[2107] supported the concept of dnssec-signed and nsec3-signed

src/lib/datasrc/memory/tests/zone_data_unittest.cc

@@ -207,6 +207,8 @@ TEST_F(ZoneDataTest, addRdataSets) {
 TEST_F(ZoneDataTest, getSetNSEC3Data) {
     // Initially there's no NSEC3 data
     EXPECT_EQ(static_cast<NSEC3Data*>(NULL), zone_data_->getNSEC3Data());
+    // isNSEC3Signed is true iff zone data has non NULL NSEC3 data
+    EXPECT_FALSE(zone_data_->isNSEC3Signed());
 
     // Set a new one.  The set method should return NULL.  The get method
     // should return the new one.
@@ -214,6 +216,7 @@ TEST_F(ZoneDataTest, getSetNSEC3Data) {
     NSEC3Data* old_nsec3_data = zone_data_->setNSEC3Data(nsec3_data);
     EXPECT_EQ(static_cast<NSEC3Data*>(NULL), old_nsec3_data);
     EXPECT_EQ(nsec3_data, zone_data_->getNSEC3Data());
+    EXPECT_TRUE(zone_data_->isNSEC3Signed());
 
     // Replace an existing one with a yet another one.
     // We're responsible for destroying the old one.
@@ -221,15 +224,30 @@ TEST_F(ZoneDataTest, getSetNSEC3Data) {
     old_nsec3_data = zone_data_->setNSEC3Data(nsec3_data2);
     EXPECT_EQ(nsec3_data, old_nsec3_data);
     EXPECT_EQ(nsec3_data2, zone_data_->getNSEC3Data());
+    EXPECT_TRUE(zone_data_->isNSEC3Signed());
     NSEC3Data::destroy(mem_sgmt_, old_nsec3_data, RRClass::IN());
 
     // Setting NULL clears any existing one.
     old_nsec3_data = zone_data_->setNSEC3Data(NULL);
     EXPECT_EQ(nsec3_data2, old_nsec3_data);
     EXPECT_EQ(static_cast<NSEC3Data*>(NULL), zone_data_->getNSEC3Data());
+    EXPECT_FALSE(zone_data_->isNSEC3Signed());
 
     // Then set it again.  The zone data should destroy it on its own
     // destruction.
     zone_data_->setNSEC3Data(old_nsec3_data);
 }
+
+TEST_F(ZoneDataTest, isSigned) {
+    // By default it's considered unsigned
+    EXPECT_FALSE(zone_data_->isSigned());
+
+    // declare it's signed, the isSigned() says so too
+    zone_data_->setSigned(true);
+    EXPECT_TRUE(zone_data_->isSigned());
+
+    // change it to unsigned again
+    zone_data_->setSigned(false);
+    EXPECT_FALSE(zone_data_->isSigned());
+}
 }

src/lib/datasrc/memory/zone_data.h

@@ -33,6 +33,7 @@ namespace dns {
 namespace rdata {
 namespace generic {
 class NSEC3PARAM;
+class NSEC3;
 }
 }
 }
@@ -89,13 +90,23 @@ private:
 };
 
 class ZoneData : boost::noncopyable {
-public:
-
 private:
     ZoneData(ZoneTree* zone_tree, ZoneNode* origin_node) :
         zone_tree_(zone_tree), origin_node_(origin_node)
     {}
 
+    // Zone node flags.
+private:
+    // Set in the origin node (which always exists at the same address)
+    // to indicate whether the zone is signed or not.  Internal use,
+    // so defined as private.
+    static const ZoneNode::Flags DNSSEC_SIGNED = ZoneNode::FLAG_USER1;
+public:
+    /// \brief Node flag indicating it is at a "wildcard level"
+    ///
+    /// This means one of the node's immediate children is a wildcard.
+    static const ZoneNode::Flags WILD_NODE = ZoneNode::FLAG_USER2;
+
 public:
     static ZoneData* create(util::MemorySegment& mem_sgmt,
                             const dns::Name& zone_name);
@@ -110,6 +121,17 @@ public:
         return (origin_node_.get());
     }
 
+    bool isSigned() const { return (origin_node_->getFlag(DNSSEC_SIGNED)); }
+    void setSigned(bool on) {
+        origin_node_->setFlag(DNSSEC_SIGNED, on);
+    }
+
+    /// In the current implementation, the zone is considered signed with
+    /// NSEC3 if and only if it has non NULL NSEC3 data.
+    ///
+    /// This also means it's not considered NSEC3 signed by default.
+    bool isNSEC3Signed() const { return (nsec3_data_); }
+
     const ZoneTree* getZoneTree() const { return (zone_tree_.get()); }
 
     const NSEC3Data* getNSEC3Data() const { return (nsec3_data_.get()); }