Remove the word middleware (#1067)

* Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat
author: Miek Gieben <miek@miek.nl> 2017-09-14 09:36:06 +0100
committer: GitHub <noreply@github.com> 2017-09-14 09:36:06 +0100
commit: d8714e64e400ef873c2adc4d929a07d7890727b9 (patch)
tree: c9fa4c157e6af12eb1517654f8d23ca5d5619513 /plugin/dnssec/dnssec_test.go
parent: b984aa45595dc95253b91191afe7d3ee29e71b48 (diff)
download: coredns-d8714e64e400ef873c2adc4d929a07d7890727b9.tar.gz
coredns-d8714e64e400ef873c2adc4d929a07d7890727b9.tar.zst
coredns-d8714e64e400ef873c2adc4d929a07d7890727b9.zip
1 files changed, 219 insertions, 0 deletions
diff --git a/plugin/dnssec/dnssec_test.go b/plugin/dnssec/dnssec_test.go
new file mode 100644
index 000000000..83ce70beb
--- /dev/null
+++ b/plugin/dnssec/dnssec_test.go
@@ -0,0 +1,219 @@
+package dnssec
+
+import (
+	"testing"
+	"time"
+
+	"github.com/coredns/coredns/plugin/pkg/cache"
+	"github.com/coredns/coredns/plugin/test"
+	"github.com/coredns/coredns/request"
+
+	"github.com/miekg/dns"
+)
+
+func TestZoneSigning(t *testing.T) {
+	d, rm1, rm2 := newDnssec(t, []string{"miek.nl."})
+	defer rm1()
+	defer rm2()
+
+	m := testMsg()
+	state := request.Request{Req: m}
+
+	m = d.Sign(state, "miek.nl.", time.Now().UTC())
+	if !section(m.Answer, 1) {
+		t.Errorf("answer section should have 1 sig")
+	}
+	if !section(m.Ns, 1) {
+		t.Errorf("authority section should have 1 sig")
+	}
+}
+
+func TestZoneSigningDouble(t *testing.T) {
+	d, rm1, rm2 := newDnssec(t, []string{"miek.nl."})
+	defer rm1()
+	defer rm2()
+
+	fPriv1, rmPriv1, _ := test.TempFile(".", privKey1)
+	fPub1, rmPub1, _ := test.TempFile(".", pubKey1)
+	defer rmPriv1()
+	defer rmPub1()
+
+	key1, err := ParseKeyFile(fPub1, fPriv1)
+	if err != nil {
+		t.Fatalf("failed to parse key: %v\n", err)
+	}
+	d.keys = append(d.keys, key1)
+
+	m := testMsg()
+	state := request.Request{Req: m}
+	m = d.Sign(state, "miek.nl.", time.Now().UTC())
+	if !section(m.Answer, 2) {
+		t.Errorf("answer section should have 1 sig")
+	}
+	if !section(m.Ns, 2) {
+		t.Errorf("authority section should have 1 sig")
+	}
+}
+
+// TestSigningDifferentZone tests if a key for miek.nl and be used for example.org.
+func TestSigningDifferentZone(t *testing.T) {
+	fPriv, rmPriv, _ := test.TempFile(".", privKey)
+	fPub, rmPub, _ := test.TempFile(".", pubKey)
+	defer rmPriv()
+	defer rmPub()
+
+	key, err := ParseKeyFile(fPub, fPriv)
+	if err != nil {
+		t.Fatalf("failed to parse key: %v\n", err)
+	}
+
+	m := testMsgEx()
+	state := request.Request{Req: m}
+	c := cache.New(defaultCap)
+	d := New([]string{"example.org."}, []*DNSKEY{key}, nil, c)
+	m = d.Sign(state, "example.org.", time.Now().UTC())
+	if !section(m.Answer, 1) {
+		t.Errorf("answer section should have 1 sig")
+		t.Logf("%+v\n", m)
+	}
+	if !section(m.Ns, 1) {
+		t.Errorf("authority section should have 1 sig")
+		t.Logf("%+v\n", m)
+	}
+}
+
+func TestSigningCname(t *testing.T) {
+	d, rm1, rm2 := newDnssec(t, []string{"miek.nl."})
+	defer rm1()
+	defer rm2()
+
+	m := testMsgCname()
+	state := request.Request{Req: m}
+	m = d.Sign(state, "miek.nl.", time.Now().UTC())
+	if !section(m.Answer, 1) {
+		t.Errorf("answer section should have 1 sig")
+	}
+}
+
+func TestZoneSigningDelegation(t *testing.T) {
+	d, rm1, rm2 := newDnssec(t, []string{"miek.nl."})
+	defer rm1()
+	defer rm2()
+
+	m := testDelegationMsg()
+	state := request.Request{Req: m}
+	m = d.Sign(state, "miek.nl.", time.Now().UTC())
+	if !section(m.Ns, 0) {
+		t.Errorf("authority section should have 0 sig")
+		t.Logf("%v\n", m)
+	}
+	if !section(m.Extra, 0) {
+		t.Errorf("answer section should have 0 sig")
+		t.Logf("%v\n", m)
+	}
+}
+
+func TestSigningDname(t *testing.T) {
+	d, rm1, rm2 := newDnssec(t, []string{"miek.nl."})
+	defer rm1()
+	defer rm2()
+
+	m := testMsgDname()
+	state := request.Request{Req: m}
+	// We sign *everything* we see, also the synthesized CNAME.
