Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Sebastian Schrader
Kea
Commits
7bba83cd
Commit
7bba83cd
authored
Jun 24, 2015
by
Francis Dupont
Browse files
[3919] Reverted last change and added a comment
parent
1e53cc76
Changes
1
Hide whitespace changes
Inline
Side-by-side
src/lib/dns/tests/tsig_unittest.cc
View file @
7bba83cd
// Copyright (C) 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
// Copyright (C) 2011, 2014
, 2015
Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
...
...
@@ -51,6 +51,9 @@ using namespace isc::dns::rdata;
using
isc
::
UnitTestUtil
;
using
isc
::
util
::
unittests
::
matchWireData
;
// @note: blocks and SCOPED_TRACE can make buggy cppchecks to raise
// a spurious syntax error...
// See dnssectime.cc
namespace
isc
{
namespace
util
{
...
...
@@ -1085,93 +1088,105 @@ TEST_F(TSIGTest, verifyMulti) {
// First, send query from the verify one to the normal one, so
// we initialize something like AXFR
// SCOPED_TRACE("Query");
ConstTSIGRecordPtr
tsigQ
=
createMessageAndSign
(
1234
,
test_name
,
tsig_verify_ctx
.
get
());
commonVerifyChecks
(
*
tsig_ctx
,
tsigQ
.
get
(),
renderer
.
getData
(),
renderer
.
getLength
(),
TSIGError
(
Rcode
::
NOERROR
()),
TSIGContext
::
RECEIVED_REQUEST
);
// SCOPED_TRACE("First message");
ConstTSIGRecordPtr
tsig1
=
createMessageAndSign
(
1234
,
test_name
,
tsig_ctx
.
get
());
commonVerifyChecks
(
*
tsig_verify_ctx
,
tsig1
.
get
(),
renderer
.
getData
(),
renderer
.
getLength
(),
TSIGError
(
Rcode
::
NOERROR
()),
TSIGContext
::
VERIFIED_RESPONSE
);
EXPECT_TRUE
(
tsig_verify_ctx
->
lastHadSignature
());
// SCOPED_TRACE("Second message");
ConstTSIGRecordPtr
tsig2
=
createMessageAndSign
(
1234
,
test_name
,
tsig_ctx
.
get
());
commonVerifyChecks
(
*
tsig_verify_ctx
,
tsig2
.
get
(),
renderer
.
getData
(),
renderer
.
getLength
(),
TSIGError
(
Rcode
::
NOERROR
()),
TSIGContext
::
VERIFIED_RESPONSE
);
EXPECT_TRUE
(
tsig_verify_ctx
->
lastHadSignature
());
// SCOPED_TRACE("Third message. Unsigned.");
// Another message does not carry the TSIG on it. But it should
// be OK, it's in the middle of stream.
message
.
clear
(
Message
::
RENDER
);
message
.
setQid
(
1234
);
message
.
setOpcode
(
Opcode
::
QUERY
());
message
.
setRcode
(
Rcode
::
NOERROR
());
RRsetPtr
answer_rrset
(
new
RRset
(
test_name
,
test_class
,
RRType
::
A
(),
test_ttl
));
answer_rrset
->
addRdata
(
createRdata
(
RRType
::
A
(),
test_class
,
"192.0.2.1"
));
message
.
addRRset
(
Message
::
SECTION_ANSWER
,
answer_rrset
);
message
.
toWire
(
renderer
);
// Update the internal state. We abuse the knowledge of
// internals here a little bit to generate correct test data
tsig_ctx
->
update
(
renderer
.
getData
(),
renderer
.
getLength
());
commonVerifyChecks
(
*
tsig_verify_ctx
,
NULL
,
renderer
.
getData
(),
renderer
.
getLength
(),
TSIGError
(
Rcode
::
NOERROR
()),
TSIGContext
::
VERIFIED_RESPONSE
);
EXPECT_FALSE
(
tsig_verify_ctx
->
lastHadSignature
());
// SCOPED_TRACE("Fourth message. Signed again.");
ConstTSIGRecordPtr
tsig4
=
createMessageAndSign
(
1234
,
test_name
,
tsig_ctx
.
get
());
commonVerifyChecks
(
*
tsig_verify_ctx
,
tsig4
.
get
(),
renderer
.
getData
(),
renderer
.
getLength
(),
TSIGError
(
Rcode
::
NOERROR
()),
TSIGContext
::
VERIFIED_RESPONSE
);
EXPECT_TRUE
(
tsig_verify_ctx
->
lastHadSignature
());
// SCOPED_TRACE("Filling in bunch of unsigned messages");
for
(
size_t
i
=
0
;
i
<
100
;
++
i
)
{
// SCOPED_TRACE(i);
// Another message does not carry the TSIG on it. But it should
// be OK, it's in the middle of stream.
message
.
clear
(
Message
::
RENDER
);
message
.
setQid
(
1234
);
message
.
setOpcode
(
Opcode
::
QUERY
());
message
.
setRcode
(
Rcode
::
NOERROR
());
RRsetPtr
answer_rrsetl
(
new
RRset
(
test_name
,
test_class
,
RRType
::
A
(),
test_ttl
));
answer_rrsetl
->
addRdata
(
createRdata
(
RRType
::
A
(),
test_class
,
"192.0.2.1"
));
message
.
addRRset
(
Message
::
SECTION_ANSWER
,
answer_rrsetl
);
message
.
toWire
(
renderer
);
// Update the internal state. We abuse the knowledge of
// internals here a little bit to generate correct test data
tsig_ctx
->
update
(
renderer
.
getData
(),
renderer
.
getLength
());
// 99 unsigned messages is OK. But the 100th must be signed, according
// to the RFC2845, section 4.4
commonVerifyChecks
(
*
tsig_verify_ctx
,
NULL
,
renderer
.
getData
(),
renderer
.
getLength
(),
i
==
99
?
TSIGError
::
FORMERR
()
:
TSIGError
(
Rcode
::
NOERROR
()),
TSIGContext
::
VERIFIED_RESPONSE
);
EXPECT_FALSE
(
tsig_verify_ctx
->
lastHadSignature
());
{
SCOPED_TRACE
(
"Query"
);
ConstTSIGRecordPtr
tsig
=
createMessageAndSign
(
1234
,
test_name
,
tsig_verify_ctx
.
get
());
commonVerifyChecks
(
*
tsig_ctx
,
tsig
.
get
(),
renderer
.
getData
(),
renderer
.
getLength
(),
TSIGError
(
Rcode
::
NOERROR
()),
TSIGContext
::
RECEIVED_REQUEST
);
}
{
SCOPED_TRACE
(
"First message"
);
ConstTSIGRecordPtr
tsig
=
createMessageAndSign
(
1234
,
test_name
,
tsig_ctx
.
get
());
commonVerifyChecks
(
*
tsig_verify_ctx
,
tsig
.
get
(),
renderer
.
getData
(),
renderer
.
getLength
(),
TSIGError
(
Rcode
::
NOERROR
()),
TSIGContext
::
VERIFIED_RESPONSE
);
EXPECT_TRUE
(
tsig_verify_ctx
->
lastHadSignature
());
}
{
SCOPED_TRACE
(
"Second message"
);
ConstTSIGRecordPtr
tsig
=
createMessageAndSign
(
1234
,
test_name
,
tsig_ctx
.
get
());
commonVerifyChecks
(
*
tsig_verify_ctx
,
tsig
.
get
(),
renderer
.
getData
(),
renderer
.
getLength
(),
TSIGError
(
Rcode
::
NOERROR
()),
TSIGContext
::
VERIFIED_RESPONSE
);
EXPECT_TRUE
(
tsig_verify_ctx
->
lastHadSignature
());
}
{
SCOPED_TRACE
(
"Third message. Unsigned."
);
// Another message does not carry the TSIG on it. But it should
// be OK, it's in the middle of stream.
message
.
clear
(
Message
::
RENDER
);
message
.
setQid
(
1234
);
message
.
setOpcode
(
Opcode
::
QUERY
());
message
.
setRcode
(
Rcode
::
NOERROR
());
RRsetPtr
answer_rrset
(
new
RRset
(
test_name
,
test_class
,
RRType
::
A
(),
test_ttl
));
answer_rrset
->
addRdata
(
createRdata
(
RRType
::
A
(),
test_class
,
"192.0.2.1"
));
message
.
addRRset
(
Message
::
SECTION_ANSWER
,
answer_rrset
);
message
.
toWire
(
renderer
);
// Update the internal state. We abuse the knowledge of
// internals here a little bit to generate correct test data
tsig_ctx
->
update
(
renderer
.
getData
(),
renderer
.
getLength
());
commonVerifyChecks
(
*
tsig_verify_ctx
,
NULL
,
renderer
.
getData
(),
renderer
.
getLength
(),
TSIGError
(
Rcode
::
NOERROR
()),
TSIGContext
::
VERIFIED_RESPONSE
);
EXPECT_FALSE
(
tsig_verify_ctx
->
lastHadSignature
());
}
{
SCOPED_TRACE
(
"Fourth message. Signed again."
);
ConstTSIGRecordPtr
tsig
=
createMessageAndSign
(
1234
,
test_name
,
tsig_ctx
.
get
());
commonVerifyChecks
(
*
tsig_verify_ctx
,
tsig
.
get
(),
renderer
.
getData
(),
renderer
.
getLength
(),
TSIGError
(
Rcode
::
NOERROR
()),
TSIGContext
::
VERIFIED_RESPONSE
);
EXPECT_TRUE
(
tsig_verify_ctx
->
lastHadSignature
());
}
{
SCOPED_TRACE
(
"Filling in bunch of unsigned messages"
);
for
(
size_t
i
=
0
;
i
<
100
;
++
i
)
{
SCOPED_TRACE
(
i
);
// Another message does not carry the TSIG on it. But it should
// be OK, it's in the middle of stream.
message
.
clear
(
Message
::
RENDER
);
message
.
setQid
(
1234
);
message
.
setOpcode
(
Opcode
::
QUERY
());
message
.
setRcode
(
Rcode
::
NOERROR
());
RRsetPtr
answer_rrset
(
new
RRset
(
test_name
,
test_class
,
RRType
::
A
(),
test_ttl
));
answer_rrset
->
addRdata
(
createRdata
(
RRType
::
A
(),
test_class
,
"192.0.2.1"
));
message
.
addRRset
(
Message
::
SECTION_ANSWER
,
answer_rrset
);
message
.
toWire
(
renderer
);
// Update the internal state. We abuse the knowledge of
// internals here a little bit to generate correct test data
tsig_ctx
->
update
(
renderer
.
getData
(),
renderer
.
getLength
());
// 99 unsigned messages is OK. But the 100th must be signed, according
// to the RFC2845, section 4.4
commonVerifyChecks
(
*
tsig_verify_ctx
,
NULL
,
renderer
.
getData
(),
renderer
.
getLength
(),
i
==
99
?
TSIGError
::
FORMERR
()
:
TSIGError
(
Rcode
::
NOERROR
()),
TSIGContext
::
VERIFIED_RESPONSE
);
EXPECT_FALSE
(
tsig_verify_ctx
->
lastHadSignature
());
}
}
}
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment