Skip to content

GitLab

Commit 7bba83cd authored by Francis Dupont's avatar Francis Dupont
Browse files

[3919] Reverted last change and added a comment

parent 1e53cc76
Hide whitespace changes
Inline Side-by-side
Showing with 103 additions and 88 deletions
src/lib/dns/tests/tsig_unittest.cc
View file @ 7bba83cd
// Copyright (C) 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
// Copyright (C) 2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
......@@ -51,6 +51,9 @@ using namespace isc::dns::rdata;
using isc::UnitTestUtil;
using isc::util::unittests::matchWireData;
// @note: blocks and SCOPED_TRACE can make buggy cppchecks to raise
// a spurious syntax error...
// See dnssectime.cc
namespace isc {
namespace util {
......@@ -1085,93 +1088,105 @@ TEST_F(TSIGTest, verifyMulti) {
// First, send query from the verify one to the normal one, so
// we initialize something like AXFR
// SCOPED_TRACE("Query");
ConstTSIGRecordPtr tsigQ = createMessageAndSign(1234, test_name,
tsig_verify_ctx.get());
commonVerifyChecks(*tsig_ctx, tsigQ.get(),
renderer.getData(), renderer.getLength(),
TSIGError(Rcode::NOERROR()),
TSIGContext::RECEIVED_REQUEST);
// SCOPED_TRACE("First message");
ConstTSIGRecordPtr tsig1 = createMessageAndSign(1234, test_name,
tsig_ctx.get());
commonVerifyChecks(*tsig_verify_ctx, tsig1.get(),
renderer.getData(), renderer.getLength(),
TSIGError(Rcode::NOERROR()),
TSIGContext::VERIFIED_RESPONSE);
EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
// SCOPED_TRACE("Second message");
ConstTSIGRecordPtr tsig2 = createMessageAndSign(1234, test_name,
tsig_ctx.get());
commonVerifyChecks(*tsig_verify_ctx, tsig2.get(),
renderer.getData(), renderer.getLength(),
TSIGError(Rcode::NOERROR()),
TSIGContext::VERIFIED_RESPONSE);
EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
// SCOPED_TRACE("Third message. Unsigned.");
// Another message does not carry the TSIG on it. But it should
// be OK, it's in the middle of stream.
message.clear(Message::RENDER);
message.setQid(1234);
message.setOpcode(Opcode::QUERY());
message.setRcode(Rcode::NOERROR());
RRsetPtr answer_rrset(new RRset(test_name, test_class, RRType::A(),
test_ttl));
answer_rrset->addRdata(createRdata(RRType::A(), test_class,
"192.0.2.1"));
message.addRRset(Message::SECTION_ANSWER, answer_rrset);
message.toWire(renderer);
// Update the internal state. We abuse the knowledge of
// internals here a little bit to generate correct test data
tsig_ctx->update(renderer.getData(), renderer.getLength());
commonVerifyChecks(*tsig_verify_ctx, NULL,
renderer.getData(), renderer.getLength(),
TSIGError(Rcode::NOERROR()),
TSIGContext::VERIFIED_RESPONSE);
EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
// SCOPED_TRACE("Fourth message. Signed again.");
ConstTSIGRecordPtr tsig4 = createMessageAndSign(1234, test_name,
tsig_ctx.get());
commonVerifyChecks(*tsig_verify_ctx, tsig4.get(),
renderer.getData(), renderer.getLength(),
TSIGError(Rcode::NOERROR()),
TSIGContext::VERIFIED_RESPONSE);
EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
// SCOPED_TRACE("Filling in bunch of unsigned messages");
for (size_t i = 0; i < 100; ++i) {
// SCOPED_TRACE(i);
// Another message does not carry the TSIG on it. But it should
// be OK, it's in the middle of stream.
message.clear(Message::RENDER);
message.setQid(1234);
message.setOpcode(Opcode::QUERY());
message.setRcode(Rcode::NOERROR());
RRsetPtr answer_rrsetl(new RRset(test_name, test_class, RRType::A(),
test_ttl));
answer_rrsetl->addRdata(createRdata(RRType::A(), test_class,
"192.0.2.1"));
message.addRRset(Message::SECTION_ANSWER, answer_rrsetl);
message.toWire(renderer);
// Update the internal state. We abuse the knowledge of
// internals here a little bit to generate correct test data
tsig_ctx->update(renderer.getData(), renderer.getLength());
// 99 unsigned messages is OK. But the 100th must be signed, according
// to the RFC2845, section 4.4
commonVerifyChecks(*tsig_verify_ctx, NULL,
renderer.getData(), renderer.getLength(),
i == 99 ? TSIGError::FORMERR() :
TSIGError(Rcode::NOERROR()),
TSIGContext::VERIFIED_RESPONSE);
EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
{
SCOPED_TRACE("Query");
ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
tsig_verify_ctx.get());
commonVerifyChecks(*tsig_ctx, tsig.get(),
renderer.getData(), renderer.getLength(),
TSIGError(Rcode::NOERROR()),
TSIGContext::RECEIVED_REQUEST);
}
{
SCOPED_TRACE("First message");
ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
tsig_ctx.get());
commonVerifyChecks(*tsig_verify_ctx, tsig.get(),
renderer.getData(), renderer.getLength(),
TSIGError(Rcode::NOERROR()),
TSIGContext::VERIFIED_RESPONSE);
EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
}
{
SCOPED_TRACE("Second message");
ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
tsig_ctx.get());
commonVerifyChecks(*tsig_verify_ctx, tsig.get(),
renderer.getData(), renderer.getLength(),
TSIGError(Rcode::NOERROR()),
TSIGContext::VERIFIED_RESPONSE);
EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
}
{
SCOPED_TRACE("Third message. Unsigned.");
// Another message does not carry the TSIG on it. But it should
// be OK, it's in the middle of stream.
message.clear(Message::RENDER);
message.setQid(1234);
message.setOpcode(Opcode::QUERY());
message.setRcode(Rcode::NOERROR());
RRsetPtr answer_rrset(new RRset(test_name, test_class, RRType::A(),
test_ttl));
answer_rrset->addRdata(createRdata(RRType::A(), test_class,
"192.0.2.1"));
message.addRRset(Message::SECTION_ANSWER, answer_rrset);
message.toWire(renderer);
// Update the internal state. We abuse the knowledge of
// internals here a little bit to generate correct test data
tsig_ctx->update(renderer.getData(), renderer.getLength());
commonVerifyChecks(*tsig_verify_ctx, NULL,
renderer.getData(), renderer.getLength(),
TSIGError(Rcode::NOERROR()),
TSIGContext::VERIFIED_RESPONSE);
EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
}
{
SCOPED_TRACE("Fourth message. Signed again.");
ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
tsig_ctx.get());
commonVerifyChecks(*tsig_verify_ctx, tsig.get(),
renderer.getData(), renderer.getLength(),
TSIGError(Rcode::NOERROR()),
TSIGContext::VERIFIED_RESPONSE);
EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
}
{
SCOPED_TRACE("Filling in bunch of unsigned messages");
for (size_t i = 0; i < 100; ++i) {
SCOPED_TRACE(i);
// Another message does not carry the TSIG on it. But it should
// be OK, it's in the middle of stream.
message.clear(Message::RENDER);
message.setQid(1234);
message.setOpcode(Opcode::QUERY());
message.setRcode(Rcode::NOERROR());
RRsetPtr answer_rrset(new RRset(test_name, test_class, RRType::A(),
test_ttl));
answer_rrset->addRdata(createRdata(RRType::A(), test_class,
"192.0.2.1"));
message.addRRset(Message::SECTION_ANSWER, answer_rrset);
message.toWire(renderer);
// Update the internal state. We abuse the knowledge of
// internals here a little bit to generate correct test data
tsig_ctx->update(renderer.getData(), renderer.getLength());
// 99 unsigned messages is OK. But the 100th must be signed, according
// to the RFC2845, section 4.4
commonVerifyChecks(*tsig_verify_ctx, NULL,
renderer.getData(), renderer.getLength(),
i == 99 ? TSIGError::FORMERR() :
TSIGError(Rcode::NOERROR()),
TSIGContext::VERIFIED_RESPONSE);
EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
}
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment