class TestDNSCryptAutomaticRotation(DNSCryptTest):
_config_template = """
setKey("%s")
- controlSocket("127.0.0.1:%s")
+ controlSocket("127.0.0.1:%d")
generateDNSCryptCertificate("DNSCryptProviderPrivate.key", "DNSCryptResolver.cert", "DNSCryptResolver.key", %d, %d, %d)
addDNSCryptBind("127.0.0.1:%d", "%s", "DNSCryptResolver.cert", "DNSCryptResolver.key")
- newServer{address="127.0.0.1:%s"}
+ addDNSCryptBind("127.0.0.1:%d", "%s", "DNSCryptResolver.cert", "DNSCryptResolver.key")
+ newServer{address="127.0.0.1:%d"}
local last = 0
- serial = %d
+ local serial = %d
+ dnscrypt_errors = 0
+
function reloadCallback()
local now = os.time()
if ((now - last) > 2) then
serial = serial + 1
- getDNSCryptBind(0):generateAndLoadInMemoryCertificate('DNSCryptProviderPrivate.key', serial, now - 60, now + 120)
+ for idx = 0, getDNSCryptBindCount() - 1 do
+ if not getDNSCryptBind(idx):generateAndLoadInMemoryCertificate('DNSCryptProviderPrivate.key', serial, now - 60, now + 120) then
+ dnscrypt_errors = dnscrypt_errors + 1
+ break
+ end
+ end
last = now
end
end
+
addMaintenanceCallback(reloadCallback)
"""
- _config_params = ['_consoleKeyB64', '_consolePort', '_resolverCertificateSerial', '_resolverCertificateValidFrom', '_resolverCertificateValidUntil', '_dnsDistPortDNSCrypt', '_providerName', '_testServerPort', '_resolverCertificateSerial']
+ _dnsDistPortDNSCrypt2 = pickAvailablePort()
+ _config_params = ['_consoleKeyB64', '_consolePort', '_resolverCertificateSerial', '_resolverCertificateValidFrom', '_resolverCertificateValidUntil', '_dnsDistPortDNSCrypt', '_providerName', '_dnsDistPortDNSCrypt2', '_providerName', '_testServerPort', '_resolverCertificateSerial']
def testCertRotation(self):
"""
DNSCrypt: automatic certificate rotation
"""
- client = dnscrypt.DNSCryptClient(self._providerName, self._providerFingerprint, "127.0.0.1", self._dnsDistPortDNSCrypt)
-
- client.refreshResolverCertificates()
- cert = client.getResolverCertificate()
- self.assertTrue(cert)
- firstSerial = cert.serial
- self.assertGreaterEqual(cert.serial, self._resolverCertificateSerial)
+ clients = []
+ serials = {}
+ for port in [self._dnsDistPortDNSCrypt, self._dnsDistPortDNSCrypt2]:
+ clients.append(dnscrypt.DNSCryptClient(self._providerName, self._providerFingerprint, "127.0.0.1", port))
+
+ for client in clients:
+ client.refreshResolverCertificates()
+ cert = client.getResolverCertificate()
+ self.assertTrue(cert)
+ serials[client] = cert.serial
+ self.assertGreaterEqual(cert.serial, self._resolverCertificateSerial)
time.sleep(3)
- client.refreshResolverCertificates()
- cert = client.getResolverCertificate()
- self.assertTrue(cert)
- secondSerial = cert.serial
- self.assertGreater(cert.serial, firstSerial)
+ for client in clients:
+ client.refreshResolverCertificates()
+ cert = client.getResolverCertificate()
+ self.assertTrue(cert)
+ secondSerial = cert.serial
+ self.assertGreater(cert.serial, serials[client])
name = 'automatic-rotation.dnscrypt.tests.powerdns.com.'
query = dns.message.make_query(name, 'A', 'IN')
'192.2.0.1')
response.answer.append(rrset)
- self.doDNSCryptQuery(client, query, response, False)
- self.doDNSCryptQuery(client, query, response, True)
+ for client in clients:
+ self.doDNSCryptQuery(client, query, response, False)
+ self.doDNSCryptQuery(client, query, response, True)
+
+ counter = self.sendConsoleCommand("return dnscrypt_errors")
+ self.assertEqual(counter.strip(), "0")
projects / thirdparty / pdns.git / commitdiff
