BIND 10 trac1577, updated. 76f364b152f174c57982f294f97274a212684121 [1577] First shot at the findNSEC3 implementation

BIND 10 source code commits bind10-changes at lists.isc.org
Wed Apr 11 08:37:59 UTC 2012 

The branch, trac1577 has been updated
       via  76f364b152f174c57982f294f97274a212684121 (commit)
       via  7ef140c77fa2ddd4194ffdc344781a55232d68b3 (commit)
      from  16a1358aa2960039e192ac66d504150a55b374fe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 76f364b152f174c57982f294f97274a212684121
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date:   Wed Apr 11 10:35:49 2012 +0200

    [1577] First shot at the findNSEC3 implementation
    
    This one is wrong in many ways. It assumes (without checking) it gets an
    exact match, it does not check any wrong data, it expects given order of
    results. But it passes the minimal test now, and can be used as a base
    for improving the implementation.

commit 7ef140c77fa2ddd4194ffdc344781a55232d68b3
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date:   Tue Apr 10 15:58:33 2012 +0200

    [1577] Validate the findNSEC3 input
    
    We check the name comes from inside the zone.

-----------------------------------------------------------------------

Summary of changes:
 src/lib/datasrc/database.cc                |   49 ++++++++++++++++++++++++++--
 src/lib/datasrc/tests/database_unittest.cc |   33 +++++++++++++++++--
 2 files changed, 76 insertions(+), 6 deletions(-)

-----------------------------------------------------------------------
diff --git a/src/lib/datasrc/database.cc b/src/lib/datasrc/database.cc
index 08c7b26..2d16320 100644
--- a/src/lib/datasrc/database.cc
+++ b/src/lib/datasrc/database.cc
@@ -27,15 +27,18 @@
 #include <dns/rrset.h>
 #include <dns/rdata.h>
 #include <dns/rdataclass.h>
+#include <dns/nsec3hash.h>
 
 #include <datasrc/data_source.h>
 #include <datasrc/logger.h>
 
 #include <boost/foreach.hpp>
+#include <boost/scoped_ptr.hpp>
 
 using namespace isc::dns;
 using namespace std;
 using namespace isc::dns::rdata;
+using namespace boost;
 
 namespace isc {
 namespace datasrc {
@@ -911,9 +914,49 @@ DatabaseClient::Finder::findInternal(const Name& name, const RRType& type,
 }
 
 ZoneFinder::FindNSEC3Result
-DatabaseClient::Finder::findNSEC3(const Name&, bool) {
-    isc_throw(NotImplemented, "findNSEC3 is not yet implemented for database "
-              "data source");
+DatabaseClient::Finder::findNSEC3(const Name& name, bool) {
+    // TODO: Some logging.
+
+    // First, validate the input
+    const NameComparisonResult cmp_result(name.compare(getOrigin()));
+    if (cmp_result.getRelation() != NameComparisonResult::EQUAL &&
+        cmp_result.getRelation() != NameComparisonResult::SUBDOMAIN) {
+        isc_throw(OutOfZone, "findNSEC3 attempt for out-of-zone name: " <<
+                  name << ", zone: " << getOrigin() << "/" << getClass());
+    }
+
+    // Now, we need to get the NSEC3 params from the apex and create the hash
+    // creator for it.
+
+    ZoneFinderContextPtr nsec3param(find(getOrigin(), RRType::NSEC3PARAM()));
+    if (nsec3param->code != SUCCESS) { // No NSEC3 params? :-(
+        isc_throw(DataSourceError, "findNSEC3 attempt for non NSEC3 signed " <<
+                  "zone: " << getOrigin() << "/" << getClass());
+    }
+    // This takes the RRset received from the find method, takes the first RR
+    // in it, casts it to NSEC3PARAM (as it should be that one) and then creates
+    // the hash calculator class from it.
+    const scoped_ptr<NSEC3Hash> calculator(NSEC3Hash::create(
+        dynamic_cast<const generic::NSEC3PARAM&>(
+            nsec3param->rrset->getRdataIterator()->getCurrent())));
+
+    // Compute the hash and find the corresponding NSEC3
+    const string hash(calculator->calculate(name));
+    DatabaseAccessor::IteratorContextPtr
+        context(accessor_->getNSEC3Records(hash, zone_id_));
+
+    // We store the data here
+    string columns[DatabaseAccessor::COLUMN_COUNT];
+    // TODO: Stop assuming the data is there. This is temporary, just for this
+    // commit.
+    context->getNext(columns);
+    RRsetPtr result(new RRset(Name(hash).concatenate(getOrigin()), getClass(),
+                              RRType::NSEC3(),
+                              RRTTL(columns[DatabaseAccessor::TTL_COLUMN])));
+    result->addRdata(generic::NSEC3(columns[DatabaseAccessor::RDATA_COLUMN]));
+    // Return an expected exact match for now
+    return (FindNSEC3Result(true, name.getLabelCount(), result,
+                            ConstRRsetPtr()));
 }
 
