[2165] Strip RRSIGs from addditional records in memory datasource when DNSSEC is not asked

* In the case of the ZoneFinderContextTest.getAdditionalWithSIG test,
  the RRSIGs are expected as ZoneFinder::FIND_DNSSEC is specified.

src/lib/datasrc/memory_datasrc.cc

@@ -812,10 +812,10 @@ protected:
             }
             BOOST_FOREACH(const DomainPair& dom_it, *found_node_->getData()) {
                 getAdditionalForRRset(*dom_it.second, requested_types,
-                                      result);
+                                      result, options_);
             }
         } else {
-            getAdditionalForRRset(*rrset_, requested_types, result);
+            getAdditionalForRRset(*rrset_, requested_types, result, options_);
         }
     }
 
@@ -826,7 +826,8 @@ private:
     // type for each node.
     static void getAdditionalForRRset(const RBNodeRRset& rrset,
                                       const vector<RRType>& requested_types,
-                                      vector<ConstRRsetPtr>& result)
+                                      vector<ConstRRsetPtr>& result,
+                                      ZoneFinder::FindOptions options)
     {
         const vector<AdditionalNodeInfo>* additionals_ =
             rrset.getAdditionalNodes();
@@ -853,10 +854,29 @@ private:
                     // in case the caller has the same RRset but as a result
                     // of normal find() and needs to know they are of the same
                     // kind; otherwise we simply use the stored RBNodeRRset.
+                    ConstRRsetPtr rr;
                     if (wild_expanded) {
-                        result.push_back(found->second->getUnderlyingRRset());
+                        rr = found->second->getUnderlyingRRset();
                     } else {
-                        result.push_back(found->second);
+                        rr = found->second;
+                    }
+
+                    ConstRRsetPtr sig_rrset = rr->getRRsig();
+                    if (sig_rrset &&
+                        ((options & ZoneFinder::FIND_DNSSEC) == 0)) {
+                        RRsetPtr result_base(new RRset(rr->getName(),
+                                                       rr->getClass(),
+                                                       rr->getType(),
+                                                       rr->getTTL()));
+                        for (RdataIteratorPtr i(rr->getRdataIterator());
+                             !i->isLast();
+                             i->next()) {
+                            result_base->addRdata(i->getCurrent());
+                        }
+
+                        result.push_back(result_base);
+                    } else {
+                        result.push_back(rr);
                     }
                 }
             }

src/lib/datasrc/tests/zone_finder_context_unittest.cc

@@ -326,7 +326,11 @@ TEST_P(ZoneFinderContextTest, getAdditionalWithSIG) {
 
     ctx->getAdditional(REQUESTED_BOTH, result_sets_);
     rrsetsCheck("ns1.example.org. 3600 IN A 192.0.2.1\n"
+                "ns1.example.org. 3600 IN RRSIG	A 7 3 3600 20150420235959 "
+                "20051021000000 40430 example.org. FAKEFAKE\n"
                 "ns1.example.org. 3600 IN AAAA 2001:db8::1\n"
+                "ns1.example.org. 3600 IN RRSIG	AAAA 7 3 3600 20150420235959 "
+                "20051021000000 40430 example.org. FAKEFAKEFAKE\n"
                 "ns2.example.org. 3600 IN A 192.0.2.2\n",
                 result_sets_.begin(), result_sets_.end());
 

src/lib/datasrc/zone.h

@@ -299,7 +299,9 @@ public:
     private:
         ZoneFinder& finder_;
         const FindResultFlags flags_;
+    protected:
         const FindOptions options_;
+    private:
         std::vector<isc::dns::ConstRRsetPtr> all_set_;
     };