aboutsummaryrefslogtreecommitdiff
path: root/middleware/dnssec/dnssec_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'middleware/dnssec/dnssec_test.go')
-rw-r--r--middleware/dnssec/dnssec_test.go219
1 files changed, 0 insertions, 219 deletions
diff --git a/middleware/dnssec/dnssec_test.go b/middleware/dnssec/dnssec_test.go
deleted file mode 100644
index 3549a7c8f..000000000
--- a/middleware/dnssec/dnssec_test.go
+++ /dev/null
@@ -1,219 +0,0 @@
-package dnssec
-
-import (
- "testing"
- "time"
-
- "github.com/coredns/coredns/middleware/pkg/cache"
- "github.com/coredns/coredns/middleware/test"
- "github.com/coredns/coredns/request"
-
- "github.com/miekg/dns"
-)
-
-func TestZoneSigning(t *testing.T) {
- d, rm1, rm2 := newDnssec(t, []string{"miek.nl."})
- defer rm1()
- defer rm2()
-
- m := testMsg()
- state := request.Request{Req: m}
-
- m = d.Sign(state, "miek.nl.", time.Now().UTC())
- if !section(m.Answer, 1) {
- t.Errorf("answer section should have 1 sig")
- }
- if !section(m.Ns, 1) {
- t.Errorf("authority section should have 1 sig")
- }
-}
-
-func TestZoneSigningDouble(t *testing.T) {
- d, rm1, rm2 := newDnssec(t, []string{"miek.nl."})
- defer rm1()
- defer rm2()
-
- fPriv1, rmPriv1, _ := test.TempFile(".", privKey1)
- fPub1, rmPub1, _ := test.TempFile(".", pubKey1)
- defer rmPriv1()
- defer rmPub1()
-
- key1, err := ParseKeyFile(fPub1, fPriv1)
- if err != nil {
- t.Fatalf("failed to parse key: %v\n", err)
- }
- d.keys = append(d.keys, key1)
-
- m := testMsg()
- state := request.Request{Req: m}
- m = d.Sign(state, "miek.nl.", time.Now().UTC())
- if !section(m.Answer, 2) {
- t.Errorf("answer section should have 1 sig")
- }
- if !section(m.Ns, 2) {
- t.Errorf("authority section should have 1 sig")
- }
-}
-
-// TestSigningDifferentZone tests if a key for miek.nl and be used for example.org.
-func TestSigningDifferentZone(t *testing.T) {
- fPriv, rmPriv, _ := test.TempFile(".", privKey)
- fPub, rmPub, _ := test.TempFile(".", pubKey)
- defer rmPriv()
- defer rmPub()
-
- key, err := ParseKeyFile(fPub, fPriv)
- if err != nil {
- t.Fatalf("failed to parse key: %v\n", err)
- }
-
- m := testMsgEx()
- state := request.Request{Req: m}
- c := cache.New(defaultCap)
- d := New([]string{"example.org."}, []*DNSKEY{key}, nil, c)
- m = d.Sign(state, "example.org.", time.Now().UTC())
- if !section(m.Answer, 1) {
- t.Errorf("answer section should have 1 sig")
- t.Logf("%+v\n", m)
- }
- if !section(m.Ns, 1) {
- t.Errorf("authority section should have 1 sig")
- t.Logf("%+v\n", m)
- }
-}
-
-func TestSigningCname(t *testing.T) {
- d, rm1, rm2 := newDnssec(t, []string{"miek.nl."})
- defer rm1()
- defer rm2()
-
- m := testMsgCname()
- state := request.Request{Req: m}
- m = d.Sign(state, "miek.nl.", time.Now().UTC())
- if !section(m.Answer, 1) {
- t.Errorf("answer section should have 1 sig")
- }
-}
-
-func TestZoneSigningDelegation(t *testing.T) {
- d, rm1, rm2 := newDnssec(t, []string{"miek.nl."})
- defer rm1()
- defer rm2()
-
- m := testDelegationMsg()
- state := request.Request{Req: m}
- m = d.Sign(state, "miek.nl.", time.Now().UTC())
- if !section(m.Ns, 0) {
- t.Errorf("authority section should have 0 sig")
- t.Logf("%v\n", m)
- }
- if !section(m.Extra, 0) {
- t.Errorf("answer section should have 0 sig")
- t.Logf("%v\n", m)
- }
-}
-
-func TestSigningDname(t *testing.T) {
- d, rm1, rm2 := newDnssec(t, []string{"miek.nl."})
- defer rm1()
- defer rm2()
-
- m := testMsgDname()
- state := request.Request{Req: m}
- // We sign *everything* we see, also the synthesized CNAME.
