[1580] a suggested cleanup: rename addNSCOMAINProof to addNSCOMAINProofByNSEC

so it's clearer that it's NSEC specific (now that we have an NSEC3 version
of addNXDOMAINProof).  For consistency rename the NSEC3 version to
addNSCOMAINProofByNSEC3.  also a bit reorganized the code calling these methods
(mostly a matter of taste though), and adjusted tests to make them pass.

src/bin/auth/query.cc

@@ -117,7 +117,7 @@ Query::addSOA(ZoneFinder& finder) {
 // either an SERVFAIL response or just ignoring the query.  We at least prevent
 // a complete crash due to such broken behavior.
 void
-Query::addNXDOMAINProof(ZoneFinder& finder, ConstRRsetPtr nsec) {
+Query::addNXDOMAINProofByNSEC(ZoneFinder& finder, ConstRRsetPtr nsec) {
     if (nsec->getRdataCount() == 0) {
         isc_throw(BadNSEC, "NSEC for NXDOMAIN is empty");
     }
@@ -168,7 +168,7 @@ Query::addNXDOMAINProof(ZoneFinder& finder, ConstRRsetPtr nsec) {
 }
 
 void
-Query::addNSEC3NXDOMAINProof(ZoneFinder& finder) {
+Query::addNXDOMAINProofByNSEC3(ZoneFinder& finder) {
     // Firstly get the NSEC3 proves for Closest Encloser Proof
     // See section 7.2.1 of RFC 5155.
     // Since this is a Name Error case both closest and next proofs should
@@ -542,12 +542,12 @@ Query::process() {
         case ZoneFinder::NXDOMAIN:
             response_.setRcode(Rcode::NXDOMAIN());
             addSOA(*result.zone_finder);
-            if (dnssec_ && db_result.isNSEC3Signed()) {
-                addNSEC3NXDOMAINProof(zfinder);
-                break;
-            }
-            if (dnssec_ && db_result.rrset) {
-                addNXDOMAINProof(zfinder, db_result.rrset);
+            if (dnssec_) {
+                if (db_result.isNSECSigned() && db_result.rrset) {
+                    addNXDOMAINProofByNSEC(zfinder, db_result.rrset);
+                } else if (db_result.isNSEC3Signed()) {
+                    addNXDOMAINProofByNSEC3(zfinder);
+                }
             }
             break;
         case ZoneFinder::NXRRSET:

src/bin/auth/query.h

@@ -101,13 +101,13 @@ private:
     /// Add NSEC RRs that prove an NXDOMAIN result.
     ///
     /// This corresponds to Section 3.1.3.2 of RFC 4035.
-    void addNXDOMAINProof(isc::datasrc::ZoneFinder& finder,
-                          isc::dns::ConstRRsetPtr nsec);
+    void addNXDOMAINProofByNSEC(isc::datasrc::ZoneFinder& finder,
+                                isc::dns::ConstRRsetPtr nsec);
 
     /// Add NSEC3 RRs that prove an NXDOMAIN result.
     ///
     /// This corresponds to Section 7.2.2 of RFC 5155.
-    void addNSEC3NXDOMAINProof(isc::datasrc::ZoneFinder& finder);
+    void addNXDOMAINProofByNSEC3(isc::datasrc::ZoneFinder& finder);
 
     /// Add NSEC RRs that prove a wildcard answer is the best one.
     ///

src/bin/auth/tests/query_unittest.cc

@@ -373,7 +373,8 @@ public:
                        ConstRRsetPtr rrset)
     {
         nsec_name_ = nsec_name;
-        nsec_result_.reset(new ZoneFinder::FindResult(code, rrset));
+        nsec_result_.reset(new ZoneFinder::FindResult(code, rrset,
+                                                      RESULT_NSEC_SIGNED));
     }
 
     // Once called, the findNSEC3 will return the provided result for the next