001/* 002 * Copyright 2015-2024 the original author or authors 003 * 004 * This software is licensed under the Apache License, Version 2.0, 005 * the GNU Lesser General Public License version 2 or later ("LGPL") 006 * and the WTFPL. 007 * You may choose either license to govern your use of this software only 008 * upon the condition that you accept all of the terms of either 009 * the Apache License 2.0, the LGPL 2.1+ or the WTFPL. 010 */ 011package org.minidns.integrationtest; 012 013import java.io.IOException; 014import java.util.Iterator; 015 016import org.junit.Ignore; 017import org.minidns.cache.LruCache; 018import org.minidns.dnssec.DnssecClient; 019import org.minidns.dnssec.DnssecQueryResult; 020import org.minidns.dnssec.DnssecUnverifiedReason; 021import org.minidns.dnssec.DnssecValidationFailedException; 022import org.minidns.record.Record; 023 024import static org.junit.jupiter.api.Assertions.assertFalse; 025 026public class DnssecTest { 027 028 @Ignore 029 @IntegrationTest 030 public static void testOarcDaneBadSig() throws Exception { 031 DnssecClient client = new DnssecClient(new LruCache(1024)); 032 assertFalse(client.queryDnssec("_443._tcp.bad-sig.dane.dns-oarc.net", Record.TYPE.TLSA).isAuthenticData()); 033 } 034 035 @IntegrationTest 036 public static void testUniDueSigOk() throws IOException { 037 DnssecClient client = new DnssecClient(new LruCache(1024)); 038 assertAuthentic(client.queryDnssec("sigok.verteiltesysteme.net", Record.TYPE.A)); 039 } 040 041 @IntegrationTest(expected = DnssecValidationFailedException.class) 042 public static void testUniDueSigFail() throws IOException { 043 DnssecClient client = new DnssecClient(new LruCache(1024)); 044 client.query("sigfail.verteiltesysteme.net", Record.TYPE.A); 045 } 046 047 @IntegrationTest 048 public static void testCloudFlare() throws IOException { 049 DnssecClient client = new DnssecClient(new LruCache(1024)); 050 assertAuthentic(client.queryDnssec("www.cloudflare-dnssec-auth.com", Record.TYPE.A)); 051 } 052 053 private static void assertAuthentic(DnssecQueryResult dnssecMessage) { 054 if (dnssecMessage.isAuthenticData()) return; 055 056 StringBuilder sb = new StringBuilder(); 057 sb.append("Answer should contain authentic data while it does not. Reasons:\n"); 058 for (Iterator<DnssecUnverifiedReason> it = dnssecMessage.getUnverifiedReasons().iterator(); it.hasNext(); ) { 059 DnssecUnverifiedReason unverifiedReason = it.next(); 060 sb.append(unverifiedReason); 061 if (it.hasNext()) sb.append('\n'); 062 } 063 throw new AssertionError(sb.toString()); 064 } 065}