Commit 43dd02a2 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[2107] supported the concept of dnssec-signed and nsec3-signed

parent 1cc1a42e
......@@ -207,6 +207,8 @@ TEST_F(ZoneDataTest, addRdataSets) {
TEST_F(ZoneDataTest, getSetNSEC3Data) {
// Initially there's no NSEC3 data
EXPECT_EQ(static_cast<NSEC3Data*>(NULL), zone_data_->getNSEC3Data());
// isNSEC3Signed is true iff zone data has non NULL NSEC3 data
EXPECT_FALSE(zone_data_->isNSEC3Signed());
// Set a new one. The set method should return NULL. The get method
// should return the new one.
......@@ -214,6 +216,7 @@ TEST_F(ZoneDataTest, getSetNSEC3Data) {
NSEC3Data* old_nsec3_data = zone_data_->setNSEC3Data(nsec3_data);
EXPECT_EQ(static_cast<NSEC3Data*>(NULL), old_nsec3_data);
EXPECT_EQ(nsec3_data, zone_data_->getNSEC3Data());
EXPECT_TRUE(zone_data_->isNSEC3Signed());
// Replace an existing one with a yet another one.
// We're responsible for destroying the old one.
......@@ -221,15 +224,30 @@ TEST_F(ZoneDataTest, getSetNSEC3Data) {
old_nsec3_data = zone_data_->setNSEC3Data(nsec3_data2);
EXPECT_EQ(nsec3_data, old_nsec3_data);
EXPECT_EQ(nsec3_data2, zone_data_->getNSEC3Data());
EXPECT_TRUE(zone_data_->isNSEC3Signed());
NSEC3Data::destroy(mem_sgmt_, old_nsec3_data, RRClass::IN());
// Setting NULL clears any existing one.
old_nsec3_data = zone_data_->setNSEC3Data(NULL);
EXPECT_EQ(nsec3_data2, old_nsec3_data);
EXPECT_EQ(static_cast<NSEC3Data*>(NULL), zone_data_->getNSEC3Data());
EXPECT_FALSE(zone_data_->isNSEC3Signed());
// Then set it again. The zone data should destroy it on its own
// destruction.
zone_data_->setNSEC3Data(old_nsec3_data);
}
TEST_F(ZoneDataTest, isSigned) {
// By default it's considered unsigned
EXPECT_FALSE(zone_data_->isSigned());
// declare it's signed, the isSigned() says so too
zone_data_->setSigned(true);
EXPECT_TRUE(zone_data_->isSigned());
// change it to unsigned again
zone_data_->setSigned(false);
EXPECT_FALSE(zone_data_->isSigned());
}
}
......@@ -33,6 +33,7 @@ namespace dns {
namespace rdata {
namespace generic {
class NSEC3PARAM;
class NSEC3;
}
}
}
......@@ -89,13 +90,23 @@ private:
};
class ZoneData : boost::noncopyable {
public:
private:
ZoneData(ZoneTree* zone_tree, ZoneNode* origin_node) :
zone_tree_(zone_tree), origin_node_(origin_node)
{}
// Zone node flags.
private:
// Set in the origin node (which always exists at the same address)
// to indicate whether the zone is signed or not. Internal use,
// so defined as private.
static const ZoneNode::Flags DNSSEC_SIGNED = ZoneNode::FLAG_USER1;
public:
/// \brief Node flag indicating it is at a "wildcard level"
///
/// This means one of the node's immediate children is a wildcard.
static const ZoneNode::Flags WILD_NODE = ZoneNode::FLAG_USER2;
public:
static ZoneData* create(util::MemorySegment& mem_sgmt,
const dns::Name& zone_name);
......@@ -110,6 +121,17 @@ public:
return (origin_node_.get());
}
bool isSigned() const { return (origin_node_->getFlag(DNSSEC_SIGNED)); }
void setSigned(bool on) {
origin_node_->setFlag(DNSSEC_SIGNED, on);
}
/// In the current implementation, the zone is considered signed with
/// NSEC3 if and only if it has non NULL NSEC3 data.
///
/// This also means it's not considered NSEC3 signed by default.
bool isNSEC3Signed() const { return (nsec3_data_); }
const ZoneTree* getZoneTree() const { return (zone_tree_.get()); }
const NSEC3Data* getNSEC3Data() const { return (nsec3_data_.get()); }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment