[1574b] added check for the existence of NSEC3PARAM on loading NSEC3-signed zones

src/lib/datasrc/datasrc_messages.mes

@@ -342,6 +342,14 @@ Debug information. The content of master file is being loaded into the memory.
 % DATASRC_MEM_NOT_FOUND requested domain '%1' not found
 Debug information. The requested domain does not exist.
 
+% DATASRC_MEM_NO_NSEC3PARAM NSEC3PARAM is missing for NSEC3-signed zone %1/%2
+The in-memory data source has loaded a zone signed with NSEC3 RRs,
+but it doesn't have a NSEC3PARAM RR at the zone origin.  It's likely that
+the zone is somehow broken, but this RR is not necessarily needed for
+handling lookups with NSEC3 in this data source, so it accepts the given
+content of the zone.  Nevertheless the administrator should look into
+the integrity of the zone data.
+
 % DATASRC_MEM_NS_ENCOUNTERED encountered a NS
 Debug information. While searching for the requested domain, a NS was
 encountered on the way (a delegation). This may lead to stop of the search.

src/lib/datasrc/memory_datasrc.cc

@@ -917,11 +917,27 @@ InMemoryZoneFinder::load(const string& filename) {
         arg(filename);
     // Load it into temporary zone data
     scoped_ptr<ZoneData> tmp(new ZoneData);
+
+    // Create the new origin node
+    DomainNode* origin_data;
+    tmp->domains_.insert(getOrigin(), &origin_data);
+    DomainPtr origin_domain(new Domain);
+    origin_data->setData(origin_domain);
+
     masterLoad(filename.c_str(), getOrigin(), getClass(),
                boost::bind(&InMemoryZoneFinderImpl::addFromLoad, impl_,
                            _1, tmp.get()));
+
+    // If the zone is NSEC3-signed, check if it has NSEC3PARAM
+    if (tmp->nsec3_data_ &&
+        origin_domain->find(RRType::NSEC3PARAM()) == origin_domain->end()) {
+        LOG_WARN(logger, DATASRC_MEM_NO_NSEC3PARAM).
+            arg(getOrigin()).arg(getClass());
+    }
+
     // If it went well, put it inside
     impl_->file_name_ = filename;
+    impl_->origin_data_ = origin_data;
     tmp.swap(impl_->zone_data_);
     // And let the old data die with tmp
 }

src/lib/datasrc/tests/Makefile.am

@@ -110,6 +110,8 @@ endif
 EXTRA_DIST =  testdata/brokendb.sqlite3
 EXTRA_DIST += testdata/example.com.signed
 EXTRA_DIST += testdata/example.org
+EXTRA_DIST += testdata/example.org.nsec3-signed
+EXTRA_DIST += testdata/example.org.nsec3-signed-noparam
 EXTRA_DIST += testdata/example.org.sqlite3
 EXTRA_DIST += testdata/example2.com
 EXTRA_DIST += testdata/example2.com.sqlite3

src/lib/datasrc/tests/memory_datasrc_unittest.cc

@@ -1543,6 +1543,13 @@ TEST_F(InMemoryZoneFinderTest, nonOriginNSEC3PARAM) {
                                            "1 1 1 aabbccdd")));
 }
 
-// TODO
-// - existence of NSEC3PARAM
+TEST_F(InMemoryZoneFinderTest, loadNSEC3Zone) {
+    // Check if it can load validly NSEC3-signed zone.  At this moment
+    // it's sufficient to see it doesn't crash
+    zone_finder_.load(TEST_DATA_DIR "/example.org.nsec3-signed");
+
+    // Reload the zone with a version that doesn't have NSEC3PARAM.
+    // This is an abnormal case, but the implementation accepts it.
+    zone_finder_.load(TEST_DATA_DIR "/example.org.nsec3-signed-noparam");
+}
 }