import pycurl
from io import BytesIO
-class TestDOH(DNSDistDOHTest):
-
+class DOHTests(object):
_serverKey = 'server.key'
_serverCert = 'server.chain'
_serverName = 'tls.tests.dnsdist.org'
_customResponseHeader2 = 'user-agent: derp'
_dohBaseURL = ("https://%s:%d/" % (_serverName, _dohServerPort))
_config_template = """
- newServer{address="127.0.0.1:%s"}
-
- addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/", "/coffee", "/PowerDNS", "/PowerDNS2", "/PowerDNS-999" }, {customResponseHeaders={["access-control-allow-origin"]="*",["user-agent"]="derp",["UPPERCASE"]="VaLuE"}, keepIncomingHeaders=true})
- dohFE = getDOHFrontend(0)
- dohFE:setResponsesMap({newDOHResponseMapEntry('^/coffee$', 418, 'C0FFEE', {['FoO']='bar'})})
+ newServer{address="127.0.0.1:%d"}
addAction("drop.doh.tests.powerdns.com.", DropAction())
addAction("refused.doh.tests.powerdns.com.", RCodeAction(DNSRCode.REFUSED))
return DNSAction.None
end
addAction("http-lua.doh.tests.powerdns.com.", LuaAction(dohHandler))
+
+ addDOHLocal("127.0.0.1:%d", "%s", "%s", { "/", "/coffee", "/PowerDNS", "/PowerDNS2", "/PowerDNS-999" }, {customResponseHeaders={["access-control-allow-origin"]="*",["user-agent"]="derp",["UPPERCASE"]="VaLuE"}, keepIncomingHeaders=true, library='%s'})
+ dohFE = getDOHFrontend(0)
+ dohFE:setResponsesMap({newDOHResponseMapEntry('^/coffee$', 418, 'C0FFEE', {['FoO']='bar'})})
"""
- _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_serverName', '_dohServerPort']
+ _config_params = ['_testServerPort', '_serverName', '_dohServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
+ _verboseMode = True
def testDOHSimple(self):
"""
self.assertIn('foo: bar', headers)
self.assertNotIn(self._customResponseHeader2, headers)
-class TestDOHSubPaths(DNSDistDOHTest):
+class TestDoHNGHTTP2(DOHTests, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+class TestDoHH2O(DOHTests, DNSDistDOHTest):
+ _dohLibrary = 'h2o'
+
+class DOHSubPathsTests(object):
_serverKey = 'server.key'
_serverCert = 'server.chain'
_serverName = 'tls.tests.dnsdist.org'
addAction(AllRule(), SpoofAction("3.4.5.6"))
- addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/PowerDNS" }, {exactPathMatching=false})
+ addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/PowerDNS" }, {exactPathMatching=false, library='%s'})
"""
- _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+ _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
def testSubPath(self):
"""
(_, receivedResponse) = self.sendDOHQuery(self._dohServerPort, self._serverName, self._dohBaseURL + 'PowerDNS/something', caFile=self._caCert, query=query, response=None, useQueue=False)
self.assertEqual(receivedResponse, expectedResponse)
-class TestDOHAddingECS(DNSDistDOHTest):
+class TestDoHSubPathsNGHTTP2(DOHSubPathsTests, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+
+class TestDoHSubPathsH2O(DOHSubPathsTests, DNSDistDOHTest):
+ _dohLibrary = 'h2o'
+
+class DOHAddingECSTests(object):
_serverKey = 'server.key'
_serverCert = 'server.chain'
_dohBaseURL = ("https://%s:%d/" % (_serverName, _dohServerPort))
_config_template = """
newServer{address="127.0.0.1:%s", useClientSubnet=true}
- addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" })
+ addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {library='%s'})
setECSOverride(true)
"""
- _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+ _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
def testDOHSimple(self):
"""
self.checkQueryEDNSWithECS(expectedQuery, receivedQuery)
self.checkResponseEDNSWithECS(response, receivedResponse)
-class TestDOHOverHTTP(DNSDistDOHTest):
+class TestDoHAddingECSNGHTTP2(DOHAddingECSTests, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+
+class TestDoHAddingECSH2O(DOHAddingECSTests, DNSDistDOHTest):
+ _dohLibrary = 'h2o'
+class DOHOverHTTP(object):
_dohServerPort = pickAvailablePort()
_serverName = 'tls.tests.dnsdist.org'
_dohBaseURL = ("http://%s:%d/dns-query" % (_serverName, _dohServerPort))
_config_template = """
newServer{address="127.0.0.1:%s"}
- addDOHLocal("127.0.0.1:%s")
+ addDOHLocal("127.0.0.1:%s", nil, nil, '/dns-query', {library='%s'})
"""
- _config_params = ['_testServerPort', '_dohServerPort']
- _checkConfigExpectedOutput = b"""No certificate provided for DoH endpoint 127.0.0.1:%d, running in DNS over HTTP mode instead of DNS over HTTPS
-Configuration 'configs/dnsdist_TestDOHOverHTTP.conf' OK!
-""" % (_dohServerPort)
+ _config_params = ['_testServerPort', '_dohServerPort', '_dohLibrary']
def testDOHSimple(self):
"""
self.assertEqual(response, receivedResponse)
self.checkResponseNoEDNS(response, receivedResponse)
-class TestDOHWithCache(DNSDistDOHTest):
+class TestDOHOverHTTPNGHTTP2(DOHOverHTTP, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+ _checkConfigExpectedOutput = b"""No certificate provided for DoH endpoint 127.0.0.1:%d, running in DNS over HTTP mode instead of DNS over HTTPS
+Configuration 'configs/dnsdist_TestDOHOverHTTPNGHTTP2.conf' OK!
+""" % (DOHOverHTTP._dohServerPort)
+
+class TestDOHOverHTTPH2O(DOHOverHTTP, DNSDistDOHTest):
+ _dohLibrary = 'h2o'
+ _checkConfigExpectedOutput = b"""No certificate provided for DoH endpoint 127.0.0.1:%d, running in DNS over HTTP mode instead of DNS over HTTPS
+Configuration 'configs/dnsdist_TestDOHOverHTTPH2O.conf' OK!
+""" % (DOHOverHTTP._dohServerPort)
+
+class DOHWithCache(object):
_serverKey = 'server.key'
_serverCert = 'server.chain'
_config_template = """
newServer{address="127.0.0.1:%s"}
- addDOHLocal("127.0.0.1:%s", "%s", "%s")
+ addDOHLocal("127.0.0.1:%s", "%s", "%s", '/dns-query', {library='%s'})
pc = newPacketCache(100, {maxTTL=86400, minTTL=1})
getPool(""):setCache(pc)
"""
- _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+ _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
def testDOHCacheLargeAnswer(self):
"""
(_, receivedResponse) = self.sendUDPQuery(expectedQuery, response=None, useQueue=False)
self.assertEqual(response, receivedResponse)
-class TestDOHWithoutCacheControl(DNSDistDOHTest):
+class TestDOHWithCacheNGHTTP2(DOHWithCache, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+ _verboseMode = True
+
+class TestDOHWithCacheH2O(DOHWithCache, DNSDistDOHTest):
+ _dohLibrary = 'h2o'
+
+class DOHWithoutCacheControl(object):
_serverKey = 'server.key'
_serverCert = 'server.chain'
_config_template = """
newServer{address="127.0.0.1:%s"}
- addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {sendCacheControlHeaders=false})
+ addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {sendCacheControlHeaders=false, library='%s'})
"""
- _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+ _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
def testDOHSimple(self):
"""
self.checkQueryEDNSWithoutECS(expectedQuery, receivedQuery)
self.assertEqual(response, receivedResponse)
-class TestDOHFFI(DNSDistDOHTest):
+class TestDOHWithoutCacheControlNGHTTP2(DOHWithoutCacheControl, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+class TestDOHWithoutCacheControlH2O(DOHWithoutCacheControl, DNSDistDOHTest):
+ _dohLibrary = 'h2o'
+
+class DOHFFI(object):
_serverKey = 'server.key'
_serverCert = 'server.chain'
_serverName = 'tls.tests.dnsdist.org'
_config_template = """
newServer{address="127.0.0.1:%s"}
- addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {customResponseHeaders={["access-control-allow-origin"]="*",["user-agent"]="derp",["UPPERCASE"]="VaLuE"}, keepIncomingHeaders=true})
+ addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {customResponseHeaders={["access-control-allow-origin"]="*",["user-agent"]="derp",["UPPERCASE"]="VaLuE"}, keepIncomingHeaders=true, library='%s'})
local ffi = require("ffi")
end
addAction("http-lua-ffi.doh.tests.powerdns.com.", LuaFFIAction(dohHandler))
"""
- _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_serverName', '_dohServerPort']
+ _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary', '_serverName', '_dohServerPort']
def testHTTPLuaFFIResponse(self):
"""
self.assertEqual(self._rcode, 200)
self.assertTrue('content-type: text/plain' in self._response_headers.decode())
