示例#1
0
def test_hash_nsec3_name():

    tests = [
        (None, '7f1962f2', 1, 15, None),
        (1, '7f1962f2', 1, 15, None),
        ('', '7f1962f2', 1, 15, 'lsa969sfkmlb6c92ea510pohd54douqu'),
        ('.', '7f1962f2', 1, 15, 'lsa969sfkmlb6c92ea510pohd54douqu'),
        ('001.cst.net.', '7f1962f2', 1, 15, 'uqml1am96tftfmlkagtbs82isr050sh0'),
        ('001.cst.net.', '7F1962F2', 1, 15, 'uqml1am96tftfmlkagtbs82isr050sh0'),
        ('001.001.cst.net.', '7F1962F2', 1, 15, '06es9cggdrorfdd4ns9ahocaikldrrp8'),
        ('test.001.cst.net.', '7F1962F2', 1, 15, 'kqgpu8i0ai43nem212bd0079j5si5r3k'),
        ('test2.001.cst.net.', '7F1962F2', 1, 15, 'al016abkh6lvdig6503fs92kdmotqh4v'),
        ('example', 'aabbccdd', 1, 12, '0p9mhaveqvm6t7vbl5lop2u3t2rp3tom'),
        ('a.example', 'aabbccdd', 1, 12, '35mthgpgcu1qg68fab165klnsnk3dpvl'),
        ('ai.example', 'aabbccdd', 1, 12, 'gjeqe526plbf1g8mklp59enfd789njgi'),
        ('ns1.example', 'aabbccdd', 1, 12, '2t7b4g4vsa5smi47k61mv5bv1a22bojr'),
        ('ns2.example', 'aabbccdd', 1, 12, 'q04jkcevqvmu85r014c7dkba38o0ji5r'),
        ('w.example', 'aabbccdd', 1, 12, 'k8udemvp1j2f7eg6jebps17vp3n8i58h'),
        ('*.w.example', 'aabbccdd', 1, 12, 'r53bq7cc2uvmubfu5ocmm6pers9tk9en'),
        ('x.w.example', 'aabbccdd', 1, 12, 'b4um86eghhds6nea196smvmlo4ors995'),
        ('y.w.example', 'aabbccdd', 1, 12, 'ji6neoaepv8b5o6k4ev33abha8ht9fgc'),
        ('x.y.w.example', 'aabbccdd', 1, 12, '2vptu5timamqttgl4luu9kg21e0aor3s'),
        ('xx.example', 'aabbccdd', 1, 12, 't644ebqk9bibcna874givr6joj62mlhv'),
        ('2t7b4g4vsa5smi47k61mv5bv1a22bojr.example', 'aabbccdd', 1, 12,
            'kohar7mbb8dc2ce8a9qvl8hon4k53uhi')]

    for test in tests:
        assert nsecx.hash_nsec3_name(test[0], test[1], test[2], test[3], False) == test[4]
示例#2
0
    def run(self, context, suggested_tested, name, rdataset):

        tested = None
        result = None

        # Only run test if there's an NSEC3PARAM:
        nsec3param = (len(context.nsec3param_rdataset.items)
            and context.nsec3param_rdataset.items[0] or None)
        if nsec3param:

            # Only run test for non-NSEC3/RRSIG, non-delegated RRSets:
            if (rdataset.rdtype != dns.rdatatype.NSEC3
                and rdataset.rdtype != dns.rdatatype.RRSIG
                and not context.is_delegated(name)):

                tested = suggested_tested

                # Make sure there's an NSEC3 for the rdataset name:
                hashed_name = '%s.%s' % (
                    nsecx.hash_nsec3_name(
                        name,
                        nsec3param.salt,
                        nsec3param.algorithm,
                        nsec3param.iterations),
                    context.zone_name)
                nsec3_rdataset = context.zone_obj.get_rdataset(hashed_name, 'NSEC3')
                if not nsec3_rdataset:
                    result = 'No NSEC3\'s found for name: %s' % (hashed_name)

                if not result:

                    # Look in found nsec3_rdataset for an NSEC3 that covers the
                    # rdataset type:
                    got_one = False
                    for nsec3 in nsec3_rdataset.items:
                        if nsecx.covers(nsec3, rdataset.rdtype):
                            got_one = True
                            break

                    if not got_one:
                        result = 'No NSEC3 that covers type=%s for name: %s' % (
                            dns.rdatatype.to_text(rdataset.rdtype), hashed_name)

        return (tested, result)