From a76e304f5e19d114389a5f0320d71d5cd498ff5d Mon Sep 17 00:00:00 2001
From: Artem Boldariev <artem@boldariev.com>
Date: Wed, 10 Jan 2024 19:24:46 +0200
Subject: [PATCH] Add a system test to verify listener transport change
 functionality

This commit adds a system test that helps to verify that changing a
listener transport by editing "listen-on" statements before
reconfiguration works as expected.

(cherry picked from commit 211f12ff850677c39cdaa9bdb36c860a5837e0b2)
---
 bin/tests/system/transport-change/clean.sh    | 24 ++++++
 .../ns1/named-http-plain.conf.in              | 45 +++++++++++
 .../transport-change/ns1/named-https.conf.in  | 45 +++++++++++
 .../transport-change/ns1/named-tls.conf.in    | 45 +++++++++++
 .../system/transport-change/ns1/named.conf.in | 45 +++++++++++
 bin/tests/system/transport-change/prereq.sh   | 22 +++++
 bin/tests/system/transport-change/privkey.pem |  0
 .../transport-change/self-signed-cert.pem     | 11 +++
 .../transport-change/self-signed-key.pem      |  5 ++
 bin/tests/system/transport-change/setup.sh    | 21 +++++
 bin/tests/system/transport-change/tests.sh    | 81 +++++++++++++++++++
 .../tests_sh_transport_change.py              | 14 ++++
 12 files changed, 358 insertions(+)
 create mode 100644 bin/tests/system/transport-change/clean.sh
 create mode 100644 bin/tests/system/transport-change/ns1/named-http-plain.conf.in
 create mode 100644 bin/tests/system/transport-change/ns1/named-https.conf.in
 create mode 100644 bin/tests/system/transport-change/ns1/named-tls.conf.in
 create mode 100644 bin/tests/system/transport-change/ns1/named.conf.in
 create mode 100644 bin/tests/system/transport-change/prereq.sh
 create mode 100644 bin/tests/system/transport-change/privkey.pem
 create mode 100644 bin/tests/system/transport-change/self-signed-cert.pem
 create mode 100644 bin/tests/system/transport-change/self-signed-key.pem
 create mode 100644 bin/tests/system/transport-change/setup.sh
 create mode 100644 bin/tests/system/transport-change/tests.sh
 create mode 100644 bin/tests/system/transport-change/tests_sh_transport_change.py

diff --git a/bin/tests/system/transport-change/clean.sh b/bin/tests/system/transport-change/clean.sh
new file mode 100644
index 0000000000..e8d1b95ee5
--- /dev/null
+++ b/bin/tests/system/transport-change/clean.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+#
+# Clean up after zone transfer tests.
+#
+
+rm -f ./*/named.conf
+rm -f ./*/named.memstats
+rm -f ./*/named.run
+rm -f ./*/named.run.prev
+rm -f ./dig.out.*
+rm -f ./*/example.db
+rm -rf ./headers.*
diff --git a/bin/tests/system/transport-change/ns1/named-http-plain.conf.in b/bin/tests/system/transport-change/ns1/named-http-plain.conf.in
new file mode 100644
index 0000000000..849aa3eabe
--- /dev/null
+++ b/bin/tests/system/transport-change/ns1/named-http-plain.conf.in
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+include "../../_common/rndc.key";
+
+controls {
+	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+tls self-signed {
+	cert-file "../self-signed-cert.pem";
+	key-file "../self-signed-key.pem";
+};
+
+options {
+	pid-file "named.pid";
+	##
+	# generic
+	listen-on port @PORT@ { 10.53.0.1; };
+	# test TLS
+	listen-on port @EXTRAPORT1@ tls none http default { 10.53.0.1; };
+	listen-on-v6 port @EXTRAPORT1@ tls none http default { fd92:7065:b8e:ffff::1; };
+	##
+	recursion no;
+	notify explicit;
+	statistics-file "named.stats";
+	dnssec-validation yes;
+	tcp-initial-timeout 1200;
+};
+
+zone "example" {
+	type primary;
+	file "example.db";
+	allow-transfer { any; };
+};
diff --git a/bin/tests/system/transport-change/ns1/named-https.conf.in b/bin/tests/system/transport-change/ns1/named-https.conf.in
new file mode 100644
index 0000000000..26763a1c9e
--- /dev/null
+++ b/bin/tests/system/transport-change/ns1/named-https.conf.in
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+include "../../_common/rndc.key";
+
+controls {
+	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+tls self-signed {
+	cert-file "../self-signed-cert.pem";
+	key-file "../self-signed-key.pem";
+};
+
+options {
+	pid-file "named.pid";
+	##
+	# generic
+	listen-on port @PORT@ { 10.53.0.1; };
+	# test TLS
+	listen-on port @EXTRAPORT1@ tls self-signed http default { 10.53.0.1; };
+	listen-on-v6 port @EXTRAPORT1@ tls self-signed http default { fd92:7065:b8e:ffff::1; };
+	##
+	recursion no;
+	notify explicit;
+	statistics-file "named.stats";
+	dnssec-validation yes;
+	tcp-initial-timeout 1200;
+};
+
+zone "example" {
+	type primary;
+	file "example.db";
+	allow-transfer { any; };
+};
diff --git a/bin/tests/system/transport-change/ns1/named-tls.conf.in b/bin/tests/system/transport-change/ns1/named-tls.conf.in
new file mode 100644
index 0000000000..27fce04b25
--- /dev/null
+++ b/bin/tests/system/transport-change/ns1/named-tls.conf.in
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+include "../../_common/rndc.key";
+
+controls {
+	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+tls self-signed {
+	cert-file "../self-signed-cert.pem";
+	key-file "../self-signed-key.pem";
+};
+
+options {
+	pid-file "named.pid";
+	##
+	# generic
+	listen-on port @PORT@ { 10.53.0.1; };
+	# test TLS
+	listen-on port @EXTRAPORT1@ tls self-signed { 10.53.0.1; };
+	listen-on-v6 port @EXTRAPORT1@ tls self-signed { fd92:7065:b8e:ffff::1; };
+	##
+	recursion no;
+	notify explicit;
+	statistics-file "named.stats";
+	dnssec-validation yes;
+	tcp-initial-timeout 1200;
+};
+
+zone "example" {
+	type primary;
+	file "example.db";
+	allow-transfer { any; };
+};
diff --git a/bin/tests/system/transport-change/ns1/named.conf.in b/bin/tests/system/transport-change/ns1/named.conf.in
new file mode 100644
index 0000000000..817a43f440
--- /dev/null
+++ b/bin/tests/system/transport-change/ns1/named.conf.in
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+include "../../_common/rndc.key";
+
+controls {
+	inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+tls self-signed {
+	cert-file "../self-signed-cert.pem";
+	key-file "../self-signed-key.pem";
+};
+
+options {
+	pid-file "named.pid";
+	##
+	# generic
+	listen-on port @PORT@ { 10.53.0.1; };
+	# test
+	listen-on port @EXTRAPORT1@ { 10.53.0.1; };
+	listen-on-v6 port @EXTRAPORT1@ { fd92:7065:b8e:ffff::1; };
+	##
+	recursion no;
+	notify explicit;
+	statistics-file "named.stats";
+	dnssec-validation yes;
+	tcp-initial-timeout 1200;
+};
+
+zone "example" {
+	type primary;
+	file "example.db";
+	allow-transfer { any; };
+};
diff --git a/bin/tests/system/transport-change/prereq.sh b/bin/tests/system/transport-change/prereq.sh
new file mode 100644
index 0000000000..0c19f1178b
--- /dev/null
+++ b/bin/tests/system/transport-change/prereq.sh
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# shellcheck disable=SC1091
+. ../conf.sh
+
+$FEATURETEST --with-libnghttp2 || {
+  echo_i "This test requires libnghttp2 support." >&2
+  exit 255
+}
+
+exit 0
diff --git a/bin/tests/system/transport-change/privkey.pem b/bin/tests/system/transport-change/privkey.pem
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/bin/tests/system/transport-change/self-signed-cert.pem b/bin/tests/system/transport-change/self-signed-cert.pem
new file mode 100644
index 0000000000..3f4df28f60
--- /dev/null
+++ b/bin/tests/system/transport-change/self-signed-cert.pem
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBqTCCAVCgAwIBAgIULBCxkDF3scu+KzMu4JWrS1MiD8gwCgYIKoZIzj0EAwIw
+FjEUMBIGA1UEAwwLZXhhbXBsZS5jb20wIBcNMjQwMTEwMTQwOTAyWhgPMjA1MTA1
+MjgxNDA5MDJaMBYxFDASBgNVBAMMC2V4YW1wbGUuY29tMFkwEwYHKoZIzj0CAQYI
+KoZIzj0DAQcDQgAEraleW8FCXwU72Iva/H2FRiY5yrnKOVG0wZ8UN8bghx2yyK+z
+EFaHS5buo5jEnWnweX2qrX4N9RWDii7nqfwjNaN6MHgwHQYDVR0OBBYEFEGCx9FF
+rNxaR7zTM74ksT4fDaGjMB8GA1UdIwQYMBaAFEGCx9FFrNxaR7zTM74ksT4fDaGj
+MA8GA1UdEwEB/wQFMAMBAf8wJQYDVR0RBB4wHIILZXhhbXBsZS5jb22CDSouZXhh
+bXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIgL+cDL9EKz9YY3iR6/fZqjniXaiap
+lMfzbtesX1LVi04CIBOBW97oz4jQ1K4D1QN4aDJpit2LJWrEKHyLk4SPqZUS
+-----END CERTIFICATE-----
diff --git a/bin/tests/system/transport-change/self-signed-key.pem b/bin/tests/system/transport-change/self-signed-key.pem
new file mode 100644
index 0000000000..b68bd11a6c
--- /dev/null
+++ b/bin/tests/system/transport-change/self-signed-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg9uAMbwHDtsF9BDAu
+CafftgyXCZbbRy8aJpoo76B8iwWhRANCAAStqV5bwUJfBTvYi9r8fYVGJjnKuco5
+UbTBnxQ3xuCHHbLIr7MQVodLlu6jmMSdafB5faqtfg31FYOKLuep/CM1
+-----END PRIVATE KEY-----
diff --git a/bin/tests/system/transport-change/setup.sh b/bin/tests/system/transport-change/setup.sh
new file mode 100644
index 0000000000..f726f7020d
--- /dev/null
+++ b/bin/tests/system/transport-change/setup.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+# shellcheck disable=SC1091
+. ../conf.sh
+
+$SHELL clean.sh
+
+$SHELL "${TOP_SRCDIR}"/bin/tests/system/genzone.sh 2 >ns1/example.db
+
+copy_setports ns1/named.conf.in ns1/named.conf
diff --git a/bin/tests/system/transport-change/tests.sh b/bin/tests/system/transport-change/tests.sh
new file mode 100644
index 0000000000..796d0b9e56
--- /dev/null
+++ b/bin/tests/system/transport-change/tests.sh
@@ -0,0 +1,81 @@
+#!/bin/sh
+
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+set -e
+
+# shellcheck disable=SC1091
+. ../conf.sh
+
+dig_out_basename="dig.out.test"
+testing="testing if the query is successfully completed"
+
+dig_with_opts() {
+  # shellcheck disable=SC2086
+  "$DIG" -p "${EXTRAPORT1}" +noadd +nosea +nostat +noquest +nocmd "$@" NS example
+}
+
+status=0
+n=0
+
+run_dig_test() {
+  test_message="$1"
+  shift
+  n=$((n + 1))
+  echo_i "$test_message ($n)"
+  dig_failed=0
+  dig_with_opts "$@" >"$dig_out_basename$n" || dig_failed=1
+}
+
+run_dig_test_expect_success() {
+  ret=0
+  run_dig_test "$@"
+  if [ $dig_failed != 0 ]; then
+    ret=1
+  elif ! [ -s "$dig_out_basename$n" ]; then
+    ret=1
+  fi
+  if [ $ret != 0 ]; then echo_i "failed"; fi
+  status=$((status + ret))
+}
+
+run_dig_multitest_expect_success() {
+  message="$1"
+  shift
+  run_dig_test_expect_success "$message (IPv4)" -b 10.53.0.10 @10.53.0.1 "$@"
+  run_dig_test_expect_success "$message (IPv6)" -b fd92:7065:b8e:ffff::10 @fd92:7065:b8e:ffff::1 "$@"
+}
+
+reconfig_server() {
+  message="$1"
+  shift
+  config_file="$1"
+  shift
+  echo_i "$message"
+  copy_setports "ns1/$config_file" "ns1/named.conf"
+  rndc_reconfig ns1 10.53.0.1
+}
+
+run_dig_multitest_expect_success "$testing: a UDP query over Do53"
+run_dig_multitest_expect_success "$testing: a TCP query over Do53" +tcp
+
+reconfig_server "reconfiguring the server to use TLS/DoT" named-tls.conf.in
+run_dig_multitest_expect_success "$testing: a query over TLS/DoT" +tls
+
+reconfig_server "reconfiguring the server to use HTTPS/DoH" named-https.conf.in
+run_dig_multitest_expect_success "$testing: a query over HTTPS/DoH" +https
+
+reconfig_server "reconfiguring the server to use plain HTTP/DoH" named-http-plain.conf.in
+run_dig_multitest_expect_success "$testing: a query over plain HTTP/DoH" +http-plain
+
+echo_i "exit status: $status"
+[ $status -eq 0 ] || exit 1
diff --git a/bin/tests/system/transport-change/tests_sh_transport_change.py b/bin/tests/system/transport-change/tests_sh_transport_change.py
new file mode 100644
index 0000000000..d86446389e
--- /dev/null
+++ b/bin/tests/system/transport-change/tests_sh_transport_change.py
@@ -0,0 +1,14 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+
+def test_transport_change(run_tests_sh):
+    run_tests_sh()