// First, send query from the verify one to the normal one, so
// we initialize something like AXFR
- {
- SCOPED_TRACE("Query");
- ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
- tsig_verify_ctx.get());
- commonVerifyChecks(*tsig_ctx, tsig.get(),
- renderer.getData(), renderer.getLength(),
- TSIGError(Rcode::NOERROR()),
- TSIGContext::RECEIVED_REQUEST);
- }
-
- {
- SCOPED_TRACE("First message");
- ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
- tsig_ctx.get());
- commonVerifyChecks(*tsig_verify_ctx, tsig.get(),
- renderer.getData(), renderer.getLength(),
- TSIGError(Rcode::NOERROR()),
- TSIGContext::VERIFIED_RESPONSE);
- EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
- }
-
- {
- SCOPED_TRACE("Second message");
- ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
- tsig_ctx.get());
- commonVerifyChecks(*tsig_verify_ctx, tsig.get(),
- renderer.getData(), renderer.getLength(),
- TSIGError(Rcode::NOERROR()),
- TSIGContext::VERIFIED_RESPONSE);
- EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
- }
-
- {
- SCOPED_TRACE("Third message. Unsigned.");
- // Another message does not carry the TSIG on it. But it should
- // be OK, it's in the middle of stream.
- message.clear(Message::RENDER);
- message.setQid(1234);
- message.setOpcode(Opcode::QUERY());
- message.setRcode(Rcode::NOERROR());
- RRsetPtr answer_rrset(new RRset(test_name, test_class, RRType::A(),
- test_ttl));
- answer_rrset->addRdata(createRdata(RRType::A(), test_class,
- "192.0.2.1"));
- message.addRRset(Message::SECTION_ANSWER, answer_rrset);
- message.toWire(renderer);
- // Update the internal state. We abuse the knowledge of
- // internals here a little bit to generate correct test data
- tsig_ctx->update(renderer.getData(), renderer.getLength());
-
- commonVerifyChecks(*tsig_verify_ctx, NULL,
- renderer.getData(), renderer.getLength(),
- TSIGError(Rcode::NOERROR()),
- TSIGContext::VERIFIED_RESPONSE);
-
- EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
- }
-
- {
- SCOPED_TRACE("Fourth message. Signed again.");
- ConstTSIGRecordPtr tsig = createMessageAndSign(1234, test_name,
- tsig_ctx.get());
- commonVerifyChecks(*tsig_verify_ctx, tsig.get(),
- renderer.getData(), renderer.getLength(),
- TSIGError(Rcode::NOERROR()),
- TSIGContext::VERIFIED_RESPONSE);
- EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
- }
-
- {
- SCOPED_TRACE("Filling in bunch of unsigned messages");
- for (size_t i = 0; i < 100; ++i) {
- SCOPED_TRACE(i);
- // Another message does not carry the TSIG on it. But it should
- // be OK, it's in the middle of stream.
- message.clear(Message::RENDER);
- message.setQid(1234);
- message.setOpcode(Opcode::QUERY());
- message.setRcode(Rcode::NOERROR());
- RRsetPtr answer_rrset(new RRset(test_name, test_class, RRType::A(),
- test_ttl));
- answer_rrset->addRdata(createRdata(RRType::A(), test_class,
- "192.0.2.1"));
- message.addRRset(Message::SECTION_ANSWER, answer_rrset);
- message.toWire(renderer);
- // Update the internal state. We abuse the knowledge of
- // internals here a little bit to generate correct test data
- tsig_ctx->update(renderer.getData(), renderer.getLength());
-
- // 99 unsigned messages is OK. But the 100th must be signed, according
- // to the RFC2845, section 4.4
- commonVerifyChecks(*tsig_verify_ctx, NULL,
- renderer.getData(), renderer.getLength(),
- i == 99 ? TSIGError::FORMERR() :
- TSIGError(Rcode::NOERROR()),
- TSIGContext::VERIFIED_RESPONSE);
-
- EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
- }
+ // SCOPED_TRACE("Query");
+ ConstTSIGRecordPtr tsigQ = createMessageAndSign(1234, test_name,
+ tsig_verify_ctx.get());
+ commonVerifyChecks(*tsig_ctx, tsigQ.get(),
+ renderer.getData(), renderer.getLength(),
+ TSIGError(Rcode::NOERROR()),
+ TSIGContext::RECEIVED_REQUEST);
+
+ // SCOPED_TRACE("First message");
+ ConstTSIGRecordPtr tsig1 = createMessageAndSign(1234, test_name,
+ tsig_ctx.get());
+ commonVerifyChecks(*tsig_verify_ctx, tsig1.get(),
+ renderer.getData(), renderer.getLength(),
+ TSIGError(Rcode::NOERROR()),
+ TSIGContext::VERIFIED_RESPONSE);
+ EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
+
+ // SCOPED_TRACE("Second message");
+ ConstTSIGRecordPtr tsig2 = createMessageAndSign(1234, test_name,
+ tsig_ctx.get());
+ commonVerifyChecks(*tsig_verify_ctx, tsig2.get(),
+ renderer.getData(), renderer.getLength(),
+ TSIGError(Rcode::NOERROR()),
+ TSIGContext::VERIFIED_RESPONSE);
+ EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
+
+ // SCOPED_TRACE("Third message. Unsigned.");
+ // Another message does not carry the TSIG on it. But it should
+ // be OK, it's in the middle of stream.
+ message.clear(Message::RENDER);
+ message.setQid(1234);
+ message.setOpcode(Opcode::QUERY());
+ message.setRcode(Rcode::NOERROR());
+ RRsetPtr answer_rrset(new RRset(test_name, test_class, RRType::A(),
+ test_ttl));
+ answer_rrset->addRdata(createRdata(RRType::A(), test_class,
+ "192.0.2.1"));
+ message.addRRset(Message::SECTION_ANSWER, answer_rrset);
+ message.toWire(renderer);
+ // Update the internal state. We abuse the knowledge of
+ // internals here a little bit to generate correct test data
+ tsig_ctx->update(renderer.getData(), renderer.getLength());
+
+ commonVerifyChecks(*tsig_verify_ctx, NULL,
+ renderer.getData(), renderer.getLength(),
+ TSIGError(Rcode::NOERROR()),
+ TSIGContext::VERIFIED_RESPONSE);
+
+ EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
+
+ // SCOPED_TRACE("Fourth message. Signed again.");
+ ConstTSIGRecordPtr tsig4 = createMessageAndSign(1234, test_name,
+ tsig_ctx.get());
+ commonVerifyChecks(*tsig_verify_ctx, tsig4.get(),
+ renderer.getData(), renderer.getLength(),
+ TSIGError(Rcode::NOERROR()),
+ TSIGContext::VERIFIED_RESPONSE);
+ EXPECT_TRUE(tsig_verify_ctx->lastHadSignature());
+
+ // SCOPED_TRACE("Filling in bunch of unsigned messages");
+ for (size_t i = 0; i < 100; ++i) {
+ // SCOPED_TRACE(i);
+ // Another message does not carry the TSIG on it. But it should
+ // be OK, it's in the middle of stream.
+ message.clear(Message::RENDER);
+ message.setQid(1234);
+ message.setOpcode(Opcode::QUERY());
+ message.setRcode(Rcode::NOERROR());
+ RRsetPtr answer_rrsetl(new RRset(test_name, test_class, RRType::A(),
+ test_ttl));
+ answer_rrsetl->addRdata(createRdata(RRType::A(), test_class,
+ "192.0.2.1"));
+ message.addRRset(Message::SECTION_ANSWER, answer_rrsetl);
+ message.toWire(renderer);
+ // Update the internal state. We abuse the knowledge of
+ // internals here a little bit to generate correct test data
+ tsig_ctx->update(renderer.getData(), renderer.getLength());
+
+ // 99 unsigned messages is OK. But the 100th must be signed, according
+ // to the RFC2845, section 4.4
+ commonVerifyChecks(*tsig_verify_ctx, NULL,
+ renderer.getData(), renderer.getLength(),
+ i == 99 ? TSIGError::FORMERR() :
+ TSIGError(Rcode::NOERROR()),
+ TSIGContext::VERIFIED_RESPONSE);
+
+ EXPECT_FALSE(tsig_verify_ctx->lastHadSignature());
}
}
projects / thirdparty / kea.git / commitdiff
