diff options
| author | Bob Halley <halley@dnspython.org> | 2020-06-19 14:47:53 -0700 |
|---|---|---|
| committer | Bob Halley <halley@dnspython.org> | 2020-06-19 14:47:53 -0700 |
| commit | 59301e72737d26761a1e9d586a5d16a29ba993c7 (patch) | |
| tree | d3043cc69421218b687dd6547be39f62567fbb01 /tests | |
| parent | a9eca93c42192c52ed136bbcd425e54ba9d59fb9 (diff) | |
| download | dnspython-59301e72737d26761a1e9d586a5d16a29ba993c7.tar.gz | |
improve TSIG coverage
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_tsig.py | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/tests/test_tsig.py b/tests/test_tsig.py new file mode 100644 index 0000000..037d5aa --- /dev/null +++ b/tests/test_tsig.py @@ -0,0 +1,66 @@ +# Copyright (C) Dnspython Contributors, see LICENSE for text of ISC license + +import hashlib +import unittest +import time + +import dns.tsig +import dns.tsigkeyring +import dns.message + +keyring = dns.tsigkeyring.from_text( + { + 'keyname.' : 'NjHwPsMKjdN++dOfE5iAiQ==' + } +) + +keyname = dns.name.from_text('keyname') + +class TSIGTestCase(unittest.TestCase): + + def test_get_algorithm(self): + n = dns.name.from_text('hmac-sha256') + (w, alg) = dns.tsig.get_algorithm(n) + self.assertEqual(alg, hashlib.sha256) + (w, alg) = dns.tsig.get_algorithm('hmac-sha256') + self.assertEqual(alg, hashlib.sha256) + self.assertRaises(NotImplementedError, + lambda: dns.tsig.get_algorithm('bogus')) + + def test_sign_and_validate(self): + m = dns.message.make_query('example', 'a') + m.use_tsig(keyring, keyname) + w = m.to_wire() + # not raising is passing + dns.message.from_wire(w, keyring) + + def test_sign_and_validate_with_other_data(self): + m = dns.message.make_query('example', 'a') + other = b'other data' + m.use_tsig(keyring, keyname, other_data=b'other') + w = m.to_wire() + # not raising is passing + dns.message.from_wire(w, keyring) + + def make_message_pair(self, qname='example', rdtype='A'): + q = dns.message.make_query(qname, rdtype) + q.use_tsig(keyring=keyring, keyname=keyname) + q.had_tsig = True # so make_response() does the right thing + q.to_wire() # to set q.mac + r = dns.message.make_response(q) + return(q, r) + + def test_peer_errors(self): + items = [(dns.tsig.BADSIG, dns.tsig.PeerBadSignature), + (dns.tsig.BADKEY, dns.tsig.PeerBadKey), + (dns.tsig.BADTIME, dns.tsig.PeerBadTime), + (dns.tsig.BADTRUNC, dns.tsig.PeerBadTruncation), + (99, dns.tsig.PeerError), + ] + for err, ex in items: + q, r = self.make_message_pair() + r.tsig_error = err + w = r.to_wire() + def bad(): + dns.message.from_wire(w, keyring=keyring, request_mac=q.mac) + self.assertRaises(ex, bad) |