Add all keypairs in tests.

Add some logs for debugging.
cofyc · Feb 23, 2018 · 51fae1d · 51fae1d
1 parent ecabea7
commit 51fae1d
Show file tree

Hide file tree

Showing 10 changed files with 47 additions and 32 deletions.
diff --git a/dnscrypt.c b/dnscrypt.c
@@ -405,16 +405,17 @@ dnscrypt_self_serve_cert_file(struct context *c, struct dns_header *header,
     }
     /* determine end of questions section (we put answers there) */
     if (!(ansp = skip_questions(header, *dns_query_len))) {
-        return -1;
+        return -2;
     }
 
     /* save pointer to name for copying into answers */
     nameoffset = p - (unsigned char *)header;
 
     if (!extract_name(header, *dns_query_len, &p, c->namebuff, 1, 4)) {
-        return -1;
+        return -3;
     }
     GETSHORT(qtype, p);
+    logger(LOG_DEBUG, "qtype: %d, c->provider_name: %s, c->namebuff: %s", qtype, c->provider_name, c->namebuff);
     if (qtype == T_TXT && strcasecmp(c->provider_name, c->namebuff) == 0) {
         // reply with signed certificate
         const size_t size = 1 + sizeof(struct SignedCert);
@@ -424,13 +425,13 @@ dnscrypt_self_serve_cert_file(struct context *c, struct dns_header *header,
         // This is only called once the first time a TXT request is made.
         if(!txt) {
             txt = calloc(c->signed_certs_count, sizeof(uint8_t *));
-            if(!txt) {
-                return -1;
+            if (!txt) {
+                return -4;
             }
             for (int i=0; i < c->signed_certs_count; i++) {
                 *(txt + i) = malloc(size);
                 if (!*(txt + i))
-                    return -1;
+                    return -5;
                 **(txt + i) = sizeof(struct SignedCert);
                 memcpy(*(txt + i) + 1, c->signed_certs + i, sizeof(struct SignedCert));
             }
@@ -442,7 +443,7 @@ dnscrypt_self_serve_cert_file(struct context *c, struct dns_header *header,
                     *(txt + i))) {
                 anscount++;
             } else {
-                return -1;
+                return -6;
             }
         }
         /* done all questions, set up header and return length of result */
@@ -460,6 +461,6 @@ dnscrypt_self_serve_cert_file(struct context *c, struct dns_header *header,
         return 0;
     }
 
-    return -1;
+    return -7;
 }
 
diff --git a/main.c b/main.c
@@ -793,6 +793,14 @@ main(int argc, const char **argv)
         logger(LOG_ERR, "No (currently) valid certs found.\n\n");
         exit(1);
     }
+    for (int i = 0; i < c.signed_certs_count; i++) {
+        uint32_t ts_end, ts_begin;
+        memcpy(&ts_begin, c.signed_certs[i].ts_begin, 4);
+        memcpy(&ts_end, c.signed_certs[i].ts_end, 4);
+        ts_begin = ntohl(ts_begin);
+        ts_end = ntohl(ts_end);
+        logger(LOG_INFO, "Signed certs %d valid from %d to %d", i, ts_begin, ts_end);
+    }
 
     if (c.daemonize) {
         do_daemonize();

diff --git a/tests/Gemfile b/tests/Gemfile
@@ -1,4 +1,4 @@
 source 'https://rubygems.org'
-gem 'aruba'
-gem 'cucumber'
-gem 'net-dns'
+gem 'cucumber', '~> 2.4.0'
+gem 'net-dns', '~> 0.8.0'
+gem 'aruba', '~> 0.14.2'
diff --git a/tests/Gemfile.lock b/tests/Gemfile.lock
@@ -39,9 +39,9 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
-  aruba
-  cucumber
-  net-dns
+  aruba (~> 0.14.2)
+  cucumber (~> 2.4.0)
+  net-dns (~> 0.8.0)
 
