CloudHost/zonemaster.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
87e25144dd4dd5ae68ce1e02cbbfa87cb4b9b346
zonemaster.es/zonemaster-ldns/t/dnssec.t
Malin 8d4eaa1489 feat: add full Zonemaster stack with Docker and Spanish UI 
- Clone all 5 Zonemaster component repos (LDNS, Engine, CLI, Backend, GUI)
- Dockerfile.backend: 8-stage multi-stage build LDNS→Engine→CLI→Backend
- Dockerfile.gui: Astro static build served via nginx
- docker-compose.yml: backend (internal) + frontend (port 5353)
- nginx.conf: root redirects to /es/, /api/ proxied to backend
- zonemaster-gui/config.ts: defaultLanguage set to 'es' (Spanish)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-21 08:19:24 +02:00

102 lines
4.1 KiB
Perl
Raw Blame History

use Test::More;
BEGIN { use_ok( 'Zonemaster::LDNS' ); }
my $key1 = Zonemaster::LDNS::RR->new(
"iis.se. 2395 IN DNSKEY 257 3 5 AwEAAcq5u+qe5VibnyvSnGU20panweAk2QxflGVuVQhzQABQV4SIdAQs +LNVHF61lcxe504jhPmjeQ656X6t+dHpRz1DdPO/ukcIITjIRoJHqS+X XyL6gUluZoDU+K6vpxkGJx5m5n4boRTKCTUAR/9rw2+IQRRTtb6nBwsC 3pmf9IlJQjQMb1cQTb0UO7fYgXDZIYVul2LwGpKRrMJ6Ul1nepkSxTMw Q4H9iKE9FhqPeIpzU9dnXGtJ+ZCx9tWSZ9VsSLWBJtUwoE6ZfIoF1ioq qxfGl9JV1/6GkDxo3pMN2edhkp8aqoo/R+mrJYi0vE8jbXvhZ12151Dy wuSxbGjAlxk="
);
my $key2 = Zonemaster::LDNS::RR->new(
"iis.se. 1591 IN DNSKEY 256 3 5 BQEAAAABuWpCewwMRD7yPzy6TGsymMAc82IHVGB+vjKVIAYKbPG7QxuLEtEzUxDJo09gLN2/N0OF+NnTkmDMj8KA+eIgtqmMuq5kdDVc+eSNLJZ0 am0o27UEkXmW20iV0d6B/KW1X1nufzBSaacUzkBKyDfK4cN3aVsYIDXT H7Jw1agEzrM="
);
my $soa = Zonemaster::LDNS::RR->new( "iis.se. 3600 IN SOA ns.nic.se. hostmaster.iis.se. 1384853101 10800 3600 1814400 14400" );
my $sig = Zonemaster::LDNS::RR->new(
"iis.se. 3600 IN RRSIG SOA 5 2 3600 20131129082501 20131119082501 59213 iis.se. ShhhfRT82jfA/J1AAqiie/4r7JuiYOpK6dIwugOtlf0/UpVsOYEIukpe Bq9i7fsa0GNWz/o9gqF8DnsCHzgxZnAngTrJpZAlsrC/FP/6v8WfnFsP LDw9g6Ow8Z6TL9JmZr22YPp27Rwujdb5AnzdurEvQxIAqW66CCCy2pc9 //s="
);
is( $sig->keytag, $key2->keytag );
ok( !$sig->verify( [$soa], [ $key1, $key2 ] ), 'Signature does not verify (expired).' );
ok( !$sig->verify( [$soa], [$key1] ), 'Signature does not verify (wrong key).' );
is(
$sig->verify_str( [$soa], [ $key1, $key2 ] ),
'DNSSEC signature has expired',
'Expected unsuccessful verification message.'
);
is(
$sig->verify_str( [$soa], [$key1] ),
'No keys with the keytag and algorithm from the RRSIG found',
'Expected unsuccessful verification message.'
);
my $msg = '';
my $res = $sig->verify_time( [$soa], [ $key1, $key2 ], 1385628478, $msg );
ok( $res, 'Verified OK in the past.' );
is( $msg, 'All OK', 'Expected verification message' );
my $ds1 = $key1->ds( 'sha1' );
isa_ok( $ds1, 'Zonemaster::LDNS::RR::DS', 'sha1' );
ok( $ds1->verify( $key1 ) ) if $ds1;
my $ds2 = $key1->ds( 'sha256' );
isa_ok( $ds2, 'Zonemaster::LDNS::RR::DS', 'sha256' );
ok( $ds2->verify( $key1 ) ) if $ds2;
my $ds3 = $key1->ds( 'sha384' );
isa_ok( $ds3, 'Zonemaster::LDNS::RR::DS', 'sha384' );
ok( $ds3->verify( $key1 ) ) if $ds3;
my $ds4 = $key1->ds( 'gost' );
if ( $ds4 ) { # We may not have GOST available.
isa_ok( $ds4, 'Zonemaster::LDNS::RR::DS', 'gost' );
ok( $ds4->verify( $key1 ) ) if $ds4;
}
is($key1->keysize, 2048, 'Key is 2048 bits long');
is($key2->keysize, 1024, 'Key is 1024 bits long');
my $nsec = Zonemaster::LDNS::RR->new('xx.se. 7200 IN NSEC xx0r.se. NS RRSIG NSEC');
isa_ok($nsec, 'Zonemaster::LDNS::RR::NSEC');
ok($nsec->covers('xx-example.se'), 'Covers xx-example.se');
ok(!$nsec->covers('.'), 'Does not cover the root domain');
my $nsec3 = Zonemaster::LDNS::RR->new('NR2E513KM693MBTNVHH56ENF54F886T0.com. 86400 IN NSEC3 1 1 0 - NR2FUHQVR56LH70L6F971J3L6N1RH2TU NS DS RRSIG');
isa_ok($nsec3, 'Zonemaster::LDNS::RR::NSEC3');
ok($nsec3->covers('xx-example.com'), 'Covers xx-example.com');
is($nsec3->covers('.'), undef, 'Does not cover the root domain');
subtest 'malformed NSEC3 do not cover anything' => sub {
# Malformed resource record lacking a next hashed owner name field in its
# RDATA. The only way to synthesize such a datum is to use the RFC 3597
# syntax.
my $example = Zonemaster::LDNS::RR->new(
q{example. 0 IN NSEC3 \# 15 01 00 0001 01 AB 00 0006 400000000002}
);
is( $example->covers("example"), undef );
# NSEC3 resource record whose owner name is the root name. This should
# normally not happen.
$example = Zonemaster::LDNS::RR->new(
q{. 0 IN NSEC3 1 0 1 ab 01234567 A RRSIG}
);
is( $example->covers("example"), undef );
};
SKIP: {
skip 'no network', 3 unless $ENV{TEST_WITH_NETWORK};
$res = Zonemaster::LDNS->new( '212.247.7.228' );
$res->dnssec( 1 );
my $p1 = eval { $res->query('www.iis.se', 'A') };
skip 'Remote server not responding', 3 if not $p1;
ok( $p1->needs_edns, 'Needs EDNS0');
ok( $p1->has_edns, 'Alias is there');
ok( ($p1->edns_size > 0), 'EDNS0 size larger than zero' );
}
done_testing;
Reference in New Issue View Git Blame Copy Permalink