plugin/sign: a plugin that signs zone (#2993)

* plugin/sign: a plugin that signs zones Sign is a plugin that signs zone data (on disk). The README.md details what exactly happens to should be accurate related to the code. Signs are signed with a CSK, resigning and first time signing is all handled by *sign* plugin. Logging with a test zone looks something like this: ~~~ txt [INFO] plugin/sign: Signing "miek.nl." because open plugin/sign/testdata/db.miek.nl.signed: no such file or directory [INFO] plugin/sign: Signed "miek.nl." with key tags "59725" in 11.670985ms, saved in "plugin/sign/testdata/db.miek.nl.signed". Next: 2019-07-20T15:49:06.560Z [INFO] plugin/file: Successfully reloaded zone "miek.nl." in "plugin/sign/testdata/db.miek.nl.signed" with serial 1563636548 [INFO] plugin/sign: Signing "miek.nl." because resign was: 10m0s ago [INFO] plugin/sign: Signed "miek.nl." with key tags "59725" in 2.055895ms, saved in "plugin/sign/testdata/db.miek.nl.signed". Next: 2019-07-20T16:09:06.560Z [INFO] plugin/file: Successfully reloaded zone "miek.nl." in "plugin/sign/testdata/db.miek.nl.signed" with serial 1563637748 ~~~ Signed-off-by: Miek Gieben <miek@miek.nl> * Adjust readme and remove timestamps Signed-off-by: Miek Gieben <miek@miek.nl> * Comment on the newline Signed-off-by: Miek Gieben <miek@miek.nl> * Update plugin/sign/README.md Co-Authored-By: Michael Grosser <development@stp-ip.net>
2025-10-31 10:13:14 -04:00 · 2019-08-29 15:41:59 +01:00
parent eec24cb013
commit b8a0b52a5e
21 changed files with 1114 additions and 1 deletions
--- a/plugin/sign/setup_test.go
+++ b/plugin/sign/setup_test.go
@@ -0,0 +1,75 @@
+package sign
+
+import (
+	"testing"
+
+	"github.com/caddyserver/caddy"
+)
+
+func TestParse(t *testing.T) {
+	tests := []struct {
+		input     string
+		shouldErr bool
+		exp       *Signer
+	}{
+		{`sign testdata/db.miek.nl miek.nl {
+			key file testdata/Kmiek.nl.+013+59725
+		 }`,
+			false,
+			&Signer{
+				keys:       []Pair{},
+				origin:     "miek.nl.",
+				dbfile:     "testdata/db.miek.nl",
+				directory:  "/var/lib/coredns",
+				signedfile: "db.miek.nl.signed",
+			},
+		},
+		{`sign testdata/db.miek.nl example.org {
+			key file testdata/Kmiek.nl.+013+59725
+			directory testdata
+		 }`,
+			false,
+			&Signer{
+				keys:       []Pair{},
+				origin:     "example.org.",
+				dbfile:     "testdata/db.miek.nl",
+				directory:  "testdata",
+				signedfile: "db.example.org.signed",
+			},
+		},
+		// errors
+		{`sign db.example.org {
+			key file /etc/coredns/keys/Kexample.org
+		 }`,
+			true,
+			nil,
+		},
+	}
+	for i, tc := range tests {
+		c := caddy.NewTestController("dns", tc.input)
+		sign, err := parse(c)
+
+		if err == nil && tc.shouldErr {
+			t.Fatalf("Test %d expected errors, but got no error", i)
+		}
+		if err != nil && !tc.shouldErr {
+			t.Fatalf("Test %d expected no errors, but got '%v'", i, err)
+		}
+		if tc.shouldErr {
+			continue
+		}
+		signer := sign.signers[0]
+		if x := signer.origin; x != tc.exp.origin {
+			t.Errorf("Test %d expected %s as origin, got %s", i, tc.exp.origin, x)
+		}
+		if x := signer.dbfile; x != tc.exp.dbfile {
+			t.Errorf("Test %d expected %s as dbfile, got %s", i, tc.exp.dbfile, x)
+		}
+		if x := signer.directory; x != tc.exp.directory {
+			t.Errorf("Test %d expected %s as directory, got %s", i, tc.exp.directory, x)
+		}
+		if x := signer.signedfile; x != tc.exp.signedfile {
+			t.Errorf("Test %d expected %s as signedfile, got %s", i, tc.exp.signedfile, x)
+		}
+	}
+}