plugin/dnssec/cache_test.go

package dnssec

import (
	"testing"
	"time"

	"github.com/coredns/coredns/plugin/pkg/cache"
	"github.com/coredns/coredns/plugin/test"
	"github.com/coredns/coredns/request"
)

func TestCacheSet(t *testing.T) {
	fPriv, rmPriv, _ := test.TempFile(".", privKey)
	fPub, rmPub, _ := test.TempFile(".", pubKey)
	defer rmPriv()
	defer rmPub()

	dnskey, err := ParseKeyFile(fPub, fPriv)
	if err != nil {
		t.Fatalf("failed to parse key: %v\n", err)
	}

	c := cache.New(defaultCap)
	m := testMsg()
	state := request.Request{Req: m, Zone: "miek.nl."}
	k := hash(m.Answer) // calculate *before* we add the sig
	d := New([]string{"miek.nl."}, []*DNSKEY{dnskey}, nil, c)
	d.Sign(state, time.Now().UTC())

	_, ok := d.get(k)
	if !ok {
		t.Errorf("signature was not added to the cache")
	}
}

func TestCacheNotValidExpired(t *testing.T) {
	fPriv, rmPriv, _ := test.TempFile(".", privKey)
	fPub, rmPub, _ := test.TempFile(".", pubKey)
	defer rmPriv()
	defer rmPub()

	dnskey, err := ParseKeyFile(fPub, fPriv)
	if err != nil {
		t.Fatalf("failed to parse key: %v\n", err)
	}

	c := cache.New(defaultCap)
	m := testMsg()
	state := request.Request{Req: m, Zone: "miek.nl."}
	k := hash(m.Answer) // calculate *before* we add the sig
	d := New([]string{"miek.nl."}, []*DNSKEY{dnskey}, nil, c)
	d.Sign(state, time.Now().UTC().AddDate(0, 0, -9))

	_, ok := d.get(k)
	if ok {
		t.Errorf("signature was added to the cache even though not valid")
	}
}

func TestCacheNotValidYet(t *testing.T) {
	fPriv, rmPriv, _ := test.TempFile(".", privKey)
	fPub, rmPub, _ := test.TempFile(".", pubKey)
	defer rmPriv()
	defer rmPub()

	dnskey, err := ParseKeyFile(fPub, fPriv)
	if err != nil {
		t.Fatalf("failed to parse key: %v\n", err)
	}

	c := cache.New(defaultCap)
	m := testMsg()
	state := request.Request{Req: m, Zone: "miek.nl."}
	k := hash(m.Answer) // calculate *before* we add the sig
	d := New([]string{"miek.nl."}, []*DNSKEY{dnskey}, nil, c)
	d.Sign(state, time.Now().UTC().AddDate(0, 0, +9))

	_, ok := d.get(k)
	if ok {
		t.Errorf("signature was added to the cache even though not valid yet")
	}
}
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00			`package dnssec`

			`import (`
			`"testing"`
			`"time"`

Remove the word middleware (#1067) * Rename middleware to plugin first pass; mostly used 'sed', few spots where I manually changed text. This still builds a coredns binary. * fmt error * Rename AddMiddleware to AddPlugin * Readd AddMiddleware to remain backwards compat 2017-09-14 09:36:06 +01:00			`"github.com/coredns/coredns/plugin/pkg/cache"`
			`"github.com/coredns/coredns/plugin/test"`
Fix import path `github.com/miekg/coredns` -> `github.com/coredns/coredns` (#547) This fix fixes import path from `github.com/miekg/coredns` -> `github.com/coredns/coredns` 2017-02-21 22:51:47 -08:00			`"github.com/coredns/coredns/request"`
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00			`)`

			`func TestCacheSet(t *testing.T) {`
Pr 311 2 (#312) * Add a setup test for middleware/file This fix adds a setup test for middleware/file so that there is a basic coverage for the Corefile processing of middleware/file. This fix is related to 308 (Will look into it). Signed-off-by: Yong Tang <yong.tang.github@outlook.com> * middleware/file: use helper function for test Fixup setup_test.go and use the test.TempFile function to make things somewhat shorter. Use clean up the use of testing.T in TempFile - it is not used. 2016-10-02 15:58:01 +01:00			`fPriv, rmPriv, _ := test.TempFile(".", privKey)`
			`fPub, rmPub, _ := test.TempFile(".", pubKey)`
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00			`defer rmPriv()`
			`defer rmPub()`

			`dnskey, err := ParseKeyFile(fPub, fPriv)`
			`if err != nil {`
			`t.Fatalf("failed to parse key: %v\n", err)`
			`}`

