File: test_zonedigest.py

package info (click to toggle)
dnspython 2.7.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,448 kB
  • sloc: python: 34,885; sh: 7; makefile: 4
file content (199 lines) | stat: -rw-r--r-- 9,119 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
 
# Copyright (C) Dnspython Contributors, see LICENSE for text of ISC license

import io
import textwrap
import unittest

import dns.rdata
import dns.rrset
import dns.zone


class ZoneDigestTestCase(unittest.TestCase):
    # Examples from RFC 8976, fixed per errata.

    simple_example = textwrap.dedent(
        """
        example.      86400  IN  SOA     ns1 admin 2018031900 (
                                         1800 900 604800 86400 )
                      86400  IN  NS      ns1
                      86400  IN  NS      ns2
                      86400  IN  ZONEMD  2018031900 1 1 (
                                         c68090d90a7aed71
                                         6bc459f9340e3d7c
                                         1370d4d24b7e2fc3
                                         a1ddc0b9a87153b9
                                         a9713b3c9ae5cc27
                                         777f98b8e730044c )
        ns1           3600   IN  A       203.0.113.63
        ns2           3600   IN  AAAA    2001:db8::63
    """
    )

    complex_example = textwrap.dedent(
        """
        example.      86400  IN  SOA     ns1 admin 2018031900 (
                                         1800 900 604800 86400 )
                      86400  IN  NS      ns1
                      86400  IN  NS      ns2
                      86400  IN  ZONEMD  2018031900 1 1 (
                                         a3b69bad980a3504
                                         e1cffcb0fd6397f9
                                         3848071c93151f55
                                         2ae2f6b1711d4bd2
                                         d8b39808226d7b9d
                                         b71e34b72077f8fe )
        ns1           3600   IN  A       203.0.113.63
        NS2           3600   IN  AAAA    2001:db8::63
        occluded.sub  7200   IN  TXT     "I'm occluded but must be digested"
        sub           7200   IN  NS      ns1
        duplicate     300    IN  TXT     "I must be digested just once"
        duplicate     300    IN  TXT     "I must be digested just once"
        foo.test.     555    IN  TXT     "out-of-zone data must be excluded"
        UPPERCASE     3600   IN  TXT     "canonicalize uppercase owner names"
        *             777    IN  PTR     dont-forget-about-wildcards
        mail          3600   IN  MX      20 MAIL1
        mail          3600   IN  MX      10 Mail2.Example.
        sortme        3600   IN  AAAA    2001:db8::5:61
        sortme        3600   IN  AAAA    2001:db8::3:62
        sortme        3600   IN  AAAA    2001:db8::4:63
        sortme        3600   IN  AAAA    2001:db8::1:65
        sortme        3600   IN  AAAA    2001:db8::2:64
        non-apex      900    IN  ZONEMD  2018031900 1 1 (
                                         616c6c6f77656420
                                         6275742069676e6f
                                         7265642e20616c6c
                                         6f77656420627574
                                         2069676e6f726564
                                         2e20616c6c6f7765 )
    """
    )

    multiple_digests_example = textwrap.dedent(
        """
        example.      86400  IN  SOA     ns1 admin 2018031900 (
                                         1800 900 604800 86400 )
        example.      86400  IN  NS      ns1.example.
        example.      86400  IN  NS      ns2.example.
        example.      86400  IN  ZONEMD  2018031900 1 1 (
                                         62e6cf51b02e54b9
                                         b5f967d547ce4313
                                         6792901f9f88e637
                                         493daaf401c92c27
                                         9dd10f0edb1c56f8
                                         080211f8480ee306 )
        example.      86400  IN  ZONEMD  2018031900 1 2 (
                                         08cfa1115c7b948c
                                         4163a901270395ea
                                         226a930cd2cbcf2f
                                         a9a5e6eb85f37c8a
                                         4e114d884e66f176
                                         eab121cb02db7d65
                                         2e0cc4827e7a3204
                                         f166b47e5613fd27 )
        example.      86400  IN  ZONEMD  2018031900 1 240 (
                                         e2d523f654b9422a
                                         96c5a8f44607bbee )
        example.      86400  IN  ZONEMD  2018031900 241 1 (
                                         e1846540e33a9e41
                                         89792d18d5d131f6
                                         05fc283eaaaaaaaa
                                         aaaaaaaaaaaaaaaa
                                         aaaaaaaaaaaaaaaa
                                         aaaaaaaaaaaaaaaa)
        ns1.example.  3600   IN  A       203.0.113.63
        ns2.example.  86400  IN  TXT     "This example has multiple digests"
        NS2.EXAMPLE.  3600   IN  AAAA    2001:db8::63
    """
    )

