Rewrite rsabigexponent system test to pytest

(cherry picked from commit cacff68e78)
2026-05-28 04:34:54 -04:00 · 2024-07-18 16:10:49 +02:00 · 2024-07-18 16:10:49 +02:00 · ba1d4cc4db
commit ba1d4cc4db
parent 4f4a39e910
9 changed files with 50 additions and 151 deletions
--- a/bin/tests/system/rsabigexponent/conf/bad02.conf
+++ b/bin/tests/system/rsabigexponent/conf/bad02.conf
@ -1,16 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0.  If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
-	max-rsa-exponent-size 34;
-};
--- a/bin/tests/system/rsabigexponent/conf/bad03.conf
+++ b/bin/tests/system/rsabigexponent/conf/bad03.conf
@ -1,16 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0.  If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
-	max-rsa-exponent-size 4097;
-};
--- a/bin/tests/system/rsabigexponent/conf/good01.conf
+++ b/bin/tests/system/rsabigexponent/conf/good01.conf
@ -1,16 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0.  If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
-	max-rsa-exponent-size 0;
-};
--- a/bin/tests/system/rsabigexponent/conf/good02.conf
+++ b/bin/tests/system/rsabigexponent/conf/good02.conf
@ -1,16 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0.  If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
-	max-rsa-exponent-size 35;
-};
--- a/bin/tests/system/rsabigexponent/conf/good03.conf
+++ b/bin/tests/system/rsabigexponent/conf/good03.conf
@ -1,16 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * SPDX-License-Identifier: MPL-2.0
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0.  If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-options {
-	max-rsa-exponent-size 4096;
-};
--- a/bin/tests/system/rsabigexponent/options.conf.j2.manual
+++ b/bin/tests/system/rsabigexponent/options.conf.j2.manual
@ -12,5 +12,5 @@
 */

 options {
-	max-rsa-exponent-size 1;
+	max-rsa-exponent-size @max_rsa_exponent_size@;
 };
--- a/bin/tests/system/rsabigexponent/tests.sh
+++ b/bin/tests/system/rsabigexponent/tests.sh
@ -1,56 +0,0 @@
-#!/bin/sh
-
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0.  If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-set -e
-
-. ../conf.sh
-
-status=0
-
-rm -f dig.out.*
-
-DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p ${PORT}"
-
-for f in conf/good*.conf; do
-  echo_i "checking '$f'"
-  ret=0
-  $CHECKCONF $f >/dev/null || ret=1
-  if [ $ret != 0 ]; then echo_i "failed"; fi
-  status=$((status + ret))
-done
-
-for f in conf/bad*.conf; do
-  echo_i "checking '$f'"
-  ret=0
-  $CHECKCONF $f >/dev/null && ret=1
-  if [ $ret != 0 ]; then echo_i "failed"; fi
-  status=$((status + ret))
-done
-
-echo_i "checking that RSA big exponent keys can't be loaded"
-ret=0
-grep "out of range" ns2/signer.err >/dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-echo_i "checking that RSA big exponent signature can't validate"
-ret=0
-$DIG $DIGOPTS a.example @10.53.0.2 >dig.out.ns2 || ret=1
-$DIG $DIGOPTS a.example @10.53.0.3 >dig.out.ns3 || ret=1
-grep "status: NOERROR" dig.out.ns2 >/dev/null || ret=1
-grep "status: SERVFAIL" dig.out.ns3 >/dev/null || ret=1
-if [ $ret != 0 ]; then echo_i "failed"; fi
-status=$((status + ret))
-
-echo_i "exit status: $status"
-[ $status -eq 0 ] || exit 1
--- a/bin/tests/system/rsabigexponent/tests_rsabigexponent.py
+++ b/bin/tests/system/rsabigexponent/tests_rsabigexponent.py
@ -0,0 +1,49 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import os
+import subprocess
+
+import dns.message
+import pytest
+
+import isctest
+
+CHECKCONF = os.environ["CHECKCONF"]
+
+
+@pytest.mark.parametrize("exponent_size", [0, 35, 666, 1024, 2048, 3072, 4096])
+def test_max_rsa_exponent_size_good(exponent_size, templates):
+    templates.render("options.conf", {"max_rsa_exponent_size": exponent_size})
+    isctest.run.cmd([CHECKCONF, "options.conf"])
+
+
+@pytest.mark.parametrize("exponent_size", [1, 34, 4097])
+def test_max_rsa_exponent_size_bad(exponent_size, templates):
+    templates.render("options.conf", {"max_rsa_exponent_size": exponent_size})
+    with pytest.raises(subprocess.CalledProcessError):
+        isctest.run.cmd([CHECKCONF, "options.conf"], log_stdout=True)
+
+
+def test_rsa_big_exponent_keys_cant_load():
+    with open("ns2/signer.err", encoding="utf-8") as file:
+        assert (
+            "dnssec-signzone: fatal: cannot load dnskey Kexample.+008+52810.key: out of range"
+            in file.read()
+        )
+
+
+def test_rsa_big_exponent_keys_cant_validate():
+    msg = dns.message.make_query("a.example.", "A")
+    res2 = isctest.query.tcp(msg, "10.53.0.2")
+    isctest.check.noerror(res2)
+    res3 = isctest.query.tcp(msg, "10.53.0.3")
+    isctest.check.servfail(res3)
--- a/bin/tests/system/rsabigexponent/tests_sh_rsabigexponent.py
+++ b/bin/tests/system/rsabigexponent/tests_sh_rsabigexponent.py
@ -1,14 +0,0 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# SPDX-License-Identifier: MPL-2.0
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0.  If a copy of the MPL was not distributed with this
-# file, you can obtain one at https://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-
-def test_rsabigexponent(run_tests_sh):
-    run_tests_sh()