New cache implementation and prefetch handing in mw/cache (#731) * cache: add sharded cache implementation Add Cache impl and a few tests. This cache is 256-way sharded, mainly so each shard has it's own lock. The main cache structure is a readonly jump plane into the right shard. This should remove the single lock contention on the main lock and provide more concurrent throughput - Obviously this hasn't been tested or measured. The key into the cache was made a uint32 (hash.fnv) and the hashing op is not using strings.ToLower anymore remove any GC in that code path. * here too * Minimum shard size * typos * blurp * small cleanups no defer * typo * Add freq based on Johns idea * cherry-pick conflict resolv * typo * update from early code review from john * add prefetch to the cache * mw/cache: add prefetch * remove println * remove comment * Fix tests * Test prefetch in setup * Add start of cache * try add diff cache options * Add hacky testcase * not needed * allow the use of a percentage for prefetch If the TTL falls below xx% do a prefetch, if the record was popular. Some other fixes and correctly prefetch only popular records. 2017-06-13 12:39:10 -07:00			`c := cache.New(defaultCap)`
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00			`m := testMsg()`
plugin/dnssec: implement shotgun from CloudFlare (#1305) * plugin/dnssec: implement shotgun from CloudFlare Put a whole bunch of types in the NSEC bitmap and remove the one that's being asked for. Add more records for queries to the apex, SOA, DNSKEY, MX. 2018-01-03 11:11:56 +00:00			`state := request.Request{Req: m, Zone: "miek.nl."}`
New cache implementation and prefetch handing in mw/cache (#731) * cache: add sharded cache implementation Add Cache impl and a few tests. This cache is 256-way sharded, mainly so each shard has it's own lock. The main cache structure is a readonly jump plane into the right shard. This should remove the single lock contention on the main lock and provide more concurrent throughput - Obviously this hasn't been tested or measured. The key into the cache was made a uint32 (hash.fnv) and the hashing op is not using strings.ToLower anymore remove any GC in that code path. * here too * Minimum shard size * typos * blurp * small cleanups no defer * typo * Add freq based on Johns idea * cherry-pick conflict resolv * typo * update from early code review from john * add prefetch to the cache * mw/cache: add prefetch * remove println * remove comment * Fix tests * Test prefetch in setup * Add start of cache * try add diff cache options * Add hacky testcase * not needed * allow the use of a percentage for prefetch If the TTL falls below xx% do a prefetch, if the record was popular. Some other fixes and correctly prefetch only popular records. 2017-06-13 12:39:10 -07:00			`k := hash(m.Answer) // calculate before we add the sig`
			`d := New([]string{"miek.nl."}, []*DNSKEY{dnskey}, nil, c)`
plugin/dnssec: implement shotgun from CloudFlare (#1305) * plugin/dnssec: implement shotgun from CloudFlare Put a whole bunch of types in the NSEC bitmap and remove the one that's being asked for. Add more records for queries to the apex, SOA, DNSKEY, MX. 2018-01-03 11:11:56 +00:00			`d.Sign(state, time.Now().UTC())`
Add middleware/dnssec (#133) This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies. 2016-04-26 17:57:11 +01:00
			`_, ok := d.get(k)`
			`if !ok {`
			`t.Errorf("signature was not added to the cache")`
			`}`
			`}`
plugin/dnssec: check validityperiod of RRSIGs (#1385) * plugin/dnssec: check validityperiod of RRSIGs Somehow we missed implementing this. If a sig a retrieved from the cache, but not valid anymore, regenerate it instead of server invalid signatures. Fixes #1378 * drop from cache after 3/4 validity * six days means 6 days 2018-01-18 10:39:22 +00:00
			`func TestCacheNotValidExpired(t *testing.T) {`
			`fPriv, rmPriv, _ := test.TempFile(".", privKey)`
			`fPub, rmPub, _ := test.TempFile(".", pubKey)`
			`defer rmPriv()`
			`defer rmPub()`

			`dnskey, err := ParseKeyFile(fPub, fPriv)`
			`if err != nil {`
			`t.Fatalf("failed to parse key: %v\n", err)`
			`}`

			`c := cache.New(defaultCap)`
			`m := testMsg()`
			`state := request.Request{Req: m, Zone: "miek.nl."}`
			`k := hash(m.Answer) // calculate before we add the sig`
			`d := New([]string{"miek.nl."}, []*DNSKEY{dnskey}, nil, c)`
			`d.Sign(state, time.Now().UTC().AddDate(0, 0, -9))`

			`_, ok := d.get(k)`
			`if ok {`
			`t.Errorf("signature was added to the cache even though not valid")`
			`}`
			`}`

			`func TestCacheNotValidYet(t *testing.T) {`
			`fPriv, rmPriv, _ := test.TempFile(".", privKey)`
			`fPub, rmPub, _ := test.TempFile(".", pubKey)`
			`defer rmPriv()`
			`defer rmPub()`

			`dnskey, err := ParseKeyFile(fPub, fPriv)`
			`if err != nil {`
			`t.Fatalf("failed to parse key: %v\n", err)`
			`}`

			`c := cache.New(defaultCap)`
			`m := testMsg()`
			`state := request.Request{Req: m, Zone: "miek.nl."}`
			`k := hash(m.Answer) // calculate before we add the sig`
			`d := New([]string{"miek.nl."}, []*DNSKEY{dnskey}, nil, c)`
			`d.Sign(state, time.Now().UTC().AddDate(0, 0, +9))`

			`_, ok := d.get(k)`
			`if ok {`
			`t.Errorf("signature was added to the cache even though not valid yet")`
			`}`
			`}`