1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
# Copyright (C) Dnspython Contributors, see LICENSE for text of ISC license
import hashlib
import unittest
import time
import dns.tsig
import dns.tsigkeyring
import dns.message
keyring = dns.tsigkeyring.from_text(
{
'keyname.' : 'NjHwPsMKjdN++dOfE5iAiQ=='
}
)
keyname = dns.name.from_text('keyname')
class TSIGTestCase(unittest.TestCase):
def test_get_algorithm(self):
n = dns.name.from_text('hmac-sha256')
(w, alg) = dns.tsig.get_algorithm(n)
self.assertEqual(alg, hashlib.sha256)
(w, alg) = dns.tsig.get_algorithm('hmac-sha256')
self.assertEqual(alg, hashlib.sha256)
self.assertRaises(NotImplementedError,
lambda: dns.tsig.get_algorithm('bogus'))
def test_sign_and_validate(self):
m = dns.message.make_query('example', 'a')
m.use_tsig(keyring, keyname)
w = m.to_wire()
# not raising is passing
dns.message.from_wire(w, keyring)
def test_sign_and_validate_with_other_data(self):
m = dns.message.make_query('example', 'a')
other = b'other data'
m.use_tsig(keyring, keyname, other_data=b'other')
w = m.to_wire()
# not raising is passing
dns.message.from_wire(w, keyring)
def make_message_pair(self, qname='example', rdtype='A'):
q = dns.message.make_query(qname, rdtype)
q.use_tsig(keyring=keyring, keyname=keyname)
q.had_tsig = True # so make_response() does the right thing
q.to_wire() # to set q.mac
r = dns.message.make_response(q)
return(q, r)
def test_peer_errors(self):
items = [(dns.tsig.BADSIG, dns.tsig.PeerBadSignature),
(dns.tsig.BADKEY, dns.tsig.PeerBadKey),
(dns.tsig.BADTIME, dns.tsig.PeerBadTime),
(dns.tsig.BADTRUNC, dns.tsig.PeerBadTruncation),
(99, dns.tsig.PeerError),
]
for err, ex in items:
q, r = self.make_message_pair()
r.tsig_error = err
w = r.to_wire()
def bad():
dns.message.from_wire(w, keyring=keyring, request_mac=q.mac)
self.assertRaises(ex, bad)
|