-class TestDOHForwardedFor(DNSDistDOHTest):
+class TestDOHFFINGHTTP2(DOHFFI, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+
+class TestDOHFFIH2O(DOHFFI, DNSDistDOHTest):
+ _dohLibrary = 'h2o'
+class DOHForwardedFor(object):
_serverKey = 'server.key'
_serverCert = 'server.chain'
_serverName = 'tls.tests.dnsdist.org'
newServer{address="127.0.0.1:%s"}
setACL('192.0.2.1/32')
- addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {trustForwardedForHeader=true})
+ addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {trustForwardedForHeader=true, library='%s'})
-- Set a maximum number of TCP connections per client, to exercise
-- that code along with X-Forwarded-For support
setMaxTCPConnectionsPerClient(2)
"""
- _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+ _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
def testDOHAllowedForwarded(self):
"""
self.assertEqual(self._rcode, 403)
self.assertEqual(receivedResponse, b'DoH query not allowed because of ACL')
-class TestDOHForwardedForNoTrusted(DNSDistDOHTest):
+class TestDOHForwardedForNGHTTP2(DOHForwardedFor, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+
+class TestDOHForwardedForH2O(DOHForwardedFor, DNSDistDOHTest):
+ _dohLibrary = 'h2o'
+
+class DOHForwardedForNoTrusted(object):
_serverKey = 'server.key'
_serverCert = 'server.chain'
newServer{address="127.0.0.1:%s"}
setACL('192.0.2.1/32')
- addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {earlyACLDrop=true})
+ addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {earlyACLDrop=true, library='%s'})
"""
- _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+ _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
def testDOHForwardedUntrusted(self):
"""
self.assertTrue(dropped)
-class TestDOHFrontendLimits(DNSDistDOHTest):
+class TestDOHForwardedForNoTrustedNGHTTP2(DOHForwardedForNoTrusted, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+
+class TestDOHForwardedForNoTrustedH2O(DOHForwardedForNoTrusted, DNSDistDOHTest):
+ _dohLibrary = 'h2o'
+
+class DOHFrontendLimits(object):
# this test suite uses a different responder port
# because it uses a different health check configuration
_caCert = 'ca.pem'
_dohServerPort = pickAvailablePort()
_dohBaseURL = ("https://%s:%d/" % (_serverName, _dohServerPort))
-
_skipListeningOnCL = True
_maxTCPConnsPerDOHFrontend = 5
_config_template = """
newServer{address="127.0.0.1:%s"}
- addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, { maxConcurrentTCPConnections=%d })
+ addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, { maxConcurrentTCPConnections=%d, library='%s' })
"""
- _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_maxTCPConnsPerDOHFrontend']
+ _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_maxTCPConnsPerDOHFrontend', '_dohLibrary']
_alternateListeningAddr = '127.0.0.1'
_alternateListeningPort = _dohServerPort
for idx in range(self._maxTCPConnsPerDOHFrontend + 1):
try:
- conns.append(self.openTLSConnection(self._dohServerPort, self._serverName, self._caCert, alpn=['h2']))
+ alpn = []
+ if self._dohLibrary != 'h2o':
+ alpn.append('h2')
+ conns.append(self.openTLSConnection(self._dohServerPort, self._serverName, self._caCert, alpn=alpn))
except:
conns.append(None)
self.assertEqual(count, self._maxTCPConnsPerDOHFrontend)
self.assertEqual(failed, 1)
-class TestProtocols(DNSDistDOHTest):
+class TestDOHFrontendLimitsNGHTTP2(DOHFrontendLimits, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+
+class TestDOHFrontendLimitsH2O(DOHFrontendLimits, DNSDistDOHTest):
+ _dohLibrary = 'h2o'
+
+class Protocols(object):
_serverKey = 'server.key'
