ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

chg: test: Rewrite ecdsa system test to pytest

Browse Source 
Merge branch 'mnowak/pytest_rewrite_ecdsa' into 'main'

See merge request isc-projects/bind9!9159
This commit is contained in:
Michal Nowak
2024-12-04 18:32:55 +00:00
parent 44f1b00118 292e919156
commit 6fd5e771eb
5 changed files with 53 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/tests/system/ecdsa/.gitignore vendored
View File

@@ -1,2 +0,0 @@
/ns1/named.conf
/ns2/named.conf

6
bin/tests/system/ecdsa/ns1/sign.sh
View File

@@ -41,17 +41,11 @@ fi
if [ $ECDSAP256SHA256_SUPPORTED = 1 ]; then if [ $ECDSAP256SHA256_SUPPORTED = 1 ]; then
keyfile_to_static_ds $ksk256 >trusted.conf keyfile_to_static_ds $ksk256 >trusted.conf
cp trusted.conf ../ns2/trusted.conf cp trusted.conf ../ns2/trusted.conf
else
keyfile_to_static_ds $ksk384 >trusted.conf
cp trusted.conf ../ns2/trusted.conf
fi fi
if [ $ECDSAP384SHA384_SUPPORTED = 1 ]; then if [ $ECDSAP384SHA384_SUPPORTED = 1 ]; then
keyfile_to_static_ds $ksk384 >trusted.conf keyfile_to_static_ds $ksk384 >trusted.conf
cp trusted.conf ../ns3/trusted.conf cp trusted.conf ../ns3/trusted.conf
else
keyfile_to_static_ds $ksk256 >trusted.conf
cp trusted.conf ../ns3/trusted.conf
fi fi
$SIGNER -P -g -o "$zone" "$zonefile" >/dev/null 2>signer.err || cat signer.err $SIGNER -P -g -o "$zone" "$zonefile" >/dev/null 2>signer.err || cat signer.err

54
bin/tests/system/ecdsa/tests.sh
View File

@@ -1,54 +0,0 @@
#!/bin/sh
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
set -e
. ../conf.sh
status=0
n=0
dig_with_opts() {
"$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@"
}
if [ $ECDSAP256SHA256_SUPPORTED = 1 ]; then
n=$((n + 1))
echo_i "checking that ECDSA256 positive validation works ($n)"
ret=0
dig_with_opts . @10.53.0.1 soa >dig.out.ns1.test$n || ret=1
dig_with_opts . @10.53.0.2 soa >dig.out.ns2.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns2.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
else
echo_i "algorithm ECDSA256 not supported, skipping test"
fi
if [ $ECDSAP384SHA384_SUPPORTED = 1 ]; then
n=$((n + 1))
echo_i "checking that ECDSA384 positive validation works ($n)"
ret=0
dig_with_opts . @10.53.0.1 soa >dig.out.ns1.test$n || ret=1
dig_with_opts . @10.53.0.3 soa >dig.out.ns3.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns3.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns3.test$n >/dev/null || ret=1
if [ $ret != 0 ]; then echo_i "failed"; fi
status=$((status + ret))
else
echo_i "algorithm ECDSA384 not supported, skipping test"
fi
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1

53
bin/tests/system/ecdsa/tests_ecdsa.py Normal file
View File

@@ -0,0 +1,53 @@
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
import os
import pytest
import dns.message
import isctest
pytestmark = pytest.mark.extra_artifacts(
[
"ns*/trusted.conf",
"ns1/K*",
"ns1/dsset-*",
"ns1/root.db",
"ns1/root.db.signed",
"ns1/signer.err",
]
)
def check_server_soa(resolver):
msg = dns.message.make_query(".", "SOA")
msg.flags += dns.flags.AD
res1 = isctest.query.tcp(msg, "10.53.0.1")
res2 = isctest.query.tcp(msg, resolver)
isctest.check.rrsets_equal(res1.answer, res2.answer)
assert res2.flags & dns.flags.AD
@pytest.mark.skipif(
not os.environ["ECDSAP384SHA384_SUPPORTED"],
reason="algorithm ECDSA384 not supported",
)
def test_ecdsa256():
check_server_soa("10.53.0.2")
@pytest.mark.skipif(
not os.environ["ECDSAP256SHA256_SUPPORTED"],
reason="algorithm ECDSA256 not supported",
)
def test_ecdsa384():
check_server_soa("10.53.0.3")

28
bin/tests/system/ecdsa/tests_sh_ecdsa.py
View File

@@ -1,28 +0,0 @@
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# SPDX-License-Identifier: MPL-2.0
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
import pytest
pytestmark = pytest.mark.extra_artifacts(
[
"dig.out.*",
"ns*/trusted.conf",
"ns1/K*",
"ns1/dsset-*",
"ns1/root.db",
"ns1/root.db.signed",
"ns1/signer.err",
]
)
def test_ecdsa(run_tests_sh):
run_tests_sh()