001/*
002 * Copyright 2015-2024 the original author or authors
003 *
004 * This software is licensed under the Apache License, Version 2.0,
005 * the GNU Lesser General Public License version 2 or later ("LGPL")
006 * and the WTFPL.
007 * You may choose either license to govern your use of this software only
008 * upon the condition that you accept all of the terms of either
009 * the Apache License 2.0, the LGPL 2.1+ or the WTFPL.
010 */
011package org.minidns.integrationtest;
012
013import java.io.IOException;
014import java.util.Iterator;
015
016import org.junit.Ignore;
017import org.minidns.cache.LruCache;
018import org.minidns.dnssec.DnssecClient;
019import org.minidns.dnssec.DnssecQueryResult;
020import org.minidns.dnssec.DnssecUnverifiedReason;
021import org.minidns.dnssec.DnssecValidationFailedException;
022import org.minidns.record.Record;
023
024import static org.junit.jupiter.api.Assertions.assertFalse;
025
026public class DnssecTest {
027
028    @Ignore
029    @IntegrationTest
030    public static void testOarcDaneBadSig() throws Exception {
031        DnssecClient client = new DnssecClient(new LruCache(1024));
032        assertFalse(client.queryDnssec("_443._tcp.bad-sig.dane.dns-oarc.net", Record.TYPE.TLSA).isAuthenticData());
033    }
034
035    @IntegrationTest
036    public static void testUniDueSigOk() throws IOException {
037        DnssecClient client = new DnssecClient(new LruCache(1024));
038        assertAuthentic(client.queryDnssec("sigok.verteiltesysteme.net", Record.TYPE.A));
039    }
040
041    @IntegrationTest(expected = DnssecValidationFailedException.class)
042    public static void testUniDueSigFail() throws IOException {
043        DnssecClient client = new DnssecClient(new LruCache(1024));
044        client.query("sigfail.verteiltesysteme.net", Record.TYPE.A);
045    }
046
047    @IntegrationTest
048    public static void testCloudFlare() throws IOException {
049        DnssecClient client = new DnssecClient(new LruCache(1024));
050        assertAuthentic(client.queryDnssec("www.cloudflare-dnssec-auth.com", Record.TYPE.A));
051    }
052
053    private static void assertAuthentic(DnssecQueryResult dnssecMessage) {
054        if (dnssecMessage.isAuthenticData()) return;
055
056        StringBuilder sb = new StringBuilder();
057        sb.append("Answer should contain authentic data while it does not. Reasons:\n");
058        for (Iterator<DnssecUnverifiedReason> it = dnssecMessage.getUnverifiedReasons().iterator(); it.hasNext(); ) {
059            DnssecUnverifiedReason unverifiedReason = it.next();
060            sb.append(unverifiedReason);
061            if (it.hasNext()) sb.append('\n');
062        }
063        throw new AssertionError(sb.toString());
064    }
065}