Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
Kea
Commits
5db2d64d
Commit
5db2d64d
authored
May 20, 2011
by
Michal 'vorner' Vaner
Browse files
[trac931] Another tests for signatures
parent
37ded0b3
Changes
1
Hide whitespace changes
Inline
Side-by-side
src/bin/auth/tests/auth_srv_unittest.cc
View file @
5db2d64d
...
...
@@ -340,6 +340,41 @@ TEST_F(AuthSrvTest, TSIGBadSig) {
"It should be unsigned with this error"
;
}
// Give the server a signed unsupported request with a bad signature.
// This checks the server first verifies the signature before anything
// else.
TEST_F
(
AuthSrvTest
,
TSIGCheckFirst
)
{
TSIGKey
key
(
"key:c2VjcmV0Cg==:hmac-sha1"
);
TSIGContext
context
(
key
);
// Pass a wrong opcode there. The server shouldn't know what to do
// about it.
UnitTestUtil
::
createRequestMessage
(
request_message
,
Opcode
::
RESERVED14
(),
default_qid
,
Name
(
"version.bind"
),
RRClass
::
CH
(),
RRType
::
TXT
());
createRequestPacket
(
request_message
,
IPPROTO_UDP
,
&
context
);
isc
::
server_common
::
keyring
.
reset
(
new
TSIGKeyRing
);
isc
::
server_common
::
keyring
->
add
(
TSIGKey
(
"key:QkFECg==:hmac-sha1"
));
server
.
processMessage
(
*
io_message
,
parse_message
,
response_obuffer
,
&
dnsserv
);
isc
::
server_common
::
keyring
.
reset
();
EXPECT_TRUE
(
dnsserv
.
hasAnswer
());
headerCheck
(
*
parse_message
,
default_qid
,
TSIGError
::
BAD_SIG
().
toRcode
(),
Opcode
::
RESERVED14
().
getCode
(),
QR_FLAG
,
0
,
0
,
0
,
0
);
// We need to parse the message ourself, or getTSIGRecord won't work
InputBuffer
ib
(
response_obuffer
->
getData
(),
response_obuffer
->
getLength
());
Message
m
(
Message
::
PARSE
);
m
.
fromWire
(
ib
);
const
TSIGRecord
*
tsig
=
m
.
getTSIGRecord
();
ASSERT_TRUE
(
tsig
!=
NULL
)
<<
"Missing TSIG signature (we should have one even at error)"
;
EXPECT_EQ
(
TSIGError
::
BAD_SIG_CODE
,
tsig
->
getRdata
().
getError
());
EXPECT_EQ
(
0
,
tsig
->
getRdata
().
getMACSize
())
<<
"It should be unsigned with this error"
;
}
TEST_F
(
AuthSrvTest
,
AXFRConnectFail
)
{
EXPECT_FALSE
(
xfrout
.
isConnected
());
// check prerequisite
xfrout
.
disableConnect
();
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment