From: Petr Špaček Date: Wed, 7 May 2025 14:58:08 +0000 (+0200) Subject: Dedup NSEC3 get_next_name function X-Git-Tag: v9.21.11~22^2~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9e12a840d80add44fc3a8240b93329959f94f35;p=thirdparty%2Fbind9.git Dedup NSEC3 get_next_name function --- diff --git a/bin/tests/system/dnssec/tests_nsec3.py b/bin/tests/system/dnssec/tests_nsec3.py index 5c5bd9e2aff..3c4efafcfb0 100755 --- a/bin/tests/system/dnssec/tests_nsec3.py +++ b/bin/tests/system/dnssec/tests_nsec3.py @@ -11,13 +11,12 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -import base64 import os from pathlib import Path import pytest -pytest.importorskip("dns", minversion="2.0.0") +pytest.importorskip("dns", minversion="2.5.0") from dns.dnssectypes import NSEC3Hash import dns.dnssec import dns.message @@ -104,23 +103,6 @@ def is_delegated(name, delegations): return False -def get_next_name(rr: dns.rrset.RRset, origin: dns.name.Name) -> dns.name.Name: - """ - Get the domain name of the next NSEC3, given the NSEC3 record 'rr'. - This fetches the value of the Next Hashed Owner Name field, and - creates the domain name by concatenating the decoded hash and the - origin. - """ - # Conversion copied from dnspython.dnssec.nsec3_hash - b32_conversion = str.maketrans( - "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567", "0123456789ABCDEFGHIJKLMNOPQRSTUV" - ) - next_hashed = base64.b32encode(rr.next).decode("utf-8") - next_hashed = next_hashed.translate(b32_conversion) - next_name = dns.name.from_text(next_hashed, origin) - return next_name - - def nsec3_covers(rrset: dns.rrset.RRset, hashed_name: dns.name.Name) -> bool: """ Test if 'hashed_name' is covered by an NSEC3 record in 'rrset'. @@ -128,7 +110,7 @@ def nsec3_covers(rrset: dns.rrset.RRset, hashed_name: dns.name.Name) -> bool: prev_name = rrset.name for nsec3 in rrset: - next_name = get_next_name(nsec3, SUFFIX) + next_name = nsec3.next_name(SUFFIX) # Single name case. if prev_name == next_name: