[1579] adjust codes after discussion with jinmei. append more unit

tests for negative case in find function

src/lib/datasrc/database.cc

@@ -330,6 +330,17 @@ NSEC_TYPES() {
 }
 
 const WantedTypes&
+NSEC3PARAM_TYPES() {
+    static bool initialized(false);
+    static WantedTypes result;
+    if (!initialized) {
+        result.insert(RRType::NSEC3PARAM());
+        initialized = true;
+    }
+    return (result);
+}
+
+const WantedTypes&
 DELEGATION_TYPES() {
     static bool initialized(false);
     static WantedTypes result;
@@ -812,18 +823,6 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
                                          target)
 {
     const bool dnssec_data = ((options & FIND_DNSSEC) != 0);
-    //verify whether the zonefile is signed by NSEC3 method
-    //If the NSEC3PARAMETER type exists in the zonefile,NSEC3 is definitly used
-    //in this zone signature.
-    bool is_nsec3 = false;
-    WantedTypes nsec3PARAM;
-    nsec3PARAM.insert(RRType::NSEC3PARAM());
-    const FoundRRsets NSEC3Found = getRRsets(origin_.toText(), nsec3PARAM,
-                                             false);
-    const FoundIterator nfi(NSEC3Found.second.find(RRType::NSEC3PARAM()));
-    if (nfi != NSEC3Found.second.end()) {
-        is_nsec3 = true;
-    }
     // On entry to this method, we know that the database doesn't have any
     // entry for this name.  Before returning NXDOMAIN, we need to check
     // for special cases.
@@ -836,16 +835,9 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
                   DATASRC_DATABASE_FOUND_EMPTY_NONTERMINAL).
             arg(accessor_->getDBName()).arg(name);
         const ConstRRsetPtr nsec = dnssec_data ? findNSECCover(name) :
-            ConstRRsetPtr();
-        if (is_nsec3 == true) {
-            return (ResultContext(NXRRSET, nsec,
-                                  nsec ? RESULT_NSEC_SIGNED :
-                                  RESULT_NSEC3_SIGNED));
-        } else {
-            return (ResultContext(NXRRSET, nsec,
-                                  nsec ? RESULT_NSEC_SIGNED :
-                                  RESULT_DEFAULT));
-        }
+                                   ConstRRsetPtr();
+        return (ResultContext(NXRRSET, nsec, nsec ? RESULT_NSEC_SIGNED :
+                              RESULT_DEFAULT));
     } else if ((options & NO_WILDCARD) == 0) {
         // It's not an empty non-terminal and wildcard matching is not
         // disabled, so check for wildcards. If there is a wildcard match
@@ -864,13 +856,8 @@ DatabaseClient::Finder::findNoNameResult(const Name& name, const RRType& type,
               arg(accessor_->getDBName()).arg(name).arg(type).arg(getClass());
     const ConstRRsetPtr nsec = dnssec_data ? findNSECCover(name) :
         ConstRRsetPtr();
-    if (is_nsec3 == true) {
-        return (ResultContext(NXDOMAIN, nsec,
-                              nsec ? RESULT_NSEC_SIGNED : RESULT_NSEC3_SIGNED));
-    } else {
-        return (ResultContext(NXDOMAIN, nsec,
-                              nsec ? RESULT_NSEC_SIGNED : RESULT_DEFAULT));
-    }
+    return (ResultContext(NXDOMAIN, nsec,
+                          nsec ? RESULT_NSEC_SIGNED : RESULT_DEFAULT));
 }
 
 ZoneFinder::ResultContext
@@ -920,16 +907,56 @@ DatabaseClient::Finder::findInternal(const Name& name, const RRType& type,
     const FoundRRsets found = getRRsets(name.toText(), final_types,
                                         !is_origin, NULL,
                                         type == RRType::ANY());
-
+    // verify whether the zonefile is signed by NSEC3 method
+    // If the NSEC3PARAMETER type exists in the zonefile,NSEC3 is definitly used
+    // in this zone signature.
+    bool is_nsec3 = false;
+    const FoundRRsets nsec3_found = getRRsets(origin_.toText(), NSEC3PARAM_TYPES(),
+                                              false);
+    const FoundIterator nfi(nsec3_found.second.find(RRType::NSEC3PARAM()));
+    if (nfi != nsec3_found.second.end()) {
+        is_nsec3 = true;
+    }
     if (found.first) {
         // Something found at the domain name.  Look into it further to get
         // the final result.
-        return (findOnNameResult(name, type, options, is_origin, found, NULL,
-                                 target));
+        if (true == is_nsec3) {
+            const ZoneFinder::ResultContext result_context = 
+                findOnNameResult(name, type, options, is_origin, found, NULL,
+                                 target);
+            if ((result_context.code & NXRRSET) ||
+                (result_context.flags & RESULT_WILDCARD)) {
+                return (ZoneFinder::ResultContext(result_context.code,
+                                                  result_context.rrset,
+                                                  (result_context.flags |
+                                                   RESULT_NSEC3_SIGNED)));
+            } else {
+                return result_context; 
+            }
+        } else {
+            return (findOnNameResult(name, type, options, is_origin, found, NULL,
+                                     target));
+        }
     } else {
         // Did not find anything at all at the domain name, so check for
         // subdomains or wildcards.
-        return (findNoNameResult(name, type, options, dresult, target));
+        if (true == is_nsec3) {
+            // NSEC3 is used for this zonefile
+            const ZoneFinder::ResultContext result_context = 
+                findNoNameResult(name, type, options, dresult, target);
+            if ((result_context.code & (NXRRSET | NXDOMAIN)) ||
+                (result_context.flags & RESULT_WILDCARD)){
+                // NXRRSET NXDOMAIN and wildcard should set RESULT_NSEC3_SIGNED
+                return (ZoneFinder::ResultContext(result_context.code, 
+                                                  result_context.rrset,
+                                                  (result_context.flags |
+                                                   RESULT_NSEC3_SIGNED)));
+            } else {
+                return result_context;
+            }
+        } else { 
+            return (findNoNameResult(name, type, options, dresult, target));
+        }
     }
 }
 

src/lib/datasrc/tests/database_unittest.cc

@@ -2281,12 +2281,50 @@ TYPED_TEST(DatabaseClientTest, wildcardNXRRSET_NSEC) {
                Name("*.wild.example.org"), ZoneFinder::FIND_DNSSEC);
 }
 
-TYPED_TEST(DatabaseClientTest,dbNegativeCaseFind){
-    //ZoneFinder::find() for negative case should show whether the zone is
-    //signed by NSEC or NSEC3,that is good for upper layer caller.
+TYPED_TEST(DatabaseClientTest, dbNegativeCaseFind) {
+    // ZoneFinder::find() for negative cases should show whether the zone is
+    // signed by NSEC or NSEC3,that is good for upper layer caller.
 
-    //First off, add an NSEC3PARAM RR
+    // First off, everything should be okay if no NSEC3PARAM rrset 
     this->updater_ = this->client_->getUpdater(this->zname_, false);
+    this->expected_rdatas_.clear();
+    this->expected_sig_rdatas_.clear();
+    doFindTest(this->updater_->getFinder(),
+               isc::dns::Name("doesnotexist.example.org."),
+               this->qtype_, this->qtype_, this->rrttl_,
+               ZoneFinder::NXDOMAIN, this->expected_rdatas_,
+               this->expected_sig_rdatas_);
+    this->expected_rdatas_.clear();
+    this->expected_sig_rdatas_.clear();
+    doFindTest(this->updater_->getFinder(),
+               isc::dns::Name("www.example.org."),
+               isc::dns::RRType::TXT(), isc::dns::RRType::TXT(),
+               this->rrttl_,
+               ZoneFinder::NXRRSET,
+               this->expected_rdatas_, this->expected_sig_rdatas_);
+    this->expected_rdatas_.push_back("192.0.2.5");
+    this->expected_sig_rdatas_.push_back("A 5 3 3600 20000101000000 "
+                                         "20000201000000 12345 example.org. "
+                                         "FAKEFAKEFAKE");
+    doFindTest(this->updater_->getFinder(),
+               isc::dns::Name("b.a.wild.example.org"),
+               this->qtype_, this->qtype_, this->rrttl_, ZoneFinder::SUCCESS,
+               this->expected_rdatas_, this->expected_sig_rdatas_,
+               ZoneFinder::RESULT_WILDCARD);
+    this->expected_rdatas_.clear();
+    this->expected_sig_rdatas_.clear();
+    doFindTest(this->updater_->getFinder(),
+               isc::dns::Name("b.a.wild.example.org"),
+               isc::dns::RRType::TXT(), isc::dns::RRType::TXT(),
+               this->rrttl_, ZoneFinder::NXRRSET, this->expected_rdatas_,
+               this->empty_rdatas_,
+               ZoneFinder::RESULT_WILDCARD);
+
+    // Then,If NSEC3PARAM exists in zonefile,the flags of result should 
+    // contain RESULT_NSEC3_SIGNED flag when NXDOMAIN NXRRSET or wildcard
+    
+    // Add NSEC3PARAM RRSET to zonefile. It looks weird if zonefile only have 
+    // NSEC3PARM RRSET, but it is okay for unit test.
     this->rrset_.reset(new RRset(this->zname_, this->qclass_,
                                 isc::dns::RRType::NSEC3PARAM(),
                                 this->rrttl_));
@@ -2294,16 +2332,46 @@ TYPED_TEST(DatabaseClientTest,dbNegativeCaseFind){
                                               this->rrset_->getClass(),
                                               "1 0 12 aabbccdd"));
     this->updater_->addRRset(*this->rrset_);
+
+    // check NXDOMAIN
     this->expected_rdatas_.clear();
     this->expected_sig_rdatas_.clear();
-    //If there is a NSEC3PARM RRset, the result of find() function should
-    //contain RESULT_NSEC3_SIGNED flag when NXDOMAIN or NXRRSET.
     doFindTest(this->updater_->getFinder(),
                isc::dns::Name("doesnotexist.example.org."),
                this->qtype_, this->qtype_, this->rrttl_,
                ZoneFinder::NXDOMAIN, this->expected_rdatas_,
                this->expected_sig_rdatas_,
                ZoneFinder::RESULT_NSEC3_SIGNED);
+    // check NXRRSET
+    this->expected_rdatas_.clear();
+    this->expected_sig_rdatas_.clear();
+    doFindTest(this->updater_->getFinder(),
+               isc::dns::Name("www.example.org."),
+               isc::dns::RRType::TXT(), isc::dns::RRType::TXT(),
+               this->rrttl_,
+               ZoneFinder::NXRRSET,
+               this->expected_rdatas_, this->expected_sig_rdatas_,
+               ZoneFinder::RESULT_NSEC3_SIGNED);
+    // check flags if wildcard matches
+    this->expected_rdatas_.push_back("192.0.2.5");
+    this->expected_sig_rdatas_.push_back("A 5 3 3600 20000101000000 "
+                                         "20000201000000 12345 example.org. "
+                                         "FAKEFAKEFAKE");
+    doFindTest(this->updater_->getFinder(),
+               isc::dns::Name("b.a.wild.example.org"),
+               this->qtype_, this->qtype_, this->rrttl_, ZoneFinder::SUCCESS,
+               this->expected_rdatas_, this->expected_sig_rdatas_,
+               ZoneFinder::RESULT_WILDCARD | ZoneFinder::RESULT_NSEC3_SIGNED);
+    // check flags if NXRRSET in wildcard case
+    this->expected_rdatas_.clear();
+    this->expected_sig_rdatas_.clear();
+    doFindTest(this->updater_->getFinder(),
+               isc::dns::Name("b.a.wild.example.org"),
+               isc::dns::RRType::TXT(), isc::dns::RRType::TXT(),
+               this->rrttl_, ZoneFinder::NXRRSET, this->expected_rdatas_,
+               this->empty_rdatas_,
+               ZoneFinder::RESULT_WILDCARD | ZoneFinder::RESULT_NSEC3_SIGNED);
+
 }
 
 TYPED_TEST(DatabaseClientTest, NXDOMAIN_NSEC) {