
+ message.addRRset(Message::SECTION_ANSWER, answer_rrsetl);
|
|
|
+ message.toWire(renderer);
|
|
|
+ // Update the internal state. We abuse the knowledge of
|
|
|
+ // internals here a little bit to generate correct test data
|
|
|
+ tsig_ctx->update(renderer.getData(), renderer.getLength());
|
|
|
+
|
|
|
+ // 99 unsigned messages is OK. But the 100th must be signed, according
|
|
|
+ // to the RFC2845, section 4.4
|
|
|
+ commonVerifyChecks(*tsig_verify_ctx, NULL,
|
|
|
+ renderer.getData(), renderer.getLength(),
|
|
|
+ i == 99 ? TSIGError::FORMERR() :
|
|
|
+ TSIGError(Rcode::NOERROR()),
|
|
|
+ TSIGContext::VERIFIED_RESPONSE);
|
|
|
+
|
|
|
+ EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
|
|
|
}
|
|
|
}
|
|
|
|
Francis Dupont