From 9d0262a92c0cf105d12f524f4f103abe913458ae Mon Sep 17 00:00:00 2001 From: Bob Halley Date: Sun, 6 Aug 2023 10:46:22 -0700 Subject: [PATCH] test inception, expiration, and lifetime when signing --- tests/test_dnssec.py | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/tests/test_dnssec.py b/tests/test_dnssec.py index a9e21411..c4a8d684 100644 --- a/tests/test_dnssec.py +++ b/tests/test_dnssec.py @@ -981,6 +981,33 @@ class DNSSECMiscTestCase(unittest.TestCase): ts = dns.dnssec.to_timestamp(441812220) self.assertEqual(ts, REFERENCE_TIMESTAMP) + def testInceptionExpiration(self): + zsk_private_key = ed25519.Ed25519PrivateKey.generate() + zsk_dnskey = dns.dnssec.make_dnskey( + public_key=zsk_private_key.public_key(), + algorithm=dns.dnssec.Algorithm.ED25519, + ) + signer = dns.name.from_text("example") + a_rrset = dns.rrset.from_text(signer, 300, "IN", "A", "10.0.0.1") + inception = 10 + expiration = inception + 86400 + a_rrsig = dns.dnssec.sign( + a_rrset, zsk_private_key, signer, zsk_dnskey, inception, expiration + ) + self.assertEqual(a_rrsig.inception, inception) + self.assertEqual(a_rrsig.expiration, expiration) + a_rrsig = dns.dnssec.sign( + a_rrset, zsk_private_key, signer, zsk_dnskey, inception, lifetime=86400 + ) + self.assertEqual(a_rrsig.inception, inception) + self.assertEqual(a_rrsig.expiration, expiration) + a_rrsig = dns.dnssec.sign( + a_rrset, zsk_private_key, signer, zsk_dnskey, lifetime=86400 + ) + self.assertEqual(a_rrsig.expiration - a_rrsig.inception, 86400) + # Allow a little slop in case the clock ticks. + self.assertTrue(time.time() - a_rrsig.inception <= 2) + def do_test_sign_zone(self, relativize): zone = dns.zone.from_text( test_zone_sans_nsec, "example.", relativize=relativize -- 2.47.3