copy transport test to tpkg and extend more to check tsig

add unit test for tls connection
2017-05-15 14:49:48 +02:00 · 2017-05-15 14:49:48 +02:00 · 21fe94c06e
parent 053845332d
commit 21fe94c06e
3 changed files with 282 additions and 2 deletions
--- a/src/test/check_getdns_context_set_dns_transport.h
+++ b/src/test/check_getdns_context_set_dns_transport.h
@ -288,7 +288,9 @@
        * suspect them to be a bit more reliable.
        */
       struct getdns_list *root_servers = getdns_list_create();
+       struct getdns_list *root_servers2 = getdns_list_create();
       struct getdns_bindata nlnetlabs_root = { 4, (void *)"\xB9\x31\x8D\x25" };
+       struct getdns_bindata *answer = NULL;

       uint32_t status;
       uint32_t type;
@ -304,10 +306,17 @@
           /* Re-do over TCP */
           ASSERT_RC(getdns_dict_set_int(extensions,"return_call_reporting", GETDNS_EXTENSION_TRUE),
             GETDNS_RETURN_GOOD, "Return code from getdns_dict_set_int()");
-           ASSERT_RC(getdns_list_set_bindata(root_servers,0,&nlnetlabs_root),
+           ASSERT_RC(getdns_list_set_bindata(root_servers, 0, &nlnetlabs_root),
             GETDNS_RETURN_GOOD, "Return code from getdns_list_set_bindata()");
+
           ASSERT_RC(getdns_context_set_dns_root_servers(context, root_servers),
             GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_root_servers()");
+           ASSERT_RC(getdns_context_get_dns_root_servers(context, &root_servers2),
+             GETDNS_RETURN_GOOD, "Return code from getdns_context_get_dns_root_servers()");
+           ASSERT_RC(getdns_list_get_bindata(root_servers2, 0, &answer),
+             GETDNS_RETURN_GOOD, "Return code from getdns_list_get_bindata()");
+           ck_assert_msg(strncmp((char *)answer->data, (char *)nlnetlabs_root.data, 4) == 0,
+             "Expected answer data to be 185.49.141.37");
           ASSERT_RC(getdns_context_set_dns_transport(context, GETDNS_TRANSPORT_TCP_ONLY),
             GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport()");
           ASSERT_RC(getdns_context_set_edns_maximum_udp_payload_size(context, 512),
@ -375,6 +384,60 @@
     }
     END_TEST

+     START_TEST (getdns_context_set_dns_transport_recursing_9)
+     {
+       /*
+        * Check TLS
+       */
+       struct getdns_context *context = NULL;
+       getdns_resolution_t resolution_type;
+       getdns_transport_list_t transport_list[1];
+       getdns_transport_list_t *transport_list2;
+       size_t count;
+       getdns_tls_authentication_t auth;
+       uint16_t backoff;
+       uint16_t retries;
+
+       transport_list[0] = GETDNS_TRANSPORT_TLS;
+
+       CONTEXT_CREATE(TRUE);
+
+       ASSERT_RC(getdns_context_set_resolution_type(context, GETDNS_RESOLUTION_STUB),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_set_resolution_type()");
+       ASSERT_RC(getdns_context_get_resolution_type(context, &resolution_type),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_get_resolution_type()");
+       ck_assert_msg(resolution_type == GETDNS_RESOLUTION_STUB, "resolution_type should be stub (520), got %d", (int)resolution_type);
+
+       ASSERT_RC(getdns_context_set_dns_transport_list(context, 1, transport_list),
+	 GETDNS_RETURN_GOOD, "Return code from getdns_context_set_dns_transport_list()");
+       ASSERT_RC(getdns_context_get_dns_transport_list(context, &count, &transport_list2),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_get_dns_transport_list()");
+       ck_assert_msg(transport_list2[0] == GETDNS_TRANSPORT_TLS, "transport_list should be 1202 but got %d", (int) transport_list2[0]);
+
+       ASSERT_RC(getdns_context_set_tls_authentication(context, GETDNS_AUTHENTICATION_REQUIRED),
+	 GETDNS_RETURN_GOOD, "Return cond from getdns_context_set_tls_authentication()");
+       ASSERT_RC(getdns_context_get_tls_authentication(context, &auth),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_authentication()");
+       ck_assert_msg(auth == 1301, "tls_authentication should be 1301, but got %d", (int) auth);
+
+       ASSERT_RC(getdns_context_set_tls_backoff_time(context, 1000),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_set_tls_backoff_time()");
+       ASSERT_RC(getdns_context_get_tls_backoff_time(context, &backoff),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_backoff_time()");
+       ck_assert_msg(backoff == 1000, "backoff should be 1000, but got %d", (int) backoff);
+
+       ASSERT_RC(getdns_context_set_tls_connection_retries(context, 5),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_set_tls_connection_retries()");
+       ASSERT_RC(getdns_context_get_tls_connection_retries(context, &retries),
+         GETDNS_RETURN_GOOD, "Return code from getdns_context_get_tls_connection_retries()");
+       ck_assert_msg(retries == 5, "retries should be 5 but got %d", (int) retries);
+
+      /*TODO: should extend the test */
+      CONTEXT_DESTROY;
+
+     }
+     END_TEST
+



@ -399,7 +462,8 @@
       tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_6);     
       tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_7);
       tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_8);
-       /* TODO: TLS... */
+       /*  TLS */
+       tcase_add_test(tc_pos, getdns_context_set_dns_transport_recursing_9);

       suite_add_tcase(s, tc_pos);

--- a/src/test/tpkg/290-transports.tpkg/290-transports.dsc
+++ b/src/test/tpkg/290-transports.tpkg/290-transports.dsc
@ -0,0 +1,16 @@
+BaseName: 290-transports
+Version: 1.0
+Description: Run the test_transports
+CreationDate: di  9 mei 2017 14:16:58 CEST
+Maintainer: Hoda Rohani
+Category: 
+Component:
+CmdDepends: 
+Depends: 110-link.tpkg
+Help:
+Pre: 
+Post: 
+Test: 290-transports.test
+AuxFiles: 
+Passed:
+Failure:
--- a/src/test/tpkg/290-transports.tpkg/290-transports.test
+++ b/src/test/tpkg/290-transports.tpkg/290-transports.test
@ -0,0 +1,200 @@
+# #-- 290-transports.test --#
+# source the master var file when it's there
+[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master
+# use .tpkg.var.test for in test variable passing
+[ -f .tpkg.var.test ] && source .tpkg.var.test
+
+SERVER_IP="8.8.8.8"
+SERVER_IPv6="2001:4860:4860::8888"
+
+SERVER_IP_TSIG="185.49.141.37^"
+SERVER_IPv6_TSIG="2a04:b900:0:100::37^"
+TSIG_ALG="hmac-md5.sig-alg.reg.int"
+TSIG_NAME="hmac-md5.tsigs.getdnsapi.net"
+TSIG_SECRET="16G69OTeXW6xSQ=="
+
+TLS_SERVER_IP="185.49.141.38~getdnsapi.net"
+TLS_SERVER_IPv6="2a04:b900:0:100::38~getdnsapi.net"
+TLS_SERVER_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc9S="
+TLS_SERVER_WRONG_KEY="foxZRnIh9gZpWnl+zEiKa0EJ2rdCGroMWm02gaxSc1S="
+
+TLS_SERVER_SS_IP="184.105.193.78~tls-dns-u.odvr.dns-oarc.net"  #Self signed cert
+TLS_SERVER_SS_KEY="pOXrpUt9kgPgbWxBFFcBTbRH2heo2wHwXp1fd4AEVXI="
+
+GOOD_RESULT_SYNC="Status was: At least one response was returned"
+GOOD_RESULT_ASYNC="successful"
+BAD_RESULT_SYNC="1 'Generic error'"
+BAD_RESULT_ASYNC="callback_type of 703"
+BAD_RESULT_TRANSPORT="None of the configured upstreams could be used to send queries on the specified transports"
+BAD_RESULT_NO_NAME="GETDNS_RESPSTATUS_NO_NAME"
+NUM_ARGS=3
+GOOD_COUNT=0
+FAIL_COUNT=0
+
+
+check_auth () {
+	local my_auth_ok=0;
+	auth_result=`echo $1 | sed 's/.*tls_auth_status\": <bindata of "//' | sed 's/\">.*//'`
+	if [[ $2 == "-" ]] ; then
+		my_auth_ok=1;
+	fi
+	if [[ $2 == "N" ]] && [[ $auth_result == "None" ]]; then
+		my_auth_ok=1;
+	fi
+	if [[ $2 == "F" ]] && [[ $auth_result == "Failed" ]]; then
+		my_auth_ok=1;
+	fi
+	if [[ $2 == "S" ]] && [[ $auth_result == "Success" ]]; then
+		my_auth_ok=1;
+	fi
+	echo $my_auth_ok;
+}
+
+check_trans () {
+	local my_trans_ok=0;
+	trans_result=`echo $1 | sed "s/.*\"transport\": GETDNS_TRANSPORT_//" | sed 's/ }.*//' | sed 's/,.*//'`
+	if [[ $2 == "U" ]] && [[ $trans_result == "UDP" ]]; then
+		my_trans_ok=1;
+	fi
+	if [[ $2 == "T" ]] && [[ $trans_result == "TCP" ]]; then
+		my_trans_ok=1;
+	fi
+	if [[ $2 == "L" ]] && [[ $trans_result == "TLS" ]]; then
+		my_trans_ok=1;
+	fi
+	echo $my_trans_ok;
+}
+
+check_good () {
+	auth_ok=0;
+	result_ok=0;
+	trans_ok=0;
+	result=`echo $1 | sed 's/ All done.'// | sed 's/.*Response code was: GOOD. '//`
+	async_success=`echo $result | grep -c "$GOOD_RESULT_ASYNC"`
+	if [[ $result =~ $GOOD_RESULT_SYNC ]] || [[ $async_success =~ 1 ]]; then
+		result_ok=1;
+	fi
+	if [[ $result_ok == 1 ]] ; then
+		trans_ok=$(check_trans "$1" "$2")
+		auth_ok=$(check_auth "$1" "$3")
+	fi
+	if [[ $result_ok == 1 ]] && [[ $auth_ok == 1 ]] && [[ $trans_ok == 1 ]]; then
+		(( GOOD_COUNT++ ))
+		echo -n "PASS: "
+	else
+		(( FAIL_COUNT++ ))
+		echo "FAIL (RESULT): Result: $result  Auth: $auth_ok  Trans: $trans_ok"
+		echo -n "FAIL: "
+	fi
+}
+
+check_bad () {
+	result=`echo $1 | grep "An error occurred:" | tail -1 | sed 's/ All done.'//`
+	error=` echo $result | sed 's/An error occurred: //'`
+
+	if [[ -z $result ]]; then
+		result=`echo $1 | grep "GETDNS_RESPSTATUS_NO_NAME" `
+		error=` echo $result | sed 's/"status": //'`
+	fi
+
+	if [[ ! -z $result ]]; then
+		if [[ $error =~ $BAD_RESULT_SYNC ]] || [[ $error =~ $BAD_RESULT_ASYNC ]] || [[ $error =~ $BAD_RESULT_TRANSPORT ]] || [[ $error =~ $BAD_RESULT_NO_NAME ]]; then
+				(( GOOD_COUNT++ ))
+				echo -n "PASS:"
+			else
+				(( FAIL_COUNT++ ))
+				echo "FAIL (RESULT): " $error
+				echo -n "FAIL: "
+		fi
+	else
+		(( FAIL_COUNT++ ))
+		echo "FAIL (RESULT): " $1
+		echo -n "FAIL: "
+	fi
+}
+
+for (( ii = 0; ii < 2; ii++)); do
+	if [[ ii -eq 1 ]]; then
+		SERVER_IP=$SERVER_IPv6
+		TLS_SERVER_IP=$TLS_SERVER_IPv6
+                SERVER_IP_TSIG=$SERVER_IPv6_TSIG
+		echo "Using IPv6"
+	fi
+	TLS_SERVER_IP_NO_NAME=`echo ${TLS_SERVER_IP%~*}`
+	TLS_SERVER_SS_IP_NO_NAME=`echo ${TLS_SERVER_SS_IP%~*}`
+	TLS_SERVER_IP_WRONG_NAME=`echo ${TLS_SERVER_IP::${#TLS_SERVER_IP}-1}`
+	SERVER_IP_TSIG_WRONG_NAME=`echo ${SERVER_IP_TSIG}${TSIG_ALG}":"${TSIG_NAME::${#TSIG_NAME}-1}":"${TSIG_SECRET}`
+	SERVER_IP_TSIG_WRONG_SECRET=`echo ${SERVER_IP_TSIG}${TSIG_ALG}":"${TSIG_NAME}":"${TSIG_SECRET::${#TSIG_SECRET}-1}`
+
+	NUM_GOOD_QUERIES=10
+	GOOD_QUERIES=(
+	"-s -A  getdnsapi.net -l U        @${SERVER_IP} +edns_cookies"              "U" "-"
+	"-s -A  getdnsapi.net -l T        @${SERVER_IP}"              "T" "-"
+	"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_ALG}:${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
