Commit 5fbff1bd authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1570] intermediate (unrelated) refactoring on test: unify delegation cases.

now that we have multiple test delegations, it would make sense to introduce
some generalization.
parent e16deb46
......@@ -208,8 +208,8 @@ getCommonRRSIGText(const string& type) {
// Its find() method emulates the common behavior of protocol compliant
// ZoneFinder classes, but simplifies some minor cases and also supports broken
// behavior.
// For simplicity, most names are assumed to be "in zone"; there's only
// one zone cut at the point of name "delegation.example.com".
// For simplicity, most names are assumed to be "in zone"; delegations
// to child zones are identified by the existence of non origin NS records.
// Another special name is "dname.example.com". Query names under this name
// will result in DNAME.
// This mock zone doesn't handle empty non terminal nodes (if we need to test
......@@ -218,10 +218,7 @@ class MockZoneFinder : public ZoneFinder {
public:
MockZoneFinder() :
origin_(Name("example.com")),
delegation_name_("delegation.example.com"),
signed_delegation_name_("signed-delegation.example.com"),
bad_signed_delegation_name_("bad-delegation.example.com"),
unsigned_delegation_name_("unsigned-delegation.example.com"),
dname_name_("dname.example.com"),
has_SOA_(true),
has_apex_NS_(true),
......@@ -311,18 +308,31 @@ public:
public:
// We allow the tests to use these for convenience
ConstRRsetPtr delegation_rrset_;
ConstRRsetPtr signed_delegation_rrset_;
ConstRRsetPtr signed_delegation_ds_rrset_;
ConstRRsetPtr bad_signed_delegation_rrset_;
ConstRRsetPtr unsigned_delegation_rrset_;
ConstRRsetPtr dname_rrset_; // could be used as an arbitrary bogus RRset
ConstRRsetPtr empty_nsec_rrset_;
private:
typedef map<RRType, ConstRRsetPtr> RRsetStore;
typedef map<Name, RRsetStore> Domains;
Domains domains_;
Domains delegations_;
Domains nsec3_domains_;
// This is used to identify delegation to a child zone, and used to
// find a matching entry in delegations_. Note that first found entry
// is returned, so it's not a longest match. Test data must be set up
// to ensure the first match is always the longest match.
struct SubdomainMatch {
SubdomainMatch(const Name& name) : name_(name) {}
bool operator()(const pair<Name, RRsetStore>& domain_elem) const {
return (name_ == domain_elem.first ||
name_.compare(domain_elem.first).getRelation() ==
NameComparisonResult::SUBDOMAIN);
}
private:
const Name& name_;
};
void loadRRset(RRsetPtr rrset) {
if (rrset->getType() == RRType::NSEC3()) {
// NSEC3 should go to the dedicated table
......@@ -336,39 +346,26 @@ private:
return;
}
domains_[rrset->getName()][rrset->getType()] = rrset;
if (rrset->getName() == delegation_name_ &&
rrset->getType() == RRType::NS()) {
delegation_rrset_ = rrset;
} else if (rrset->getName() == signed_delegation_name_ &&
rrset->getType() == RRType::NS()) {
signed_delegation_rrset_ = rrset;
} else if (rrset->getName() == bad_signed_delegation_name_ &&
rrset->getType() == RRType::NS()) {
bad_signed_delegation_rrset_ = rrset;
} else if (rrset->getName() == unsigned_delegation_name_ &&
rrset->getType() == RRType::NS()) {
unsigned_delegation_rrset_ = rrset;
} else if (rrset->getName() == signed_delegation_name_ &&
rrset->getType() == RRType::DS()) {
signed_delegation_ds_rrset_ = rrset;
// Like NSEC(3), by nature it should have an RRSIG.
rrset->addRRsig(RdataPtr(new generic::RRSIG(
getCommonRRSIGText(rrset->getType().
toText()))));
// Remember delegation (NS/DNAME) related RRsets separately.
if ((rrset->getType() == RRType::NS() ||
rrset->getType() == RRType::DS()) &&
rrset->getName() != origin_) {
delegations_[rrset->getName()][rrset->getType()] = rrset;
} else if (rrset->getName() == dname_name_ &&
rrset->getType() == RRType::DNAME()) {
dname_rrset_ = rrset;
// Add some signatures
} else if (rrset->getName() == Name("example.com.") &&
rrset->getType() == RRType::NS()) {
// For NS, we only have RRSIG for the origin name.
rrset->addRRsig(RdataPtr(new generic::RRSIG(
getCommonRRSIGText("NS"))));
} else {
// For others generate RRSIG unconditionally. Technically this
// is wrong because we shouldn't have it for names under a zone
// cut. But in our tests that doesn't matter, so we add them
// just for simplicity.
}
// Add some signatures. For NS, we only have RRSIG for the origin
// name. For others generate RRSIG unconditionally. Technically this
// is wrong because we shouldn't have it for names under a zone
// cut. But in our tests that doesn't matter, so we add them
// just for simplicity.
// Note that this includes RRSIG for DS with secure delegations.
// They should have RRSIGs, so that's actually expected data, not just
// for simplicity.
if (rrset->getType() != RRType::NS() || rrset->getName() == origin_) {
rrset->addRRsig(RdataPtr(new generic::RRSIG(
getCommonRRSIGText(rrset->getType().
toText()))));
......@@ -377,14 +374,10 @@ private:
const Name origin_;
// Names where we delegate somewhere else
const Name delegation_name_;
const Name signed_delegation_name_;
const Name bad_signed_delegation_name_;
const Name unsigned_delegation_name_;
const Name dname_name_;
bool has_SOA_;
bool has_apex_NS_;
ConstRRsetPtr dname_rrset_;
const RRClass rrclass_;
bool include_rrsig_anyway_;
bool use_nsec3_;
......@@ -491,39 +484,27 @@ MockZoneFinder::find(const Name& name, const RRType& type,
}
// Special case for names on or under a zone cut
Domains::iterator it;
if ((options & FIND_GLUE_OK) == 0 &&
(name == delegation_name_ ||
name.compare(delegation_name_).getRelation() ==
NameComparisonResult::SUBDOMAIN)) {
return (FindResult(DELEGATION, delegation_rrset_));
// And under DNAME
} else if (name.compare(dname_name_).getRelation() ==
NameComparisonResult::SUBDOMAIN) {
if (type != RRType::DS()) {
return (FindResult(DNAME, dname_rrset_));
}
} else if (name == signed_delegation_name_ ||
name.compare(signed_delegation_name_).getRelation() ==
NameComparisonResult::SUBDOMAIN) {
(it = find_if(delegations_.begin(), delegations_.end(),
SubdomainMatch(name))) != delegations_.end()) {
ConstRRsetPtr delegation_ns = it->second[RRType::NS()];
assert(delegation_ns); // should be ensured by how we construct it
if (type != RRType::DS()) {
return (FindResult(DELEGATION, signed_delegation_rrset_));
} else {
return (FindResult(SUCCESS, signed_delegation_ds_rrset_));
return (FindResult(DELEGATION, delegation_ns));
}
} else if (name == unsigned_delegation_name_ ||
name.compare(unsigned_delegation_name_).getRelation() ==
NameComparisonResult::SUBDOMAIN) {
if (type != RRType::DS()) {
return (FindResult(DELEGATION, unsigned_delegation_rrset_));
RRsetStore::const_iterator it_rrset = it->second.find(RRType::DS());
if (it_rrset != it->second.end()) {
return (FindResult(SUCCESS, it_rrset->second));
}
} else if (name == bad_signed_delegation_name_ ||
name.compare(bad_signed_delegation_name_).getRelation() ==
NameComparisonResult::SUBDOMAIN) {
if (type != RRType::DS()) {
return (FindResult(DELEGATION, bad_signed_delegation_rrset_));
} else {
if (it->first == bad_signed_delegation_name_) {
return (FindResult(NXDOMAIN, RRsetPtr()));
}
// Treat as a normal in-zone case.
} else if (name.compare(dname_name_).getRelation() ==
NameComparisonResult::SUBDOMAIN) {
// And under DNAME
return (FindResult(DNAME, dname_rrset_));
}
// normal cases. names are searched for only per exact-match basis
......@@ -1054,7 +1035,7 @@ TEST_F(QueryTest, nxdomainBadNSEC1) {
// ZoneFinder::find() returns NXDOMAIN with non NSEC RR.
mock_finder->setNSECResult(Name("badnsec.example.com"),
ZoneFinder::NXDOMAIN,
mock_finder->delegation_rrset_);
mock_finder->dname_rrset_);
EXPECT_THROW(Query(memory_client, Name("badnsec.example.com"), qtype,
response, true).process(),
std::bad_cast);
......@@ -1074,7 +1055,7 @@ TEST_F(QueryTest, nxdomainBadNSEC3) {
// "no-wildcard proof" returns SUCCESS. it should be NXDOMAIN.
mock_finder->setNSECResult(Name("*.example.com"),
ZoneFinder::SUCCESS,
mock_finder->delegation_rrset_);
mock_finder->dname_rrset_);
EXPECT_THROW(Query(memory_client, Name("nxdomain.example.com"), qtype,
response, true).process(),
Query::BadNSEC);
......@@ -1093,18 +1074,20 @@ TEST_F(QueryTest, nxdomainBadNSEC5) {
// "no-wildcard proof" returns non NSEC.
mock_finder->setNSECResult(Name("*.example.com"),
ZoneFinder::NXDOMAIN,
mock_finder->delegation_rrset_);
mock_finder->dname_rrset_);
// This is a bit odd, but we'll simply include the returned RRset.
Query(memory_client, Name("nxdomain.example.com"), qtype,
response, true).process();
responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 8, 0,
responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 6, 0,
NULL, (string(soa_txt) +
string("example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_nxdomain_txt) + "\n" +
string("noglue.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC") + "\n" +
delegation_txt).c_str(),
dname_txt + "\n" +
string("dname.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("DNAME")).c_str(),
NULL, mock_finder->getOrigin());
}
......@@ -1216,7 +1199,7 @@ TEST_F(QueryTest, badWildcardProof1) {
// when NXDOMAIN is expected.
mock_finder->setNSECResult(Name("www.wild.example.com"),
ZoneFinder::SUCCESS,
mock_finder->delegation_rrset_);
mock_finder->dname_rrset_);
EXPECT_THROW(Query(memory_client, Name("www.wild.example.com"),
RRType::A(), response, true).process(),
Query::BadNSEC);
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment