Checkpoint ZONEMD support.

author: Brian Wellington <bwelling@xbill.org> 2021-02-24 10:15:46 -0800
committer: Brian Wellington <bwelling@xbill.org> 2021-02-24 10:15:46 -0800
commit: 41056eeb7430e54f42d67fd5019a76fe97df049c (patch)
tree: 7de60ec62ef101405f912bfd5c077a858d4bbadf /tests
parent: 713571c98ab0604a44cad1a4086980cb574798fd (diff)
download: dnspython-41056eeb7430e54f42d67fd5019a76fe97df049c.tar.gz
5 files changed, 163 insertions, 0 deletions
diff --git a/tests/example b/tests/example
index b9a802b..86af9dd 100644
--- a/tests/example
+++ b/tests/example
@@ -236,6 +236,10 @@ amtrelay04              AMTRELAY  10 0 2 2001:db8::15
 amtrelay05              AMTRELAY 128 1 3 amtrelays.example.com.
 csync0			CSYNC 12345 0 A MX RRSIG NSEC TYPE1234
 avc01			AVC "app-name:WOLFGANG|app-class:OAM|business=yes"
+zonemd01                ZONEMD 2018031900 1 1 62e6cf51b02e54b9 b5f967d547ce4313 6792901f9f88e637 493daaf401c92c27 9dd10f0edb1c56f8 080211f8480ee306
+zonemd02                ZONEMD 2018031900 1 2 08cfa1115c7b948c 4163a901270395ea 226a930cd2cbcf2f a9a5e6eb85f37c8a 4e114d884e66f176 eab121cb02db7d65 2e0cc4827e7a3204 f166b47e5613fd27
+zonemd03                ZONEMD 2018031900 1 240 e2d523f654b9422a 96c5a8f44607bbee
+zonemd04                ZONEMD 2018031900 241 1 e1846540e33a9e41 89792d18d5d131f6 05fc283e aaaaaaaa aaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaa aaaaaaaaaaaaaaa
 svcb01                  SVCB (
 100 foo.com. mandatory="alpn,port" alpn="h2,h3" no-default-alpn port="12345"
 echconfig="abcd" ipv4hint=1.2.3.4,4.3.2.1 ipv6hint=1::2,3::4 key12345="foo"
diff --git a/tests/example1.good b/tests/example1.good
index 03fd08d..c1ddfd4 100644
--- a/tests/example1.good
+++ b/tests/example1.good
@@ -147,3 +147,7 @@ wks01 3600 IN WKS 10.0.0.1 6 0 1 2 21 23
 wks02 3600 IN WKS 10.0.0.1 17 0 1 2 53
 wks03 3600 IN WKS 10.0.0.2 6 65535
 x2501 3600 IN X25 "123456789"
+zonemd01 3600 IN ZONEMD 2018031900 1 1 62e6cf51b02e54b9b5f967d547ce43136792901f9f88e637493daaf401c92c279dd10f0edb1c56f8080211f8480ee306
+zonemd02 3600 IN ZONEMD 2018031900 1 2 08cfa1115c7b948c4163a901270395ea226a930cd2cbcf2fa9a5e6eb85f37c8a4e114d884e66f176eab121cb02db7d652e0cc4827e7a3204f166b47e5613fd27
+zonemd03 3600 IN ZONEMD 2018031900 1 240 e2d523f654b9422a96c5a8f44607bbee
+zonemd04 3600 IN ZONEMD 2018031900 241 1 e1846540e33a9e4189792d18d5d131f605fc283eaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
diff --git a/tests/example2.good b/tests/example2.good
index 64696ce..ac14e20 100644
--- a/tests/example2.good
+++ b/tests/example2.good
@@ -147,3 +147,7 @@ wks01.example. 3600 IN WKS 10.0.0.1 6 0 1 2 21 23
 wks02.example. 3600 IN WKS 10.0.0.1 17 0 1 2 53
 wks03.example. 3600 IN WKS 10.0.0.2 6 65535
 x2501.example. 3600 IN X25 "123456789"
+zonemd01.example. 3600 IN ZONEMD 2018031900 1 1 62e6cf51b02e54b9b5f967d547ce43136792901f9f88e637493daaf401c92c279dd10f0edb1c56f8080211f8480ee306
+zonemd02.example. 3600 IN ZONEMD 2018031900 1 2 08cfa1115c7b948c4163a901270395ea226a930cd2cbcf2fa9a5e6eb85f37c8a4e114d884e66f176eab121cb02db7d652e0cc4827e7a3204f166b47e5613fd27
+zonemd03.example. 3600 IN ZONEMD 2018031900 1 240 e2d523f654b9422a96c5a8f44607bbee
+zonemd04.example. 3600 IN ZONEMD 2018031900 241 1 e1846540e33a9e4189792d18d5d131f605fc283eaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
diff --git a/tests/example3.good b/tests/example3.good
index 03fd08d..c1ddfd4 100644
--- a/tests/example3.good
+++ b/tests/example3.good
@@ -147,3 +147,7 @@ wks01 3600 IN WKS 10.0.0.1 6 0 1 2 21 23
 wks02 3600 IN WKS 10.0.0.1 17 0 1 2 53
 wks03 3600 IN WKS 10.0.0.2 6 65535
 x2501 3600 IN X25 "123456789"
+zonemd01 3600 IN ZONEMD 2018031900 1 1 62e6cf51b02e54b9b5f967d547ce43136792901f9f88e637493daaf401c92c279dd10f0edb1c56f8080211f8480ee306
+zonemd02 3600 IN ZONEMD 2018031900 1 2 08cfa1115c7b948c4163a901270395ea226a930cd2cbcf2fa9a5e6eb85f37c8a4e114d884e66f176eab121cb02db7d652e0cc4827e7a3204f166b47e5613fd27
+zonemd03 3600 IN ZONEMD 2018031900 1 240 e2d523f654b9422a96c5a8f44607bbee
+zonemd04 3600 IN ZONEMD 2018031900 241 1 e1846540e33a9e4189792d18d5d131f605fc283eaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
diff --git a/tests/test_zonedigest.py b/tests/test_zonedigest.py
new file mode 100644
index 0000000..47629c5
--- /dev/null
+++ b/tests/test_zonedigest.py
@@ -0,0 +1,147 @@
+# Copyright (C) Dnspython Contributors, see LICENSE for text of ISC license
+
+import io
+import textwrap
+import unittest
+
+import dns.rdata
+import dns.rrset
+import dns.zone
+
+class ZoneDigestTestCase(unittest.TestCase):
+    # Examples from RFC 8976, fixed per errata.
+
+    simple_example = textwrap.dedent('''
+        example.      86400  IN  SOA     ns1 admin 2018031900 (
+                                         1800 900 604800 86400 )
+                      86400  IN  NS      ns1
+                      86400  IN  NS      ns2
+                      86400  IN  ZONEMD  2018031900 1 1 (
+                                         c68090d90a7aed71
+                                         6bc459f9340e3d7c
+                                         1370d4d24b7e2fc3
+                                         a1ddc0b9a87153b9
+                                         a9713b3c9ae5cc27
+                                         777f98b8e730044c )
+        ns1           3600   IN  A       203.0.113.63
+        ns2           3600   IN  AAAA    2001:db8::63
+    ''')
+
+    complex_example = textwrap.dedent('''
+        example.      86400  IN  SOA     ns1 admin 2018031900 (
+                                         1800 900 604800 86400 )
+                      86400  IN  NS      ns1
+                      86400  IN  NS      ns2
+                      86400  IN  ZONEMD  2018031900 1 1 (
+                                         a3b69bad980a3504
+                                         e1cffcb0fd6397f9
+                                         3848071c93151f55
+                                         2ae2f6b1711d4bd2
+                                         d8b39808226d7b9d
+                                         b71e34b72077f8fe )
+        ns1           3600   IN  A       203.0.113.63
+        NS2           3600   IN  AAAA    2001:db8::63
+        occluded.sub  7200   IN  TXT     "I'm occluded but must be digested"
+        sub           7200   IN  NS      ns1
+        duplicate     300    IN  TXT     "I must be digested just once"
+        duplicate     300    IN  TXT     "I must be digested just once"
+        foo.test.     555    IN  TXT     "out-of-zone data must be excluded"
+        UPPERCASE     3600   IN  TXT     "canonicalize uppercase owner names"
+        *             777    IN  PTR     dont-forget-about-wildcards
+        mail          3600   IN  MX      20 MAIL1
+        mail          3600   IN  MX      10 Mail2.Example.
+        sortme        3600   IN  AAAA    2001:db8::5:61
+        sortme        3600   IN  AAAA    2001:db8::3:62
+        sortme        3600   IN  AAAA    2001:db8::4:63
+        sortme        3600   IN  AAAA    2001:db8::1:65
+        sortme        3600   IN  AAAA    2001:db8::2:64
+        non-apex      900    IN  ZONEMD  2018031900 1 1 (
+                                         616c6c6f77656420
+                                         6275742069676e6f
+                                         7265642e20616c6c
+                                         6f77656420627574
+                                         2069676e6f726564
+                                         2e20616c6c6f7765 )
+    ''')
+
+    multiple_digests_example = textwrap.dedent('''
+        example.      86400  IN  SOA     ns1 admin 2018031900 (
+                                         1800 900 604800 86400 )
+        example.      86400  IN  NS      ns1.example.
