From 3da5d464684ffbc825623edd8f09afe1a1393648 Mon Sep 17 00:00:00 2001 From: "[Thomas Green]" Date: Wed, 15 Nov 2023 17:48:22 +0100 Subject: [PATCH] Update unitary tests of DNSSEC03, but without test data Unit test data will be recorded and added in a later commit. --- t/Test-dnssec.t | 25 ++--------- t/Test-dnssec03.t | 111 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 114 insertions(+), 22 deletions(-) create mode 100644 t/Test-dnssec03.t diff --git a/t/Test-dnssec.t b/t/Test-dnssec.t index 5a6ca5bfa..e319d8226 100644 --- a/t/Test-dnssec.t +++ b/t/Test-dnssec.t @@ -69,17 +69,10 @@ $json = read_file( 't/profiles/Test-dnssec-all.json' ); $profile_test = Zonemaster::Engine::Profile->from_json( $json ); Zonemaster::Engine::Profile->effective->merge( $profile_test ); -my $zone; -my @res; -my %tag; +my $zone = Zonemaster::Engine->zone( 'nic.se' ); -$zone = Zonemaster::Engine->zone( 'nic.se' ); - -my $zone3 = Zonemaster::Engine->zone( 'com' ); -is( zone_gives( 'dnssec03', $zone3, [q{ITERATIONS_OK}] ), 3, 'Only one (useful) message' ); - -@res = Zonemaster::Engine->test_method( 'DNSSEC', 'dnssec04', $zone ); -%tag = map { $_->tag => 1 } @res; +my @res = Zonemaster::Engine->test_method( 'DNSSEC', 'dnssec04', $zone ); +my %tag = map { $_->tag => 1 } @res; ok( ( $tag{DURATION_OK} || $tag{REMAINING_SHORT} || $tag{RRSIG_EXPIRED} ), 'DURATION_OK (sort of)' ); my $zone4 = Zonemaster::Engine->zone( 'nic.fr' ); @@ -138,18 +131,6 @@ $zone = Zonemaster::Engine->zone( 'dnssec08-dnskey-signature-not-ok-broken.zut-r zone_gives( 'dnssec02', $zone, [qw{DS02_RRSIG_NOT_VALID_BY_DNSKEY DS02_NO_MATCHING_DNSKEY_RRSIG DS02_DNSKEY_NOT_SIGNED_BY_ANY_DS}] ); zone_gives_not( 'dnssec02', $zone, [qw{DS02_ALGO_NOT_SUPPORTED_BY_ZM DS02_DNSKEY_NOT_FOR_ZONE_SIGNING DS02_DNSKEY_NOT_SEP DS02_NO_DNSKEY_FOR_DS DS02_NO_MATCH_DS_DNSKEY DS02_NO_VALID_DNSKEY_FOR_ANY_DS}] ); -########### -# dnssec03 -########### -$zone = Zonemaster::Engine->zone( 'dnssec03-many-iterations.zut-root.rd.nic.fr' ); -zone_gives( 'dnssec03', $zone, [q{MANY_ITERATIONS}] ); - -$zone = Zonemaster::Engine->zone( 'dnssec03-no-nsec3param.zut-root.rd.nic.fr' ); -zone_gives( 'dnssec03', $zone, [q{NO_NSEC3PARAM}] ); - -$zone = Zonemaster::Engine->zone( 'dnssec03-too-many-iterations.zut-root.rd.nic.fr' ); -zone_gives( 'dnssec03', $zone, [q{TOO_MANY_ITERATIONS}] ); - ########### # dnssec04 ########### diff --git a/t/Test-dnssec03.t b/t/Test-dnssec03.t new file mode 100644 index 000000000..7c35ea04b --- /dev/null +++ b/t/Test-dnssec03.t @@ -0,0 +1,111 @@ +use strict; +use warnings; + +use Test::More; +use File::Basename; +use File::Spec::Functions qw( rel2abs ); +use lib dirname( rel2abs( $0 ) ); + +BEGIN { + use_ok( q{Zonemaster::Engine} ); + use_ok( q{Zonemaster::Engine::Nameserver} ); + use_ok( q{Zonemaster::Engine::Test::DNSSEC} ); + use_ok( q{TestUtil}, qw( perform_testcase_testing ) ); +} + +########### +# dnssec03 +my $test_module = q{DNSSEC}; +my $test_case = 'dnssec03'; + +# Common hint file (test-zone-data/COMMON/hintfile) +Zonemaster::Engine::Recursor->remove_fake_addresses( '.' ); +Zonemaster::Engine::Recursor->add_fake_addresses( '.', + { 'ns1' => [ '127.1.0.1', 'fda1:b2:c3::127:1:0:1' ], + 'ns2' => [ '127.1.0.2', 'fda1:b2:c3::127:1:0:2' ], + } +); + +# Test zone scenarios +# Format: { SCENARIO_NAME => [ zone_name, [ MANDATORY_MESSAGE_TAGS ], [ FORBIDDEN_MESSAGE_TAGS ], testable ] } +my %subtests = ( + 'NO-DNSSEC-SUPPORT' => [ + q(no-dnssec-support.dnssec03.xa), + [ qw(DS03_NO_DNSSEC_SUPPORT) ], + [ qw(DS03_ERR_MULT_NSEC3 DS03_ILLEGAL_HASH_ALGO DS03_ILLEGAL_ITERATION_VALUE DS03_ILLEGAL_SALT_LENGTH DS03_INCONSISTENT_HASH_ALGO DS03_INCONSISTENT_ITERATION DS03_INCONSISTENT_NSEC3_FLAGS DS03_INCONSISTENT_SALT_LENGTH DS03_LEGAL_EMPTY_SALT DS03_LEGAL_HASH_ALGO DS03_LEGAL_ITERATION_VALUE DS03_NO_NSEC3 DS03_NSEC3_OPT_OUT_DISABLED DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD DS03_NSEC3_OPT_OUT_ENABLED_TLD DS03_SERVER_NO_DNSSEC_SUPPORT DS03_SERVER_NO_NSEC3 DS03_UNASSIGNED_FLAG_USED) ], + 1 + ], + 'NO-NSEC3' => [ + q(no-nsec3.dnssec03.xa), + [ qw(DS03_NO_NSEC3) ], + [ qw(DS03_ERR_MULT_NSEC3 DS03_ILLEGAL_HASH_ALGO DS03_ILLEGAL_ITERATION_VALUE DS03_ILLEGAL_SALT_LENGTH DS03_INCONSISTENT_HASH_ALGO DS03_INCONSISTENT_ITERATION DS03_INCONSISTENT_NSEC3_FLAGS DS03_INCONSISTENT_SALT_LENGTH DS03_LEGAL_EMPTY_SALT DS03_LEGAL_HASH_ALGO DS03_LEGAL_ITERATION_VALUE DS03_NO_DNSSEC_SUPPORT DS03_NSEC3_OPT_OUT_DISABLED DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD DS03_NSEC3_OPT_OUT_ENABLED_TLD DS03_SERVER_NO_DNSSEC_SUPPORT DS03_SERVER_NO_NSEC3 DS03_UNASSIGNED_FLAG_USED) ], + 1 + ], + 'GOOD-VALUES' => [ + q(good-values.dnssec03.xa), + [ qw(DS03_LEGAL_EMPTY_SALT DS03_LEGAL_HASH_ALGO DS03_LEGAL_ITERATION_VALUE DS03_NSEC3_OPT_OUT_DISABLED) ], + [ qw(DS03_ERR_MULT_NSEC3 DS03_ILLEGAL_HASH_ALGO DS03_ILLEGAL_ITERATION_VALUE DS03_ILLEGAL_SALT_LENGTH DS03_INCONSISTENT_HASH_ALGO DS03_INCONSISTENT_ITERATION DS03_INCONSISTENT_NSEC3_FLAGS DS03_INCONSISTENT_SALT_LENGTH DS03_NO_DNSSEC_SUPPORT DS03_NO_NSEC3 DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD DS03_NSEC3_OPT_OUT_ENABLED_TLD DS03_SERVER_NO_DNSSEC_SUPPORT DS03_SERVER_NO_NSEC3 DS03_UNASSIGNED_FLAG_USED) ], + 1 + ], + 'ERR-MULT-NSEC3' => [ + q(err-mult-nsec3.dnssec03.xa), + [ qw(DS03_ERR_MULT_NSEC3) ], + [ qw(DS03_ILLEGAL_HASH_ALGO DS03_ILLEGAL_ITERATION_VALUE DS03_ILLEGAL_SALT_LENGTH DS03_INCONSISTENT_HASH_ALGO DS03_INCONSISTENT_ITERATION DS03_INCONSISTENT_NSEC3_FLAGS DS03_INCONSISTENT_SALT_LENGTH DS03_LEGAL_EMPTY_SALT DS03_LEGAL_HASH_ALGO DS03_LEGAL_ITERATION_VALUE DS03_NO_DNSSEC_SUPPORT DS03_NO_NSEC3 DS03_NSEC3_OPT_OUT_DISABLED DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD DS03_NSEC3_OPT_OUT_ENABLED_TLD DS03_SERVER_NO_DNSSEC_SUPPORT DS03_SERVER_NO_NSEC3 DS03_UNASSIGNED_FLAG_USED) ], + 1 + ], + 'BAD-VALUES' => [ + q(bad-values.dnssec03.xa), + [ qw(DS03_ILLEGAL_HASH_ALGO DS03_ILLEGAL_ITERATION_VALUE DS03_ILLEGAL_SALT_LENGTH DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD) ], + [ qw(DS03_ERR_MULT_NSEC3 DS03_INCONSISTENT_HASH_ALGO DS03_INCONSISTENT_ITERATION DS03_INCONSISTENT_NSEC3_FLAGS DS03_INCONSISTENT_SALT_LENGTH DS03_LEGAL_EMPTY_SALT DS03_LEGAL_HASH_ALGO DS03_LEGAL_ITERATION_VALUE DS03_NO_DNSSEC_SUPPORT DS03_NO_NSEC3 DS03_NSEC3_OPT_OUT_DISABLED DS03_NSEC3_OPT_OUT_ENABLED_TLD DS03_SERVER_NO_DNSSEC_SUPPORT DS03_SERVER_NO_NSEC3 DS03_UNASSIGNED_FLAG_USED) ], + 1 + ], + 'INCONSISTENT-VALUES' => [ + q(inconsistent-values.dnssec03.xa), + [ qw(DS03_ILLEGAL_HASH_ALGO DS03_ILLEGAL_ITERATION_VALUE DS03_ILLEGAL_SALT_LENGTH DS03_INCONSISTENT_HASH_ALGO DS03_INCONSISTENT_ITERATION DS03_INCONSISTENT_NSEC3_FLAGS DS03_INCONSISTENT_SALT_LENGTH DS03_LEGAL_EMPTY_SALT DS03_LEGAL_HASH_ALGO DS03_LEGAL_ITERATION_VALUE DS03_NSEC3_OPT_OUT_DISABLED DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD) ], + [ qw(DS03_ERR_MULT_NSEC3 DS03_NO_DNSSEC_SUPPORT DS03_NO_NSEC3 DS03_NSEC3_OPT_OUT_ENABLED_TLD DS03_SERVER_NO_DNSSEC_SUPPORT DS03_SERVER_NO_NSEC3 DS03_UNASSIGNED_FLAG_USED) ], + 1 + ], + 'NSEC3-OPT-OUT-ENABLED-TLD' => [ + q(nsec3-opt-out-enabled-tld-dnssec03), + [ qw(DS03_NSEC3_OPT_OUT_ENABLED_TLD) ], + [ qw(DS03_ERR_MULT_NSEC3 DS03_ILLEGAL_HASH_ALGO DS03_ILLEGAL_ITERATION_VALUE DS03_ILLEGAL_SALT_LENGTH DS03_INCONSISTENT_HASH_ALGO DS03_INCONSISTENT_ITERATION DS03_INCONSISTENT_NSEC3_FLAGS DS03_INCONSISTENT_SALT_LENGTH DS03_LEGAL_EMPTY_SALT DS03_LEGAL_HASH_ALGO DS03_LEGAL_ITERATION_VALUE DS03_NO_DNSSEC_SUPPORT DS03_NO_NSEC3 DS03_NSEC3_OPT_OUT_DISABLED DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD DS03_SERVER_NO_DNSSEC_SUPPORT DS03_SERVER_NO_NSEC3 DS03_UNASSIGNED_FLAG_USED) ], + 1 + ], + 'SERVER-NO-DNSSEC-SUPPORT' => [ + q(server-no-dnssec-support.dnssec03.xa), + [ qw(DS03_SERVER_NO_DNSSEC_SUPPORT) ], + [ qw(DS03_ERR_MULT_NSEC3 DS03_ILLEGAL_HASH_ALGO DS03_ILLEGAL_ITERATION_VALUE DS03_ILLEGAL_SALT_LENGTH DS03_INCONSISTENT_HASH_ALGO DS03_INCONSISTENT_ITERATION DS03_INCONSISTENT_NSEC3_FLAGS DS03_INCONSISTENT_SALT_LENGTH DS03_LEGAL_EMPTY_SALT DS03_LEGAL_HASH_ALGO DS03_LEGAL_ITERATION_VALUE DS03_NO_DNSSEC_SUPPORT DS03_NO_NSEC3 DS03_NSEC3_OPT_OUT_DISABLED DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD DS03_NSEC3_OPT_OUT_ENABLED_TLD DS03_SERVER_NO_NSEC3 DS03_UNASSIGNED_FLAG_USED) ], + 1 + ], + 'SERVER-NO-NSEC3' => [ + q(server-no-nsec3.dnssec03.xa), + [ qw(DS03_SERVER_NO_NSEC3) ], + [ qw(DS03_ERR_MULT_NSEC3 DS03_ILLEGAL_HASH_ALGO DS03_ILLEGAL_ITERATION_VALUE DS03_ILLEGAL_SALT_LENGTH DS03_INCONSISTENT_HASH_ALGO DS03_INCONSISTENT_ITERATION DS03_INCONSISTENT_NSEC3_FLAGS DS03_INCONSISTENT_SALT_LENGTH DS03_LEGAL_EMPTY_SALT DS03_LEGAL_HASH_ALGO DS03_LEGAL_ITERATION_VALUE DS03_NO_DNSSEC_SUPPORT DS03_NO_NSEC3 DS03_NSEC3_OPT_OUT_DISABLED DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD DS03_NSEC3_OPT_OUT_ENABLED_TLD DS03_SERVER_NO_DNSSEC_SUPPORT DS03_UNASSIGNED_FLAG_USED) ], + 1 + ], + 'UNASSIGNED-FLAG-USED' => [ + q(unassigned-flag-used.dnssec03.xa), + [ qw(DS03_UNASSIGNED_FLAG_USED) ], + [ qw(DS03_ERR_MULT_NSEC3 DS03_ILLEGAL_HASH_ALGO DS03_ILLEGAL_ITERATION_VALUE DS03_ILLEGAL_SALT_LENGTH DS03_INCONSISTENT_HASH_ALGO DS03_INCONSISTENT_ITERATION DS03_INCONSISTENT_NSEC3_FLAGS DS03_INCONSISTENT_SALT_LENGTH DS03_LEGAL_EMPTY_SALT DS03_LEGAL_HASH_ALGO DS03_LEGAL_ITERATION_VALUE DS03_NO_DNSSEC_SUPPORT DS03_NO_NSEC3 DS03_NSEC3_OPT_OUT_DISABLED DS03_NSEC3_OPT_OUT_ENABLED_NON_TLD DS03_NSEC3_OPT_OUT_ENABLED_TLD DS03_SERVER_NO_DNSSEC_SUPPORT DS03_SERVER_NO_NSEC3) ], + 1 + ], +); +########### + +my $datafile = 't/' . basename ($0, '.t') . '.data'; + +if ( not $ENV{ZONEMASTER_RECORD} ) { + die q{Stored data file missing} if not -r $datafile; + Zonemaster::Engine::Nameserver->restore( $datafile ); + Zonemaster::Engine::Profile->effective->set( q{no_network}, 1 ); +} + +Zonemaster::Engine::Profile->effective->merge( Zonemaster::Engine::Profile->from_json( qq({ "test_cases": [ "$test_case" ] }) ) ); + +perform_testcase_testing( $test_case, $test_module, %subtests ); + +if ( $ENV{ZONEMASTER_RECORD} ) { + Zonemaster::Engine::Nameserver->save( $datafile ); +} + +done_testing; \ No newline at end of file