_serverCert = 'server.chain'
_serverName = 'tls.tests.dnsdist.org'
addAction("protocols.doh.tests.powerdns.com.", LuaAction(checkDOH))
newServer{address="127.0.0.1:%s"}
- addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" })
+ addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {library='%s'})
"""
- _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+ _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
def testProtocolDOH(self):
"""
self.checkQueryEDNSWithoutECS(expectedQuery, receivedQuery)
self.assertEqual(response, receivedResponse)
-class TestDOHWithPKCS12Cert(DNSDistDOHTest):
+class TestProtocolsNGHTTP2(Protocols, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+
+class TestProtocolsH2O(Protocols, DNSDistDOHTest):
+ _dohLibrary = 'h2o'
+
+class DOHWithPKCS12Cert(object):
_serverCert = 'server.p12'
_pkcs12Password = 'passw0rd'
_serverName = 'tls.tests.dnsdist.org'
_config_template = """
newServer{address="127.0.0.1:%s"}
cert=newTLSCertificate("%s", {password="%s"})
- addDOHLocal("127.0.0.1:%s", cert, "", { "/" })
+ addDOHLocal("127.0.0.1:%s", cert, "", { "/" }, {library='%s'})
"""
- _config_params = ['_testServerPort', '_serverCert', '_pkcs12Password', '_dohServerPort']
+ _config_params = ['_testServerPort', '_serverCert', '_pkcs12Password', '_dohServerPort', '_dohLibrary']
- def testProtocolDOH(self):
+ def testPKCS12DOH(self):
"""
DoH: Test Simple DOH Query with a password protected PKCS12 file configured
"""
receivedQuery.id = expectedQuery.id
self.assertEqual(expectedQuery, receivedQuery)
-class TestDOHForwardedToTCPOnly(DNSDistDOHTest):
+class TestDOHWithPKCS12CertNGHTTP2(DOHWithPKCS12Cert, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+
+class TestDOHWithPKCS12CertH2O(DOHWithPKCS12Cert, DNSDistDOHTest):
+ _dohLibrary = 'h2o'
+
+class DOHForwardedToTCPOnly(object):
_serverKey = 'server.key'
_serverCert = 'server.chain'
_serverName = 'tls.tests.dnsdist.org'
_dohBaseURL = ("https://%s:%d/" % (_serverName, _dohServerPort))
_config_template = """
newServer{address="127.0.0.1:%s", tcpOnly=true}
- addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" })
+ addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" }, {library='%s'})
"""
- _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey']
+ _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary']
def testDOHTCPOnly(self):
"""
self.assertEqual(receivedQuery, query)
self.assertEqual(receivedResponse, response)
-class TestDOHLimits(DNSDistDOHTest):
+class TestDOHForwardedToTCPOnlyNGHTTP2(DOHForwardedToTCPOnly, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+
+class TestDOHForwardedToTCPOnlyH2O(DOHForwardedToTCPOnly, DNSDistDOHTest):
+ _dohLibrary = 'h2o'
+
+class DOHLimits(object):
_serverName = 'tls.tests.dnsdist.org'
_caCert = 'ca.pem'
_dohServerPort = pickAvailablePort()
_serverCert = 'server.chain'
_maxTCPConnsPerClient = 3
_config_template = """
- newServer{address="127.0.0.1:%s"}
- addDOHLocal("127.0.0.1:%s", "%s", "%s", { "/" })
- setMaxTCPConnectionsPerClient(%s)
+ newServer{address="127.0.0.1:%d"}
+ addDOHLocal("127.0.0.1:%d", "%s", "%s", { "/" }, {library='%s'})
+ setMaxTCPConnectionsPerClient(%d)
"""
- _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_maxTCPConnsPerClient']
+ _config_params = ['_testServerPort', '_dohServerPort', '_serverCert', '_serverKey', '_dohLibrary', '_maxTCPConnsPerClient']
def testConnsPerClient(self):
"""
self.assertEqual(count, self._maxTCPConnsPerClient)
self.assertEqual(failed, 1)
+
+class TestDOHLimitsNGHTTP2(DOHLimits, DNSDistDOHTest):
+ _dohLibrary = 'nghttp2'
+
+class TestDOHLimitsH2O(DOHLimits, DNSDistDOHTest):
+ _dohLibrary = 'h2o'