+ /// Note that the NSEC3 proofs here are for asdf., any other prefix may fail NSEC checks.
+ fn bitcoin_ninja_wildcard_record(pfx: &str) -> (Txt, RRSig, NSec3, RRSig) {
+ let name: Name = (pfx.to_owned() + ".wildcard_test.dnssec_proof_tests.bitcoin.ninja.").try_into().unwrap();
+ let txt_resp = Txt {
+ name: name.clone(),
+ data: "wildcard_test".to_owned().into_bytes(),
+ };
+ let txt_rrsig = RRSig {
+ name: name.clone(),
+ ty: Txt::TYPE, alg: 13, labels: 4, orig_ttl: 30, expiration: 1709950937,
+ inception: 1708735937, key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(),
+ signature: base64::decode("Y+grWXzbZfrcoHRZC9kfRzWp002jZzBDmpSQx6qbUgN0x3aH9kZIOVy0CtQH2vwmLUxoJ+RlezgunNI6LciBzQ==").unwrap(),
+ };
+ let nsec3 = NSec3 {
+ name: "s5sn15c8lcpo7v7f1p0ms6vlbdejt0kd.bitcoin.ninja.".try_into().unwrap(),
+ hash_algo: 1, flags: 0, hash_iterations: 0, salt: Vec::from_hex("059855BD1077A2EB").unwrap(),
+ next_name_hash: crate::base32::decode("T8QO5GO6M76HBR5Q6T3G6BDR79KBMDSA").unwrap(),
+ types: NSecTypeMask::from_types(&[AAAA::TYPE, RRSig::TYPE]),
+ };
+ let nsec3_rrsig = RRSig {
+ name: "s5sn15c8lcpo7v7f1p0ms6vlbdejt0kd.bitcoin.ninja.".try_into().unwrap(),
+ ty: NSec3::TYPE, alg: 13, labels: 3, orig_ttl: 60, expiration: 1710267741,
+ inception: 1709052741, key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(),
+ signature: base64::decode("Aiz6My3goWQuIIw/XNUo+kICsp9e4C5XUUs/0Ap+WIEFJsaN/MPGegiR/c5GUGdtHt1GdeP9CU3H1OGkN9MpWQ==").unwrap(),
+ };
+ (txt_resp, txt_rrsig, nsec3, nsec3_rrsig)
+ }
+
+ fn bitcoin_ninja_cname_wildcard_record() -> (CName, RRSig, Txt, RRSig, [(NSec3, RRSig); 3]) {
+ let cname_resp = CName {
+ name: "asdf.cname_wildcard_test.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ canonical_name: "cname.wildcard_test.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ };
+ let cname_rrsig = RRSig {
+ name: "asdf.cname_wildcard_test.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ ty: CName::TYPE, alg: 13, labels: 4, orig_ttl: 30, expiration: 1709950937,
+ inception: 1708735937, key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(),
+ signature: base64::decode("qR/zy8JyihI4qCAMwn7jGU6FARW/Hl8/u+cajef9raKs5aOxnZpCrp19Tot9qPG6px9PzqaghAIP1EmxfgxtRQ==").unwrap(),
+ };
+ let nsec3_a = NSec3 {
+ name: "2tn37cu4ulmlqqke9a3dc9g8bt8b4f6s.bitcoin.ninja.".try_into().unwrap(),
+ hash_algo: 1, flags: 0, hash_iterations: 0,
+ salt: Vec::from_hex("059855BD1077A2EB").unwrap(),
+ next_name_hash: crate::base32::decode("4OKFHSHS41D00EDL0HNPMT7R6IKMJ48H").unwrap(),
+ types: NSecTypeMask::from_types(&[DName::TYPE, RRSig::TYPE]),
+ };
+ let nsec3_a_rrsig = RRSig {
+ name: "2tn37cu4ulmlqqke9a3dc9g8bt8b4f6s.bitcoin.ninja.".try_into().unwrap(),
+ ty: NSec3::TYPE, alg: 13, labels: 3, orig_ttl: 60, expiration: 1710266541,
+ inception: 1709051541, key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(),
+ signature: base64::decode("tSsPsYIf1o5+piUZX9YwcWKSZgVQOB37TRdb+VL0PmcPaLpzFGJCwU0snn8tMN/BuILG+KZY+UPmAEZZFz4Fvg==").unwrap(),
+ };
+ let nsec3_b = NSec3 {
+ name: "cjqf7lfu6ev77k9m2o6iih56kbfnshin.bitcoin.ninja.".try_into().unwrap(),
+ hash_algo: 1, flags: 0, hash_iterations: 0,
+ salt: Vec::from_hex("059855BD1077A2EB").unwrap(),
+ next_name_hash: crate::base32::decode("DD3MT23L63OIHQPIMA5O2NULSVIGIJ3N").unwrap(),
+ types: NSecTypeMask::from_types(&[A::TYPE, AAAA::TYPE, RRSig::TYPE]),
+ };
+ let nsec3_b_rrsig = RRSig {
+ name: "cjqf7lfu6ev77k9m2o6iih56kbfnshin.bitcoin.ninja.".try_into().unwrap(),
+ ty: NSec3::TYPE, alg: 13, labels: 3, orig_ttl: 60, expiration: 1710238940,
+ inception: 1709023940, key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(),
+ signature: base64::decode("CtYriOUI6RzoIG3SigHbBYiTkrEvmSEvP+aOLo1wylqkbBT2iG7pK8VNucKETqMZCROLnmRBw8DHK/8rosKYsA==").unwrap(),
+ };
+ let (txt_resp, txt_rrsig, nsec3_c, nsec3_c_rrsig) = bitcoin_ninja_wildcard_record("asdf");
+ (cname_resp, cname_rrsig, txt_resp, txt_rrsig,
+ [(nsec3_a, nsec3_a_rrsig), (nsec3_b, nsec3_b_rrsig), (nsec3_c, nsec3_c_rrsig)])
+ }
+
+ fn bitcoin_ninja_nsec_dnskey() -> (Vec<DnsKey>, Vec<RR>) {
+ let bitcoin_ninja_dnskeys = bitcoin_ninja_dnskey().0;
+ let mut bitcoin_ninja_ds = vec![DS {
+ name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ key_tag: 8036, alg: 13, digest_type: 2,
+ digest: Vec::from_hex("8EC0DAE4501233979196EBED206212BCCC49E40E086EC2E56558EC1F6FB62715").unwrap(),
+ }];
+ let ds_rrsig = RRSig {
+ name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ ty: DS::TYPE, alg: 13, labels: 4, orig_ttl: 30, expiration: 1710190967, inception: 1708975967,
+ key_tag: 37639, key_name: "bitcoin.ninja.".try_into().unwrap(),
+ signature: base64::decode("qUexI1yufru0lzkND4uY1r8bsXrXnMVNjPxTLbLauRo/+YW041w9wFu4sl2/cqq3psWvGcBVTltwIdjDJQUcZQ==").unwrap(),
+ };
+ verify_rrsig(&ds_rrsig, &bitcoin_ninja_dnskeys, bitcoin_ninja_ds.iter().collect()).unwrap();
+ let dnskeys = vec![DnsKey {
+ name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), flags: 257, protocol: 3, alg: 13,
+ pubkey: base64::decode("MUnIhm31ySIr9WXIBVQc38wlSHHvYaKIOFR8WYl4O9MJBlywWeUdx16oGinCe2FjjMkUkKn9kV5zzWhGmrdIbQ==").unwrap(),
+ }, DnsKey {
+ name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(), flags: 256, protocol: 3, alg: 13,
+ pubkey: base64::decode("GGZP8k44sro2iTzWKFoHOnbvrAhNiQv+Ng2hr0WNyb24aA5rLYLFac3N7B82xRU2odd60utYJkmU0yA//zyOzw==").unwrap(),
+ }];
+ let dnskey_rrsig = RRSig {
+ name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ ty: DnsKey::TYPE, alg: 13, labels: 4, orig_ttl: 604800, expiration: 1710190613, inception: 1708975613,
+ key_tag: 8036, key_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ signature: base64::decode("nX+hkH14Kvjp26Z8x/pjYh5CQW3p9lZQQ+FVJcKHyfjAilEubpw6ihlPpb3Ddh9BbyxhCEFhXDMG2g4od9Y2ow==").unwrap(),
+ };
+ verify_dnskeys([&dnskey_rrsig], &bitcoin_ninja_ds, dnskeys.iter().collect()).unwrap();
+ let rrs = vec![bitcoin_ninja_ds.pop().unwrap().into(), ds_rrsig.into(),
+ dnskeys[0].clone().into(), dnskeys[1].clone().into(), dnskey_rrsig.into()];
+ (dnskeys, rrs)
+ }
+
+ fn bitcoin_ninja_nsec_record() -> (Txt, RRSig) {
+ let txt_resp = Txt {
+ name: "a.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ data: "txt_a".to_owned().into_bytes(),
+ };
+ let txt_rrsig = RRSig {
+ name: "a.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ ty: Txt::TYPE, alg: 13, labels: 5, orig_ttl: 30, expiration: 1710201091, inception: 1708986091,
+ key_tag: 42215, key_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ signature: base64::decode("rhDcZvSk4ngyDmMif3oBmoDMO1YoimRrvOp/ErlSaujN+OCMKocgWkssedQCx7hyLxwsFLvaaiNXCr/7ZaSe4Q==").unwrap(),
+ };
+ (txt_resp, txt_rrsig)
+ }
+
+ fn bitcoin_ninja_nsec_wildcard_record(pfx: &str) -> (Txt, RRSig, NSec, RRSig) {
+ let name: Name = (pfx.to_owned() + ".wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.").try_into().unwrap();
+ let txt_resp = Txt {
+ name: name.clone(),
+ data: "wildcard_test".to_owned().into_bytes(),
+ };
+ let txt_rrsig = RRSig {
+ name: name.clone(),
+ ty: Txt::TYPE, alg: 13, labels: 5, orig_ttl: 30, expiration: 1710190613, inception: 1708975613,
+ key_tag: 42215, key_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ signature: base64::decode("E3+tEe5TxI8OSNP+LVHsOagjQ/9heD6a4ICYBgS8mkfRuqgFeXhz22n4f2LzssdXe1xzwayt7nROdHdqdfHDYg==").unwrap(),
+ };
+ let nsec = NSec {
+ name: "*.wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ next_name: "override.wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ types: NSecTypeMask::from_types(&[Txt::TYPE, RRSig::TYPE, NSec::TYPE]),
+ };
+ let nsec_rrsig = RRSig {
+ name: "*.wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ ty: NSec::TYPE, alg: 13, labels: 5, orig_ttl: 60, expiration: 1710191561, inception: 1708976561,
+ key_tag: 42215, key_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ signature: base64::decode("ZjQMw1dt1a61d4ls3pMkCnBiWRaMyAwn6UapRaYNtdA8cTbbqbhzJZCvc6ZBhZ90CzxCYR0h/eavowlF1j53Gg==").unwrap(),
+ };
+ (txt_resp, txt_rrsig, nsec, nsec_rrsig)
+ }
+
+ fn bitcoin_ninja_nsec_post_override_wildcard_record(pfx: &str) -> (Txt, RRSig, NSec, RRSig) {
+ let name: Name = (pfx.to_owned() + ".wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.").try_into().unwrap();
+ let txt_resp = Txt {
+ name: name.clone(),
+ data: "wildcard_test".to_owned().into_bytes(),
+ };
+ let txt_rrsig = RRSig {
+ name: name.clone(),
+ ty: Txt::TYPE, alg: 13, labels: 5, orig_ttl: 30, expiration: 1710190613, inception: 1708975613,
+ key_tag: 42215, key_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ signature: base64::decode("E3+tEe5TxI8OSNP+LVHsOagjQ/9heD6a4ICYBgS8mkfRuqgFeXhz22n4f2LzssdXe1xzwayt7nROdHdqdfHDYg==").unwrap(),
+ };
+ let nsec = NSec {
+ name: "override.wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ next_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ types: NSecTypeMask::from_types(&[Txt::TYPE, RRSig::TYPE, NSec::TYPE]),
+ };
+ let nsec_rrsig = RRSig {
+ name: "override.wildcard_test.nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ ty: NSec::TYPE, alg: 13, labels: 6, orig_ttl: 60, expiration: 1710201063, inception: 1708986063,
+ key_tag: 42215, key_name: "nsec_tests.dnssec_proof_tests.bitcoin.ninja.".try_into().unwrap(),
+ signature: base64::decode("pBNXnNPR0fiGEtkm/0PlnDW830JWv8KgnyhnOit6wLHtiWoLhMiS48utji3FbTfelCnePjbLh/t7SF941O2QTA==").unwrap(),
+ };
+ (txt_resp, txt_rrsig, nsec, nsec_rrsig)
+ }
+