use of org.minidns.dnsmessage.DNSMessage in project minidns by MiniDNS.
the class DNSSECClientTest method testNoSEPAtKSK.
@SuppressWarnings("unchecked")
@Test
public void testNoSEPAtKSK() throws IOException {
DNSKEY comKSK = dnskey(DNSKEY.FLAG_ZONE, algorithm, publicKey(algorithm, comPrivateKSK));
applyZones(client, signedRootZone(sign(rootKSK, "", rootPrivateKSK, algorithm, record("", rootKSK), record("", rootZSK)), sign(rootZSK, "", rootPrivateZSK, algorithm, record("com", ds("com", digestType, comKSK))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("com", ns("ns.com"))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("ns.com", a("1.1.1.1")))), signedZone("com", "ns.com", "1.1.1.1", sign(comKSK, "com", comPrivateKSK, algorithm, record("com", comKSK), record("com", comZSK)), sign(comZSK, "com", comPrivateZSK, algorithm, record("example.com", a("1.1.1.2")))));
DNSMessage message = client.query("example.com", Record.TYPE.A);
assertNotNull(message);
assertTrue(message.authenticData);
checkCorrectExampleMessage(message);
}
use of org.minidns.dnsmessage.DNSMessage in project minidns by MiniDNS.
the class DNSSECClientTest method testSignatureOutOfDate.
@SuppressWarnings("unchecked")
@Test
public void testSignatureOutOfDate() throws IOException {
Date signatureExpiration = new Date(System.currentTimeMillis() - 14 * 24 * 60 * 60 * 1000);
Date signatureInception = new Date(System.currentTimeMillis() - 28L * 24L * 60L * 60L * 1000L);
RRSIG outOfDateSig = rrsig(Record.TYPE.A, algorithm, 2, 3600, signatureExpiration, signatureInception, comZSK.getKeyTag(), "com", new byte[0]);
applyZones(client, signedRootZone(sign(rootKSK, "", rootPrivateKSK, algorithm, record("", rootKSK), record("", rootZSK)), sign(rootZSK, "", rootPrivateZSK, algorithm, record("com", ds("com", digestType, comKSK))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("com", ns("ns.com"))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("ns.com", a("1.1.1.1")))), signedZone("com", "ns.com", "1.1.1.1", sign(comKSK, "com", comPrivateKSK, algorithm, record("com", comKSK), record("com", comZSK)), sign(comPrivateZSK, outOfDateSig, record("example.com", a("1.1.1.2")))));
DNSMessage message = client.query("example.com", Record.TYPE.A);
assertNotNull(message);
assertFalse(message.authenticData);
checkCorrectExampleMessage(message);
}
use of org.minidns.dnsmessage.DNSMessage in project minidns by MiniDNS.
the class DNSSECClientTest method testMissingDelegation.
@SuppressWarnings("unchecked")
@Test
public void testMissingDelegation() throws IOException {
applyZones(client, signedRootZone(sign(rootKSK, "", rootPrivateKSK, algorithm, record("", rootKSK), record("", rootZSK)), sign(rootZSK, "", rootPrivateZSK, algorithm, record("com", ns("ns.com"))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("ns.com", a("1.1.1.1")))), signedZone("com", "ns.com", "1.1.1.1", sign(comKSK, "com", comPrivateKSK, algorithm, record("com", comKSK), record("com", comZSK)), sign(comZSK, "com", comPrivateZSK, algorithm, record("example.com", a("1.1.1.2")))));
DNSMessage message = client.query("example.com", Record.TYPE.A);
assertNotNull(message);
assertFalse(message.authenticData);
checkCorrectExampleMessage(message);
}
use of org.minidns.dnsmessage.DNSMessage in project minidns by MiniDNS.
the class DNSSECClientTest method testValidDLV.
@SuppressWarnings("unchecked")
@Test
public void testValidDLV() throws IOException {
PrivateKey dlvPrivateKSK = generatePrivateKey(algorithm, 2048);
DNSKEY dlvKSK = dnskey(DNSKEY.FLAG_ZONE | DNSKEY.FLAG_SECURE_ENTRY_POINT, algorithm, publicKey(algorithm, dlvPrivateKSK));
PrivateKey dlvPrivateZSK = generatePrivateKey(algorithm, 1024);
DNSKEY dlvZSK = dnskey(DNSKEY.FLAG_ZONE, algorithm, publicKey(algorithm, dlvPrivateZSK));
applyZones(client, signedRootZone(sign(rootKSK, "", rootPrivateKSK, algorithm, record("", rootKSK), record("", rootZSK)), sign(rootZSK, "", rootPrivateZSK, algorithm, record("dlv", ds("dlv", digestType, dlvKSK))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("dlv", ns("ns.com"))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("com", ns("ns.com"))), sign(rootZSK, "", rootPrivateZSK, algorithm, record("ns.com", a("1.1.1.1")))), signedZone("com", "ns.com", "1.1.1.1", sign(comKSK, "com", comPrivateKSK, algorithm, record("com", comKSK), record("com", comZSK)), sign(comZSK, "com", comPrivateZSK, algorithm, record("example.com", a("1.1.1.2")))), signedZone("dlv", "ns.com", "1.1.1.1", sign(dlvKSK, "dlv", dlvPrivateKSK, algorithm, record("dlv", dlvKSK), record("dlv", dlvZSK)), sign(dlvZSK, "dlv", dlvPrivateZSK, algorithm, record("com.dlv", dlv("com", digestType, comKSK)))));
client.configureLookasideValidation(DNSName.from("dlv"));
DNSMessage message = client.query("example.com", Record.TYPE.A);
assertNotNull(message);
assertTrue(message.authenticData);
checkCorrectExampleMessage(message);
client.disableLookasideValidation();
message = client.query("example.com", Record.TYPE.A);
assertNotNull(message);
assertFalse(message.authenticData);
checkCorrectExampleMessage(message);
}
use of org.minidns.dnsmessage.DNSMessage in project minidns by MiniDNS.
the class DNSSECClientTest method testUnsignedRoot.
@SuppressWarnings("unchecked")
@Test
public void testUnsignedRoot() throws IOException {
applyZones(client, rootZone(record("com", ds("com", digestType, comKSK)), record("com", ns("ns.com")), record("ns.com", a("1.1.1.1"))), signedZone("com", "ns.com", "1.1.1.1", sign(comKSK, "com", comPrivateKSK, algorithm, record("com", comKSK), record("com", comZSK)), sign(comZSK, "com", comPrivateZSK, algorithm, record("example.com", a("1.1.1.2")))));
DNSMessage message = client.query("example.com", Record.TYPE.A);
assertNotNull(message);
assertFalse(message.authenticData);
checkCorrectExampleMessage(message);
}
Aggregations