diff options
Diffstat (limited to 'testdata/dnscrypt_cert.tdir/dnscrypt_cert.test')
-rw-r--r-- | testdata/dnscrypt_cert.tdir/dnscrypt_cert.test | 108 |
1 files changed, 108 insertions, 0 deletions
diff --git a/testdata/dnscrypt_cert.tdir/dnscrypt_cert.test b/testdata/dnscrypt_cert.tdir/dnscrypt_cert.test new file mode 100644 index 000000000000..f09753792696 --- /dev/null +++ b/testdata/dnscrypt_cert.tdir/dnscrypt_cert.test @@ -0,0 +1,108 @@ +# #-- dnscrypt_cert.test --# +# source the master var file when it's there +[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master +# use .tpkg.var.test for in test variable passing +[ -f .tpkg.var.test ] && source .tpkg.var.test + +PRE="../.." +. ../common.sh + +# Check if we can run the test. +. ./precheck.sh + +# do the test + +# Query plain request over DNSCrypt channel get closed +# We use TCP to avoid hanging on waiting for UDP. +# We expect `outfile` to contain no DNS payload +echo "> dig TCP www.example.com. DNSCrypt port" +dig +tcp @127.0.0.1 -p $DNSCRYPT_PORT www.example.com. A | tee outfile +echo "> cat logfiles" +cat fwd.log +cat unbound.log +echo "> check answer" +if grep "QUESTION SECTION" outfile; then + echo "NOK" + exit 1 +else + echo "OK" +fi + + +# Plaintext query on unbound port works correctly. +echo "> dig www.example.com." +dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. A | tee outfile +echo "> cat logfiles" +cat fwd.log +cat unbound.log +echo "> check answer" +if grep "10.20.30.42" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +# Plaintext query on unbound port works correctly with TCP. +echo "> dig TCP www.example.com." +dig +tcp @127.0.0.1 -p $UNBOUND_PORT www.example.com. A | tee outfile +echo "> cat logfiles" +cat fwd.log +cat unbound.log +echo "> check answer" +if grep "10.20.30.42" outfile; then + echo "OK" +else + echo "Not OK" + exit 1 +fi + +for opt in '' '+tcp' +do + # Plaintext query on dnscrypt port returns cert when asking for providername/TXT. + # Check that it returns 1.cert. + echo "> dig TXT 2.dnscrypt-cert.example.com. 1_salsa.CERT. DNSCrypt plaintext ${opt}" + dig ${opt} @127.0.0.1 -p $DNSCRYPT_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile + echo "> cat logfiles" + cat fwd.log + cat unbound.log + echo "> check answer" + if grep -F 'DNSC\000\001\000\000i\230\177hg\210 \172>\1438\247\174\154U\216\188\152\145y\000U\254\208\183qBQ\158\019S\189\180\150\013K\160\220\248\236\028`\131\174\214!\017Xk\202\152\189\026T\224\180)'"'"'9u\026\143\004\002\195\027\1912\203\176D\016\180e\198h\136{\216s;Sd2^\154\225\005<\016C\205+S\219A\195\027\1912\203\176D\016Y\160\203\009Y\160\203\009u\210\207\137' outfile; then + echo "OK" + else + echo "Not OK" + exit 1 + fi + + # Plaintext query on dnscrypt port returns cert when asking for providername/TXT. + # Check that it returns 2.cert. + echo "> dig TXT 2.dnscrypt-cert.example.com. 2_salsa.CERT. DNSCrypt plaintext ${opt}" + dig ${opt} @127.0.0.1 -p $DNSCRYPT_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile + echo "> cat logfiles" + cat fwd.log + cat unbound.log + echo "> check answer" + if grep -F 'DNSC\000\001\000\000AX\031\201\243\201LI<-\146]LU\247LY\2376\014K\194$D\151&\008\236\008\220\143We\029\227\030\233\015[4\\\146\174\166`{}\161W\209\228\215\002\205|\207*\011\162$\175\210[\006\245\243W\191\189Z\216\210x\025\204\247\173\227t\138\018\162~\152\253\211\031z\\\002m5\008\254\2244\245\243W\191\189Z\216\210Y\160\203\009Y\160\203\009u\210\207\137' outfile; then + echo "OK" + else + echo "NOK" + exit 1 + fi + + # Certificates are local-data for unbound. We can also retrieve them from unbound + # port. + echo "> dig TXT 2.dnscrypt-cert.example.com. 1_salsa.CERT. Unbound ${opt}" + dig ${opt} @127.0.0.1 -p $UNBOUND_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile + echo "> cat logfiles" + cat fwd.log + cat unbound.log + echo "> check answer" + if grep -F 'DNSC\000\001\000\000i\230\177hg\210 \172>\1438\247\174\154U\216\188\152\145y\000U\254\208\183qBQ\158\019S\189\180\150\013K\160\220\248\236\028`\131\174\214!\017Xk\202\152\189\026T\224\180)'"'"'9u\026\143\004\002\195\027\1912\203\176D\016\180e\198h\136{\216s;Sd2^\154\225\005<\016C\205+S\219A\195\027\1912\203\176D\016Y\160\203\009Y\160\203\009u\210\207\137' outfile; then + echo "OK" + else + echo "Not OK" + exit 1 + fi +done + +exit 0 |