- m = d.Sign(state, "miek.nl.", time.Now().UTC())
- if !section(m.Answer, 3) {
- t.Errorf("answer section should have 3 sig")
- }
-}
-
-func section(rss []dns.RR, nrSigs int) bool {
- i := 0
- for _, r := range rss {
- if r.Header().Rrtype == dns.TypeRRSIG {
- i++
- }
- }
- return nrSigs == i
-}
-
-func testMsg() *dns.Msg {
- // don't care about the message header
- return &dns.Msg{
- Answer: []dns.RR{test.MX("miek.nl. 1703 IN MX 1 aspmx.l.google.com.")},
- Ns: []dns.RR{test.NS("miek.nl. 1703 IN NS omval.tednet.nl.")},
- }
-}
-func testMsgEx() *dns.Msg {
- return &dns.Msg{
- Answer: []dns.RR{test.MX("example.org. 1703 IN MX 1 aspmx.l.google.com.")},
- Ns: []dns.RR{test.NS("example.org. 1703 IN NS omval.tednet.nl.")},
- }
-}
-
-func testMsgCname() *dns.Msg {
- return &dns.Msg{
- Answer: []dns.RR{test.CNAME("www.miek.nl. 1800 IN CNAME a.miek.nl.")},
- }
-}
-
-func testDelegationMsg() *dns.Msg {
- return &dns.Msg{
- Ns: []dns.RR{
- test.NS("miek.nl. 3600 IN NS linode.atoom.net."),
- test.NS("miek.nl. 3600 IN NS ns-ext.nlnetlabs.nl."),
- test.NS("miek.nl. 3600 IN NS omval.tednet.nl."),
- },
- Extra: []dns.RR{
- test.A("omval.tednet.nl. 3600 IN A 185.49.141.42"),
- test.AAAA("omval.tednet.nl. 3600 IN AAAA 2a04:b900:0:100::42"),
- },
- }
-}
-
-func testMsgDname() *dns.Msg {
- return &dns.Msg{
- Answer: []dns.RR{
- test.CNAME("a.dname.miek.nl. 1800 IN CNAME a.test.miek.nl."),
- test.A("a.test.miek.nl. 1800 IN A 139.162.196.78"),
- test.DNAME("dname.miek.nl. 1800 IN DNAME test.miek.nl."),
- },
- }
-}
-
-func newDnssec(t *testing.T, zones []string) (Dnssec, func(), func()) {
- k, rm1, rm2 := newKey(t)
- c := cache.New(defaultCap)
- d := New(zones, []*DNSKEY{k}, nil, c)
- return d, rm1, rm2
-}
-
-func newKey(t *testing.T) (*DNSKEY, func(), func()) {
- fPriv, rmPriv, _ := test.TempFile(".", privKey)
- fPub, rmPub, _ := test.TempFile(".", pubKey)
-
- key, err := ParseKeyFile(fPub, fPriv)
- if err != nil {
- t.Fatalf("failed to parse key: %v\n", err)
- }
- return key, rmPriv, rmPub
-}
-
-const (
- pubKey = `miek.nl. IN DNSKEY 257 3 13 0J8u0XJ9GNGFEBXuAmLu04taHG4BXPP3gwhetiOUMnGA+x09nqzgF5IY OyjWB7N3rXqQbnOSILhH1hnuyh7mmA==`
- privKey = `Private-key-format: v1.3
-Algorithm: 13 (ECDSAP256SHA256)
-PrivateKey: /4BZk8AFvyW5hL3cOLSVxIp1RTqHSAEloWUxj86p3gs=
-Created: 20160423195532
-Publish: 20160423195532
-Activate: 20160423195532
-`
- pubKey1 = `example.org. IN DNSKEY 257 3 13 tVRWNSGpHZbCi7Pr7OmbADVUO3MxJ0Lb8Lk3o/HBHqCxf5K/J50lFqRa 98lkdAIiFOVRy8LyMvjwmxZKwB5MNw==`
- privKey1 = `Private-key-format: v1.3
-Algorithm: 13 (ECDSAP256SHA256)
-PrivateKey: i8j4OfDGT8CQt24SDwLz2hg9yx4qKOEOh1LvbAuSp1c=
-Created: 20160423211746
-Publish: 20160423211746
-Activate: 20160423211746
-`
-)