+	"-s -A  getdnsapi.net -l U        @${SERVER_IP_TSIG}${TSIG_NAME}:${TSIG_SECRET}" "U" "-"
+	"-s -A  getdnsapi.net -l L        @${TLS_SERVER_IP_NO_NAME}"  "L" "N"
+	"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP}"          "L" "S"
+	"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
+	"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_IP} -K pin-sha256=\"${TLS_SERVER_KEY}\"" "L" "S"
+	"-s -A  getdnsapi.net -l L -m     @${TLS_SERVER_SS_IP_NO_NAME} -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"" "L" "S"
+	"-s -G DNSKEY getdnsapi.net -l U  @${SERVER_IP} -b 512 -D" "U" "-")
+
+	NUM_GOOD_FB_QUERIES=6
+	GOOD_FALLBACK_QUERIES=(
+	"-s -A getdnsapi.net -l LU     @${SERVER_IP}" "U" "-"
+	"-s -A getdnsapi.net -l LT     @${SERVER_IP}" "T" "-" 
+	"-s -A getdnsapi.net -l LT     @${TLS_SERVER_IP_NO_NAME}" "L" "N"
+	"-s -A getdnsapi.net -l LT -m  @${TLS_SERVER_IP_NO_NAME}" "L" "N"
+	"-s -A getdnsapi.net -l L      @${SERVER_IP} @${TLS_SERVER_IP_NO_NAME}" "L" "-"
+	"-s -G DNSKEY getdnsapi.net -l UT  @${SERVER_IP} -b 512 -D" "T" "-")
+
+	NOT_AVAILABLE_QUERIES=(
+	"-s -A getdnsapi.net -l L      @${SERVER_IP}"
+	"-s -A getdnsapi.net -l U      @${SERVER_IP_TSIG_WRONG_NAME}"
+	"-s -A getdnsapi.net -l U      @${SERVER_IP_TSIG_WRONG_SECRET}"
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_WRONG_NAME}"
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_NO_NAME}"
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_NO_NAME}    -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\""
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP}            -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\""
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_KEY}\""
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_IP_WRONG_NAME} -K pin-sha256=\"${TLS_SERVER_WRONG_KEY}\""
+	"-s -A getdnsapi.net -l L -m   @${TLS_SERVER_SS_IP}         -K pin-sha256=\"${TLS_SERVER_SS_KEY}\"")
+
+
+	echo "Starting transport test"
+	echo
+	for (( i = 0; i < 2; i+=1 )); do
+		if [[ i -eq 0 ]]; then
+			echo "**SYNC Mode**"
+		else
+			echo
+			echo "**ASYNC Mode**"
+			SYNC_MODE=" -a "
+		fi
+		echo "*Success cases:"
+		for (( j = 0; j < $NUM_GOOD_QUERIES; j+=1 )); do
+		  check_good "`"${GETDNS_QUERY}" +return_call_reporting $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]} `" ${GOOD_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_QUERIES[$((j*NUM_ARGS))+2]}
+		  echo "getdns_query $SYNC_MODE ${GOOD_QUERIES[$j*$NUM_ARGS]}"
+		  (( COUNT++ ))
+		done
+		
+		echo "*Success fallback cases:"
+		for (( j = 0; j < $NUM_GOOD_FB_QUERIES; j+=1 )); do
+		    check_good "`"${GETDNS_QUERY}" +return_call_reporting $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]} 2>/dev/null`" ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}
+		    echo "getdns_query $SYNC_MODE ${GOOD_FALLBACK_QUERIES[$j*$NUM_ARGS]}  TESTS: ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+1]} ${GOOD_FALLBACK_QUERIES[$((j*NUM_ARGS))+2]}"
+		    (( COUNT++ ))
+		done
+		
+		echo "*Transport not available cases:"
+		for (( j = 0; j < ${#NOT_AVAILABLE_QUERIES[@]}; j+=1 )); do
+			check_bad "`"${GETDNS_QUERY}" $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]} 2>&1`"
+			echo "getdns_query $SYNC_MODE ${NOT_AVAILABLE_QUERIES[${j}]}"
+			(( COUNT++ ))
+		done
+	done
+	echo
+done
+
+echo
+echo "Finished transport test: did $COUNT queries, $GOOD_COUNT passes, $FAIL_COUNT failures"
+echo