From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Sun, 9 Jul 2017 10:29:08 +0000 (+0200)
Subject: dnsdist: Fix the DNSCrypt timestamps returned by the Lua bindings
X-Git-Tag: rec-4.1.0-alpha1~24^2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F5508%2Fhead;p=thirdparty%2Fpdns.git

dnsdist: Fix the DNSCrypt timestamps returned by the Lua bindings

I completely forgot that they were stored in network by-order.
Thanks to bjoe2k4 for reporting the issue!
---

diff --git a/pdns/dnsdist-lua2.cc b/pdns/dnsdist-lua2.cc
index 329f3f041e..b299c83ea8 100644
--- a/pdns/dnsdist-lua2.cc
+++ b/pdns/dnsdist-lua2.cc
@@ -633,8 +633,8 @@ void moreLua(bool client)
     g_lua.registerFunction<std::string(DnsCryptCert::*)()>("getResolverPublicKey", [](const DnsCryptCert& cert) { return std::string(reinterpret_cast<const char*>(cert.signedData.resolverPK), sizeof(cert.signedData.resolverPK)); });
     g_lua.registerFunction<std::string(DnsCryptCert::*)()>("getClientMagic", [](const DnsCryptCert& cert) { return std::string(reinterpret_cast<const char*>(cert.signedData.clientMagic), sizeof(cert.signedData.clientMagic)); });
     g_lua.registerFunction<uint32_t(DnsCryptCert::*)()>("getSerial", [](const DnsCryptCert& cert) { return cert.signedData.serial; });
-    g_lua.registerFunction<uint32_t(DnsCryptCert::*)()>("getTSStart", [](const DnsCryptCert& cert) { return cert.signedData.tsStart; });
-    g_lua.registerFunction<uint32_t(DnsCryptCert::*)()>("getTSEnd", [](const DnsCryptCert& cert) { return cert.signedData.tsEnd; });
+    g_lua.registerFunction<uint32_t(DnsCryptCert::*)()>("getTSStart", [](const DnsCryptCert& cert) { return ntohl(cert.signedData.tsStart); });
+    g_lua.registerFunction<uint32_t(DnsCryptCert::*)()>("getTSEnd", [](const DnsCryptCert& cert) { return ntohl(cert.signedData.tsEnd); });
 #endif
 
     g_lua.writeFunction("generateDNSCryptProviderKeys", [](const std::string& publicKeyFile, const std::string privateKeyFile) {
diff --git a/regression-tests.dnsdist/test_DNSCrypt.py b/regression-tests.dnsdist/test_DNSCrypt.py
index 58abd84e4b..d134264f71 100644
--- a/regression-tests.dnsdist/test_DNSCrypt.py
+++ b/regression-tests.dnsdist/test_DNSCrypt.py
@@ -25,8 +25,8 @@ class DNSCryptTest(DNSDistTest):
     _resolverCertificateSerial = 42
 
     # valid from 60s ago until 2h from now
-    _resolverCertificateValidFrom = time.time() - 60
-    _resolverCertificateValidUntil = time.time() + 7200
+    _resolverCertificateValidFrom = int(time.time() - 60)
+    _resolverCertificateValidUntil = int(time.time() + 7200)
 
     _dnsdistStartupDelay = 10
 
@@ -139,6 +139,15 @@ class TestDNSCrypt(DNSCryptTest):
         # switch to that new certificate
         self.sendConsoleCommand("getDNSCryptBind(0):loadNewCertificate('DNSCryptResolver.cert.2', 'DNSCryptResolver.key.2')")
 
+        oldSerial = self.sendConsoleCommand("getDNSCryptBind(0):getOldCertificate():getSerial()")
+        self.assertEquals(int(oldSerial), self._resolverCertificateSerial)
+        effectiveSerial = self.sendConsoleCommand("getDNSCryptBind(0):getCurrentCertificate():getSerial()")
+        self.assertEquals(int(effectiveSerial), self._resolverCertificateSerial + 1)
+        tsStart = self.sendConsoleCommand("getDNSCryptBind(0):getCurrentCertificate():getTSStart()")
+        self.assertEquals(int(tsStart), self._resolverCertificateValidFrom)
+        tsEnd = self.sendConsoleCommand("getDNSCryptBind(0):getCurrentCertificate():getTSEnd()")
+        self.assertEquals(int(tsEnd), self._resolverCertificateValidUntil)
+
         # we should still be able to send queries with the previous certificate
         self.doDNSCryptQuery(client, query, response, False)
         self.doDNSCryptQuery(client, query, response, True)