this is the first step to support updating the NSEC3 namespace of a zone.
to help support various cases in addRRset() in a less expensive way,
introduced a helper RRParameterConverter class.
one simple test case was added to confirm the behavior.
To fix unittest from using wrong libdns++ version.
Error was:
terminate called after throwing an instance of 'isc::dns::EmptyLabel'
what(): duplicate period
Also isc::dns::NameParserException was added.
Discussed some on jabber.
make sure use the correct version of libdatasrc.
Error was:
Undefined symbol "_ZN3isc7datasrc35DATASRC_SQLITE_INCOMPATIBLE_VERSIONE"
Discussed on jabber.
It is included using the UNION SQL statement to concatenate the tables
together. The ordering is little bit of a hack. We could order by name,
but that would not be much better and a lot of tests would need to be
modified. Also, the NSEC3 sigtype is hardcoded for the NSEC3 namespace,
as there can be no other signature.
- consolidated test scenarios for NSEC and NSEC3 to avoid duplicates
- also tested the case for findAll()
- also tested when the zone only has NSEC3PARAM or unsigned
these are short, and only used in FindDNSSECContext, so it'd make more sense
to enclose them there.
Other cleanups:
- also made FindDNSSECContext::isNSEC/isNSEC3 private as they now don't need
to be called outside the class
- removed isInited(); simpy doesn't see the need for it as a separate method
- simplified the code logic of getResultFlag()
same adjustment as the previous comment was made for tests.
also fixed a small bug in getDNSSECRRset(): I should have reversed the
logic for need_nscheck.
to make a related test pass, incorporated the NotImplemented exception
handling from findNSECCover to getDNSSECRRset.
note: in this commit I reversed the behavior when we encounter the situation
where NSEC is expected but cannot be found; it now returns a NULL pointer,
although the NSEC_SIGNED flag can be still set.
It's a quite broken case of zone config so it's probably up to the
implementation, and in that sense throwing an exception is not necessary
wrong. But we may have such a situation in a valid scenario if and when we
support incremental zone signing. Also, this behavior is consistent with
BIND 9.
The emptyNonterminalNSEC test case was adjusted accordingly.
to do this, I extended getDNSSECRRset(name) further: it now takes 'covering'
parameter, depending on whether the requested NSEC is for the exact name
or the covering ("previous") name. In the latter case it does the same
thing as findNSECCover() (which will be merged to getDNSSECRRset later).
now FindDNSSECContext has sufficient information to choose the correct flag,
findOnNameResult() can simply call its getResultFlags().
as an additional bonus, we can constify 'flags'.
- renamed getNSECRRset to getDNSSECRRset to clarify it's for generic DNSSEC
purpose, even though it's essentially NSEC specific.
- moved the 'isNSEC' check to the now-renamed getDNSSECRRset, thereby removing
the need for checking that within findOnNameResult.
instead of a pointer.
IMO, finderp_ should better be a reference than a pointer if we'd
worry about the case where it's NULL later on, like getNSECRRset
does (which shouldn't never happen in our usage).
the NULL pointer check was therefore removed with this change.
removed origin_ or complete flags_ from the class members. non DNSSEC-specific
processing was recovered from the original version.
also made FindDNSSECContext private inside ZoneFinder; it doesn't have to
be publicly usable.
also made indentation policy more consistent for the class.
