From e751a89645f58aae29551e251edd57177aa7f026 Mon Sep 17 00:00:00 2001
From: Linus Nordberg <linus@nordu.net>
Date: Thu, 7 Apr 2016 16:04:31 +0200
Subject: Canonicalise DS RR and refactor dns a bit.

Rename split_rrset/1 -> decode_rrset/1.
Add type rr() and use it.
Canonicalise DS RR.
---
 src/dnssecport.erl | 27 +++++++++++++++++----------
 1 file changed, 17 insertions(+), 10 deletions(-)

(limited to 'src/dnssecport.erl')

diff --git a/src/dnssecport.erl b/src/dnssecport.erl
index 02f919a..c942fb4 100644
--- a/src/dnssecport.erl
+++ b/src/dnssecport.erl
@@ -30,7 +30,7 @@ init(Program) ->
 
 decode_response(Response) ->
     <<Status:16/integer, RRSet/binary>> = Response,
-    {ok, Status, dns:split_rrset(RRSet)}.
+    {ok, Status, dns:decode_rrset(RRSet)}.
 
 handle_call(stop, _From, State) ->
     lager:debug("dnssec stop request received"),
@@ -45,13 +45,12 @@ handle_call({validate, Data}, _From, State) ->
                 {Port, {data, Response}} ->
                     case decode_response(list_to_binary(Response)) of
                         {ok, 400, [DS | Chain]} ->
-                            {reply,
-                             {ok, [dns:encode_rr(DS) | dns:encode_rrset(Chain)]},
-                             State};
+                            RRSIG = hd(Chain),
+                            R = [dns:encode_rr(dns:canonicalize_dsrr(DS, RRSIG)),
+                                 dns:encode_rrset(Chain)],
+                            {reply, {ok, R}, State};
                         {ok, Error, _} ->
-                            {reply, {error, Error}, State};
-                        {error, Reason} ->
-                            {stop, {protocolerror, Reason}, State}
+                            {reply, {error, Error}, State}
                     end;
                 {Port, {exit_status, ExitStatus}} ->
                     lager:error("dnssec port ~p exiting with status ~p",
@@ -103,6 +102,7 @@ stop_port(State) ->
 %% Unit tests.
 -define(TA_FILE, "test/testdata/dnssec/trust_anchors").
 -define(REQ1_FILE, "test/testdata/dnssec/req.1").
+-define(REQ2_FILE, "test/testdata/dnssec/req-lowttl").
 
 start_test_port() ->
     create_port("priv/dnssecport", [?TA_FILE]).
@@ -113,13 +113,14 @@ stop_test_port(Port) ->
 
 read_submission_from_file(Filename) ->
     {ok, Data} = file:read_file(Filename),
-    dns:split_rrset(Data).
+    dns:decode_rrset(Data).
 
 read_dec_enc_test_() ->
     DecodedRRset = read_submission_from_file(?REQ1_FILE),
     {ok, FileContent} = file:read_file(?REQ1_FILE),
     [?_assertEqual(FileContent, dns:encode_rrset(DecodedRRset))].
 
+%% TODO: These tests are a bit lame. Room for improvement!
 full_test_() ->
     {setup,
      fun() ->
@@ -127,10 +128,16 @@ full_test_() ->
      fun(Port) ->
              stop_test_port(Port) end,
      fun(Port) ->
-             R = handle_call({validate, read_submission_from_file(?REQ1_FILE)},
+             R1 = handle_call({validate, read_submission_from_file(?REQ1_FILE)},
                              self(), #state{port = Port}),
+             R2 = handle_call({validate, read_submission_from_file(?REQ2_FILE)},
+                             self(), #state{port = Port}),
+             {reply, {ok, [DSBin | _ChainBin]}, _} = R2,
+             {DS, <<>>} = dns:decode_rr(DSBin),
              [
-              ?_assertMatch({reply, {ok, _}, _State}, R)
+              ?_assertMatch({reply, {ok, _}, _State}, R1),
+              ?_assertMatch({reply, {ok, _}, _State}, R2),
+              ?_assertMatch({rr, _Name, _Type, _Class, 3600, _RDATA}, DS)
              ] end
     }.
 
-- 
cgit v1.1