 Name
diff --git a/src/lib/datasrc/tests/database_unittest.cc b/src/lib/datasrc/tests/database_unittest.cc
index 1c61988..93c170f 100644
--- a/src/lib/datasrc/tests/database_unittest.cc
+++ b/src/lib/datasrc/tests/database_unittest.cc
@@ -211,8 +211,8 @@ const char* const TEST_RECORDS[][5] = {
 
 // FIXME: Taken from a different test. Fill with proper data when creating a test.
 const char* TEST_NSEC3_RECORDS[][5] = {
-    {"1BB7SO0452U1QHL98UISNDD9218GELR5", "NSEC3", "3600", "", "1 0 10 FEEDABEE 4KLSVDE8KH8G95VU68R7AHBE1CPQN38J"},
-    {"1BB7SO0452U1QHL98UISNDD9218GELR5", "RRSIG", "3600", "", "NSEC3 5 4 7200 20100410172647 20100311172647 63192 example.org. gNIVj4T8t51fEU6kOPpvK7HOGBFZGbalN5ZK mInyrww6UWZsUNdw07ge6/U6HfG+/s61RZ/L is2M6yUWHyXbNbj/QqwqgadG5dhxTArfuR02 xP600x0fWX8LXzW4yLMdKVxGbzYT+vvGz71o 8gHSY5vYTtothcZQa4BMKhmGQEk="},
+    {"0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM", "NSEC3", "300", "", "1 1 12 AABBCCDD 2T7B4G4VSA5SMI47K61MV5BV1A22BOJR A RRSIG"},
+    {"0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM", "RRSIG", "300", "", "NSEC3 5 4 7200 20100410172647 20100311172647 63192 example.org. gNIVj4T8t51fEU6kOPpvK7HOGBFZGbalN5ZK mInyrww6UWZsUNdw07ge6/U6HfG+/s61RZ/L is2M6yUWHyXbNbj/QqwqgadG5dhxTArfuR02 xP600x0fWX8LXzW4yLMdKVxGbzYT+vvGz71o 8gHSY5vYTtothcZQa4BMKhmGQEk="},
     {NULL, NULL, NULL, NULL, NULL}
 };
 
@@ -972,7 +972,7 @@ private:
              i = cur_name_.begin(); i != cur_name_.end(); ++ i) {
             i->push_back(hash);
         }
-        (*readonly_records_)[hash] = cur_name_;
+        nsec3_namespace_[hash] = cur_name_;
         cur_name_.clear();
     }
 
@@ -1010,6 +1010,31 @@ private:
         }
         addCurHash(prev_name);
     }
+
+public:
+    // This adds the NSEC3PARAM into the apex, so we can perform some NSEC3
+    // tests. Note that the NSEC3 namespace is available in other tests, but
+    // it should not be accessed at that time.
+    void enableNSEC3() {
+        // We place the signature first, so it's in the block with the other
+        // signatures
+        vector<string> signature;
+        signature.push_back("RRSIG");
+        signature.push_back("3600");
+        signature.push_back("");
+        signature.push_back("NSEC3PARAM 5 3 3600 20000101000000 20000201000000 "
+                            "12345 example.org. FAKEFAKEFAKE");
+        signature.push_back("exmaple.org.");
+        (*readonly_records_)["example.org."].push_back(signature);
+        // Now the NSEC3 param itself
+        vector<string> param;
+        param.push_back("NSEC3PARAM");
+        param.push_back("3600");
+        param.push_back("");
+        param.push_back("1 0 12 aabbccdd");
+        param.push_back("example.org.");
+        (*readonly_records_)["example.org."].push_back(param);
+    }
 };
 
 // This tests the default getRecords behaviour, throwing NotImplemented
@@ -3550,6 +3575,8 @@ TEST_F(MockDatabaseClientTest, journalWithBadData) {
 TEST_F(MockDatabaseClientTest, findNSEC3) {
     // Set up the faked hash calculator.
     setNSEC3HashCreator(&test_nsec3_hash_creator_);
+    // And enable NSEC3 in the zone.
+    this->current_accessor_->enableNSEC3();
 
     DataSourceClient::FindResult
         zone(this->client_->findZone(Name("example.org")));

More information about the bind10-changes mailing list