Commit c1c2ddf5 authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

[1176] Check no DNSSEC_OK means no RRSIGs

parent 04b04226
...@@ -111,7 +111,8 @@ public: ...@@ -111,7 +111,8 @@ public:
dname_name_("dname.example.com"), dname_name_("dname.example.com"),
has_SOA_(true), has_SOA_(true),
has_apex_NS_(true), has_apex_NS_(true),
rrclass_(RRClass::IN()) rrclass_(RRClass::IN()),
include_rrsig_anyway_(false)
{ {
stringstream zone_stream; stringstream zone_stream;
zone_stream << soa_txt << zone_ns_txt << ns_addrs_txt << zone_stream << soa_txt << zone_ns_txt << ns_addrs_txt <<
...@@ -137,6 +138,9 @@ public: ...@@ -137,6 +138,9 @@ public:
// the apex NS. // the apex NS.
void setApexNSFlag(bool on) { has_apex_NS_ = on; } void setApexNSFlag(bool on) { has_apex_NS_ = on; }
// Turn this on if you want it to return RRSIGs regardless of FIND_GLUE_OK
void setIncludeRRSIGAnyway(bool on) { include_rrsig_anyway_ = on; }
private: private:
typedef map<RRType, ConstRRsetPtr> RRsetStore; typedef map<RRType, ConstRRsetPtr> RRsetStore;
typedef map<Name, RRsetStore> Domains; typedef map<Name, RRsetStore> Domains;
...@@ -181,6 +185,7 @@ private: ...@@ -181,6 +185,7 @@ private:
ConstRRsetPtr delegation_rrset_; ConstRRsetPtr delegation_rrset_;
ConstRRsetPtr dname_rrset_; ConstRRsetPtr dname_rrset_;
const RRClass rrclass_; const RRClass rrclass_;
bool include_rrsig_anyway_;
}; };
ZoneFinder::FindResult ZoneFinder::FindResult
...@@ -219,6 +224,7 @@ MockZoneFinder::find(const Name& name, const RRType& type, ...@@ -219,6 +224,7 @@ MockZoneFinder::find(const Name& name, const RRType& type,
// Strip whatever signature there is in case DNSSEC is not required // Strip whatever signature there is in case DNSSEC is not required
// Just to make sure the Query asks for it when it is needed // Just to make sure the Query asks for it when it is needed
if (options & ZoneFinder::FIND_DNSSEC || if (options & ZoneFinder::FIND_DNSSEC ||
include_rrsig_anyway_ ||
!found_rrset->second->getRRsig()) { !found_rrset->second->getRRsig()) {
rrset = found_rrset->second; rrset = found_rrset->second;
} else { } else {
...@@ -342,6 +348,17 @@ TEST_F(QueryTest, exactMatch) { ...@@ -342,6 +348,17 @@ TEST_F(QueryTest, exactMatch) {
www_a_txt, zone_ns_txt, ns_addrs_txt); www_a_txt, zone_ns_txt, ns_addrs_txt);
} }
TEST_F(QueryTest, exactMatchIgnoreSIG) {
// Check that we do not include the RRSIG when not requested even when
// we receive it from the data source.
mock_finder->setIncludeRRSIGAnyway(true);
Query query(memory_client, qname, qtype, response);
EXPECT_NO_THROW(query.process());
// find match rrset
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 1, 3, 3,
www_a_txt, zone_ns_txt, ns_addrs_txt);
}
TEST_F(QueryTest, dnssecPositive) { TEST_F(QueryTest, dnssecPositive) {
// Just like exactMatch, but the signatures should be included as well // Just like exactMatch, but the signatures should be included as well
Query query(memory_client, qname, qtype, response, true); Query query(memory_client, qname, qtype, response, true);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment