Parse DNSKEY into a dnspython type in isctest.kasp.Key.dnskey

Previously, a DNSKEY string from keyfile was returned. This made the
function brittle for further processing, as the string would have to be
split up, concatenated, and TTL could be missing, making string indices
context-dependent.

Parse the DNSKEY rrset into a proper dnspython object and return it.
This makes the output more predictable and reliable, as all the
neccessary parsing is done by dnspython.

diff --git a/bin/tests/system/isctest/kasp.py b/bin/tests/system/isctest/kasp.py
index 604a4f86693640bae5e0a2ea1535d1272a7e1891..517fe1c5d9eef94c331f6483774d424d78e6ca58 100644 (file)
--- a/bin/tests/system/isctest/kasp.py
+++ b/bin/tests/system/isctest/kasp.py
@@ -20,8 +20,12 @@ import time
 from typing import Dict, List, Optional, Tuple, Union
 
 import dns
+import dns.rdatatype
+import dns.rrset
 import dns.tsig
 
+import pytest
+
 import isctest.log
 import isctest.query
 import isctest.util
@@ -443,12 +447,22 @@ class Key:
                 return int(line.split()[1])
         return 0
 
-    def dnskey(self):
+    @property
+    def dnskey(self) -> dns.rrset.RRset:
+        pytest.importorskip("dns", minversion="2.2.0")  # dns.zonefile.read_rrsets
         with open(self.keyfile, "r", encoding="utf-8") as file:
-            for line in file:
-                if "DNSKEY" in line:
-                    return line.strip()
-        return "undefined"
+            rrsets = dns.zonefile.read_rrsets(
+                file.read(),
+                rdclass=None,  # read rdclass from the file
+                default_ttl=DEFAULT_TTL,  # use this TTL if not present
+            )
+        assert len(rrsets) == 1, f"{self.keyfile} has multiple RRsets"
+        dnskey_rr = rrsets[0]
+        assert len(dnskey_rr) == 1, f"{self.keyfile} has multiple RRs"
+        assert (
+            dnskey_rr.rdtype == dns.rdatatype.DNSKEY
+        ), f"DNSKEY not found in {self.keyfile}"
+        return dnskey_rr
 
     def is_ksk(self) -> bool:
         return self.get_metadata("KSK") == "yes"

diff --git a/bin/tests/system/rollover-multisigner/tests_rollover_multisigner.py b/bin/tests/system/rollover-multisigner/tests_rollover_multisigner.py
index 6b5a624403131bc724bf9e1722fce0dada7997fa..7aad2d98cdf1ccdb6a8766633810aa18bcd5bd90 100644 (file)
--- a/bin/tests/system/rollover-multisigner/tests_rollover_multisigner.py
+++ b/bin/tests/system/rollover-multisigner/tests_rollover_multisigner.py
@@ -102,11 +102,10 @@ def test_rollover_multisigner(ns3, alg, size):
     expected2[0].legacy = True  # noqa
     expected = expected + expected2
 
-    dnskey = newkeys[0].dnskey().split()
-    rdata = " ".join(dnskey[4:])
+    dnskey = newkeys[0].dnskey
 
     update_msg = dns.update.UpdateMessage(zone)
-    update_msg.add(f"{dnskey[0]}", 3600, "DNSKEY", rdata)
+    update_msg.add(dnskey.name, dnskey.ttl, dnskey[0])
     ns3.nsupdate(update_msg)
 
     isctest.kasp.check_dnssec_verify(ns3, zone)
@@ -118,11 +117,10 @@ def test_rollover_multisigner(ns3, alg, size):
     isctest.kasp.check_subdomain(ns3, zone, ksks, zsks)
 
     # Remove ZSKs from the other providers for zone.
-    dnskey2 = extkeys[0].dnskey().split()
-    rdata2 = " ".join(dnskey2[4:])
+    dnskey2 = extkeys[0].dnskey
     update_msg = dns.update.UpdateMessage(zone)
-    update_msg.delete(f"{dnskey[0]}", "DNSKEY", rdata)
-    update_msg.delete(f"{dnskey2[0]}", "DNSKEY", rdata2)
+    update_msg.delete(dnskey.name, dnskey[0])
+    update_msg.delete(dnskey2.name, dnskey2[0])
     ns3.nsupdate(update_msg)
 
     isctest.kasp.check_dnssec_verify(ns3, zone)