more tests

TODO

@@ -4,6 +4,7 @@ Todo:
 * Unknown RRs
 * fix os.Erros usage, add DNSSEC related errors
 * AXFR/IXFR support
+* IDN
 
 Tesing:
 * EDNS0

dnssec.go

@@ -107,6 +107,7 @@ func (k *RR_DNSKEY) KeyTag() uint16 {
 // Validate an rrset with the signature and key. This is the
 // cryptographic test, the validity period most be check separately.
 func (s *RR_RRSIG) Secure(rrset []RR, k *RR_DNSKEY) bool {
+        println(len(rrset))
         // Frist the easy checks
         if s.KeyTag != k.KeyTag() {
                 return false
@@ -117,6 +118,9 @@ func (s *RR_RRSIG) Secure(rrset []RR, k *RR_DNSKEY) bool {
         if s.Algorithm != k.Algorithm {
                 return false
         }
+        if s.SignerName != k.Hdr.Name {
+                return false
+        }
 	return true
 }
 

dnssec_test.go

@@ -5,32 +5,40 @@ import (
 )
 
 func TestSecure(t *testing.T) {
+// once this was valid
+        soa := new(RR_SOA)
+	soa.Hdr = RR_Header{"miek.nl.", TypeSOA, ClassINET, 14400, 0}
+	soa.Ns = "open.nlnetlabs.nl."
+        soa.Mbox = "miekg.atoom.net."
+        soa.Serial = 1293513905
+        soa.Refresh = 14400
+        soa.Retry = 3600
+        soa.Expire = 604800
+        soa.Minttl = 86400
+
 	sig := new(RR_RRSIG)
-	sig.Hdr.Name = "miek.nl."
-	sig.Hdr.Rrtype = TypeRRSIG
-	sig.Hdr.Class = ClassINET
-	sig.Hdr.Ttl = 3600
-	sig.TypeCovered = TypeDNSKEY
-	sig.Algorithm = AlgRSASHA1
+        sig.Hdr = RR_Header{"miek.nl.", TypeRRSIG, ClassINET, 14400, 0}
+	sig.TypeCovered = TypeSOA
+	sig.Algorithm = AlgRSASHA256
 	sig.Labels = 2
-	sig.OrigTtl = 4000
-	sig.KeyTag = 34641
-        sig.Inception = 315565800 //Tue Jan  1 10:10:00 CET 1980
-        sig.Expiration = 4102477800 //Fri Jan  1 10:10:00 CET 2100
+        sig.Expiration = 1296098705 // date '+%s' -d"2011-01-27 04:25:05
+        sig.Inception = 1293506705
+	sig.OrigTtl = 14400
+	sig.KeyTag = 12051
 	sig.SignerName = "miek.nl."
-	sig.Sig = "AwEAAaHIwpx3w4VHKi6i1LHnTaWeHCL154Jug0Rtc9ji5qwPXpBo6A5sRv7cSsPQKPIwxLpyCrbJ4mr2L0EPOdvP6z6YfljK2ZmTbogU9aSU2fiq/4wjxbdkLyoDVgtO+JsxNN4bjr4WcWhsmk1Hg93FV9ZpkWb0Tbad8DFqNDzr//kZ"
+	sig.Sig = "kLq/5oFy3Sh5ZxPGFMCyHq8MtN6E17R1Ln9+bJ2Q76YYAxFE8Xlie33A1GFctH2uhzRzJKuP/JSjUkrvGk2rjBm32z9zXtZsKx/4yV0da2nLRm44NOmX6gsP4Yia8mdqPUajjkyLzAzU2bevtesJm0Z65AcmPdq3tUZODdRAcng="
 
 	key := new(RR_DNSKEY)
 	key.Hdr.Name = "miek.nl"
 	key.Hdr.Rrtype = TypeDNSKEY
 	key.Hdr.Class = ClassINET
-	key.Hdr.Ttl = 3600
+	key.Hdr.Ttl = 14400
 	key.Flags = 256
 	key.Protocol = 3
 	key.Algorithm = AlgRSASHA256
 	key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz"
 
-        if ! sig.Secure(nil, key) {
+        if ! sig.Secure([]RR{soa}, key) {
                 t.Log("It is not secure")
                 t.Fail()
         }