TestNonExistence.java example

Explorer

dnssecjava-master
- src
  - main
    - java
      - org
        jitsi
        dnssec
        R.java
        SMessage.java
        SRRset.java
        SecurityStatus.java
        validator
        ByteArrayComparator.java
        DnsSecVerifier.java
        FindKeyState.java
        JustifiedSecStatus.java
        KeyCache.java
        KeyEntry.java
        NSEC3ValUtils.java
        ResponseClassification.java
        TrustAnchorStore.java
        ValUtils.java
        ValidatingResolver.java
  - test
    - java
      - org
        jitsi
        dnssec
        AlwaysOffline.java
        MessageReader.java
        PrepareMocks.java
        RTest.java
        TestAlgorithmSupport.java
        TestBase.java
        TestBogusReasonMessage.java
        TestByteArrayComparator.java
        TestCNames.java
        TestDNames.java
        TestInvalid.java
        TestKeyCache.java
        TestKeyCacheUsage.java
        TestNSEC3NoData.java
        TestNoData.java
        TestNonExistence.java
        TestNormallyUnreachableCode.java
        TestPartiallyInvalid.java
        TestPositive.java
        TestPriming.java
        TestRRsig.java
        TestSMessage.java
        TestTrustAnchorLoading.java
        TestTrustAnchorStore.java
        TestUnsigned.java
        TestWildcard.java
        unbound
        rpl
        Check.java
        Rpl.java
        RplParser.java
        UnboundTests.java
        validator
        TestNsec3ValUtils.java
        TestValUtils.java

/*
 * dnssecjava - a DNSSEC validating stub resolver for Java
 * Copyright (c) 2013-2015 Ingo Bauersachs
 *
 * All rights reserved. This program and the accompanying materials
 * are made available under the terms of the Eclipse Public License v1.0
 * which accompanies this distribution, and is available at
 * http://www.eclipse.org/legal/epl-v10.html
 */

package org.jitsi.dnssec;

import static org.junit.Assert.*;

import java.io.IOException;

import org.junit.Test;
import org.xbill.DNS.Flags;
import org.xbill.DNS.Message;
import org.xbill.DNS.Rcode;
import org.xbill.DNS.Section;

public class TestNonExistence extends TestBase {
    @Test
    public void testNonExistingBelowRoot() throws IOException {
        Message response = resolver.send(createMessage("gibtsnicht./A"));
        assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(Rcode.NXDOMAIN, response.getRcode());
        assertNull(getReason(response));
    }

    @Test
    public void testSingleLabelABelowSigned() throws IOException {
        Message response = resolver.send(createMessage("gibtsnicht.ingotronic.ch./A"));
        assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(Rcode.NXDOMAIN, response.getRcode());
        assertNull(getReason(response));
    }

    @Test
    public void testSingleLabelABelowSignedNsec3() throws IOException {
        Message response = resolver.send(createMessage("gibtsnicht.nsec3.ingotronic.ch./A"));
        assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(Rcode.NXDOMAIN, response.getRcode());
        assertNull(getReason(response));
    }

    @Test
    public void testDoubleLabelABelowSigned() throws IOException {
        Message response = resolver.send(createMessage("gibtsnicht.gibtsnicht.ingotronic.ch./A"));
        assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(Rcode.NXDOMAIN, response.getRcode());
        assertNull(getReason(response));
    }

    @Test
    public void testDoubleLabelABelowSignedNsec3() throws IOException {
        Message response = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A"));
        assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(Rcode.NXDOMAIN, response.getRcode());
        assertNull(getReason(response));
    }

    @Test
    public void testDoubleLabelABelowSignedNsec3MissingNsec3() throws IOException {
        Message m = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A"));
        Message message = messageFromString(m.toString().replaceAll("L40.+nsec3\\.ingotronic\\.ch\\.\\s+300.*", ""));
        add("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A", message);

        Message response = resolver.send(createMessage("gibtsnicht.gibtsnicht.nsec3.ingotronic.ch./A"));
        assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(Rcode.SERVFAIL, response.getRcode());
        assertEquals("failed.nxdomain.nsec3_bogus", getReason(response));
    }

    @Test
    public void testDoubleLabelABelowSignedBeforeZoneNsec3() throws IOException {
        // the query name here must hash to a name BEFORE the first existing
        // NSEC3 owner name
        Message response = resolver.send(createMessage("alias.1gibtsnicht.nsec3.ingotronic.ch./A"));
        assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(Rcode.NXDOMAIN, response.getRcode());
        assertNull(getReason(response));
    }

    @Test
    public void testSingleLabelMXBelowSignedForExistingA() throws IOException {
        Message response = resolver.send(createMessage("www.ingotronic.ch./MX"));
        assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(0, response.getSectionRRsets(Section.ANSWER).length);
        assertEquals(Rcode.NOERROR, response.getRcode());
        assertNull(getReason(response));
    }

    @Test
    public void testSingleLabelMXBelowSignedForExistingANsec3() throws IOException {
        Message response = resolver.send(createMessage("www.nsec3.ingotronic.ch./MX"));
        assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(0, response.getSectionRRsets(Section.ANSWER).length);
        assertEquals(Rcode.NOERROR, response.getRcode());
        assertNull(getReason(response));
    }

    @Test
    public void testDoubleLabelMXBelowSignedForExistingA() throws IOException {
        // a.b.ingotronic.ch./A exists
        Message response = resolver.send(createMessage("a.b.ingotronic.ch./MX"));
        assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(0, response.getSectionRRsets(Section.ANSWER).length);
        assertEquals(Rcode.NOERROR, response.getRcode());
        assertNull(getReason(response));
    }

    @Test
    public void testDoubleLabelMXBelowSignedForExistingANsec3() throws IOException {
        // a.b.nsec3.ingotronic.ch./A exists
        Message response = resolver.send(createMessage("a.b.nsec3.ingotronic.ch./MX"));
        assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(0, response.getSectionRRsets(Section.ANSWER).length);
        assertEquals(Rcode.NOERROR, response.getRcode());
        assertNull(getReason(response));
    }

    @Test
    public void testDoubleLabelMXBelowSignedForExistingWildcardA() throws IOException {
        // *.d.ingotronic.ch./A exists
        Message response = resolver.send(createMessage("b.d.ingotronic.ch./MX"));
        assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(0, response.getSectionRRsets(Section.ANSWER).length);
        assertEquals(Rcode.NOERROR, response.getRcode());
        assertNull(getReason(response));
    }

    @Test
    public void testDoubleLabelMXBelowSignedForExistingWildcardANsec3() throws IOException {
        // *.d.nsec3.ingotronic.ch./A exists
        Message response = resolver.send(createMessage("b.d.nsec3.ingotronic.ch./MX"));
        assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(0, response.getSectionRRsets(Section.ANSWER).length);
        assertEquals(Rcode.NOERROR, response.getRcode());
        assertNull(getReason(response));
    }

    @Test
    public void testNxDomainWithInvalidNsecSignature() throws IOException {
        Message m = resolver.send(createMessage("x.ingotronic.ch./A"));
        Message message = messageFromString(m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
        add("x.ingotronic.ch./A", message);

        Message response = resolver.send(createMessage("x.ingotronic.ch./A"));
        assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(Rcode.SERVFAIL, response.getRcode());
        assertTrue(getReason(response).startsWith("failed.nxdomain.authority"));
    }

    @Test
    public void testNoDataWithInvalidNsecSignature() throws IOException {
        Message m = resolver.send(createMessage("www.ingotronic.ch./MX"));
        Message message = messageFromString(m.toString().replaceAll("(.*\\sRRSIG\\sNSEC\\s(\\d+\\s+){6}.*\\.)(.*)", "$1 YXNkZg=="));
        add("www.ingotronic.ch./MX", message);

        Message response = resolver.send(createMessage("www.ingotronic.ch./MX"));
        assertFalse("AD flag must not be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(Rcode.SERVFAIL, response.getRcode());
        assertTrue(getReason(response).startsWith("failed.authority.nodata"));
    }

    @Test
    public void testNoDataOnENT() throws IOException {
        Message response = resolver.send(createMessage("b.ingotronic.ch./A"));
        assertTrue("AD flag must be set", response.getHeader().getFlag(Flags.AD));
        assertEquals(Rcode.NOERROR, response.getRcode());
    }
}