[2165] Fix NSEC3 tests to expect RRSIGs in some cases

src/lib/datasrc/tests/database_unittest.cc

@@ -4053,7 +4053,7 @@ TYPED_TEST(DatabaseClientTest, findNSEC3) {
     this->current_accessor_->enableNSEC3();
 
     // The rest is in the function, it is shared with in-memory tests
-    performNSEC3Test(*finder);
+    performNSEC3Test(*finder, true);
 }
 
 }

src/lib/datasrc/tests/faked_nsec3.cc

@@ -34,6 +34,11 @@ const char* const nsec3_common = " 300 IN NSEC3 1 1 12 aabbccdd "
     "2T7B4G4VSA5SMI47K61MV5BV1A22BOJR A RRSIG";
 const char* const nsec3_rrsig_common = " 300 IN RRSIG NSEC3 5 3 3600 "
     "20000101000000 20000201000000 12345 example.org. FAKEFAKEFAKE";
+const char* const nsec3_rrsig_common2 = " 300 IN RRSIG NSEC3 5 4 7200 "
+    "20100410172647 20100311172647 63192 example.org. gNIVj4T8t51fEU6k"
+    "OPpvK7HOGBFZGbalN5ZKmInyrww6UWZsUNdw07ge6/U6HfG+/s61RZ/Lis2M6yUWH"
+    "yXbNbj/QqwqgadG5dhxTArfuR02xP600x0fWX8LXzW4yLMdKVxGbzYT+vvGz71o8g"
+    "HSY5vYTtothcZQa4BMKhmGQEk=";
 const char* const apex_hash = "0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM";
 const char* const apex_hash_lower = "0p9mhaveqvm6t7vbl5lop2u3t2rp3tom";
 const char* const ns1_hash = "2T7B4G4VSA5SMI47K61MV5BV1A22BOJR";
@@ -118,21 +123,32 @@ findNSEC3Check(bool expected_matched, uint8_t expected_labels,
 }
 
 void
-performNSEC3Test(ZoneFinder &finder) {
+performNSEC3Test(ZoneFinder &finder, bool rrsigs_exist) {
     // Parameter validation: the query name must be in or below the zone
     EXPECT_THROW(finder.findNSEC3(Name("example.com"), false), OutOfZone);
     EXPECT_THROW(finder.findNSEC3(Name("org"), true), OutOfZone);
 
     const Name origin("example.org");
-    const string apex_nsec3_text = string(apex_hash) + ".example.org." +
+    string apex_nsec3_text = string(apex_hash) + ".example.org." +
         string(nsec3_common);
-    const string ns1_nsec3_text = string(ns1_hash) + ".example.org." +
+    string ns1_nsec3_text = string(ns1_hash) + ".example.org." +
         string(nsec3_common);
-    const string w_nsec3_text = string(w_hash) + ".example.org." +
+    string w_nsec3_text = string(w_hash) + ".example.org." +
         string(nsec3_common);
-    const string zzz_nsec3_text = string(zzz_hash) + ".example.org." +
+    string zzz_nsec3_text = string(zzz_hash) + ".example.org." +
         string(nsec3_common);
 
+    if (rrsigs_exist) {
+        apex_nsec3_text += "\n" + string(apex_hash) + ".example.org." +
+            string(nsec3_rrsig_common2);
+        ns1_nsec3_text += "\n" + string(ns1_hash) + ".example.org." +
+            string(nsec3_rrsig_common2);
+        w_nsec3_text += "\n" + string(w_hash) + ".example.org." +
+            string(nsec3_rrsig_common2);
+        zzz_nsec3_text += "\n" + string(zzz_hash) + ".example.org." +
+            string(nsec3_rrsig_common2);
+    }
+
     // Apex name.  It should have a matching NSEC3.
     {
         SCOPED_TRACE("apex, non recursive mode");

src/lib/datasrc/tests/faked_nsec3.h

@@ -74,7 +74,7 @@ findNSEC3Check(bool expected_matched, uint8_t expected_labels,
 // Perform the shared part of NSEC3 test (shared between in-memory and database
 // tests).
 void
-performNSEC3Test(ZoneFinder &finder);
+performNSEC3Test(ZoneFinder &finder, bool rrsigs_exist = false);
 
 }
 }