Rewrite dsdigest system test to pytest

bin/tests/system/dsdigest/clean.sh

@@ -11,12 +11,10 @@
 # See the COPYRIGHT file distributed with this work for additional
 # information regarding copyright ownership.
 
-rm -f supported
 rm -f */K* */dsset-* */*.signed */trusted.conf
 rm -f ns1/root.db
 rm -f ns1/signer.err
 rm -f ns2/good.db ns2/bad.db
-rm -f dig.out*
 rm -f */named.conf
 rm -f */named.run
 rm -f */named.memstats

bin/tests/system/dsdigest/tests.sh

@@ -1,55 +0,0 @@
-#!/bin/sh
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0.  If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-set -e
-
-. ../conf.sh
-
-status=0
-
-rm -f dig.out.*
-
-DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
-
-# Check the good. domain
-
-echo_i "checking that validation with enabled digest types works"
-ret=0
-$DIG $DIGOPTS a.good. @10.53.0.3 a >dig.out.good || ret=1
-grep "status: NOERROR" dig.out.good >/dev/null || ret=1
-grep "flags:[^;]* ad[ ;]" dig.out.good >/dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-# Check the bad. domain
-
-echo_i "checking that validation with no supported digest types and must-be-secure results in SERVFAIL"
-ret=0
-$DIG $DIGOPTS a.bad. @10.53.0.3 a >dig.out.bad || ret=1
-grep "SERVFAIL" dig.out.bad >/dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-echo_i "checking that validation with no supported digest algorithms results in insecure"
-ret=0
-$DIG $DIGOPTS bad. @10.53.0.4 ds >dig.out.ds || ret=1
-grep "NOERROR" dig.out.ds >/dev/null || ret=1
-grep "flags:[^;]* ad[ ;]" dig.out.ds >/dev/null || ret=1
-$DIG $DIGOPTS a.bad. @10.53.0.4 a >dig.out.insecure || ret=1
-grep "NOERROR" dig.out.insecure >/dev/null || ret=1
-grep "flags:[^;]* ad[ ;]" dig.out.insecure >/dev/null && ret=1
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-echo_i "exit status: $status"
-
-[ $status -eq 0 ] || exit 1

bin/tests/system/dsdigest/tests_dsdigest.py

@@ -0,0 +1,55 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import dns.message
+
+import isctest
+
+
+def test_dsdigest_good():
+    """Check that validation with enabled digest types works"""
+    msg = dns.message.make_query("a.good.", "A", want_dnssec=True)
+    res = isctest.query.tcp(
+        msg,
+        "10.53.0.3",
+    )
+    isctest.check.noerror(res)
+    assert res.flags & dns.flags.AD
+
+
+def test_dsdigest_bad():
+    """Check that validation with not supported digest types
+    and "dnssec-must-be-secure yes;" results in SERVFAIL"""
+    msg = dns.message.make_query("a.bad.", "A", want_dnssec=True)
+    res = isctest.query.tcp(
+        msg,
+        "10.53.0.3",
+    )
+    isctest.check.servfail(res)
+
+
+def test_dsdigest_insecure():
+    """Check that validation with not supported digest algorithms is insecure"""
+    msg_ds = dns.message.make_query("bad.", "DS", want_dnssec=True)
+    res_ds = isctest.query.tcp(
+        msg_ds,
+        "10.53.0.4",
+    )
+    isctest.check.noerror(res_ds)
+    assert res_ds.flags & dns.flags.AD
+
+    msg_a = dns.message.make_query("a.bad.", "A", want_dnssec=True)
+    res_a = isctest.query.tcp(
+        msg_a,
+        "10.53.0.4",
+    )
+    isctest.check.noerror(res_a)
+    assert not res_a.flags & dns.flags.AD

bin/tests/system/dsdigest/tests_sh_dsdigest.py

@@ -1,14 +0,0 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0.  If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-
-def test_dsdigest(run_tests_sh):
-    run_tests_sh()