added more sqlite3 data source tests.

these cover bugs of trac tickets #73 and #74 (currently commented out).


git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1160 e5f2f494-b856-4b98-b285-d166d9295462

src/lib/auth/data_source_sqlite3_unittest.cc

@@ -44,6 +44,21 @@ static const char* SQLITE_DBFILE_EXAMPLE = "testdata/test.sqlite3";
 
 static const string sigdata_common(" 20100322084538 20100220084538 "
                                    "33495 example.com. FAKEFAKEFAKEFAKE");
+static const string dnskey1_data(" AwEAAcOUBllYc1hf7ND9uDy+Yz1BF3sI0m4q"
+                                 "NGV7WcTD0WEiuV7IjXgHE36fCmS9QsUxSSOV"
+                                 "o1I/FMxI2PJVqTYHkXFBS7AzLGsQYMU7UjBZ"
+                                 "SotBJ6Imt5pXMu+lEDNy8TOUzG3xm7g0qcbW"
+                                 "YF6qCEfvZoBtAqi5Rk7Mlrqs8agxYyMx");
+static const string dnskey2_data(" AwEAAe5WFbxdCPq2jZrZhlMj7oJdff3W7syJ"
+                                 "tbvzg62tRx0gkoCDoBI9DPjlOQG0UAbj+xUV"
+                                 "4HQZJStJaZ+fHU5AwVNT+bBZdtV+NujSikhd"
+                                 "THb4FYLg2b3Cx9NyJvAVukHp/91HnWuG4T36"
+                                 "CzAFrfPwsHIrBz9BsaIQ21VRkcmj7DswfI/i"
+                                 "DGd8j6bqiODyNZYQ+ZrLmF0KIJ2yPN3iO6Zq"
+                                 "23TaOrVTjB7d1a/h31ODfiHAxFHrkY3t3D5J"
+                                 "R9Nsl/7fdRmSznwtcSDgLXBoFEYmw6p86Acv"
+                                 "RyoYNcL1SXjaKVLG5jyU3UR+LcGZT5t/0xGf"
+                                 "oIK/aKwENrsjcKZZj660b1M=");
 
 static const Name zone_name("example.com");
 static const Name nomatch_name("example.org");
@@ -65,14 +80,44 @@ protected:
         message.addQuestion(Question(Name("example.org"), rrclass, rrtype));
         query = new Query(message, true);
 
-        www_data.push_back("192.0.2.1");
-        www_sig_data.push_back("A 5 3 3600" + sigdata_common);
+        common_a_data.push_back("192.0.2.1");
+        common_sig_data.push_back("A 5 3 3600" + sigdata_common);
+
         www_nsec_data.push_back("example.com. A RRSIG NSEC");
         www_nsec_sig_data.push_back("NSEC 5 3 7200" + sigdata_common);
+
+        apex_soa_data.push_back("master.example.com. admin.example.com. "
+                                "1234 3600 1800 2419200 7200");
+        apex_soa_sig_data.push_back("SOA 5 2 3600" + sigdata_common);
         apex_ns_data.push_back("dns01.example.com.");
         apex_ns_data.push_back("dns02.example.com.");
         apex_ns_data.push_back("dns03.example.com.");
         apex_ns_sig_data.push_back("NS 5 2 3600" + sigdata_common);
+        apex_mx_data.push_back("10 mail.example.com.");
+        apex_mx_data.push_back("20 mail.subzone.example.com.");
+        apex_mx_sig_data.push_back("MX 5 2 3600" + sigdata_common);
+        apex_nsec_data.push_back("cname-ext.example.com. "
+                                 "NS SOA MX RRSIG NSEC DNSKEY");
+        apex_nsec_sig_data.push_back("NSEC 5 2 7200" + sigdata_common);
+        apex_dnskey_data.push_back("256 3 5" + dnskey1_data);
+        apex_dnskey_data.push_back("257 3 5" + dnskey2_data);
+        // this one is special (using different key):
+        apex_dnskey_sig_data.push_back("DNSKEY 5 2 3600 20100322084538 "
+                                       "20100220084538 4456 example.com. "
+                                       "FAKEFAKEFAKEFAKE");
+        apex_dnskey_sig_data.push_back("DNSKEY 5 2 3600" + sigdata_common);
+
+        wild_a_data.push_back("192.0.2.255");
+        dname_data.push_back("sql1.example.com.");
+        dname_sig_data.push_back("DNAME 5 3 3600" + sigdata_common);
+        cname_data.push_back("cnametest.example.org.");
+        cname_sig_data.push_back("CNAME 5 3 3600" + sigdata_common);
+        cname_nsec_data.push_back("mail.example.com. CNAME RRSIG NSEC");
+        cname_nsec_sig_data.push_back("NSEC 5 3 7200" + sigdata_common);
+        delegation_ns_data.push_back("ns1.subzone.example.com.");
+        delegation_ns_data.push_back("ns2.subzone.example.com.");
+        delegation_nsec_data.push_back("*.wild.example.com. NS DS RRSIG NSEC");
+        delegation_nsec_sig_data.push_back("NSEC 5 3 7200" + sigdata_common);
     }
     ~Sqlite3DataSourceTest() { delete query; }
     Sqlite3DataSrc data_source;
@@ -93,12 +138,31 @@ protected:
     vector<const vector<string>* > signatures;
 
     vector<RRType> expected_types;
-    vector<string> www_data;
-    vector<string> www_sig_data;
+    vector<string> common_a_data;
+    vector<string> common_sig_data;
     vector<string> www_nsec_data;
     vector<string> www_nsec_sig_data;
+    vector<string> apex_soa_data;
+    vector<string> apex_soa_sig_data;
     vector<string> apex_ns_data;
     vector<string> apex_ns_sig_data;
+    vector<string> apex_mx_data;
+    vector<string> apex_mx_sig_data;
+    vector<string> apex_nsec_data;
+    vector<string> apex_nsec_sig_data;
+    vector<string> apex_dnskey_data;
+    vector<string> apex_dnskey_sig_data;
+    vector<string> wild_a_data;
+    vector<string> dname_data;
+    vector<string> dname_sig_data;
+    vector<string> cname_data;
+    vector<string> cname_sig_data;
+    vector<string> cname_nsec_data;
+    vector<string> cname_nsec_sig_data;
+    vector<string> delegation_ns_data;
+    vector<string> delegation_ns_sig_data;
+    vector<string> delegation_nsec_data;
+    vector<string> delegation_nsec_sig_data;
 };
 
 void
@@ -161,8 +225,9 @@ checkFind(const Sqlite3DataSrc& data_source, const Query& query,
     EXPECT_EQ(expected_flags, find_flags);
     RRsetList::iterator it = result_sets.begin();
     for (; it != result_sets.end(); ++it) {
-        vector<RRType>::const_iterator found_type = find(expected_types.begin(), expected_types.end(),
-                          (*it)->getType());
+        vector<RRType>::const_iterator found_type =
+            find(expected_types.begin(), expected_types.end(),
+                 (*it)->getType());
         // there should be a match
         EXPECT_TRUE(found_type != expected_types.end());
         if (found_type != expected_types.end()) {
@@ -222,10 +287,10 @@ TEST_F(Sqlite3DataSourceTest, findClosestEnclosureNoMatch) {
 TEST_F(Sqlite3DataSourceTest, findRRsetNormal) {
     // Without specifying the zone name, and then with the zone name
     checkFind(data_source, *query, www_name, NULL, rrclass, rrtype, rrttl, 0,
-              www_data, &www_sig_data);
+              common_a_data, &common_sig_data);
 
     checkFind(data_source, *query, www_name, &zone_name, rrclass, rrtype, rrttl,
-              0, www_data, &www_sig_data);
+              0, common_a_data, &common_sig_data);
 