 BUNDLED WITH
    1.13.6
diff --git a/tests/README.md b/tests/README.md
@@ -0,0 +1,6 @@
+# tests
+
+## References
+
+- aruba: https://app.cucumber.pro/projects/aruba/
+- cucumber: https://cucumber.io/docs/reference
diff --git a/tests/features/cert-distribution/txt_records.feature b/tests/features/cert-distribution/txt_records.feature
@@ -11,7 +11,7 @@ Feature: Test certs in TXT records
     And a time limited secret key
     When a xsalsa20 cert is generated
     Then it is a xsalsa20 cert
-    Given a running dnscrypt wrapper with options "--crypt-secretkey-file=1.key  --provider-cert-file=1.cert,keys1/1.cert,keys2/1.cert"
+    Given a running dnscrypt wrapper with options "--crypt-secretkey-file=1.key,keys1/1.key,keys2/1.key --provider-cert-file=1.cert,keys1/1.cert,keys2/1.cert"
     When a client asks dnscrypt-wrapper for "2.dnscrypt-cert.example.com" "TXT" record
     Then dnscrypt-wrapper returns "1.cert"
     Then dnscrypt-wrapper does not return "keys1/1.cert"
@@ -26,7 +26,7 @@ Feature: Test certs in TXT records
     And a time limited secret key
     When a xsalsa20 cert is generated
     Then it is a xsalsa20 cert
-    Given a running dnscrypt wrapper with options "--crypt-secretkey-file=1.key  --provider-cert-file=1.cert,keys1/1.cert,keys2/1.cert"
+    Given a running dnscrypt wrapper with options "--crypt-secretkey-file=1.key,keys1/1.key,keys2/1.key --provider-cert-file=1.cert,keys1/1.cert,keys2/1.cert"
     And a tcp resolver
     When a client asks dnscrypt-wrapper for "2.dnscrypt-cert.example.com" "TXT" record
     Then dnscrypt-wrapper returns "1.cert"

diff --git a/tests/features/step_definitions/dnscrypt-wrapper-cert.rb b/tests/features/step_definitions/dnscrypt-wrapper-cert.rb
@@ -18,7 +18,6 @@ def cleanup()
   cleanup
 end
 
-
 Given /^a provider keypair$/ do
   str = DNSCW + " --gen-provider-keypair --provider-name=2.dnscrypt-cert.example.org --ext-address=127.0.0.1"
   `#{str}`

diff --git a/tests/features/step_definitions/dnscrypt-wrapper.rb b/tests/features/step_definitions/dnscrypt-wrapper.rb
@@ -1,4 +1,3 @@
-
 require 'net/dns'
 require 'net/dns/resolver'
 

diff --git a/udp_request.c b/udp_request.c
@@ -236,21 +236,23 @@ static int
 self_serve_cert_file(struct context *c, struct dns_header *header,
                      size_t dns_query_len, size_t max_len, UDPRequest *udp_request)
 {
-    if (dnscrypt_self_serve_cert_file(c, header, &dns_query_len, max_len) == 0) {
-            SendtoWithRetryCtx retry_ctx = {
-                .udp_request = udp_request,
-                .handle = udp_request->client_proxy_handle,
-                .buffer = header,
-                .length = dns_query_len,
-                .flags = 0,
-                .dest_addr = (struct sockaddr *)&udp_request->client_sockaddr,
-                .dest_len = udp_request->client_sockaddr_len,
-                .cb = udp_request_kill
-            };
-            sendto_with_retry(&retry_ctx);
-            return 0;
+    int ret = dnscrypt_self_serve_cert_file(c, header, &dns_query_len, max_len);
+    if (ret == 0) {
+        SendtoWithRetryCtx retry_ctx = {
+            .udp_request = udp_request,
+            .handle = udp_request->client_proxy_handle,
+            .buffer = header,
+            .length = dns_query_len,
+            .flags = 0,
+            .dest_addr = (struct sockaddr *)&udp_request->client_sockaddr,
+            .dest_len = udp_request->client_sockaddr_len,
+            .cb = udp_request_kill
+        };
+        sendto_with_retry(&retry_ctx);
+        return 0;
     }
-    return -1;
+    logger(LOG_DEBUG, "failed to serve cert file, err: %d", ret);
+    return ret;
 }
 
 static void

diff --git a/version.h b/version.h
@@ -2,6 +2,6 @@
 #ifndef VERSION_H
 #define VERSION_H
 
-const char *the_version = "0.4.0";
+const char *the_version = "0.4.0-2.gecabea7";
 
 #endif