summaryrefslogtreecommitdiff
path: root/contrib/DNS-LDNS/t/dnssec_datachain.t
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/DNS-LDNS/t/dnssec_datachain.t')
-rw-r--r--contrib/DNS-LDNS/t/dnssec_datachain.t60
1 files changed, 60 insertions, 0 deletions
diff --git a/contrib/DNS-LDNS/t/dnssec_datachain.t b/contrib/DNS-LDNS/t/dnssec_datachain.t
new file mode 100644
index 0000000..2a1e262
--- /dev/null
+++ b/contrib/DNS-LDNS/t/dnssec_datachain.t
@@ -0,0 +1,60 @@
+use Test::More tests => 10;
+use Test::Exception;
+
+use FindBin qw/$Bin/;
+
+use DNS::LDNS ':all';
+
+BEGIN { use_ok('DNS::LDNS') };
+
+# Note: This test makes queries on real internet dns data, and assumes
+# that the iis.se domain is signed.
+
+my $r = new DNS::LDNS::Resolver(filename => "/etc/resolv.conf");
+$r->set_dnssec(1);
+$r->set_random(0);
+
+my $p = $r->query(
+ new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'iis.se.'),
+ LDNS_RR_TYPE_SOA, LDNS_RR_CLASS_IN, LDNS_RD);
+
+SKIP: {
+ skip "Resolver is not dnssec able. Skip this test.", 9 unless ($p->ad);
+
+ isa_ok($p, 'DNS::LDNS::Packet');
+
+ my $rrset = $p->rr_list_by_type(LDNS_RR_TYPE_SOA, LDNS_SECTION_ANSWER);
+
+ ok($rrset->rr_count > 0, 'Got an answer with some content');
+
+ my $chain = $r->build_data_chain(LDNS_RD, $rrset, $p, undef);
+
+ isa_ok($chain, 'DNS::LDNS::DNSSecDataChain');
+
+ isa_ok($chain->parent, 'DNS::LDNS::DNSSecDataChain');
+
+ dies_ok {
+ my $new_rr = new DNS::LDNS::RR(str => 'test.test. 1234 IN A 10.0.0.1');
+ my $t = $chain->derive_trust_tree($new_rr);
+ } 'Making a trust tree with foreign rr fails.';
+
+ my $rr = $chain->rrset->rr(0);
+
+ my $tree = $chain->derive_trust_tree($rr);
+
+ isa_ok($tree, 'DNS::LDNS::DNSSecTrustTree');
+
+ # Get root keys.
+ my $root_keys_pk = $r->query(
+ new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, '.'),
+ LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD);
+ my $root_keys = $root_keys_pk->rr_list_by_type(
+ LDNS_RR_TYPE_DNSKEY, LDNS_SECTION_ANSWER);
+
+ is($tree->contains_keys($root_keys), LDNS_STATUS_OK,
+ 'Root key found in trust chain');
+
+ ok($tree->depth > 1, 'The trust tree is more than one node.');
+
+ isa_ok($tree->parent(0), 'DNS::LDNS::DNSSecTrustTree');
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-31 05:08:17 +0000