     // With a zone name that doesn't match
     EXPECT_EQ(DataSrc::SUCCESS,
@@ -240,9 +305,9 @@ TEST_F(Sqlite3DataSourceTest, findRRsetNormalANY) {
     types.push_back(RRType::NSEC());
     ttls.push_back(RRTTL(3600));
     ttls.push_back(RRTTL(7200));
-    answers.push_back(&www_data);
+    answers.push_back(&common_a_data);
     answers.push_back(&www_nsec_data);
-    signatures.push_back(&www_sig_data);
+    signatures.push_back(&common_sig_data);
     signatures.push_back(&www_nsec_sig_data);
 
     rrtype = RRType::ANY();
@@ -256,10 +321,10 @@ TEST_F(Sqlite3DataSourceTest, findRRsetNormalANY) {
 // Case insensitive lookup
 TEST_F(Sqlite3DataSourceTest, findRRsetNormalCase) {
     checkFind(data_source, *query, www_upper_name, NULL, rrclass, rrtype, rrttl,
-              0, www_data, &www_sig_data);
+              0, common_a_data, &common_sig_data);
 
     checkFind(data_source, *query, www_upper_name, &zone_name, rrclass, rrtype,
-              rrttl, 0, www_data, &www_sig_data);
+              rrttl, 0, common_a_data, &common_sig_data);
 
     EXPECT_EQ(DataSrc::SUCCESS,
               data_source.findRRset(*query, www_upper_name, rrclass, rrtype,
@@ -283,4 +348,190 @@ TEST_F(Sqlite3DataSourceTest, findRRsetApexNS) {
     EXPECT_TRUE(result_sets.begin() == result_sets.end()); // should be empty
 }
 
+TEST_F(Sqlite3DataSourceTest, findRRsetApexANY) {
+    types.push_back(RRType::SOA());
+    types.push_back(RRType::NS());
+    types.push_back(RRType::MX());
+    types.push_back(RRType::NSEC());
+    types.push_back(RRType::DNSKEY());
+    ttls.push_back(rrttl); // SOA TTL
+    ttls.push_back(rrttl); // NS TTL
+    ttls.push_back(rrttl); // MX TTL
+    ttls.push_back(RRTTL(7200)); // NSEC TTL
+    ttls.push_back(rrttl); // DNSKEY TTL
+    answers.push_back(&apex_soa_data);
+    answers.push_back(&apex_ns_data);
+    answers.push_back(&apex_mx_data);
+    answers.push_back(&apex_nsec_data);
+    answers.push_back(&apex_dnskey_data);
+    signatures.push_back(&apex_soa_sig_data);
+    signatures.push_back(&apex_ns_sig_data);
+    signatures.push_back(&apex_mx_sig_data);
+    signatures.push_back(&apex_nsec_sig_data);
+    signatures.push_back(&apex_dnskey_sig_data);
+
+    rrtype = RRType::ANY();
+    checkFind(data_source, *query, zone_name, NULL, rrclass, rrtype, ttls, 0,
+              types, answers, signatures);
+
+    checkFind(data_source, *query, zone_name, &zone_name, rrclass, rrtype, ttls,
+              0, types, answers, signatures);
+}
+
+TEST_F(Sqlite3DataSourceTest, findRRsetApexNXRRSET) {
+    rrtype = RRType::AAAA();
+    EXPECT_EQ(DataSrc::SUCCESS,
+              data_source.findRRset(*query, zone_name, rrclass, rrtype,
+                                    result_sets, find_flags, &zone_name));
+    // there's an NS RRset at the apex name, so the REFERRAL flag should be
+    // set, too.
+    EXPECT_EQ(DataSrc::TYPE_NOT_FOUND | DataSrc::REFERRAL, find_flags);
+    EXPECT_TRUE(result_sets.begin() == result_sets.end());
+
+    // Same test, without specifying the zone name
+    EXPECT_EQ(DataSrc::SUCCESS,
+              data_source.findRRset(*query, zone_name, rrclass, rrtype,
+                                    result_sets, find_flags, NULL));
+    // there's an NS RRset at the apex name, so the REFERRAL flag should be
+    // set, too.
+    EXPECT_EQ(DataSrc::TYPE_NOT_FOUND | DataSrc::REFERRAL, find_flags);
+    EXPECT_TRUE(result_sets.begin() == result_sets.end());
+}
+
+// Matching a wildcard node.  There's nothing special for the data source API
+// point of view, but perform minimal tests anyway.
+TEST_F(Sqlite3DataSourceTest, findRRsetWildcard) {
+    Name qname("*.wild.example.com");
+    checkFind(data_source, *query, qname, NULL, rrclass,
+              rrtype, rrttl, 0, wild_a_data, &common_sig_data);
+    checkFind(data_source, *query, qname, &zone_name, rrclass,
+              rrtype, rrttl, 0, wild_a_data, &common_sig_data);
+}
+
+TEST_F(Sqlite3DataSourceTest, findRRsetEmptyNode) {
+    // foo.bar.example.com exists, but bar.example.com doesn't have any data.
+    Name qname("bar.example.com");
+
+    EXPECT_EQ(DataSrc::SUCCESS,
+              data_source.findRRset(*query, qname, rrclass, rrtype,
+                                    result_sets, find_flags, NULL));
+    EXPECT_EQ(DataSrc::TYPE_NOT_FOUND, find_flags);
+    EXPECT_TRUE(result_sets.begin() == result_sets.end());
+
+    EXPECT_EQ(DataSrc::SUCCESS,
+              data_source.findRRset(*query, qname, rrclass, rrtype,
+                                    result_sets, find_flags, &zone_name));
+    EXPECT_EQ(DataSrc::TYPE_NOT_FOUND, find_flags);
+    EXPECT_TRUE(result_sets.begin() == result_sets.end());
+}
+
+// There's nothing special about DNAME lookup for the data source API
+// point of view, but perform minimal tests anyway.
+TEST_F(Sqlite3DataSourceTest, findRRsetDNAME) {
+    Name qname("dname.example.com");
+
+    rrtype = RRType::DNAME();
+    checkFind(data_source, *query, qname, NULL, rrclass,
+              rrtype, rrttl, 0, dname_data, &dname_sig_data);
+    checkFind(data_source, *query, qname, &zone_name, rrclass,
+              rrtype, rrttl, 0, dname_data, &dname_sig_data);
+}
+
+TEST_F(Sqlite3DataSourceTest, findRRsetCNAME) {
+    Name qname("foo.example.com");
+
+    // This qname only has the CNAME (+ sigs).  CNAME query is not different
+    // from ordinary queries.
+    rrtype = RRType::CNAME();
+    checkFind(data_source, *query, qname, NULL, rrclass,
+              rrtype, rrttl, 0, cname_data, &cname_sig_data);
+    checkFind(data_source, *query, qname, &zone_name, rrclass,
+              rrtype, rrttl, 0, cname_data, &cname_sig_data);
+
+    // queries for (ordinary) different RR types that match the CNAME.
+    // CNAME_FOUND flag is set, and the CNAME RR is returned instead of A
+    rrtype = RRType::A();
+    types.push_back(RRType::CNAME());
+    ttls.push_back(rrttl);
+    answers.push_back(&cname_data);
+    signatures.push_back(&cname_sig_data);
+    checkFind(data_source, *query, qname, NULL, rrclass,
+              rrtype, ttls, DataSrc::CNAME_FOUND, types, answers, signatures);
+    checkFind(data_source, *query, qname, &zone_name, rrclass,
+              rrtype, ttls, DataSrc::CNAME_FOUND, types, answers, signatures);
+
+    // NSEC query that match the CNAME.
+    // CNAME_FOUND flag is NOT set, and the NSEC RR is returned instead of
+    // CNAME.
+    rrtype = RRType::NSEC();
+    checkFind(data_source, *query, qname, NULL, rrclass,
+              rrtype, RRTTL(7200), 0, cname_nsec_data, &cname_nsec_sig_data);
+    checkFind(data_source, *query, qname, &zone_name, rrclass,
+              rrtype, RRTTL(7200), 0, cname_nsec_data, &cname_nsec_sig_data);
+}
+
+TEST_F(Sqlite3DataSourceTest, findRRsetDelegation) {
+    Name qname("www.subzone.example.com");
+
+    // query for a name under a zone cut.  From the data source API point
+    // of view this is no different than "NXDOMAIN".
+    EXPECT_EQ(DataSrc::SUCCESS,
+              data_source.findRRset(*query, qname, rrclass, rrtype,
+                                    result_sets, find_flags, NULL));
+    // there's an NS RRset at the apex name, so the REFERRAL flag should be
+    // set, too.
+    EXPECT_EQ(DataSrc::NAME_NOT_FOUND, find_flags);
+    EXPECT_TRUE(result_sets.begin() == result_sets.end());
+}
+
+TEST_F(Sqlite3DataSourceTest, findRRsetDelegationAtZoneCut) {
+    Name qname("subzone.example.com");
+
+    // query for a name *at* a zone cut.  It matches the NS RRset for the
+    // delegation.
+
+    // For non-NS ordinary queries, "no type" should be set too, and no RRset is
+    // returned.
+    EXPECT_EQ(DataSrc::SUCCESS,
+              data_source.findRRset(*query, qname, rrclass, rrtype,
+                                    result_sets, find_flags, NULL));
+    EXPECT_EQ(DataSrc::TYPE_NOT_FOUND | DataSrc::REFERRAL, find_flags);
+    EXPECT_TRUE(result_sets.begin() == result_sets.end());
+
+    EXPECT_EQ(DataSrc::SUCCESS,
+              data_source.findRRset(*query, qname, rrclass, rrtype,
+                                    result_sets, find_flags, &zone_name));
+    EXPECT_EQ(DataSrc::TYPE_NOT_FOUND | DataSrc::REFERRAL, find_flags);
+    EXPECT_TRUE(result_sets.begin() == result_sets.end());
+
+    // For NS query, RRset is returned with the REFERRAL flag.  No RRSIG should
+    // be provided.
+    rrtype = RRType::NS();
+    checkFind(data_source, *query, qname, NULL, rrclass,
+              rrtype, rrttl, DataSrc::REFERRAL, delegation_ns_data, NULL);
+    checkFind(data_source, *query, qname, &zone_name, rrclass,
+              rrtype, rrttl, DataSrc::REFERRAL, delegation_ns_data, NULL);
+
+    // For ANY query.  What should we do?
+#if 0
+    rrtype = RRType::ANY();
+    EXPECT_EQ(DataSrc::SUCCESS,
+              data_source.findRRset(*query, qname, rrclass, rrtype,
+                                    result_sets, find_flags, NULL));
+    EXPECT_EQ(DataSrc::REFERRAL, find_flags);
+#endif
+
+    // For NSEC query.  What should we do?  Probably return the NSEC + RRSIG
+    // without REFERRAL.  But it currently doesn't act like so.
+#if 0
+    rrtype = RRType::NSEC();
+    checkFind(data_source, *query, qname, NULL, rrclass,
+              rrtype, RRTTL(7200), 0, delegation_nsec_data,
+              &delegation_nsec_sig_data);
+    checkFind(data_source, *query, qname, &zone_name, rrclass,
+              rrtype, RRTTL(7200), 0, delegation_nsec_data,
+              &delegation_nsec_sig_data);
+#endif    
+}
+
 }

src/lib/auth/testdata/example.com.signed

@@ -99,7 +99,7 @@ dns03.example.com.	3600	IN A	192.168.2.3
 			7200	RRSIG	NSEC 5 3 7200 20100322084538 (
 					20100220084538 33495 example.com.
 					FAKEFAKEFAKEFAKE )
-foo.example.com.	3600	IN CNAME cnametest.flame.org.
+foo.example.com.	3600	IN CNAME cnametest.example.org.
 			3600	RRSIG	CNAME 5 3 3600 20100322084538 (
 					20100220084538 33495 example.com.
 					FAKEFAKEFAKEFAKE )
@@ -148,7 +148,7 @@ subzone.example.com.	3600	IN NS	ns1.subzone.example.com.
 			7200	RRSIG	NSEC 5 3 7200 20100322084538 (
 					20100220084538 33495 example.com.
 					FAKEFAKEFAKEFAKE )
-*.wild.example.com.	3600	IN A	192.168.3.2
+*.wild.example.com.	3600	IN A	192.0.2.255
 			3600	RRSIG	A 5 3 3600 20100322084538 (
 					20100220084538 33495 example.com.
 					FAKEFAKEFAKEFAKE )
@@ -167,3 +167,6 @@ www.example.com.	3600	IN A	192.0.2.1
 ;; This doesn't have an RRSIG.  It makes this zone "incomplete signed",
 ;; but for the purpose of data source API testing it doesn't matter.
 nosig.example.com.	3600	IN A	192.0.2.1
+
+;; Two labels + apex name for empty node test
+foo.bar.example.com.	3600	IN A	192.0.2.1