+        example.      86400  IN  NS      ns2.example.
+        example.      86400  IN  ZONEMD  2018031900 1 1 (
+                                         62e6cf51b02e54b9
+                                         b5f967d547ce4313
+                                         6792901f9f88e637
+                                         493daaf401c92c27
+                                         9dd10f0edb1c56f8
+                                         080211f8480ee306 )
+        example.      86400  IN  ZONEMD  2018031900 1 2 (
+                                         08cfa1115c7b948c
+                                         4163a901270395ea
+                                         226a930cd2cbcf2f
+                                         a9a5e6eb85f37c8a
+                                         4e114d884e66f176
+                                         eab121cb02db7d65
+                                         2e0cc4827e7a3204
+                                         f166b47e5613fd27 )
+        example.      86400  IN  ZONEMD  2018031900 1 240 (
+                                         e2d523f654b9422a
+                                         96c5a8f44607bbee )
+        example.      86400  IN  ZONEMD  2018031900 241 1 (
+                                         e1846540e33a9e41
+                                         89792d18d5d131f6
+                                         05fc283eaaaaaaaa
+                                         aaaaaaaaaaaaaaaa
+                                         aaaaaaaaaaaaaaaa
+                                         aaaaaaaaaaaaaaaa)
+        ns1.example.  3600   IN  A       203.0.113.63
+        ns2.example.  86400  IN  TXT     "This example has multiple digests"
+        NS2.EXAMPLE.  3600   IN  AAAA    2001:db8::63
+    ''')
+
+    def test_zonemd_simple(self):
+        zone = dns.zone.from_text(self.simple_example, origin='example')
+        zone.verify_digest()
+
+    def test_zonemd_complex(self):
+        zone = dns.zone.from_text(self.complex_example, origin='example')
+        zone.verify_digest()
+
+    def test_zonemd_multiple_digests(self):
+        zone = dns.zone.from_text(self.multiple_digests_example,
+                                  origin='example')
+        zone.verify_digest()
+
+        zonemd = zone.get_rdataset(zone.origin, 'ZONEMD')
+        for rr in zonemd:
+            if rr.scheme == 1 and rr.hash_algorithm in (1, 2):
+                zone.verify_digest(rr)
+            else:
+                with self.assertRaises(ValueError):
+                    zone.verify_digest(rr)
+
+    sha384_hash = 'ab' * 48
+    sha512_hash = 'ab' * 64
+
+    def test_zonemd_parse_rdata(self):
+        dns.rdata.from_text('IN', 'ZONEMD', '100 1 1 ' + self.sha384_hash)
+        dns.rdata.from_text('IN', 'ZONEMD', '100 1 2 ' + self.sha512_hash)
+        dns.rdata.from_text('IN', 'ZONEMD', '100 100 1 ' + self.sha384_hash)
+        dns.rdata.from_text('IN', 'ZONEMD', '100 1 100 abcd')
+
+    def test_zonemd_unknown_scheme(self):
+        zone = dns.zone.from_text(self.simple_example, origin='example')
+        with self.assertRaises(ValueError):
+            zone.compute_digest(dns.zone.DigestHashAlgorithm.SHA384, 2)
+
+    def test_zonemd_unknown_hash_algorithm(self):
+        zone = dns.zone.from_text(self.simple_example, origin='example')
+        with self.assertRaises(ValueError):
+            zone.compute_digest(5)
+
+    def test_zonemd_invalid_digest_length(self):
+        with self.assertRaises(dns.exception.SyntaxError):
+            dns.rdata.from_text('IN', 'ZONEMD', '100 1 2 ' + self.sha384_hash)
+        with self.assertRaises(dns.exception.SyntaxError):
+            dns.rdata.from_text('IN', 'ZONEMD', '100 2 1 ' + self.sha512_hash)
author	Brian Wellington <bwelling@xbill.org>	2021-02-24 10:15:46 -0800
committer	Brian Wellington <bwelling@xbill.org>	2021-02-24 10:15:46 -0800
commit	41056eeb7430e54f42d67fd5019a76fe97df049c (patch)
tree	7de60ec62ef101405f912bfd5c077a858d4bbadf /tests
parent	713571c98ab0604a44cad1a4086980cb574798fd (diff)
download	dnspython-41056eeb7430e54f42d67fd5019a76fe97df049c.tar.gz