From acd83881ff2aeb662943adfcc07895841f4f7344 Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Mon, 21 Jun 2021 12:00:01 +0200
Subject: [PATCH] Add test case for in-view with dnssec-policy

Add a test case for a zone that uses 'in-view' and 'dnssec-policy'.
BIND should not deadlock.
---
 bin/tests/system/kasp.sh                |  1 +
 bin/tests/system/kasp/ns4/named.conf.in | 12 ++++++++++++
 bin/tests/system/kasp/tests.sh          | 18 ++++++++++++++++++
 3 files changed, 31 insertions(+)

diff --git a/bin/tests/system/kasp.sh b/bin/tests/system/kasp.sh
index d21839a08b..0129374d71 100644
--- a/bin/tests/system/kasp.sh
+++ b/bin/tests/system/kasp.sh
@@ -31,6 +31,7 @@ SHA224="hXfwwwiag2QGqblopofai9NuW28q/1rH4CaTnA=="
 SHA256="R16NojROxtxH/xbDl//ehDsHm5DjWTQ2YXV+hGC2iBY="
 VIEW1="YPfMoAk6h+3iN8MDRQC004iSNHY="
 VIEW2="4xILSZQnuO1UKubXHkYUsvBRPu8="
+VIEW3="C1Azf+gGPMmxrUg/WQINP6eV9Y0="
 
 ###############################################################################
 # Key properties                                                              #
diff --git a/bin/tests/system/kasp/ns4/named.conf.in b/bin/tests/system/kasp/ns4/named.conf.in
index 5743d71ac1..b1f87fdf44 100644
--- a/bin/tests/system/kasp/ns4/named.conf.in
+++ b/bin/tests/system/kasp/ns4/named.conf.in
@@ -45,6 +45,11 @@ key "keyforview2" {
 	secret "4xILSZQnuO1UKubXHkYUsvBRPu8=";
 };
 
+key "keyforview3" {
+	algorithm "hmac-sha1";
+	secret "C1Azf+gGPMmxrUg/WQINP6eV9Y0=";
+};
+
 dnssec-policy "test" {
 	keys {
 		csk key-directory lifetime 0 algorithm 14;
@@ -152,3 +157,10 @@ view "example2" {
 		file "example2.db";
 	};
 };
+
+view "example3" {
+	match-clients { key "keyforview3"; };
+	zone "example.net" {
+		in-view example2;
+	};
+};
diff --git a/bin/tests/system/kasp/tests.sh b/bin/tests/system/kasp/tests.sh
index d970491f2c..aa84ebe43f 100644
--- a/bin/tests/system/kasp/tests.sh
+++ b/bin/tests/system/kasp/tests.sh
@@ -1829,6 +1829,7 @@ check_apex
 check_subdomain
 dnssec_verify
 
+# Test with views.
 set_zone "example.net"
 set_server "ns4" "10.53.0.4"
 TSIG="hmac-sha1:keyforview1:$VIEW1"
@@ -1867,6 +1868,23 @@ check_signatures TXT "dig.out.$DIR.test$n.txt" "ZSK"
 test "$ret" -eq 0 || echo_i "failed"
 status=$((status+ret))
 
+TSIG="hmac-sha1:keyforview3:$VIEW3"
+wait_for_nsec
+check_keys
+check_dnssecstatus "$SERVER" "$POLICY" "$ZONE" "example2"
+check_apex
+dnssec_verify
+n=$((n+1))
+# check subdomain
+echo_i "check TXT example.net (in-view example2) rrset is signed correctly ($n)"
+ret=0
+dig_with_opts "view.${ZONE}" "@${SERVER}" TXT > "dig.out.$DIR.test$n.txt" || log_error "dig view.${ZONE} TXT failed"
+grep "status: NOERROR" "dig.out.$DIR.test$n.txt" > /dev/null || log_error "mismatch status in DNS response"
+grep "view.${ZONE}\..*${DEFAULT_TTL}.*IN.*TXT.*view2" "dig.out.$DIR.test$n.txt" > /dev/null || log_error "missing view.${ZONE} TXT record in response"
+check_signatures TXT "dig.out.$DIR.test$n.txt" "ZSK"
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
+
 # Clear TSIG.
 TSIG=""