dnsruby 1.61.3 → 1.61.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +23 -0
- data/.yardopts +7 -0
- data/Gemfile +0 -2
- data/README.md +2 -1
- data/RELEASE_NOTES.md +41 -1
- data/Rakefile +1 -0
- data/demo/digdlv.rb +1 -0
- data/dnsruby.gemspec +15 -10
- data/lib/dnsruby/DNS.rb +1 -1
- data/lib/dnsruby/config.rb +10 -11
- data/lib/dnsruby/dnssec.rb +1 -1
- data/lib/dnsruby/hosts.rb +8 -4
- data/lib/dnsruby/message/encoder.rb +2 -2
- data/lib/dnsruby/message/header.rb +0 -3
- data/lib/dnsruby/name.rb +13 -15
- data/lib/dnsruby/packet_sender.rb +11 -15
- data/lib/dnsruby/recursor.rb +6 -5
- data/lib/dnsruby/resolver.rb +14 -17
- data/lib/dnsruby/resource/CAA.rb +2 -2
- data/lib/dnsruby/resource/DNSKEY.rb +18 -0
- data/lib/dnsruby/resource/NSEC3PARAM.rb +1 -1
- data/lib/dnsruby/resource/TLSA.rb +3 -3
- data/lib/dnsruby/resource/TXT.rb +11 -1
- data/lib/dnsruby/select_thread.rb +6 -7
- data/lib/dnsruby/single_verifier.rb +14 -3
- data/lib/dnsruby/validator_thread.rb +4 -4
- data/lib/dnsruby/version.rb +1 -1
- data/lib/dnsruby/zone_reader.rb +2 -2
- data/lib/dnsruby/zone_transfer.rb +0 -1
- data/lib/dnsruby.rb +4 -4
- data/test/spec_helper.rb +12 -6
- data/test/tc_caa.rb +0 -1
- data/test/tc_dnskey.rb +29 -0
- data/test/tc_name.rb +19 -0
- data/test/tc_res_file.rb +6 -0
- data/test/tc_resolv.rb +5 -5
- data/test/tc_resolver.rb +11 -11
- data/test/tc_rr-opt.rb +4 -7
- data/test/tc_rr-txt.rb +7 -1
- data/test/tc_tcp.rb +2 -2
- data/test/tc_verifier.rb +15 -0
- data/test/test_utils.rb +0 -2
- data/test/ts_offline.rb +8 -8
- metadata +37 -50
- data/.travis.yml +0 -14
|
@@ -33,8 +33,8 @@ module Dnsruby
|
|
|
33
33
|
# 255 Private use
|
|
34
34
|
attr_accessor :matching_type
|
|
35
35
|
# sec 2.1.4
|
|
36
|
-
|
|
37
|
-
|
|
36
|
+
attr_reader :data
|
|
37
|
+
attr_reader :databin
|
|
38
38
|
|
|
39
39
|
def verify
|
|
40
40
|
raise ArgumentError, "usage with invalid value: #{@usage}" if @usage < 0 || @usage > 255
|
|
@@ -71,7 +71,7 @@ module Dnsruby
|
|
|
71
71
|
if @matching_type == 0 && @selector == 0 && @databin
|
|
72
72
|
begin
|
|
73
73
|
cert = OpenSSL::X509::Certificate.new(@databin)
|
|
74
|
-
rescue
|
|
74
|
+
rescue
|
|
75
75
|
raise ArgumentError, 'data is invalid cert '
|
|
76
76
|
end
|
|
77
77
|
end
|
data/lib/dnsruby/resource/TXT.rb
CHANGED
|
@@ -82,7 +82,17 @@ module Dnsruby
|
|
|
82
82
|
end
|
|
83
83
|
else
|
|
84
84
|
if (seen_strings && !in_string)
|
|
85
|
-
|
|
85
|
+
if (c == ";")
|
|
86
|
+
# Comment in zone file!
|
|
87
|
+
return strings
|
|
88
|
+
end
|
|
89
|
+
if (c != " " && c != "\t")
|
|
90
|
+
in_string = true
|
|
91
|
+
count+=1
|
|
92
|
+
strings[count] = ""
|
|
93
|
+
else
|
|
94
|
+
next
|
|
95
|
+
end
|
|
86
96
|
end
|
|
87
97
|
if (pos == 0)
|
|
88
98
|
unquoted = true
|
|
@@ -140,7 +140,7 @@ module Dnsruby
|
|
|
140
140
|
}
|
|
141
141
|
begin
|
|
142
142
|
@@wakeup_sockets[0].send("wakeup!", 0)
|
|
143
|
-
rescue Exception
|
|
143
|
+
rescue Exception
|
|
144
144
|
# do nothing
|
|
145
145
|
end
|
|
146
146
|
end
|
|
@@ -190,12 +190,11 @@ module Dnsruby
|
|
|
190
190
|
end
|
|
191
191
|
# next if (timeout < 0)
|
|
192
192
|
begin
|
|
193
|
-
ready,
|
|
193
|
+
ready, _write, _errors = IO.select(sockets, nil, nil, timeout)
|
|
194
194
|
rescue SelectWakeup
|
|
195
195
|
# If SelectWakeup, then just restart this loop - the select call will be made with the new data
|
|
196
196
|
next
|
|
197
|
-
rescue IOError, EncodeError
|
|
198
|
-
# print "IO Error =: #{e}\n"
|
|
197
|
+
rescue IOError, EncodeError
|
|
199
198
|
exceptions = clean_up_closed_sockets
|
|
200
199
|
exceptions.each { |exception| send_exception_to_client(*exception) }
|
|
201
200
|
|
|
@@ -248,7 +247,7 @@ module Dnsruby
|
|
|
248
247
|
# Removes closed sockets from @@sockets, and returns an array containing 1
|
|
249
248
|
# exception for each closed socket contained in @@socket_hash.
|
|
250
249
|
def clean_up_closed_sockets
|
|
251
|
-
|
|
250
|
+
@@mutex.synchronize do
|
|
252
251
|
closed_sockets_in_hash = @@sockets.select(&:closed?).select { |s| @@socket_hash[s] }
|
|
253
252
|
@@sockets.delete_if { | socket | socket.closed? }
|
|
254
253
|
closed_sockets_in_hash.each_with_object([]) do |socket, exceptions|
|
|
@@ -257,6 +256,7 @@ module Dnsruby
|
|
|
257
256
|
end
|
|
258
257
|
end
|
|
259
258
|
end
|
|
259
|
+
exceptions
|
|
260
260
|
end
|
|
261
261
|
|
|
262
262
|
def process_error(errors)
|
|
@@ -295,7 +295,6 @@ module Dnsruby
|
|
|
295
295
|
@@mutex.synchronize do
|
|
296
296
|
ids = get_active_ids(@@query_hash, msg.header.id)
|
|
297
297
|
return if ids.empty? # should be only one
|
|
298
|
-
query_settings = @@query_hash[ids[0]].clone
|
|
299
298
|
end
|
|
300
299
|
|
|
301
300
|
answerip = msg.answerip.downcase
|
|
@@ -732,7 +731,7 @@ module Dnsruby
|
|
|
732
731
|
}
|
|
733
732
|
|
|
734
733
|
responses.each do |item|
|
|
735
|
-
client_id, client_queue, msg, err,
|
|
734
|
+
client_id, client_queue, msg, err, _query, _res = item
|
|
736
735
|
# push_to_client(client_id, client_queue, msg, err)
|
|
737
736
|
client_queue.push([client_id, Resolver::EventType::VALIDATED, msg, err])
|
|
738
737
|
notify_queue_observers(client_queue, client_id)
|
|
@@ -462,7 +462,6 @@ module Dnsruby
|
|
|
462
462
|
def check_no_wildcard_expansion(msg) # :nodoc:
|
|
463
463
|
# @TODO@ Do this for NSEC3 records!!!
|
|
464
464
|
proven_no_wildcards = false
|
|
465
|
-
name = msg.question()[0].qname
|
|
466
465
|
[msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
|
|
467
466
|
nsec_rrsets.each {|nsecs|
|
|
468
467
|
nsecs.rrs.each {|nsec|
|
|
@@ -800,6 +799,19 @@ module Dnsruby
|
|
|
800
799
|
|
|
801
800
|
asn1 = OpenSSL::ASN1::Sequence.new([r_asn1, s_asn1]).to_der
|
|
802
801
|
verified = keyrec.public_key.verify(OpenSSL::Digest::DSS1.new, asn1, sig_data)
|
|
802
|
+
elsif [Algorithms.ECDSAP256SHA256, Algorithms.ECDSAP384SHA384].include?(sigrec.algorithm)
|
|
803
|
+
byte_size = (keyrec.public_key.group.degree + 7) / 8
|
|
804
|
+
sig_bytes = sigrec.signature[0..(byte_size - 1)]
|
|
805
|
+
sig_char = sigrec.signature[byte_size..-1] || ''
|
|
806
|
+
asn1 = OpenSSL::ASN1::Sequence.new([sig_bytes, sig_char].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
|
|
807
|
+
|
|
808
|
+
digest_obj = if sigrec.algorithm == Algorithms.ECDSAP384SHA384
|
|
809
|
+
OpenSSL::Digest::SHA384.new
|
|
810
|
+
else
|
|
811
|
+
OpenSSL::Digest::SHA256.new
|
|
812
|
+
end
|
|
813
|
+
|
|
814
|
+
verified = keyrec.public_key.dsa_verify_asn1(digest_obj.digest(sig_data), asn1)
|
|
803
815
|
else
|
|
804
816
|
raise RuntimeError.new("Algorithm #{sigrec.algorithm.code} unsupported by Dnsruby")
|
|
805
817
|
end
|
|
@@ -1316,8 +1328,7 @@ module Dnsruby
|
|
|
1316
1328
|
msg.security_level = Message::SecurityLevel.SECURE
|
|
1317
1329
|
return true
|
|
1318
1330
|
end
|
|
1319
|
-
rescue VerifyError
|
|
1320
|
-
# print "Verify failed : #{e}\n"
|
|
1331
|
+
rescue VerifyError
|
|
1321
1332
|
end
|
|
1322
1333
|
end
|
|
1323
1334
|
if (error)
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
# --
|
|
2
2
|
# Copyright 2007 Nominet UK
|
|
3
|
-
#
|
|
3
|
+
#
|
|
4
4
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
5
5
|
# you may not use this file except in compliance with the License.
|
|
6
6
|
# You may obtain a copy of the License at
|
|
7
|
-
#
|
|
7
|
+
#
|
|
8
8
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
9
|
-
#
|
|
9
|
+
#
|
|
10
10
|
# Unless required by applicable law or agreed to in writing, software
|
|
11
11
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
12
12
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
@@ -109,7 +109,7 @@ module Dnsruby
|
|
|
109
109
|
return true
|
|
110
110
|
rescue VerifyError => e
|
|
111
111
|
response.security_error = e
|
|
112
|
-
response.security_level = BOGUS
|
|
112
|
+
response.security_level = Message::SecurityLevel.BOGUS
|
|
113
113
|
# Response security_level should already be set
|
|
114
114
|
return false
|
|
115
115
|
end
|
data/lib/dnsruby/version.rb
CHANGED
data/lib/dnsruby/zone_reader.rb
CHANGED
|
@@ -68,7 +68,7 @@ module Dnsruby
|
|
|
68
68
|
end
|
|
69
69
|
zone.push(rr)
|
|
70
70
|
end
|
|
71
|
-
rescue Exception
|
|
71
|
+
rescue Exception
|
|
72
72
|
raise ParseException.new("Error reading line #{io.lineno} of #{io.inspect} : [#{line}]")
|
|
73
73
|
end
|
|
74
74
|
end
|
|
@@ -303,7 +303,7 @@ module Dnsruby
|
|
|
303
303
|
(split.length - 2).times {|i| line += "#{split[i+2]} "}
|
|
304
304
|
line += "\n"
|
|
305
305
|
split = line.split
|
|
306
|
-
rescue Error
|
|
306
|
+
rescue Error
|
|
307
307
|
end
|
|
308
308
|
|
|
309
309
|
# Add the type so we can load the zone one RRSet at a time.
|
data/lib/dnsruby.rb
CHANGED
|
@@ -25,10 +25,6 @@ require 'dnsruby/DNS'
|
|
|
25
25
|
require 'dnsruby/hosts'
|
|
26
26
|
require 'dnsruby/update'
|
|
27
27
|
require 'dnsruby/zone_transfer'
|
|
28
|
-
require 'dnsruby/dnssec'
|
|
29
|
-
require 'dnsruby/zone_reader'
|
|
30
|
-
require 'dnsruby/resolv'
|
|
31
|
-
|
|
32
28
|
|
|
33
29
|
# = Dnsruby library
|
|
34
30
|
# Dnsruby is a thread-aware DNS stub resolver library written in Ruby.
|
|
@@ -239,3 +235,7 @@ module Dnsruby
|
|
|
239
235
|
class ZoneSerialError < ResolvError
|
|
240
236
|
end
|
|
241
237
|
end
|
|
238
|
+
|
|
239
|
+
require 'dnsruby/dnssec'
|
|
240
|
+
require 'dnsruby/zone_reader'
|
|
241
|
+
require 'dnsruby/resolv'
|
data/test/spec_helper.rb
CHANGED
|
@@ -1,15 +1,21 @@
|
|
|
1
|
+
$VERBOSE = true
|
|
2
|
+
|
|
3
|
+
if Warning.respond_to?(:[]=)
|
|
4
|
+
Warning[:deprecated] = true
|
|
5
|
+
end
|
|
6
|
+
|
|
1
7
|
if ENV['RUN_EXTRA_TASK'] == 'TRUE'
|
|
2
8
|
require 'coveralls'
|
|
3
9
|
Coveralls.wear!
|
|
4
10
|
|
|
5
11
|
require 'simplecov'
|
|
6
12
|
|
|
7
|
-
# SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new(
|
|
8
|
-
|
|
9
|
-
SimpleCov.formatter = Coveralls::SimpleCov::Formatter
|
|
10
|
-
SimpleCov.start do
|
|
11
|
-
|
|
12
|
-
end
|
|
13
|
+
# # SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new(
|
|
14
|
+
# # [SimpleCov::Formatter::HTMLFormatter, Coveralls::SimpleCov::Formatter])
|
|
15
|
+
# SimpleCov.formatter = Coveralls::SimpleCov::Formatter
|
|
16
|
+
# SimpleCov.start do
|
|
17
|
+
# add_filter 'test/'
|
|
18
|
+
# end
|
|
13
19
|
end
|
|
14
20
|
|
|
15
21
|
require 'minitest'
|
data/test/tc_caa.rb
CHANGED
data/test/tc_dnskey.rb
CHANGED
|
@@ -85,4 +85,33 @@ class DnskeyTest < Minitest::Test
|
|
|
85
85
|
dnskey.protocol=3
|
|
86
86
|
|
|
87
87
|
end
|
|
88
|
+
|
|
89
|
+
def test_ecdsa_integrity
|
|
90
|
+
ecdsa_256_pub = 'example.com. 3600 IN DNSKEY 256 3 13 ( oJMRESz5E4gYzS/q6XD' +
|
|
91
|
+
'rvU1qMPYIjCWzJaOau8XNEZeqCYKD5ar0IRd8KqXXFJkqmVfRvMGPmM1x8fGAa2XhSA== )'
|
|
92
|
+
|
|
93
|
+
dnskey = Dnsruby::RR.create(ecdsa_256_pub)
|
|
94
|
+
assert_equal(3, dnskey.protocol)
|
|
95
|
+
assert_equal(256, dnskey.flags)
|
|
96
|
+
assert_equal(Dnsruby::Algorithms::ECDSAP256SHA256, dnskey.algorithm)
|
|
97
|
+
assert_equal(Dnsruby::RR::DNSKEY::ZONE_KEY, dnskey.flags & Dnsruby::RR::DNSKEY::ZONE_KEY)
|
|
98
|
+
assert_equal(0, dnskey.flags & Dnsruby::RR::DNSKEY::SEP_KEY)
|
|
99
|
+
|
|
100
|
+
dnskey2 = Dnsruby::RR.create(dnskey.to_s)
|
|
101
|
+
assert(dnskey2.to_s == dnskey.to_s, "#{dnskey} not equal to \n#{dnskey2}")
|
|
102
|
+
|
|
103
|
+
ecdsa_384_pub = 'example.com. 3600 IN DNSKEY 256 3 14 ( Bl2HDw98sGin4lNlx7n' +
|
|
104
|
+
'QX3w98jx6UhAgC73Jq+6LFlD12gnVTMHecM8Z GoTFSh+mV+qEPFZ5s3NbC4qvwUW0kkPb+0ip' +
|
|
105
|
+
'CuLRwZYhYKk7D+RDb+fX XozI9hhZrsXBcEhss )'
|
|
106
|
+
|
|
107
|
+
dnskey = Dnsruby::RR.create(ecdsa_384_pub)
|
|
108
|
+
assert_equal(3, dnskey.protocol)
|
|
109
|
+
assert_equal(256, dnskey.flags)
|
|
110
|
+
assert_equal(Dnsruby::Algorithms::ECDSAP384SHA384, dnskey.algorithm)
|
|
111
|
+
assert_equal(Dnsruby::RR::DNSKEY::ZONE_KEY, dnskey.flags & Dnsruby::RR::DNSKEY::ZONE_KEY)
|
|
112
|
+
assert_equal(0, dnskey.flags & Dnsruby::RR::DNSKEY::SEP_KEY)
|
|
113
|
+
|
|
114
|
+
dnskey2 = Dnsruby::RR.create(dnskey.to_s)
|
|
115
|
+
assert(dnskey2.to_s == dnskey.to_s, "#{dnskey} not equal to \n#{dnskey2}")
|
|
116
|
+
end
|
|
88
117
|
end
|
data/test/tc_name.rb
CHANGED
|
@@ -80,4 +80,23 @@ class TestName < Minitest::Test
|
|
|
80
80
|
n2 = Name.create("nall.all.")
|
|
81
81
|
assert(n1 == n2, n1.to_s)
|
|
82
82
|
end
|
|
83
|
+
|
|
84
|
+
def test_punycode
|
|
85
|
+
[
|
|
86
|
+
[
|
|
87
|
+
"møllerriis.com",
|
|
88
|
+
"xn--mllerriis-l8a.com"
|
|
89
|
+
],
|
|
90
|
+
[
|
|
91
|
+
"フガフガ。hogehoge.エグザンプル.JP",
|
|
92
|
+
"xn--mcka5jb.hogehoge.xn--ickqs6k2dyb.jp"
|
|
93
|
+
],
|
|
94
|
+
[
|
|
95
|
+
"フガ#フガ。hogehoge.エグザンプル.JP",
|
|
96
|
+
"xn--#-yeub5nc.hogehoge.xn--ickqs6k2dyb.jp"
|
|
97
|
+
]
|
|
98
|
+
].each do |tc|
|
|
99
|
+
assert_equal(Dnsruby::Name.create(tc[0]).to_s, tc[1])
|
|
100
|
+
end
|
|
101
|
+
end
|
|
83
102
|
end
|
data/test/tc_res_file.rb
CHANGED
|
@@ -21,6 +21,12 @@ class TestAResolverFile < Minitest::Test
|
|
|
21
21
|
Dnsruby::Config.reset
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
+
# def test_bad_resFile
|
|
25
|
+
# res = Dnsruby::DNS.new("test/resolv.conf.bad")
|
|
26
|
+
# res.getaddress("bbc.co.uk")
|
|
27
|
+
# assert_nil res
|
|
28
|
+
# end
|
|
29
|
+
|
|
24
30
|
def test_resFile
|
|
25
31
|
res = Dnsruby::DNS.new("test/resolv.conf")
|
|
26
32
|
|
data/test/tc_resolv.rb
CHANGED
|
@@ -20,7 +20,7 @@ require_relative '../lib/dnsruby/resolv'
|
|
|
20
20
|
class TestResolv < Minitest::Test
|
|
21
21
|
|
|
22
22
|
RELATIVE_NAME = 'google-public-dns-a.google.com'
|
|
23
|
-
|
|
23
|
+
SHORT_ABSOLUTE_NAME = 'dns.google.'
|
|
24
24
|
ABSOLUTE_NAME = RELATIVE_NAME + '.'
|
|
25
25
|
IPV4_ADDR = '8.8.8.8'
|
|
26
26
|
IPV6_ADDR = '2001:4860:4860::8888'
|
|
@@ -54,16 +54,16 @@ class TestResolv < Minitest::Test
|
|
|
54
54
|
|
|
55
55
|
def test_resolv_address_to_name
|
|
56
56
|
|
|
57
|
-
assert_equal(
|
|
57
|
+
assert_equal(SHORT_ABSOLUTE_NAME, Dnsruby::Resolv.getname(IPV4_ADDR).to_s(true))
|
|
58
58
|
|
|
59
59
|
assert_raises(Dnsruby::ResolvError) do
|
|
60
|
-
Dnsruby::Resolv.getname(
|
|
60
|
+
Dnsruby::Resolv.getname(SHORT_ABSOLUTE_NAME)
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
names = Dnsruby::Resolv.getnames(IPV4_ADDR)
|
|
64
64
|
assert_equal(1, names.size)
|
|
65
|
-
assert_equal(
|
|
66
|
-
Dnsruby::Resolv.each_name(IPV4_ADDR) { |name| assert_equal(
|
|
65
|
+
assert_equal(SHORT_ABSOLUTE_NAME, names.first.to_s(true))
|
|
66
|
+
Dnsruby::Resolv.each_name(IPV4_ADDR) { |name| assert_equal(SHORT_ABSOLUTE_NAME, name.to_s(true))}
|
|
67
67
|
end
|
|
68
68
|
|
|
69
69
|
def test_resolv_address_to_address
|
data/test/tc_resolver.rb
CHANGED
|
@@ -73,8 +73,8 @@ class TestResolver < Minitest::Test
|
|
|
73
73
|
end
|
|
74
74
|
|
|
75
75
|
def test_send_plain_message
|
|
76
|
-
resolver = Resolver.new
|
|
77
|
-
response, error = resolver.send_plain_message(Message.new("
|
|
76
|
+
resolver = Resolver.new('1.1.1.1')
|
|
77
|
+
response, error = resolver.send_plain_message(Message.new("example.com", Types.A))
|
|
78
78
|
assert_nil_error(error)
|
|
79
79
|
assert_valid_response(response)
|
|
80
80
|
|
|
@@ -132,7 +132,7 @@ class TestResolver < Minitest::Test
|
|
|
132
132
|
r = Resolver.new
|
|
133
133
|
q=Queue.new
|
|
134
134
|
r.send_async(m,q,q)
|
|
135
|
-
|
|
135
|
+
_id, ret, _error=q.pop
|
|
136
136
|
assert(ret.kind_of?(Message))
|
|
137
137
|
no_pointer=true
|
|
138
138
|
ret.each_answer do |answer|
|
|
@@ -171,7 +171,7 @@ class TestResolver < Minitest::Test
|
|
|
171
171
|
# test timeout behaviour for different retry, retrans, total timeout etc.
|
|
172
172
|
# Problem here is that many sockets will be created for queries which time out.
|
|
173
173
|
# Run a query which will not respond, and check that the timeout works
|
|
174
|
-
if (
|
|
174
|
+
if (RUBY_PLATFORM !~ /darwin/)
|
|
175
175
|
start=stop=0
|
|
176
176
|
retry_times = 3
|
|
177
177
|
retry_delay=1
|
|
@@ -185,14 +185,14 @@ class TestResolver < Minitest::Test
|
|
|
185
185
|
res.retry_times=retry_times
|
|
186
186
|
res.retry_delay=retry_delay
|
|
187
187
|
start=Time.now
|
|
188
|
-
|
|
188
|
+
res.send_message(Message.new("a.t.dnsruby.validation-test-servers.nominet.org.uk", Types.A))
|
|
189
189
|
fail
|
|
190
190
|
rescue ResolvTimeout
|
|
191
191
|
stop=Time.now
|
|
192
192
|
time = stop-start
|
|
193
193
|
assert(time <= expected * 1.3 && time >= expected * 0.9, "Wrong time take, expected #{expected}, took #{time}")
|
|
194
194
|
end
|
|
195
|
-
|
|
195
|
+
end
|
|
196
196
|
end
|
|
197
197
|
|
|
198
198
|
def test_packet_timeout
|
|
@@ -209,7 +209,7 @@ class TestResolver < Minitest::Test
|
|
|
209
209
|
# Work out what time should be, then time it to check
|
|
210
210
|
expected = query_timeout
|
|
211
211
|
start=Time.now
|
|
212
|
-
|
|
212
|
+
res.send_message(Message.new("a.t.dnsruby.validation-test-servers.nominet.org.uk", Types.A))
|
|
213
213
|
fail
|
|
214
214
|
rescue Dnsruby::ResolvTimeout
|
|
215
215
|
stop=Time.now
|
|
@@ -227,7 +227,7 @@ class TestResolver < Minitest::Test
|
|
|
227
227
|
res.query_timeout=expected
|
|
228
228
|
q = Queue.new
|
|
229
229
|
start = Time.now
|
|
230
|
-
|
|
230
|
+
res.send_async(Message.new("a.t.dnsruby.validation-test-servers.nominet.org.uk", Types.A), q, q)
|
|
231
231
|
id,ret,err = q.pop
|
|
232
232
|
stop = Time.now
|
|
233
233
|
assert(id=q)
|
|
@@ -382,19 +382,19 @@ class TestRawQuery < Minitest::Test
|
|
|
382
382
|
resolver.query("google.com", "MX")
|
|
383
383
|
begin
|
|
384
384
|
resolver.query("googlöe.com", "MX")
|
|
385
|
-
rescue Dnsruby::ResolvError
|
|
385
|
+
rescue Dnsruby::ResolvError
|
|
386
386
|
# fine
|
|
387
387
|
end
|
|
388
388
|
resolver.query("google.com", "MX")
|
|
389
389
|
resolver.query("google.com", "MX")
|
|
390
390
|
begin
|
|
391
391
|
resolver.query("googlöe.com", "MX")
|
|
392
|
-
rescue Dnsruby::ResolvError
|
|
392
|
+
rescue Dnsruby::ResolvError
|
|
393
393
|
# fine
|
|
394
394
|
end
|
|
395
395
|
begin
|
|
396
396
|
resolver.query("googlöe.com", "MX")
|
|
397
|
-
rescue Dnsruby::ResolvError
|
|
397
|
+
rescue Dnsruby::ResolvError
|
|
398
398
|
# fine
|
|
399
399
|
end
|
|
400
400
|
# Dnsruby::Cache.delete("googlöe.com", "MX")
|
data/test/tc_rr-opt.rb
CHANGED
|
@@ -28,15 +28,14 @@ class TestRrOpt < Minitest::Test
|
|
|
28
28
|
# This works only with send_plain_message, not send_message, query, etc.
|
|
29
29
|
def test_plain_respects_bufsize
|
|
30
30
|
|
|
31
|
-
|
|
32
|
-
resolver = Resolver.new(['a.gtld-servers.net', 'b.gtld-servers.net', 'c.gtld-servers.net'])
|
|
31
|
+
resolver = Resolver.new('a.gtld-servers.net')
|
|
33
32
|
resolver.query_timeout=20
|
|
34
33
|
|
|
35
34
|
run_test = ->(bufsize) do
|
|
36
35
|
|
|
37
36
|
|
|
38
37
|
create_test_query = ->(bufsize) do
|
|
39
|
-
message = Message.new('com', Types.
|
|
38
|
+
message = Message.new('com', Types.RRSIG, Classes.IN)
|
|
40
39
|
message.add_additional(RR::OPT.new(bufsize))
|
|
41
40
|
message
|
|
42
41
|
end
|
|
@@ -46,14 +45,12 @@ class TestRrOpt < Minitest::Test
|
|
|
46
45
|
if (_error != nil) then
|
|
47
46
|
print "Error at #{bufsize} : #{_error}"
|
|
48
47
|
end
|
|
49
|
-
|
|
48
|
+
# puts "\nBufsize is #{bufsize}, binary message size is #{response.encode.size}"
|
|
50
49
|
assert_equal(true, response.header.tc)
|
|
51
50
|
assert(response.encode.size <= bufsize)
|
|
52
51
|
end
|
|
53
52
|
|
|
54
|
-
|
|
55
|
-
#run_test.(612)
|
|
56
|
-
run_test.(4096)
|
|
53
|
+
run_test.(612)
|
|
57
54
|
end
|
|
58
55
|
|
|
59
56
|
|
data/test/tc_rr-txt.rb
CHANGED
|
@@ -143,7 +143,13 @@ class TestRrTest < Minitest::Test
|
|
|
143
143
|
|
|
144
144
|
r1 = RR.create("auto._domainkey.cacert.org. 43200 IN TXT \"v=DKIM1\;g=*\;k=rsa\;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDNFxiNr+NHJwih3OPhGr4iwLE+BBDu72YrMSzUnU1FF50CW7iOtuhg796UZ6xrZ5VuhAix6YmmzcvF2UxYzoD/XpfZ4MzBu0ND4/nkt9/YOTyIBzwQqn9uMNve0Y76Zsel89dIJtOI+y+lfnFExV0jKwe53gzmxMVpMSSCcZPGwIDAQAB\" ; ----- DKIM auto for cacert.org")
|
|
145
145
|
r2 = RR.create("auto._domainkey.cacert.org. 43200 IN TXT \"v=DKIM1;g=*;k=rsa;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDDNFxiNr+NHJwih3OPhGr4iwLE+BBDu72YrMSzUnU1FF50CW7iOtuhg796UZ6xrZ5VuhAix6YmmzcvF2UxYzoD/XpfZ4MzBu0ND4/nkt9/YOTyIBzwQqn9uMNve0Y76Zsel89dIJtOI+y+lfnFExV0jKwe53gzmxMVpMSSCcZPGwIDAQAB\"")
|
|
146
|
-
|
|
146
|
+
assert_equal(r1.to_s, r2.to_s)
|
|
147
|
+
end
|
|
148
|
+
|
|
149
|
+
def test_quote_and_unquoted
|
|
150
|
+
t = Dnsruby::RR::TXT.parse '"a" b'
|
|
151
|
+
assert_equal("a", t[0])
|
|
152
|
+
assert_equal("b", t[1])
|
|
147
153
|
end
|
|
148
154
|
|
|
149
155
|
end
|
data/test/tc_tcp.rb
CHANGED
|
@@ -142,14 +142,14 @@ class TestTcp < Minitest::Test
|
|
|
142
142
|
ans = HackMessage.decode(received_query)
|
|
143
143
|
ans.wipe_additional
|
|
144
144
|
100.times {|i|
|
|
145
|
-
|
|
145
|
+
ans.add_additional(Dnsruby::RR.create("example.com 3600 IN A 1.2.3.#{i}"))
|
|
146
146
|
}
|
|
147
147
|
ans.header.arcount = 110
|
|
148
148
|
ans.header.tc = true
|
|
149
149
|
socket.send(ans.encode,0)
|
|
150
150
|
}
|
|
151
151
|
|
|
152
|
-
|
|
152
|
+
_server_thread = Thread.new {
|
|
153
153
|
ts = TCPServer.new(port)
|
|
154
154
|
t = ts.accept
|
|
155
155
|
packet = t.recvfrom(2)[0]
|
data/test/tc_verifier.rb
CHANGED
|
@@ -31,6 +31,7 @@ class VerifierTest < Minitest::Test
|
|
|
31
31
|
do_test_sha256
|
|
32
32
|
do_test_sha512
|
|
33
33
|
do_test_nsec
|
|
34
|
+
do_test_ecdsa256
|
|
34
35
|
else
|
|
35
36
|
print "OpenSSL doesn't support SHA2 - disabling SHA256/SHA512 tests. DNSSEC validation will not work with these type of signatures.\n"
|
|
36
37
|
end
|
|
@@ -70,6 +71,20 @@ class VerifierTest < Minitest::Test
|
|
|
70
71
|
verifier.verify_rrset(rrset, key512)
|
|
71
72
|
end
|
|
72
73
|
|
|
74
|
+
def do_test_ecdsa256
|
|
75
|
+
Time.stub :now, Time.parse("Wed, 01 Jul 2020 11:54:04 EEST +03:00") do
|
|
76
|
+
ecdsa256 = Dnsruby::RR.create("rainiselevi.ee. 3600 IN DNSKEY 256 3 ECDSAP256SHA256 ( oJMRESz5E
|
|
77
|
+
4gYzS/q6XDrvU1qMPYIjCWzJaOau8XNEZeqCYKD5ar0IRd8KqXXFJkqmVfRvMGPmM1x8fGAa2XhSA== ) ; key_tag=34505")
|
|
78
|
+
a = Dnsruby::RR.create("rainiselevi.ee. 3600 IN A 35.228.30.236")
|
|
79
|
+
sig = Dnsruby::RR.create("rainiselevi.ee. 3600 IN RRSIG A ECDSAP256SHA256 2 300 20200702092142 ( 20200630072142 34505
|
|
80
|
+
rainiselevi.ee. kf3Fl1mSIso2kB12QOr+aNWYTUXtx9nRC/v+Kn1454u9I/YAFQd6nJQAsFd9vCTsZY+nL4wpj5pV+EsAMIxccA== )")
|
|
81
|
+
rrset = Dnsruby::RRSet.new(a)
|
|
82
|
+
rrset.add(sig)
|
|
83
|
+
verifier = Dnsruby::SingleVerifier.new(nil)
|
|
84
|
+
assert(verifier.verify_rrset(rrset, ecdsa256))
|
|
85
|
+
end
|
|
86
|
+
end
|
|
87
|
+
|
|
73
88
|
def test_se_query
|
|
74
89
|
# Run some queries on the .se zone
|
|
75
90
|
Dnsruby::Dnssec.clear_trusted_keys
|
data/test/test_utils.rb
CHANGED
data/test/ts_offline.rb
CHANGED
|
@@ -62,14 +62,14 @@ TESTS.each { |test| require_relative "tc_#{test}.rb" }
|
|
|
62
62
|
|
|
63
63
|
def have_open_ssl?
|
|
64
64
|
have_open_ssl = true
|
|
65
|
-
begin
|
|
66
|
-
require "openssl"
|
|
67
|
-
OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, "key", "data")
|
|
68
|
-
key = OpenSSL::PKey::RSA.new
|
|
69
|
-
key.e = 111
|
|
70
|
-
rescue
|
|
71
|
-
have_open_ssl = false
|
|
72
|
-
end
|
|
65
|
+
# begin
|
|
66
|
+
# require "openssl"
|
|
67
|
+
# OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, "key", "data")
|
|
68
|
+
# key = OpenSSL::PKey::RSA.new
|
|
69
|
+
# key.e = 111
|
|
70
|
+
# rescue
|
|
71
|
+
# have_open_ssl = false
|
|
72
|
+
# end
|
|
73
73
|
have_open_ssl
|
|
74
74
|
end
|
|
75
75
|
|