• Your recent searches
Net-DNS-SEC
1 match

 view release on metacpan or  search on metacpan

t/10-keyset.t  view on Meta::CPAN 


my $alg1 = algorithm( $ds[1]->algorithm );
my $dig1 = digtype( $ds[1]->digtype );
is( $string1, $expect1, "DS ($alg1/$dig1) created from keyset" );


##
#  Corrupted keyset

my $handle3 = IO::File->new( $filename{set3}, '>' ) or die qq(open: "$filename{set3}" $!);

print $handle3 $keyrr1->string, "\n";
print $handle3 $keyrr2->string, "\n";

my $sigstr = lc $sigrr1->string;				# corrupt the base64 signature
$sigstr =~ s/in.rrsig/IN RRSIG/;				# fix collateral damage
$sigstr =~ s/dnskey/DNSKEY/;

print $handle3 $sigstr . "\n";
print $handle3 $sigrr2->string . "\n";

close($handle3);

my $corrupt = Net::DNS::SEC::Keyset->new( $filename{set3} );

ok( !$corrupt, "Corrupted keyset not loaded" );
my $corrupt_keyset = Net::DNS::SEC::Keyset->keyset_err;
like( $corrupt_keyset, '/failed.+key/', "Expected error [$corrupt_keyset]" );


my @keyrr = ( $keyrr1, $keyrr2 );
my @sigrr = ( $sigrr1, $sigrr2 );

my $ks = Net::DNS::SEC::Keyset->new( [@keyrr], [@sigrr] );

ok( $ks, "Keyset created from two arrays." );

my @ks_sigs = $ks->sigs;
ok( eq_array( [@ks_sigs], [@sigrr] ), "Sigs out equal to sigs in" );

my @ks_keys = $ks->keys;
my @keydiff = key_difference( [@keyrr], [@ks_keys] );

is( scalar(@keydiff), 0, "Keys out equal to keys in" );


my @keytags = $ks->verify;
is( scalar(@keytags), 2, "Verify method returned the keytags" );

my $good_tag = 39948;
ok( $ks->verify($good_tag), "Verification against keytag $good_tag" );

my $bad_tag = 9734;
ok( !$ks->verify($bad_tag), "Verification against keytag $bad_tag failed" );
my $missing_signature = Net::DNS::SEC::Keyset->keyset_err;
like( $missing_signature, "/No signature.+$bad_tag/", "Expected error [$missing_signature]" );


my $corruptible	 = Net::DNS::RR::RRSIG->create( $keyrrset, $keyfile1, ttl => 3600 );
my $unverifiable = Net::DNS::SEC::Keyset->new( $keyrrset, [$corruptible] );
my $badsig	 = Net::DNS::RR::RRSIG->create( [$sigrr1], $keyfile1, ttl => 3600 );
$corruptible->sigbin( $badsig->sigbin );

is( scalar( $unverifiable->extract_ds ), 0, 'No DS from unverifiable keyset' );


my $bogus = Net::DNS::RR->new( <<'END' );
bogus.tld.	IN	DNSKEY	257 3 5 (
	AQO1gY5UFltQ4f0ZHnXPFQZfcQQNpXK5r0Rk05rLLmY0XeA1lu8ek7W1VHsBjkge9WU7efdp3U4a
	mxULRMQj7F0ByOK318agap2sIWYN13jV1RLxF5GPyLq+tp2ihEyI8x0P8c9RzgVn1ix4Xcoq+vKm
	WqDT1jHE4oBY/DzI8gyuJw== ; Key ID = 15792
	)
END

my $mixed = Net::DNS::SEC::Keyset->new( [$bogus], [$sigrr1] );
ok( !$mixed, "Mixed keyset not loaded" );
like( Net::DNS::SEC::Keyset->keyset_err, '/No signature.+SEP/', 'Expected "No signature for KSK" error' );
like( Net::DNS::SEC::Keyset->keyset_err, '/Multiple names/',	'Expected "Multiple names" error' );


my $packet = Net::DNS::Packet->new( 'test.tld', 'DNSKEY' );
$packet->push( answer => @keyrr, @sigrr );
ok( Net::DNS::SEC::Keyset->new($packet)->verify(), "Verify keyset extracted from packet" );


ok( Net::DNS::SEC::Keyset->new( [$keyrr2] )->verify(), "Verify keyset with no KSK" );


exception( 'unwritable file', sub { $keyset->writekeyset( File::Spec->rel2abs('nonexdir') ) } );


# 0.17 backward compatibility (exercise code for test coverage only)
eval { my $scalar = key_difference( [@keyrr], [@ks_sigs], [] ); };
eval { my @array = key_difference( [@keyrr], [@ks_sigs] ); };


exit;

__END__



( run in 1.747 second using v1.01-cache-2.11-cpan-d7f47b0818f )