|
@@ -220,7 +220,8 @@ public:
|
|
|
rrclass_(RRClass::IN()),
|
|
rrclass_(RRClass::IN()),
|
|
|
include_rrsig_anyway_(false),
|
|
include_rrsig_anyway_(false),
|
|
|
use_nsec3_(false),
|
|
use_nsec3_(false),
|
|
|
- nsec_name_(origin_)
|
|
|
|
|
|
|
+ nsec_name_(origin_),
|
|
|
|
|
+ nsec3_fake_(NULL)
|
|
|
{
|
|
{
|
|
|
stringstream zone_stream;
|
|
stringstream zone_stream;
|
|
|
zone_stream << soa_txt << zone_ns_txt << ns_addrs_txt <<
|
|
zone_stream << soa_txt << zone_ns_txt << ns_addrs_txt <<
|
|
@@ -295,6 +296,14 @@ public:
|
|
|
nsec_result_.reset(new ZoneFinder::FindResult(code, rrset));
|
|
nsec_result_.reset(new ZoneFinder::FindResult(code, rrset));
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|
|
+ // Once called, the findNSEC3 will return the provided result for the next
|
|
|
|
|
+ // query. After that, it'll return to operate normally.
|
|
|
|
|
+ // NULL disables. Does not take ownership of the pointer (it is generally
|
|
|
|
|
+ // expected to be a local variable in the test function).
|
|
|
|
|
+ void setNSEC3Result(const FindNSEC3Result* result) {
|
|
|
|
|
+ nsec3_fake_ = result;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
// If true is passed return an empty NSEC3 RRset for some negative
|
|
// If true is passed return an empty NSEC3 RRset for some negative
|
|
|
// answers when DNSSEC is required.
|
|
// answers when DNSSEC is required.
|
|
|
void setNSEC3Flag(bool on) { use_nsec3_ = on; }
|
|
void setNSEC3Flag(bool on) { use_nsec3_ = on; }
|
|
@@ -385,6 +394,9 @@ private:
|
|
|
// The following two will be used for faked NSEC cases
|
|
// The following two will be used for faked NSEC cases
|
|
|
Name nsec_name_;
|
|
Name nsec_name_;
|
|
|
boost::scoped_ptr<ZoneFinder::FindResult> nsec_result_;
|
|
boost::scoped_ptr<ZoneFinder::FindResult> nsec_result_;
|
|
|
|
|
+ // The following two are for faking bad NSEC3 responses
|
|
|
|
|
+ // Enabled when not NULL
|
|
|
|
|
+ const FindNSEC3Result* nsec3_fake_;
|
|
|
public:
|
|
public:
|
|
|
// Public, to allow tests looking up the right names for something
|
|
// Public, to allow tests looking up the right names for something
|
|
|
map<Name, string> hash_map_;
|
|
map<Name, string> hash_map_;
|
|
@@ -431,6 +443,14 @@ MockZoneFinder::findAll(const Name& name, std::vector<ConstRRsetPtr>& target,
|
|
|
|
|
|
|
|
ZoneFinder::FindNSEC3Result
|
|
ZoneFinder::FindNSEC3Result
|
|
|
MockZoneFinder::findNSEC3(const Name& name, bool recursive) {
|
|
MockZoneFinder::findNSEC3(const Name& name, bool recursive) {
|
|
|
|
|
+ // Do we have a fake result set? If so, use it.
|
|
|
|
|
+ if (nsec3_fake_ != NULL) {
|
|
|
|
|
+ const FindNSEC3Result* result(nsec3_fake_);
|
|
|
|
|
+ // Disable the fake for the next call
|
|
|
|
|
+ nsec3_fake_ = NULL;
|
|
|
|
|
+ return (*result);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
ConstRRsetPtr covering_proof;
|
|
ConstRRsetPtr covering_proof;
|
|
|
const int labels = name.getLabelCount();
|
|
const int labels = name.getLabelCount();
|
|
|
|
|
|
|
@@ -1646,8 +1666,20 @@ TEST_F(QueryTest, nxrrsetWithNSEC3) {
|
|
|
".example.com. 3600 IN RRSIG " +
|
|
".example.com. 3600 IN RRSIG " +
|
|
|
getCommonRRSIGText("NSEC3") + "\n").c_str(),
|
|
getCommonRRSIGText("NSEC3") + "\n").c_str(),
|
|
|
NULL, mock_finder->getOrigin());
|
|
NULL, mock_finder->getOrigin());
|
|
|
- // TODO: Does the mock finder generate signatures by itself, or one
|
|
|
|
|
- // needs to be added explicitly?
|
|
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+// Check the exception is correctly raised when the NSEC3 thing isn't in the
|
|
|
|
|
+// zone
|
|
|
|
|
+TEST_F(QueryTest, nxrrsetMissingNSEC3) {
|
|
|
|
|
+ mock_finder->setNSEC3Flag(true);
|
|
|
|
|
+ // We just need it to return false for "matched". This indicates
|
|
|
|
|
+ // there's no exact match for NSEC3 on www.example.com.
|
|
|
|
|
+ ZoneFinder::FindNSEC3Result nsec3(false, 0, ConstRRsetPtr(),
|
|
|
|
|
+ ConstRRsetPtr());
|
|
|
|
|
+ mock_finder->setNSEC3Result(&nsec3);
|
|
|
|
|
+
|
|
|
|
|
+ EXPECT_THROW(Query(memory_client, Name("www.example.com"), RRType::TXT(),
|
|
|
|
|
+ response, true).process(), Query::BadNSEC3);
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
// The following are tentative tests until we really add tests for the
|
|
// The following are tentative tests until we really add tests for the
|
Michal 'vorner' Vaner