From 3b9b6d0b8e7f798023c9d109c490449d528fde80 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 17:59:48 +0200 Subject: Adding upstream version 1:9.18.19. Signed-off-by: Daniel Baumann --- bin/tests/system/inline/tests_signed_zone_files.py | 67 ++++++++++++++++++++++ 1 file changed, 67 insertions(+) create mode 100755 bin/tests/system/inline/tests_signed_zone_files.py (limited to 'bin/tests/system/inline/tests_signed_zone_files.py') diff --git a/bin/tests/system/inline/tests_signed_zone_files.py b/bin/tests/system/inline/tests_signed_zone_files.py new file mode 100755 index 0000000..596b756 --- /dev/null +++ b/bin/tests/system/inline/tests_signed_zone_files.py @@ -0,0 +1,67 @@ +# Copyright (C) Internet Systems Consortium, Inc. ("ISC") +# +# SPDX-License-Identifier: MPL-2.0 +# +# This Source Code Form is subject to the terms of the Mozilla Public +# License, v. 2.0. If a copy of the MPL was not distributed with this +# file, you can obtain one at https://mozilla.org/MPL/2.0/. +# +# See the COPYRIGHT file distributed with this work for additional +# information regarding copyright ownership. + +import glob +import struct + + +class RawFormatHeader(dict): + """ + A dictionary of raw-format header fields read from a zone file. + """ + + fields = [ + "format", + "version", + "dumptime", + "flags", + "sourceserial", + "lastxfrin", + ] + + def __init__(self, file_name): + header = struct.Struct(">IIIIII") + with open(file_name, "rb") as data: + header_data = data.read(header.size) + super().__init__(zip(self.fields, header.unpack_from(header_data))) + + +def test_unsigned_serial_number(): + """ + Check whether all signed zone files in the "ns8" subdirectory contain the + serial number of the unsigned version of the zone in the raw-format header. + The test assumes that all "*.signed" files in the "ns8" subdirectory are in + raw format. + + Notes: + + - The actual zone signing and dumping happens while the tests.sh phase of + the "inline" system test is set up and run. This check only verifies + the outcome of those events; it does not initiate any signing or + dumping itself. + + - example[0-9][0-9].com.db.signed files are initially signed by + dnssec-signzone while the others - by named. + """ + + zones_with_unsigned_serial_missing = [] + + for signed_zone in sorted(glob.glob("ns8/*.signed")): + raw_header = RawFormatHeader(signed_zone) + # Ensure the unsigned serial number is placed where it is expected. + assert raw_header["format"] == 2 + assert raw_header["version"] == 1 + # Check whether the header flags indicate that the unsigned serial + # number is set and that the latter is indeed set. + if raw_header["flags"] & 0x02 == 0 or raw_header["sourceserial"] == 0: + zones_with_unsigned_serial_missing.append(signed_zone) + + assert not zones_with_unsigned_serial_missing -- cgit v1.2.3