Commit 31ae358b authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1584review] added a test case for wildcard + NSEC3.

parent a4abbe54
......@@ -185,6 +185,12 @@ const char* const nsec3_www_txt =
"q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN NSEC3 1 1 12 "
"aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG\n";
// NSEC3 for wild.example.com (used in wildcard tests, will be added on
// demand not to confuse other tests)
const char* const nsec3_atwild_txt =
"ji6neoaepv8b5o6k4ev33abha8ht9fgc.example.com. 3600 IN NSEC3 1 1 12 "
"aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en\n";
// NSEC3 for *.uwild.example.com (will be added on demand not to confuse
// other tests)
const char* const nsec3_wild_txt =
......@@ -336,6 +342,14 @@ public:
hash_map_[Name("unsigned-delegation-optout.example.com")] =
"vld46lphhasfapj8og1pglgiasa5o5gt";
// For wildcard proofs
hash_map_[Name("wild.example.com")] =
"ji6neoaepv8b5o6k4ev33abha8ht9fgc";
hash_map_[Name("y.wild.example.com")] =
"0p9mhaveqvm6t7vbl5lop2u3t2rp3ton"; // a bit larger than H(<apex>)
hash_map_[Name("x.y.wild.example.com")] =
"q04jkcevqvmu85r014c7dkba38o0ji6r"; // a bit larger than H(www)
// For closest encloser proof for www1.uwild.example.com:
hash_map_[Name("uwild.example.com")] =
"t644ebqk9bibcna874givr6joj62mlhv";
......@@ -703,11 +717,13 @@ MockZoneFinder::find(const Name& name, const RRType& type,
// hardcoded specific cases, ignoring other details such as canceling
// due to the existence of closer name.
if ((options & NO_WILDCARD) == 0) {
const Name wild_suffix(name.split(1));
const Name wild_suffix(name == Name("x.y.wild.example.com") ?
Name("wild.example.com") : name.split(1));
// Unit Tests use those domains for Wildcard test.
if (name.equals(Name("www.wild.example.com"))||
name.equals(Name("www1.uwild.example.com"))||
name.equals(Name("a.t.example.com"))) {
if (name.equals(Name("www.wild.example.com")) ||
name.equals(Name("x.y.wild.example.com")) ||
name.equals(Name("www1.uwild.example.com")) ||
name.equals(Name("a.t.example.com"))) {
if (name.compare(wild_suffix).getRelation() ==
NameComparisonResult::SUBDOMAIN) {
domain = domains_.find(Name("*").concatenate(wild_suffix));
......@@ -1340,6 +1356,34 @@ TEST_F(QueryTest, CNAMEwildNSEC) {
mock_finder->getOrigin());
}
TEST_F(QueryTest, wildcardNSEC3) {
// Similar to wildcardNSEC, but the zone is signed with NSEC3.
// The next closer is y.wild.example.com, the covering NSEC3 for it
// is (in our setup) the NSEC3 for the apex.
mock_finder->setNSEC3Flag(true);
// This is NSEC3 for wild.example.com, which will be used in the middle
// of identifying the next closer name.
mock_finder->addRecord(nsec3_atwild_txt);
Query(memory_client, Name("x.y.wild.example.com"), RRType::A(), response,
true).process();
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 2, 6, 6,
(string(wild_txt).replace(0, 1, "x.y") +
string("x.y.wild.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("A") + "\n").c_str(),
// 3 NSes and their RRSIG
(zone_ns_txt + string("example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NS") + "\n" +
// NSEC3 for the wildcard proof and its RRSIG
string(nsec3_apex_txt) +
mock_finder->hash_map_[Name("example.com.")] +
string(".example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC3") + "\n").c_str(),
NULL, // we are not interested in additionals in this test
mock_finder->getOrigin());
}
TEST_F(QueryTest, badWildcardProof1) {
// Unexpected case in wildcard proof: ZoneFinder::find() returns SUCCESS
// when NXDOMAIN is expected.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment