mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-09-04 16:05:17 +00:00
Code Issues Releases Wiki Activity

[3919] Reverted last change and added a comment

Browse Source
This commit is contained in:
Francis Dupont
2015-06-24 15:47:12 +02:00
parent 1e53cc764d
commit 7bba83cd86
1 changed files with 94 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

173
src/lib/dns/tests/tsig_unittest.cc
View File

@@ -1,4 +1,4 @@
// Copyright (C) 2011, 2014 Internet Systems Consortium, Inc. ("ISC") // Copyright (C) 2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
// //
// Permission to use, copy, modify, and/or distribute this software for any // Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above // purpose with or without fee is hereby granted, provided that the above
@@ -51,6 +51,9 @@ using namespace isc::dns::rdata;
using isc::UnitTestUtil; using isc::UnitTestUtil;
using isc::util::unittests::matchWireData; using isc::util::unittests::matchWireData;
// @note: blocks and SCOPED_TRACE can make buggy cppchecks to raise
// a spurious syntax error...
// See dnssectime.cc // See dnssectime.cc
namespace isc { namespace isc {
namespace util { namespace util {
@@ -1085,93 +1088,105 @@ TEST_F(TSIGTest, verifyMulti) {
// First, send query from the verify one to the normal one, so // First, send query from the verify one to the normal one, so
// we initialize something like AXFR // we initialize something like AXFR
// SCOPED_TRACE("Query"); {
ConstTSIGRecordPtr tsigQ = createMessageAndSign(1234, test_name, SCOPED_TRACE("Query");
tsig_verify_ctx.get()); ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
commonVerifyChecks(*tsig_ctx, tsigQ.get(), tsig_verify_ctx.get());
renderer.getData(), renderer.getLength(), commonVerifyChecks(*tsig_ctx, tsig.get(),
TSIGError(Rcode::NOERROR()), renderer.getData(), renderer.getLength(),
TSIGContext::RECEIVED_REQUEST); TSIGError(Rcode::NOERROR()),
TSIGContext::RECEIVED_REQUEST);
}
// SCOPED_TRACE("First message"); {
ConstTSIGRecordPtr tsig1 = createMessageAndSign(1234, test_name, SCOPED_TRACE("First message");
tsig_ctx.get()); ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
commonVerifyChecks(*tsig_verify_ctx, tsig1.get(), tsig_ctx.get());
renderer.getData(), renderer.getLength(), commonVerifyChecks(*tsig_verify_ctx, tsig.get(),
TSIGError(Rcode::NOERROR()), renderer.getData(), renderer.getLength(),
TSIGContext::VERIFIED_RESPONSE); TSIGError(Rcode::NOERROR()),
EXPECT_TRUE(tsig_verify_ctx->lastHadSignature()); TSIGContext::VERIFIED_RESPONSE);
EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
}
// SCOPED_TRACE("Second message"); {
ConstTSIGRecordPtr tsig2 = createMessageAndSign(1234, test_name, SCOPED_TRACE("Second message");
tsig_ctx.get()); ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
commonVerifyChecks(*tsig_verify_ctx, tsig2.get(), tsig_ctx.get());
renderer.getData(), renderer.getLength(), commonVerifyChecks(*tsig_verify_ctx, tsig.get(),
TSIGError(Rcode::NOERROR()), renderer.getData(), renderer.getLength(),
TSIGContext::VERIFIED_RESPONSE); TSIGError(Rcode::NOERROR()),
EXPECT_TRUE(tsig_verify_ctx->lastHadSignature()); TSIGContext::VERIFIED_RESPONSE);
EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
}
// SCOPED_TRACE("Third message. Unsigned."); {
// Another message does not carry the TSIG on it. But it should SCOPED_TRACE("Third message. Unsigned.");
// be OK, it's in the middle of stream. // Another message does not carry the TSIG on it. But it should
message.clear(Message::RENDER); // be OK, it's in the middle of stream.
message.setQid(1234); message.clear(Message::RENDER);
message.setOpcode(Opcode::QUERY()); message.setQid(1234);
message.setRcode(Rcode::NOERROR()); message.setOpcode(Opcode::QUERY());
RRsetPtr answer_rrset(new RRset(test_name, test_class, RRType::A(), message.setRcode(Rcode::NOERROR());
test_ttl)); RRsetPtr answer_rrset(new RRset(test_name, test_class, RRType::A(),
answer_rrset->addRdata(createRdata(RRType::A(), test_class, test_ttl));
"192.0.2.1")); answer_rrset->addRdata(createRdata(RRType::A(), test_class,
message.addRRset(Message::SECTION_ANSWER, answer_rrset); "192.0.2.1"));
message.toWire(renderer); message.addRRset(Message::SECTION_ANSWER, answer_rrset);
// Update the internal state. We abuse the knowledge of message.toWire(renderer);
// internals here a little bit to generate correct test data // Update the internal state. We abuse the knowledge of
tsig_ctx->update(renderer.getData(), renderer.getLength()); // internals here a little bit to generate correct test data
tsig_ctx->update(renderer.getData(), renderer.getLength());
commonVerifyChecks(*tsig_verify_ctx, NULL, commonVerifyChecks(*tsig_verify_ctx, NULL,
renderer.getData(), renderer.getLength(), renderer.getData(), renderer.getLength(),
TSIGError(Rcode::NOERROR()), TSIGError(Rcode::NOERROR()),
TSIGContext::VERIFIED_RESPONSE); TSIGContext::VERIFIED_RESPONSE);
EXPECT_FALSE(tsig_verify_ctx->lastHadSignature()); EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
}
// SCOPED_TRACE("Fourth message. Signed again."); {
ConstTSIGRecordPtr tsig4 = createMessageAndSign(1234, test_name, SCOPED_TRACE("Fourth message. Signed again.");
tsig_ctx.get()); ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
commonVerifyChecks(*tsig_verify_ctx, tsig4.get(), tsig_ctx.get());
renderer.getData(), renderer.getLength(), commonVerifyChecks(*tsig_verify_ctx, tsig.get(),
TSIGError(Rcode::NOERROR()), renderer.getData(), renderer.getLength(),
TSIGContext::VERIFIED_RESPONSE); TSIGError(Rcode::NOERROR()),
EXPECT_TRUE(tsig_verify_ctx->lastHadSignature()); TSIGContext::VERIFIED_RESPONSE);
EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
}
// SCOPED_TRACE("Filling in bunch of unsigned messages"); {
for (size_t i = 0; i < 100; ++i) { SCOPED_TRACE("Filling in bunch of unsigned messages");
// SCOPED_TRACE(i); for (size_t i = 0; i < 100; ++i) {
// Another message does not carry the TSIG on it. But it should SCOPED_TRACE(i);
// be OK, it's in the middle of stream. // Another message does not carry the TSIG on it. But it should
message.clear(Message::RENDER); // be OK, it's in the middle of stream.
message.setQid(1234); message.clear(Message::RENDER);
message.setOpcode(Opcode::QUERY()); message.setQid(1234);
message.setRcode(Rcode::NOERROR()); message.setOpcode(Opcode::QUERY());
RRsetPtr answer_rrsetl(new RRset(test_name, test_class, RRType::A(), message.setRcode(Rcode::NOERROR());
test_ttl)); RRsetPtr answer_rrset(new RRset(test_name, test_class, RRType::A(),
answer_rrsetl->addRdata(createRdata(RRType::A(), test_class, test_ttl));
"192.0.2.1")); answer_rrset->addRdata(createRdata(RRType::A(), test_class,
message.addRRset(Message::SECTION_ANSWER, answer_rrsetl); "192.0.2.1"));
message.toWire(renderer); message.addRRset(Message::SECTION_ANSWER, answer_rrset);
// Update the internal state. We abuse the knowledge of message.toWire(renderer);
// internals here a little bit to generate correct test data // Update the internal state. We abuse the knowledge of
tsig_ctx->update(renderer.getData(), renderer.getLength()); // internals here a little bit to generate correct test data
tsig_ctx->update(renderer.getData(), renderer.getLength());
// 99 unsigned messages is OK. But the 100th must be signed, according // 99 unsigned messages is OK. But the 100th must be signed, according
// to the RFC2845, section 4.4 // to the RFC2845, section 4.4
commonVerifyChecks(*tsig_verify_ctx, NULL, commonVerifyChecks(*tsig_verify_ctx, NULL,
renderer.getData(), renderer.getLength(), renderer.getData(), renderer.getLength(),
i == 99 ? TSIGError::FORMERR() : i == 99 ? TSIGError::FORMERR() :
TSIGError(Rcode::NOERROR()), TSIGError(Rcode::NOERROR()),
TSIGContext::VERIFIED_RESPONSE); TSIGContext::VERIFIED_RESPONSE);
EXPECT_FALSE(tsig_verify_ctx->lastHadSignature()); EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
}
} }
} }