add a few NameServer role DNSSEC tests

2024-03-11 14:15:44 +01:00 · 2024-03-11 14:15:44 +01:00 · 05ffecec45
commit 05ffecec45
parent 4ce9ec9937
6 changed files with 66 additions and 0 deletions
--- a/packages/conformance-tests/src/lib.rs
+++ b/packages/conformance-tests/src/lib.rs
@ -1,3 +1,4 @@
 #![cfg(test)]

+mod name_server;
 mod resolver;
--- a/packages/conformance-tests/src/name_server.rs
+++ b/packages/conformance-tests/src/name_server.rs
@ -0,0 +1 @@
+mod rfc4035;
--- a/packages/conformance-tests/src/name_server/rfc4035.rs
+++ b/packages/conformance-tests/src/name_server/rfc4035.rs
@ -0,0 +1 @@
+mod section_3;
--- a/packages/conformance-tests/src/name_server/rfc4035/section_3.rs
+++ b/packages/conformance-tests/src/name_server/rfc4035/section_3.rs
@ -0,0 +1 @@
+mod section_3_1;
--- a/packages/conformance-tests/src/name_server/rfc4035/section_3/section_3_1.rs
+++ b/packages/conformance-tests/src/name_server/rfc4035/section_3/section_3_1.rs
@ -0,0 +1 @@
+mod section_3_1_1;
--- a/packages/conformance-tests/src/name_server/rfc4035/section_3/section_3_1/section_3_1_1.rs
+++ b/packages/conformance-tests/src/name_server/rfc4035/section_3/section_3_1/section_3_1_1.rs
@ -0,0 +1,61 @@
+use dns_test::client::{Client, DigSettings};
+use dns_test::name_server::NameServer;
+use dns_test::record::{Record, RecordType};
+use dns_test::{Network, Result, FQDN};
+
+#[test]
+fn rrsig_in_answer_section() -> Result<()> {
+    let network = Network::new()?;
+
+    let ns = NameServer::new(&dns_test::subject(), FQDN::ROOT, &network)?
+        .sign()?
+        .start()?;
+
+    let client = Client::new(&network)?;
+    let ns_fqdn = ns.fqdn();
+    let ans = client.dig(
+        *DigSettings::default().dnssec(),
+        ns.ipv4_addr(),
+        RecordType::A,
+        ns_fqdn,
+    )?;
+
+    assert!(ans.status.is_noerror());
+    let [a, rrsig] = ans.answer.try_into().unwrap();
+
+    assert!(matches!(a, Record::A(..)));
+    let rrsig = rrsig.try_into_rrsig().unwrap();
+    assert_eq!(RecordType::A, rrsig.type_covered);
+    assert_eq!(ns_fqdn, &rrsig.fqdn);
+
+    Ok(())
+}
+
+#[test]
+fn rrsig_in_authority_section() -> Result<()> {
+    let network = Network::new()?;
+
+    let ns = NameServer::new(&dns_test::subject(), FQDN::ROOT, &network)?
+        .sign()?
+        .start()?;
+
+    let client = Client::new(&network)?;
+    let ans = client.dig(
+        *DigSettings::default().dnssec(),
+        ns.ipv4_addr(),
+        RecordType::SOA,
+        &FQDN::ROOT,
+    )?;
+
+    assert!(ans.status.is_noerror());
+    let [ns, rrsig] = ans.authority.try_into().unwrap();
+
+    assert!(matches!(ns, Record::NS(..)));
+    let rrsig = rrsig.try_into_rrsig().unwrap();
+    assert_eq!(RecordType::NS, rrsig.type_covered);
+    assert_eq!(FQDN::ROOT, rrsig.fqdn);
+
+    Ok(())
+}
+
+// TODO Additional section