def test_ptr():
cp = ConfigParser()
cp.parse_data({
'options': [
('instance', 'vpn.example.org'),
],
'vpn.example.org': [
('mname', 'dns.example.org'),
('rname', 'dns.example.org'),
('refresh', '1h'),
('retry', '2h'),
('expire', '3h'),
('minimum', '4h'),
('subnet4', '198.51.100.0/24'),
('status_file', 'tests/samples/one.ovpn-status-v1')
]
})
c = ResolverChain(OpenVpnAuthorityHandler(cp))
reverse = '8.100.51.198.in-addr.arpa'
d = c.query(dns.Query(reverse, dns.PTR, dns.IN))
rr = d.result[0][0]
assert rr.name.name == reverse
payload = rr.payload
assert payload.__class__ == dns.Record_PTR
assert payload.name.name == 'one.vpn.example.org'
def test_suffix_at():
cp = ConfigParser()
cp.parse_data({
'options': [
('instance', 'vpn.example.org'),
],
'vpn.example.org': [
('mname', 'dns.example.org'),
('rname', 'dns.example.org'),
('refresh', '1h'),
('retry', '2h'),
('expire', '3h'),
('minimum', '4h'),
('suffix', '@'),
('status_file', 'tests/samples/no-fqdn.ovpn-status-v1'),
]
})
c = ResolverChain(OpenVpnAuthorityHandler(cp))
# query one:
d = c.query(dns.Query('one.vpn.example.org', dns.A, dns.IN))
rr = d.result[0][0]
assert rr.name.name == 'one.vpn.example.org'
assert rr.payload.__class__ == dns.Record_A
assert rr.payload.address == socket.inet_aton('198.51.100.8')
# query two:
d = c.query(dns.Query('one.two.vpn.example.org', dns.A, dns.IN))
rr = d.result[0][0]
assert rr.name.name == 'one.two.vpn.example.org'
assert rr.payload.__class__ == dns.Record_A
assert rr.payload.address == socket.inet_aton('198.51.100.12')
def test_extra_ns_backwards4():
cp = ConfigParser()
cp.parse_data({
'options': [
('instance', 'vpn.example.org'),
],
'vpn.example.org': [
('mname', 'dns.example.org'),
('rname', 'dns.example.org'),
('refresh', '1h'),
('retry', '2h'),
('expire', '3h'),
('minimum', '4h'),
('subnet4', '198.51.100.0/24'),
('status_file', 'tests/samples/empty.ovpn-status-v1'),
('add_entries', 'ns')
],
'ns': [
('@', 'NS dns-a.example.org'),
('@', 'NS dns-b.example.org')
]
})
c = ResolverChain(OpenVpnAuthorityHandler(cp))
d = c.query(dns.Query('100.51.198.in-addr.arpa', dns.NS, dns.IN))
for rr in d.result[0]:
assert rr.name.name == '100.51.198.in-addr.arpa'
assert rr.payload.__class__ == dns.Record_NS
assert set(map(lambda rr: rr.payload.name.name, d.result[0])) \
== set(('dns-a.example.org', 'dns-b.example.org'))
def test_soa():
cp = ConfigParser()
cp.parse_data({
'options': [
('instance', 'vpn.example.org'),
],
'vpn.example.org': [
('mname', 'dns.example.org'),
('rname', 'dns.example.org'),
('refresh', '1h'),
('retry', '2h'),
('expire', '3h'),
('minimum', '4h'),
('status_file', 'tests/samples/empty.ovpn-status-v1')
]
})
c = ResolverChain(OpenVpnAuthorityHandler(cp))
d = c.query(dns.Query('vpn.example.org', dns.SOA, dns.IN))
rr = d.result[0][0]
assert rr.name.name == 'vpn.example.org'
payload = rr.payload
assert payload.__class__ == dns.Record_SOA
assert payload.mname.name == 'dns.example.org'
assert payload.rname.name == 'dns.example.org'
assert payload.serial == int(os.path.getmtime(
'tests/samples/empty.ovpn-status-v1'))
assert payload.refresh == 3600
assert payload.retry == 2*3600
assert payload.expire == 3*3600
assert payload.minimum == 4*3600
def test_aaaa():
cp = ConfigParser()
cp.parse_data({
'options': [
('instance', 'vpn.example.org'),
],
'vpn.example.org': [
('mname', 'dns.example.org'),
('rname', 'dns.example.org'),
('refresh', '1h'),
('retry', '2h'),
('expire', '3h'),
('minimum', '4h'),
('status_file', 'tests/samples/ipv6.ovpn-status-v1')
]
})
c = ResolverChain(OpenVpnAuthorityHandler(cp))
d = c.query(dns.Query('one.vpn.example.org', dns.AAAA, dns.IN))
rr = d.result[0][0]
assert rr.name.name == 'one.vpn.example.org'
payload = rr.payload
assert payload.__class__ == dns.Record_AAAA
assert IP(socket.inet_ntop(socket.AF_INET6, payload.address)) \
== IP('fddc:abcd:1234::1008')
def test_extra_entries():
cp = ConfigParser()
cp.parse_data({
'options': [
('instance', 'vpn.example.org'),
],
'vpn.example.org': [
('mname', 'dns.example.org'),
('rname', 'dns.example.org'),
('refresh', '1h'),
('retry', '2h'),
('expire', '3h'),
('minimum', '4h'),
('subnet4', '198.51.100.0/24'),
('subnet6', 'fe80::/64'),
('status_file', 'tests/samples/empty.ovpn-status-v1'),
('add_entries', 'all'),
('add_entries', 'all2'),
('add_forward_entries', 'forward'),
('add_backward_entries', 'backward'),
('add_backward4_entries', 'backward4'),
('add_backward6_entries', 'backward6'),
],
'all': [('all', 'A 127.0.0.1')],
'all2': [('all2', 'A 127.0.0.2')],
'forward': [('forward', 'A 127.0.0.3')],
'backward': [('backward', 'A 127.0.0.4')],
'backward4': [('backward4', 'A 127.0.0.5')],
'backward6': [('backward6', 'A 127.0.0.6')],
})
dd = OpenVpnAuthorityHandler(cp)
c = ResolverChain(dd)
def test(name, result):
d = c.query(dns.Query(name, dns.A, dns.IN)).result
if not result:
assert d.__class__ is Failure
else:
assert type(d) is tuple
assert len(d[0]) == 1
assert d[0][0].type == dns.A
assert socket.inet_ntoa(d[0][0].payload.address) == result
# test forward:
test('all.vpn.example.org', '127.0.0.1')
test('all2.vpn.example.org', '127.0.0.2')
test('forward.vpn.example.org', '127.0.0.3')
test('backward.vpn.example.org', False)
test('backward4.vpn.example.org', False)
test('backward6.vpn.example.org', False)
# test backward4:
test('all.100.51.198.in-addr.arpa', '127.0.0.1')
test('all2.100.51.198.in-addr.arpa', '127.0.0.2')
test('forward.100.51.198.in-addr.arpa', False)
test('backward.100.51.198.in-addr.arpa', '127.0.0.4')
test('backward4.100.51.198.in-addr.arpa', '127.0.0.5')
test('backward6.100.51.198.in-addr.arpa', False)
# test backward6:
test('all.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa', '127.0.0.1')
test('all2.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa', '127.0.0.2')
test('forward.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa', False)
test('backward.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa', '127.0.0.4')
test('backward4.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa', False)
test('backward6.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa', '127.0.0.6')