+	m = d.Sign(state, "miek.nl.", time.Now().UTC())
+	if !section(m.Answer, 3) {
+		t.Errorf("answer section should have 3 sig")
+	}
+}
+
+func section(rss []dns.RR, nrSigs int) bool {
+	i := 0
+	for _, r := range rss {
+		if r.Header().Rrtype == dns.TypeRRSIG {
+			i++
+		}
+	}
+	return nrSigs == i
+}
+
+func testMsg() *dns.Msg {
+	// don't care about the message header
+	return &dns.Msg{
+		Answer: []dns.RR{test.MX("miek.nl.	1703	IN	MX	1 aspmx.l.google.com.")},
+		Ns: []dns.RR{test.NS("miek.nl.	1703	IN	NS	omval.tednet.nl.")},
+	}
+}
+func testMsgEx() *dns.Msg {
+	return &dns.Msg{
+		Answer: []dns.RR{test.MX("example.org.	1703	IN	MX	1 aspmx.l.google.com.")},
+		Ns: []dns.RR{test.NS("example.org.	1703	IN	NS	omval.tednet.nl.")},
+	}
+}
+
+func testMsgCname() *dns.Msg {
+	return &dns.Msg{
+		Answer: []dns.RR{test.CNAME("www.miek.nl.	1800	IN	CNAME	a.miek.nl.")},
+	}
+}
+
+func testDelegationMsg() *dns.Msg {
+	return &dns.Msg{
+		Ns: []dns.RR{
+			test.NS("miek.nl.	3600	IN	NS	linode.atoom.net."),
+			test.NS("miek.nl.	3600	IN	NS	ns-ext.nlnetlabs.nl."),
+			test.NS("miek.nl.	3600	IN	NS	omval.tednet.nl."),
+		},
+		Extra: []dns.RR{
+			test.A("omval.tednet.nl.	3600	IN	A	185.49.141.42"),
+			test.AAAA("omval.tednet.nl.	3600	IN	AAAA	2a04:b900:0:100::42"),
+		},
+	}
+}
+
+func testMsgDname() *dns.Msg {
+	return &dns.Msg{
+		Answer: []dns.RR{
+			test.CNAME("a.dname.miek.nl.	1800	IN	CNAME	a.test.miek.nl."),
+			test.A("a.test.miek.nl.	1800	IN	A	139.162.196.78"),
+			test.DNAME("dname.miek.nl.	1800	IN	DNAME	test.miek.nl."),
+		},
+	}
+}
+
+func newDnssec(t *testing.T, zones []string) (Dnssec, func(), func()) {
+	k, rm1, rm2 := newKey(t)
+	c := cache.New(defaultCap)
+	d := New(zones, []*DNSKEY{k}, nil, c)
+	return d, rm1, rm2
+}
+
+func newKey(t *testing.T) (*DNSKEY, func(), func()) {
+	fPriv, rmPriv, _ := test.TempFile(".", privKey)
+	fPub, rmPub, _ := test.TempFile(".", pubKey)
+
+	key, err := ParseKeyFile(fPub, fPriv)
+	if err != nil {
+		t.Fatalf("failed to parse key: %v\n", err)
+	}
+	return key, rmPriv, rmPub
+}
+
+const (
+	pubKey  = `miek.nl. IN DNSKEY 257 3 13 0J8u0XJ9GNGFEBXuAmLu04taHG4BXPP3gwhetiOUMnGA+x09nqzgF5IY OyjWB7N3rXqQbnOSILhH1hnuyh7mmA==`
+	privKey = `Private-key-format: v1.3
+Algorithm: 13 (ECDSAP256SHA256)
+PrivateKey: /4BZk8AFvyW5hL3cOLSVxIp1RTqHSAEloWUxj86p3gs=
+Created: 20160423195532
+Publish: 20160423195532
+Activate: 20160423195532
+`
+	pubKey1  = `example.org. IN DNSKEY 257 3 13 tVRWNSGpHZbCi7Pr7OmbADVUO3MxJ0Lb8Lk3o/HBHqCxf5K/J50lFqRa 98lkdAIiFOVRy8LyMvjwmxZKwB5MNw==`
+	privKey1 = `Private-key-format: v1.3
+Algorithm: 13 (ECDSAP256SHA256)
+PrivateKey: i8j4OfDGT8CQt24SDwLz2hg9yx4qKOEOh1LvbAuSp1c=
+Created: 20160423211746
+Publish: 20160423211746
+Activate: 20160423211746
+`
+)
author	Miek Gieben <miek@miek.nl>	2017-09-14 09:36:06 +0100
committer	GitHub <noreply@github.com>	2017-09-14 09:36:06 +0100
commit	d8714e64e400ef873c2adc4d929a07d7890727b9 (patch)
tree	c9fa4c157e6af12eb1517654f8d23ca5d5619513 /plugin/dnssec/dnssec_test.go
parent	b984aa45595dc95253b91191afe7d3ee29e71b48 (diff)
download	coredns-d8714e64e400ef873c2adc4d929a07d7890727b9.tar.gz coredns-d8714e64e400ef873c2adc4d929a07d7890727b9.tar.zst coredns-d8714e64e400ef873c2adc4d929a07d7890727b9.zip