aboutsummaryrefslogtreecommitdiff
path: root/plugin/dnssec/cache_test.go
diff options
context:
space:
mode:
Diffstat (limited to 'plugin/dnssec/cache_test.go')
-rw-r--r--plugin/dnssec/cache_test.go48
1 files changed, 48 insertions, 0 deletions
diff --git a/plugin/dnssec/cache_test.go b/plugin/dnssec/cache_test.go
index ccf588d8e..c3cdb0d6e 100644
--- a/plugin/dnssec/cache_test.go
+++ b/plugin/dnssec/cache_test.go
@@ -32,3 +32,51 @@ func TestCacheSet(t *testing.T) {
t.Errorf("signature was not added to the cache")
}
}
+
+func TestCacheNotValidExpired(t *testing.T) {
+ fPriv, rmPriv, _ := test.TempFile(".", privKey)
+ fPub, rmPub, _ := test.TempFile(".", pubKey)
+ defer rmPriv()
+ defer rmPub()
+
+ dnskey, err := ParseKeyFile(fPub, fPriv)
+ if err != nil {
+ t.Fatalf("failed to parse key: %v\n", err)
+ }
+
+ c := cache.New(defaultCap)
+ m := testMsg()
+ state := request.Request{Req: m, Zone: "miek.nl."}
+ k := hash(m.Answer) // calculate *before* we add the sig
+ d := New([]string{"miek.nl."}, []*DNSKEY{dnskey}, nil, c)
+ d.Sign(state, time.Now().UTC().AddDate(0, 0, -9))
+
+ _, ok := d.get(k)
+ if ok {
+ t.Errorf("signature was added to the cache even though not valid")
+ }
+}
+
+func TestCacheNotValidYet(t *testing.T) {
+ fPriv, rmPriv, _ := test.TempFile(".", privKey)
+ fPub, rmPub, _ := test.TempFile(".", pubKey)
+ defer rmPriv()
+ defer rmPub()
+
+ dnskey, err := ParseKeyFile(fPub, fPriv)
+ if err != nil {
+ t.Fatalf("failed to parse key: %v\n", err)
+ }
+
+ c := cache.New(defaultCap)
+ m := testMsg()
+ state := request.Request{Req: m, Zone: "miek.nl."}
+ k := hash(m.Answer) // calculate *before* we add the sig
+ d := New([]string{"miek.nl."}, []*DNSKEY{dnskey}, nil, c)
+ d.Sign(state, time.Now().UTC().AddDate(0, 0, +9))
+
+ _, ok := d.get(k)
+ if ok {
+ t.Errorf("signature was added to the cache even though not valid yet")
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-27 00:58:20 +0000