more tests
This commit is contained in:
parent
c1d45f507e
commit
e339e8bce6
1
TODO
1
TODO
|
@ -4,6 +4,7 @@ Todo:
|
|||
* Unknown RRs
|
||||
* fix os.Erros usage, add DNSSEC related errors
|
||||
* AXFR/IXFR support
|
||||
* IDN
|
||||
|
||||
Tesing:
|
||||
* EDNS0
|
||||
|
|
|
@ -107,6 +107,7 @@ func (k *RR_DNSKEY) KeyTag() uint16 {
|
|||
// Validate an rrset with the signature and key. This is the
|
||||
// cryptographic test, the validity period most be check separately.
|
||||
func (s *RR_RRSIG) Secure(rrset []RR, k *RR_DNSKEY) bool {
|
||||
println(len(rrset))
|
||||
// Frist the easy checks
|
||||
if s.KeyTag != k.KeyTag() {
|
||||
return false
|
||||
|
@ -117,6 +118,9 @@ func (s *RR_RRSIG) Secure(rrset []RR, k *RR_DNSKEY) bool {
|
|||
if s.Algorithm != k.Algorithm {
|
||||
return false
|
||||
}
|
||||
if s.SignerName != k.Hdr.Name {
|
||||
return false
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
|
|
|
@ -5,32 +5,40 @@ import (
|
|||
)
|
||||
|
||||
func TestSecure(t *testing.T) {
|
||||
// once this was valid
|
||||
soa := new(RR_SOA)
|
||||
soa.Hdr = RR_Header{"miek.nl.", TypeSOA, ClassINET, 14400, 0}
|
||||
soa.Ns = "open.nlnetlabs.nl."
|
||||
soa.Mbox = "miekg.atoom.net."
|
||||
soa.Serial = 1293513905
|
||||
soa.Refresh = 14400
|
||||
soa.Retry = 3600
|
||||
soa.Expire = 604800
|
||||
soa.Minttl = 86400
|
||||
|
||||
sig := new(RR_RRSIG)
|
||||
sig.Hdr.Name = "miek.nl."
|
||||
sig.Hdr.Rrtype = TypeRRSIG
|
||||
sig.Hdr.Class = ClassINET
|
||||
sig.Hdr.Ttl = 3600
|
||||
sig.TypeCovered = TypeDNSKEY
|
||||
sig.Algorithm = AlgRSASHA1
|
||||
sig.Hdr = RR_Header{"miek.nl.", TypeRRSIG, ClassINET, 14400, 0}
|
||||
sig.TypeCovered = TypeSOA
|
||||
sig.Algorithm = AlgRSASHA256
|
||||
sig.Labels = 2
|
||||
sig.OrigTtl = 4000
|
||||
sig.KeyTag = 34641
|
||||
sig.Inception = 315565800 //Tue Jan 1 10:10:00 CET 1980
|
||||
sig.Expiration = 4102477800 //Fri Jan 1 10:10:00 CET 2100
|
||||
sig.Expiration = 1296098705 // date '+%s' -d"2011-01-27 04:25:05
|
||||
sig.Inception = 1293506705
|
||||
sig.OrigTtl = 14400
|
||||
sig.KeyTag = 12051
|
||||
sig.SignerName = "miek.nl."
|
||||
sig.Sig = "AwEAAaHIwpx3w4VHKi6i1LHnTaWeHCL154Jug0Rtc9ji5qwPXpBo6A5sRv7cSsPQKPIwxLpyCrbJ4mr2L0EPOdvP6z6YfljK2ZmTbogU9aSU2fiq/4wjxbdkLyoDVgtO+JsxNN4bjr4WcWhsmk1Hg93FV9ZpkWb0Tbad8DFqNDzr//kZ"
|
||||
sig.Sig = "kLq/5oFy3Sh5ZxPGFMCyHq8MtN6E17R1Ln9+bJ2Q76YYAxFE8Xlie33A1GFctH2uhzRzJKuP/JSjUkrvGk2rjBm32z9zXtZsKx/4yV0da2nLRm44NOmX6gsP4Yia8mdqPUajjkyLzAzU2bevtesJm0Z65AcmPdq3tUZODdRAcng="
|
||||
|
||||
key := new(RR_DNSKEY)
|
||||
key.Hdr.Name = "miek.nl"
|
||||
key.Hdr.Rrtype = TypeDNSKEY
|
||||
key.Hdr.Class = ClassINET
|
||||
key.Hdr.Ttl = 3600
|
||||
key.Hdr.Ttl = 14400
|
||||
key.Flags = 256
|
||||
key.Protocol = 3
|
||||
key.Algorithm = AlgRSASHA256
|
||||
key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz"
|
||||
|
||||
if ! sig.Secure(nil, key) {
|
||||
if ! sig.Secure([]RR{soa}, key) {
|
||||
t.Log("It is not secure")
|
||||
t.Fail()
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue