BIND 10 trac1357, updated. 803c67a839d109dea0b040ab2471a27ad995b419 [1357] Test at most 99 unsigned messages are there

BIND 10 source code commits bind10-changes at lists.isc.org
Fri Sep 7 09:01:21 UTC 2012 

The branch, trac1357 has been updated
       via  803c67a839d109dea0b040ab2471a27ad995b419 (commit)
      from  7028610344ad69d3e5da57575da3e2e85b257d0e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 803c67a839d109dea0b040ab2471a27ad995b419
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date:   Fri Sep 7 11:00:40 2012 +0200

    [1357] Test at most 99 unsigned messages are there
    
    As at least every 100th must be signed according to the specs.

-----------------------------------------------------------------------

Summary of changes:
 src/lib/dns/tests/tsig_unittest.cc |   34 ++++++++++++++++++++++++++++++++--
 1 file changed, 32 insertions(+), 2 deletions(-)

-----------------------------------------------------------------------
diff --git a/src/lib/dns/tests/tsig_unittest.cc b/src/lib/dns/tests/tsig_unittest.cc
index 7813626..458a6e0 100644
--- a/src/lib/dns/tests/tsig_unittest.cc
+++ b/src/lib/dns/tests/tsig_unittest.cc
@@ -1114,8 +1114,38 @@ TEST_F(TSIGTest, verifyMulti) {
                            TSIGContext::VERIFIED_RESPONSE);
         EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
     }
-    // TODO: Fill in 99 unsigned messages and then try the 100th and see
-    // it is rejected (probably with FORMERR)
+
+    {
+        SCOPED_TRACE("Filling in bunch of unsigned messages");
+        for (size_t i = 0; i < 100; ++i) {
+            SCOPED_TRACE(i);
+            // Another message does not carry the TSIG on it. But it should
+            // be OK, it's in the middle of stream.
+            message.clear(Message::RENDER);
+            message.setQid(1234);
+            message.setOpcode(Opcode::QUERY());
+            message.setRcode(Rcode::NOERROR());
+            RRsetPtr answer_rrset(new RRset(test_name, test_class, RRType::A(),
+                                            test_ttl));
+            answer_rrset->addRdata(createRdata(RRType::A(), test_class,
+                                               "192.0.2.1"));
+            message.addRRset(Message::SECTION_ANSWER, answer_rrset);
+            message.toWire(renderer);
+            // Update the internal state. We abuse the knowledge of
+            // internals here a little bit to generate correct test data
+            tsig_ctx->update(renderer.getData(), renderer.getLength());
+
+            // 99 unsigned messages is OK. But the 100th must be signed, according
+            // to the RFC2845, section 4.4
+            commonVerifyChecks(*tsig_verify_ctx, NULL,
+                               renderer.getData(), renderer.getLength(),
+                               i == 99 ? TSIGError::FORMERR() :
+                                   TSIGError(Rcode::NOERROR()),
+                               TSIGContext::VERIFIED_RESPONSE);
+
+            EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
+        }
+    }
 }
 
 } // end namespace

More information about the bind10-changes mailing list