more tests
This commit is contained in:
parent
c1d45f507e
commit
e339e8bce6
1
TODO
1
TODO
|
@ -4,6 +4,7 @@ Todo:
|
||||||
* Unknown RRs
|
* Unknown RRs
|
||||||
* fix os.Erros usage, add DNSSEC related errors
|
* fix os.Erros usage, add DNSSEC related errors
|
||||||
* AXFR/IXFR support
|
* AXFR/IXFR support
|
||||||
|
* IDN
|
||||||
|
|
||||||
Tesing:
|
Tesing:
|
||||||
* EDNS0
|
* EDNS0
|
||||||
|
|
|
@ -107,6 +107,7 @@ func (k *RR_DNSKEY) KeyTag() uint16 {
|
||||||
// Validate an rrset with the signature and key. This is the
|
// Validate an rrset with the signature and key. This is the
|
||||||
// cryptographic test, the validity period most be check separately.
|
// cryptographic test, the validity period most be check separately.
|
||||||
func (s *RR_RRSIG) Secure(rrset []RR, k *RR_DNSKEY) bool {
|
func (s *RR_RRSIG) Secure(rrset []RR, k *RR_DNSKEY) bool {
|
||||||
|
println(len(rrset))
|
||||||
// Frist the easy checks
|
// Frist the easy checks
|
||||||
if s.KeyTag != k.KeyTag() {
|
if s.KeyTag != k.KeyTag() {
|
||||||
return false
|
return false
|
||||||
|
@ -117,6 +118,9 @@ func (s *RR_RRSIG) Secure(rrset []RR, k *RR_DNSKEY) bool {
|
||||||
if s.Algorithm != k.Algorithm {
|
if s.Algorithm != k.Algorithm {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
if s.SignerName != k.Hdr.Name {
|
||||||
|
return false
|
||||||
|
}
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -5,32 +5,40 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestSecure(t *testing.T) {
|
func TestSecure(t *testing.T) {
|
||||||
|
// once this was valid
|
||||||
|
soa := new(RR_SOA)
|
||||||
|
soa.Hdr = RR_Header{"miek.nl.", TypeSOA, ClassINET, 14400, 0}
|
||||||
|
soa.Ns = "open.nlnetlabs.nl."
|
||||||
|
soa.Mbox = "miekg.atoom.net."
|
||||||
|
soa.Serial = 1293513905
|
||||||
|
soa.Refresh = 14400
|
||||||
|
soa.Retry = 3600
|
||||||
|
soa.Expire = 604800
|
||||||
|
soa.Minttl = 86400
|
||||||
|
|
||||||
sig := new(RR_RRSIG)
|
sig := new(RR_RRSIG)
|
||||||
sig.Hdr.Name = "miek.nl."
|
sig.Hdr = RR_Header{"miek.nl.", TypeRRSIG, ClassINET, 14400, 0}
|
||||||
sig.Hdr.Rrtype = TypeRRSIG
|
sig.TypeCovered = TypeSOA
|
||||||
sig.Hdr.Class = ClassINET
|
sig.Algorithm = AlgRSASHA256
|
||||||
sig.Hdr.Ttl = 3600
|
|
||||||
sig.TypeCovered = TypeDNSKEY
|
|
||||||
sig.Algorithm = AlgRSASHA1
|
|
||||||
sig.Labels = 2
|
sig.Labels = 2
|
||||||
sig.OrigTtl = 4000
|
sig.Expiration = 1296098705 // date '+%s' -d"2011-01-27 04:25:05
|
||||||
sig.KeyTag = 34641
|
sig.Inception = 1293506705
|
||||||
sig.Inception = 315565800 //Tue Jan 1 10:10:00 CET 1980
|
sig.OrigTtl = 14400
|
||||||
sig.Expiration = 4102477800 //Fri Jan 1 10:10:00 CET 2100
|
sig.KeyTag = 12051
|
||||||
sig.SignerName = "miek.nl."
|
sig.SignerName = "miek.nl."
|
||||||
sig.Sig = "AwEAAaHIwpx3w4VHKi6i1LHnTaWeHCL154Jug0Rtc9ji5qwPXpBo6A5sRv7cSsPQKPIwxLpyCrbJ4mr2L0EPOdvP6z6YfljK2ZmTbogU9aSU2fiq/4wjxbdkLyoDVgtO+JsxNN4bjr4WcWhsmk1Hg93FV9ZpkWb0Tbad8DFqNDzr//kZ"
|
sig.Sig = "kLq/5oFy3Sh5ZxPGFMCyHq8MtN6E17R1Ln9+bJ2Q76YYAxFE8Xlie33A1GFctH2uhzRzJKuP/JSjUkrvGk2rjBm32z9zXtZsKx/4yV0da2nLRm44NOmX6gsP4Yia8mdqPUajjkyLzAzU2bevtesJm0Z65AcmPdq3tUZODdRAcng="
|
||||||
|
|
||||||
key := new(RR_DNSKEY)
|
key := new(RR_DNSKEY)
|
||||||
key.Hdr.Name = "miek.nl"
|
key.Hdr.Name = "miek.nl"
|
||||||
key.Hdr.Rrtype = TypeDNSKEY
|
key.Hdr.Rrtype = TypeDNSKEY
|
||||||
key.Hdr.Class = ClassINET
|
key.Hdr.Class = ClassINET
|
||||||
key.Hdr.Ttl = 3600
|
key.Hdr.Ttl = 14400
|
||||||
key.Flags = 256
|
key.Flags = 256
|
||||||
key.Protocol = 3
|
key.Protocol = 3
|
||||||
key.Algorithm = AlgRSASHA256
|
key.Algorithm = AlgRSASHA256
|
||||||
key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz"
|
key.PubKey = "AwEAAcNEU67LJI5GEgF9QLNqLO1SMq1EdoQ6E9f85ha0k0ewQGCblyW2836GiVsm6k8Kr5ECIoMJ6fZWf3CQSQ9ycWfTyOHfmI3eQ/1Covhb2y4bAmL/07PhrL7ozWBW3wBfM335Ft9xjtXHPy7ztCbV9qZ4TVDTW/Iyg0PiwgoXVesz"
|
||||||
|
|
||||||
if ! sig.Secure(nil, key) {
|
if ! sig.Secure([]RR{soa}, key) {
|
||||||
t.Log("It is not secure")
|
t.Log("It is not secure")
|
||||||
t.Fail()
|
t.Fail()
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue