84 lines
3.1 KiB
Lua
84 lines
3.1 KiB
Lua
-- SPDX-License-Identifier: GPL-3.0-or-later
|
|
-- shorten update interval
|
|
modules.load('ta_update')
|
|
ta_update.refresh_time = 0.5 * sec
|
|
ta_update.hold_down_time = 1 * sec
|
|
sleep_time = 1.5
|
|
|
|
-- prevent build-time config from interfering with the test
|
|
trust_anchors.remove('.')
|
|
|
|
-- count . IN DNSKEY queries
|
|
counter = 0
|
|
local function counter_func (state, req)
|
|
local answer = req:ensure_answer()
|
|
if answer == nil then return nil end
|
|
local qry = req:current()
|
|
if answer:qclass() == kres.class.IN
|
|
and qry.stype == kres.type.DNSKEY
|
|
and kres.dname2wire(qry.sname) == '\0' then
|
|
counter = counter + 1
|
|
end
|
|
return state
|
|
end
|
|
policy.add(policy.all(counter_func))
|
|
|
|
local function test_ta_update_vs_trust_anchors_dependency()
|
|
ok(ta_update, 'ta_update module is loaded by default')
|
|
|
|
assert(counter == 0, 'test init must work')
|
|
same(trust_anchors.add_file('root.keys'), nil, 'load managed TA for root zone')
|
|
same(trust_anchors.keysets['\0'].managed, true, 'managed TA has managed flag')
|
|
same(type(ta_update.tracked['\0'].event), 'number', 'adding managed TA starts tracking')
|
|
same(counter, 0, 'TA refresh is only scheduled')
|
|
worker.sleep(sleep_time)
|
|
ok(counter > 0, 'TA refresh asked for TA DNSKEY after some time')
|
|
|
|
same(ta_update.stop('\0'), nil, 'key tracking can be stopped')
|
|
same(ta_update.tracked['\0'], nil, 'stopping removed metadata')
|
|
same(trust_anchors.keysets['\0'].managed, false, 'now unmanaged TA does not have managed flag')
|
|
counter = 0
|
|
worker.sleep(sleep_time)
|
|
same(counter, 0, 'stop() actually prevents further TA refreshes')
|
|
|
|
ok(modules.unload('ta_update'), 'module can be unloaded')
|
|
same(ta_update, nil, 'unloaded module is nil')
|
|
|
|
ok(trust_anchors.remove('.'), 'managed root TA can be removed')
|
|
same(trust_anchors.keysets['\0'], nil, 'TA removal works')
|
|
end
|
|
|
|
local function test_unloaded()
|
|
same(ta_update, nil, 'ta_update module is nil')
|
|
same(trust_anchors.add_file('root.keys', false), nil, 'managed TA can be added with unloaded ta_update module')
|
|
ok(ta_update ~= nil, 'ta_update module automatically loaded')
|
|
ok(modules.unload('ta_update'), 'ta_update module can be unloaded')
|
|
same(ta_update, nil, 'ta_update module is nil')
|
|
|
|
same(trust_anchors.add_file('root.keys', true), nil, 'unmanaged TA can be added with unloaded ta_update module')
|
|
ok(ta_update ~= nil, 'ta_update module automatically loaded')
|
|
|
|
ok(trust_anchors.remove('.'), 'unmanaged root TA can be removed')
|
|
same(trust_anchors.keysets['\0'], nil, 'TA removal works')
|
|
|
|
end
|
|
|
|
local function test_reload()
|
|
ok(modules.load('ta_update'), 'module can be re-loaded')
|
|
same(trust_anchors.add_file('root.keys', false), nil, 'managed TA can be added after loading ta_update module')
|
|
same(counter, 0, 'TA refresh is only scheduled')
|
|
worker.sleep(sleep_time)
|
|
ok(counter > 0, 'TA refresh asked for TA DNSKEY after some time')
|
|
end
|
|
|
|
local function test_err_inputs()
|
|
ok(modules.load('ta_update'), 'make sure module is loaded')
|
|
boom(ta_update.start, {'\12nonexistent'}, 'nonexistent TA cannot be tracked')
|
|
end
|
|
|
|
return {
|
|
test_ta_update_vs_trust_anchors_dependency,
|
|
test_unloaded,
|
|
test_reload,
|
|
test_err_inputs,
|
|
}
|