    def _get_zonemd(self, zone):
        return zone.get_rdataset(zone.origin, "ZONEMD")

    def test_zonemd_simple(self):
        zone = dns.zone.from_text(self.simple_example, origin="example")
        zone.verify_digest()
        zonemd = self._get_zonemd(zone)
        self.assertEqual(zonemd[0], zone.compute_digest(zonemd[0].hash_algorithm))

    def test_zonemd_simple_absolute(self):
        zone = dns.zone.from_text(
            self.simple_example, origin="example", relativize=False
        )
        zone.verify_digest()
        zonemd = self._get_zonemd(zone)
        self.assertEqual(zonemd[0], zone.compute_digest(zonemd[0].hash_algorithm))

    def test_zonemd_complex(self):
        zone = dns.zone.from_text(self.complex_example, origin="example")
        zone.verify_digest()
        zonemd = self._get_zonemd(zone)
        self.assertEqual(zonemd[0], zone.compute_digest(zonemd[0].hash_algorithm))

    def test_zonemd_multiple_digests(self):
        zone = dns.zone.from_text(self.multiple_digests_example, origin="example")
        zone.verify_digest()

        zonemd = self._get_zonemd(zone)
        for rr in zonemd:
            if rr.scheme == 1 and rr.hash_algorithm in (1, 2):
                zone.verify_digest(rr)
                self.assertEqual(rr, zone.compute_digest(rr.hash_algorithm))
            else:
                with self.assertRaises(dns.zone.DigestVerificationFailure):
                    zone.verify_digest(rr)

    def test_zonemd_no_digest(self):
        zone = dns.zone.from_text(self.simple_example, origin="example")
        zone.delete_rdataset(dns.name.empty, "ZONEMD")
        with self.assertRaises(dns.zone.NoDigest):
            zone.verify_digest()

    sha384_hash = "ab" * 48
    sha512_hash = "ab" * 64

    def test_zonemd_parse_rdata(self):
        dns.rdata.from_text("IN", "ZONEMD", "100 1 1 " + self.sha384_hash)
        dns.rdata.from_text("IN", "ZONEMD", "100 1 2 " + self.sha512_hash)
        dns.rdata.from_text("IN", "ZONEMD", "100 100 1 " + self.sha384_hash)
        dns.rdata.from_text("IN", "ZONEMD", "100 1 100 abcd")

    def test_zonemd_unknown_scheme(self):
        zone = dns.zone.from_text(self.simple_example, origin="example")
        with self.assertRaises(dns.zone.UnsupportedDigestScheme):
            zone.compute_digest(dns.zone.DigestHashAlgorithm.SHA384, 2)

    def test_zonemd_unknown_hash_algorithm(self):
        zone = dns.zone.from_text(self.simple_example, origin="example")
        with self.assertRaises(dns.zone.UnsupportedDigestHashAlgorithm):
            zone.compute_digest(5)

    def test_zonemd_invalid_digest_length(self):
        with self.assertRaises(dns.exception.SyntaxError):
            dns.rdata.from_text("IN", "ZONEMD", "100 1 2 " + self.sha384_hash)
        with self.assertRaises(dns.exception.SyntaxError):
            dns.rdata.from_text("IN", "ZONEMD", "100 2 1 " + self.sha512_hash)

    def test_zonemd_parse_rdata_reserved(self):
        with self.assertRaises(dns.exception.SyntaxError):
            dns.rdata.from_text("IN", "ZONEMD", "100 0 1 " + self.sha384_hash)
        with self.assertRaises(dns.exception.SyntaxError):
            dns.rdata.from_text("IN", "ZONEMD", "100 1 0 " + self.sha384_hash)

    sorting_zone = textwrap.dedent(
        """
    @  86400  IN  SOA     ns1 admin 2018031900 (
                                     1800 900 604800 86400 )
              86400  IN  NS      ns1
              86400  IN  NS      ns2
              86400  IN  RP      n1.example. a.
              86400  IN  RP      n1. b.
    """
    )

    def test_relative_zone_sorting(self):
        z1 = dns.zone.from_text(self.sorting_zone, "example.", relativize=True)
        z2 = dns.zone.from_text(self.sorting_zone, "example.", relativize=False)
        zmd1 = z1.compute_digest(dns.zone.DigestHashAlgorithm.SHA384)
        zmd2 = z2.compute_digest(dns.zone.DigestHashAlgorithm.SHA384)
        self.assertEqual(zmd1, zmd2)