[thirdparty/pdns.git] / regression-tests.recursor-dnssec / test_Expired.py

import errno
import os
import subprocess
import time

import dns
import extendederrors
from recursortests import RecursorTest


class testExpired(RecursorTest):
    """This regression test starts the authoritative servers with a clock that is
    set 15 days into the past. Hence, the recursor must reject the signatures
    because they are expired.
    """
    _confdir = 'Expired'

    _config_template = """dnssec=validate"""

    _auth_env = {'LD_PRELOAD':os.environ.get('LIBFAKETIME'),
                 'FAKETIME':'-15d'}

    def testA(self):
        query = dns.message.make_query('host1.secure.example', 'A')
        res = self.sendUDPQuery(query)

        self.assertRcodeEqual(res, dns.rcode.SERVFAIL)

class testExpiredWithEDE(RecursorTest):
    """This regression test starts the authoritative servers with a clock that is
    set 15 days into the past. Hence, the recursor must reject the signatures
    because they are expired.
    """
    _confdir = 'ExpiredWithEDE'

    _config_template = """
    dnssec=validate
    extended-resolution-errors=yes
    """

    _auth_env = {'LD_PRELOAD':os.environ.get('LIBFAKETIME'),
                 'FAKETIME':'-15d'}

    def testA(self):
        qname = 'host1.secure.example'
        query = dns.message.make_query(qname, 'A', want_dnssec=True)

        for method in ("sendUDPQuery", "sendTCPQuery"):
            sender = getattr(self, method)
            res = sender(query, timeout=5.0)
            self.assertRcodeEqual(res, dns.rcode.SERVFAIL)
            self.assertEqual(res.edns, 0)
            self.assertEqual(len(res.options), 1)
            self.assertEqual(res.options[0].otype, 15)
            self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(7, b''))
Commit	Line	Data
cb54e9b5 PL	1	import errno
	2	import os
	3	import subprocess
	4	import time
	5
	6	import dns
faf36a9b	7	import extendederrors
cb54e9b5 PL	8	from recursortests import RecursorTest
	9
	10
	11	class testExpired(RecursorTest):
	12	"""This regression test starts the authoritative servers with a clock that is
	13	set 15 days into the past. Hence, the recursor must reject the signatures
	14	because they are expired.
	15	"""
	16	_confdir = 'Expired'
	17
	18	_config_template = """dnssec=validate"""
	19
	20	_auth_env = {'LD_PRELOAD':os.environ.get('LIBFAKETIME'),
	21	'FAKETIME':'-15d'}
	22
	23	def testA(self):
	24	query = dns.message.make_query('host1.secure.example', 'A')
	25	res = self.sendUDPQuery(query)
	26
	27	self.assertRcodeEqual(res, dns.rcode.SERVFAIL)
faf36a9b O	28
	29	class testExpiredWithEDE(RecursorTest):
	30	"""This regression test starts the authoritative servers with a clock that is
	31	set 15 days into the past. Hence, the recursor must reject the signatures
	32	because they are expired.
	33	"""
	34	_confdir = 'ExpiredWithEDE'
	35
	36	_config_template = """
	37	dnssec=validate
	38	extended-resolution-errors=yes
	39	"""
	40
	41	_auth_env = {'LD_PRELOAD':os.environ.get('LIBFAKETIME'),
	42	'FAKETIME':'-15d'}
	43
	44	def testA(self):
	45	qname = 'host1.secure.example'
	46	query = dns.message.make_query(qname, 'A', want_dnssec=True)
	47
	48	for method in ("sendUDPQuery", "sendTCPQuery"):
	49	sender = getattr(self, method)
	50	res = sender(query, timeout=5.0)
	51	self.assertRcodeEqual(res, dns.rcode.SERVFAIL)
	52	self.assertEqual(res.edns, 0)
	53	self.assertEqual(len(res.options), 1)
	54	self.assertEqual(res.options[0].otype, 15)
	55	self.assertEqual(res.options[0], extendederrors.ExtendedErrorOption(7, b''))