Commit 16a1358a authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

[1577] Port a NSEC3 test from memory to database

One test is taken and ported to the database. It does compile partially
(the rest is commented out for now) and does not pass. Also, another
function moved to common file.
parent c02b9f4c
......@@ -12,6 +12,8 @@
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
#include "faked_nsec3.h"
#include <stdlib.h>
#include <boost/shared_ptr.hpp>
......@@ -24,6 +26,7 @@
#include <dns/name.h>
#include <dns/rrttl.h>
#include <dns/rrset.h>
#include <dns/nsec3hash.h>
#include <exceptions/exceptions.h>
#include <datasrc/database.h>
......@@ -44,6 +47,7 @@ using namespace std;
using boost::dynamic_pointer_cast;
using boost::lexical_cast;
using namespace isc::dns;
using namespace isc::datasrc::test;
namespace {
......@@ -1059,6 +1063,11 @@ public:
"FAKEFAKEFAKE"));
}
~ DatabaseClientTest() {
// Make sure we return the default creator no matter if we set it or not
setNSEC3HashCreator(NULL);
}
/*
* We initialize the client from a function, so we can call it multiple
* times per test.
......@@ -1219,6 +1228,9 @@ public:
const std::vector<std::string> empty_rdatas_; // for NXRRSET/NXDOMAIN
std::vector<std::string> expected_rdatas_;
std::vector<std::string> expected_sig_rdatas_;
// A creator for use in several NSEC3 related tests.
TestNSEC3HashCreator test_nsec3_hash_creator_;
};
class TestSQLite3Accessor : public SQLite3Accessor {
......@@ -3533,4 +3545,89 @@ TEST_F(MockDatabaseClientTest, journalWithBadData) {
second->getNextDiff(), DataSourceError);
}
/// Let us test a little bit of NSEC3. This is borrowed from the in-memory tests
/// Maybe unify the code a little bit somehow?
TEST_F(MockDatabaseClientTest, findNSEC3) {
// Set up the faked hash calculator.
setNSEC3HashCreator(&test_nsec3_hash_creator_);
DataSourceClient::FindResult
zone(this->client_->findZone(Name("example.org")));
ASSERT_EQ(result::SUCCESS, zone.code);
boost::shared_ptr<DatabaseClient::Finder> finder(
dynamic_pointer_cast<DatabaseClient::Finder>(zone.zone_finder));
// Parameter validation: the query name must be in or below the zone
EXPECT_THROW(finder->findNSEC3(Name("example.com"), false), OutOfZone);
EXPECT_THROW(finder->findNSEC3(Name("org"), true), OutOfZone);
Name origin("example.org");
const string apex_nsec3_text = string(apex_hash) + ".example.org." +
string(nsec3_common);
// Apex name. It should have a matching NSEC3.
{
SCOPED_TRACE("apex, non recursive mode");
findNSEC3Check(true, origin.getLabelCount(), apex_nsec3_text, "",
finder->findNSEC3(origin, false));
}
#if 0
// Recursive mode doesn't change the result in this case.
{
SCOPED_TRACE("apex, recursive mode");
findNSEC3Check(true, origin_.getLabelCount(), apex_nsec3_text, "",
zone_finder_.findNSEC3(origin_, true));
}
// Non existent name. Disabling recursion, a covering NSEC3 should be
// returned.
const Name www_name("www.example.org");
{
SCOPED_TRACE("non existent name, non recursive mode");
findNSEC3Check(false, www_name.getLabelCount(), apex_nsec3_text, "",
zone_finder_.findNSEC3(www_name, false));
}
// Non existent name. The closest provable encloser is the apex,
// and next closer is the query name itself (which NSEC3 for ns1
// covers)
// H(ns1) = 2T... < H(xxx) = Q0... < H(zzz) = R5...
{
SCOPED_TRACE("non existent name, recursive mode");
findNSEC3Check(true, origin_.getLabelCount(), apex_nsec3_text,
ns1_nsec3_text,
zone_finder_.findNSEC3(Name("xxx.example.org"), true));
}
// Similar to the previous case, but next closer name is different
// from the query name. The closet encloser is w.example.org, and
// next closer is y.w.example.org.
// H(ns1) = 2T.. < H(y.w) = K8.. < H(zzz) = R5
{
SCOPED_TRACE("non existent name, non qname next closer");
findNSEC3Check(true, Name("w.example.org").getLabelCount(),
w_nsec3_text, ns1_nsec3_text,
zone_finder_.findNSEC3(Name("x.y.w.example.org"),
true));
}
// In the rest of test we check hash comparison for wrap around cases.
{
SCOPED_TRACE("very small hash");
const Name smallest_name("smallest.example.org");
findNSEC3Check(false, smallest_name.getLabelCount(),
zzz_nsec3_text, "",
zone_finder_.findNSEC3(smallest_name, false));
}
{
SCOPED_TRACE("very large hash");
const Name largest_name("largest.example.org");
findNSEC3Check(false, largest_name.getLabelCount(),
zzz_nsec3_text, "",
zone_finder_.findNSEC3(largest_name, false));
}
#endif
}
}
......@@ -15,11 +15,14 @@
#include "faked_nsec3.h"
#include <dns/name.h>
#include <testutils/dnsmessage_test.h>
#include <map>
#include <gtest/gtest.h>
using namespace std;
using namespace isc::dns;
using namespace isc::testutils;
namespace isc {
namespace datasrc {
......@@ -73,6 +76,41 @@ NSEC3Hash* TestNSEC3HashCreator::create(const rdata::generic::NSEC3&) const {
return (new TestNSEC3Hash);
}
void
findNSEC3Check(bool expected_matched, uint8_t expected_labels,
const string& expected_closest,
const string& expected_next,
const ZoneFinder::FindNSEC3Result& result,
bool expected_sig)
{
EXPECT_EQ(expected_matched, result.matched);
// Convert to int so the error messages would be more readable:
EXPECT_EQ(static_cast<int>(expected_labels),
static_cast<int>(result.closest_labels));
vector<ConstRRsetPtr> actual_rrsets;
ASSERT_TRUE(result.closest_proof);
actual_rrsets.push_back(result.closest_proof);
if (expected_sig) {
actual_rrsets.push_back(result.closest_proof->getRRsig());
}
rrsetsCheck(expected_closest, actual_rrsets.begin(),
actual_rrsets.end());
actual_rrsets.clear();
if (expected_next.empty()) {
EXPECT_FALSE(result.next_proof);
} else {
ASSERT_TRUE(result.next_proof);
actual_rrsets.push_back(result.next_proof);
if (expected_sig) {
actual_rrsets.push_back(result.next_proof->getRRsig());
}
rrsetsCheck(expected_next, actual_rrsets.begin(),
actual_rrsets.end());
}
}
}
}
}
......@@ -15,12 +15,28 @@
#ifndef FAKED_NSEC3_H
#define FAKED_NSEC3_H
#include <datasrc/zone.h>
#include <dns/nsec3hash.h>
#include <stdint.h>
#include <string>
namespace isc {
namespace datasrc {
namespace test {
//
// (Faked) NSEC3 hash data. Arbitrarily borrowed from RFC515 examples.
//
// Commonly used NSEC3 suffix. It's incorrect to use it for all NSEC3s, but
// doesn't matter for the purpose of our tests.
const char* const nsec3_common = " 300 IN NSEC3 1 1 12 aabbccdd "
"2T7B4G4VSA5SMI47K61MV5BV1A22BOJR A RRSIG";
// Likewise, common RRSIG suffix for NSEC3s.
const char* const nsec3_rrsig_common = " 300 IN RRSIG NSEC3 5 3 3600 "
"20000101000000 20000201000000 12345 example.org. FAKEFAKEFAKE";
// Some faked NSEC3 hash values commonly used in tests and the faked NSEC3Hash
// object.
//
......@@ -50,6 +66,13 @@ public:
const;
};
void
findNSEC3Check(bool expected_matched, uint8_t expected_labels,
const std::string& expected_closest,
const std::string& expected_next,
const isc::datasrc::ZoneFinder::FindNSEC3Result& result,
bool expected_sig = false);
}
}
}
......
......@@ -1571,52 +1571,6 @@ TEST_F(InMemoryZoneFinderTest, addbadRRsig) {
InMemoryZoneFinder::AddError);
}
//
// (Faked) NSEC3 hash data. Arbitrarily borrowed from RFC515 examples.
//
// Commonly used NSEC3 suffix. It's incorrect to use it for all NSEC3s, but
// doesn't matter for the purpose of our tests.
const char* const nsec3_common = " 300 IN NSEC3 1 1 12 aabbccdd "
"2T7B4G4VSA5SMI47K61MV5BV1A22BOJR A RRSIG";
// Likewise, common RRSIG suffix for NSEC3s.
const char* const nsec3_rrsig_common = " 300 IN RRSIG NSEC3 5 3 3600 "
"20000101000000 20000201000000 12345 example.org. FAKEFAKEFAKE";
void
findNSEC3Check(bool expected_matched, uint8_t expected_labels,
const string& expected_closest,
const string& expected_next,
const ZoneFinder::FindNSEC3Result& result,
bool expected_sig = false)
{
EXPECT_EQ(expected_matched, result.matched);
// Convert to int so the error messages would be more readable:
EXPECT_EQ(static_cast<int>(expected_labels),
static_cast<int>(result.closest_labels));
vector<ConstRRsetPtr> actual_rrsets;
ASSERT_TRUE(result.closest_proof);
actual_rrsets.push_back(result.closest_proof);
if (expected_sig) {
actual_rrsets.push_back(result.closest_proof->getRRsig());
}
rrsetsCheck(expected_closest, actual_rrsets.begin(),
actual_rrsets.end());
actual_rrsets.clear();
if (expected_next.empty()) {
EXPECT_FALSE(result.next_proof);
} else {
ASSERT_TRUE(result.next_proof);
actual_rrsets.push_back(result.next_proof);
if (expected_sig) {
actual_rrsets.push_back(result.next_proof->getRRsig());
}
rrsetsCheck(expected_next, actual_rrsets.begin(),
actual_rrsets.end());
}
}
TEST_F(InMemoryZoneFinderTest, addNSEC3) {
// Set up the faked hash calculator.
setNSEC3HashCreator(&nsec3_hash_creator_);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment