Accueil Explorer Aide
Connexion
zorun
/
kea
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Parcourir la source

[1176] Check no DNSSEC_OK means no RRSIGs

Michal 'vorner' Vaner il y a 13 ans
Parent
04b04226b7
commit
c1c2ddf5be
1 fichiers modifiés avec 18 ajouts et 1 suppressions
Vue séparée Afficher les stats Diff
  1. 18 1
      src/bin/auth/tests/query_unittest.cc

+ 18 - 1
src/bin/auth/tests/query_unittest.cc
Voir le fichier 

@@ -111,7 +111,8 @@ public:
 
         dname_name_("dname.example.com"),
 
         has_SOA_(true),
 
         has_apex_NS_(true),
 
-        rrclass_(RRClass::IN())
 
+        rrclass_(RRClass::IN()),
 
+        include_rrsig_anyway_(false)
 
     {
 
         stringstream zone_stream;
 
         zone_stream << soa_txt << zone_ns_txt << ns_addrs_txt <<
 
@@ -137,6 +138,9 @@ public:
 
     // the apex NS.
 
     void setApexNSFlag(bool on) { has_apex_NS_ = on; }
 
 
+    // Turn this on if you want it to return RRSIGs regardless of FIND_GLUE_OK
 
+    void setIncludeRRSIGAnyway(bool on) { include_rrsig_anyway_ = on; }
 
+
 
 private:
 
     typedef map<RRType, ConstRRsetPtr> RRsetStore;
 
     typedef map<Name, RRsetStore> Domains;
 
@@ -181,6 +185,7 @@ private:
 
     ConstRRsetPtr delegation_rrset_;
 
     ConstRRsetPtr dname_rrset_;
 
     const RRClass rrclass_;
 
+    bool include_rrsig_anyway_;
 
 };
 
 
 ZoneFinder::FindResult
 
@@ -219,6 +224,7 @@ MockZoneFinder::find(const Name& name, const RRType& type,
 
             // Strip whatever signature there is in case DNSSEC is not required
 
             // Just to make sure the Query asks for it when it is needed
 
             if (options & ZoneFinder::FIND_DNSSEC ||
 
+                include_rrsig_anyway_ ||
 
                 !found_rrset->second->getRRsig()) {
 
                 rrset = found_rrset->second;
 
             } else {
 
@@ -342,6 +348,17 @@ TEST_F(QueryTest, exactMatch) {
 
                   www_a_txt, zone_ns_txt, ns_addrs_txt);
 
 }
 
 
+TEST_F(QueryTest, exactMatchIgnoreSIG) {
 
+    // Check that we do not include the RRSIG when not requested even when
 
+    // we receive it from the data source.
 
+    mock_finder->setIncludeRRSIGAnyway(true);
 
+    Query query(memory_client, qname, qtype, response);
 
+    EXPECT_NO_THROW(query.process());
 
+    // find match rrset
 
+    responseCheck(response, Rcode::NOERROR(), AA_FLAG, 1, 3, 3,
 
+                  www_a_txt, zone_ns_txt, ns_addrs_txt);
 
+}
 
+
 
 TEST_F(QueryTest, dnssecPositive) {
 
     // Just like exactMatch, but the signatures should be included as well
 
     Query query(memory_client, qname, qtype, response, true);