1# #-- dnscrypt_cert.test --# 2# source the master var file when it's there 3[ -f ../.tpkg.var.master ] && source ../.tpkg.var.master 4# use .tpkg.var.test for in test variable passing 5[ -f .tpkg.var.test ] && source .tpkg.var.test 6 7PRE="../.." 8. ../common.sh 9 10# Check if we can run the test. 11. ./precheck.sh 12 13# do the test 14 15# Query plain request over DNSCrypt channel get closed 16# We use TCP to avoid hanging on waiting for UDP. 17# We expect `outfile` to contain no DNS payload 18echo "> dig TCP www.example.com. DNSCrypt port" 19dig +tcp @127.0.0.1 -p $DNSCRYPT_PORT www.example.com. A | tee outfile 20echo "> cat logfiles" 21cat fwd.log 22cat unbound.log 23echo "> check answer" 24if grep "QUESTION SECTION" outfile; then 25 echo "NOK" 26 exit 1 27else 28 echo "OK" 29fi 30 31 32# Plaintext query on unbound port works correctly. 33echo "> dig www.example.com." 34dig @127.0.0.1 -p $UNBOUND_PORT www.example.com. A | tee outfile 35echo "> cat logfiles" 36cat fwd.log 37cat unbound.log 38echo "> check answer" 39if grep "10.20.30.42" outfile; then 40 echo "OK" 41else 42 echo "Not OK" 43 exit 1 44fi 45 46# Plaintext query on unbound port works correctly with TCP. 47echo "> dig TCP www.example.com." 48dig +tcp @127.0.0.1 -p $UNBOUND_PORT www.example.com. A | tee outfile 49echo "> cat logfiles" 50cat fwd.log 51cat unbound.log 52echo "> check answer" 53if grep "10.20.30.42" outfile; then 54 echo "OK" 55else 56 echo "Not OK" 57 exit 1 58fi 59 60for opt in '' '+tcp' 61do 62 # Plaintext query on dnscrypt port returns cert when asking for providername/TXT. 63 # Check that it returns 1.cert. 64 echo "> dig TXT 2.dnscrypt-cert.example.com. 1_salsa.CERT. DNSCrypt plaintext ${opt}" 65 dig ${opt} @127.0.0.1 -p $DNSCRYPT_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile 66 echo "> cat logfiles" 67 cat fwd.log 68 cat unbound.log 69 echo "> check answer" 70 if grep -F 'DNSC\000\001\000\000i\230\177hg\210 \172>\1438\247\174\154U\216\188\152\145y\000U\254\208\183qBQ\158\019S\189\180\150\013K\160\220\248\236\028`\131\174\214!\017Xk\202\152\189\026T\224\180)'"'"'9u\026\143\004\002\195\027\1912\203\176D\016\180e\198h\136{\216s;Sd2^\154\225\005<\016C\205+S\219A\195\027\1912\203\176D\016Y\160\203\009Y\160\203\009u\210\207\137' outfile; then 71 echo "OK" 72 else 73 echo "Not OK" 74 exit 1 75 fi 76 77 # Plaintext query on dnscrypt port returns cert when asking for providername/TXT. 78 # Check that it returns 2.cert. 79 echo "> dig TXT 2.dnscrypt-cert.example.com. 2_salsa.CERT. DNSCrypt plaintext ${opt}" 80 dig ${opt} @127.0.0.1 -p $DNSCRYPT_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile 81 echo "> cat logfiles" 82 cat fwd.log 83 cat unbound.log 84 echo "> check answer" 85 if grep -F 'DNSC\000\001\000\000AX\031\201\243\201LI<-\146]LU\247LY\2376\014K\194$D\151&\008\236\008\220\143We\029\227\030\233\015[4\\\146\174\166`{}\161W\209\228\215\002\205|\207*\011\162$\175\210[\006\245\243W\191\189Z\216\210x\025\204\247\173\227t\138\018\162~\152\253\211\031z\\\002m5\008\254\2244\245\243W\191\189Z\216\210Y\160\203\009Y\160\203\009u\210\207\137' outfile; then 86 echo "OK" 87 else 88 echo "NOK" 89 exit 1 90 fi 91 92 # Certificates are local-data for unbound. We can also retrieve them from unbound 93 # port. 94 echo "> dig TXT 2.dnscrypt-cert.example.com. 1_salsa.CERT. Unbound ${opt}" 95 dig ${opt} @127.0.0.1 -p $UNBOUND_PORT 2.dnscrypt-cert.example.com. TXT | tee outfile 96 echo "> cat logfiles" 97 cat fwd.log 98 cat unbound.log 99 echo "> check answer" 100 if grep -F 'DNSC\000\001\000\000i\230\177hg\210 \172>\1438\247\174\154U\216\188\152\145y\000U\254\208\183qBQ\158\019S\189\180\150\013K\160\220\248\236\028`\131\174\214!\017Xk\202\152\189\026T\224\180)'"'"'9u\026\143\004\002\195\027\1912\203\176D\016\180e\198h\136{\216s;Sd2^\154\225\005<\016C\205+S\219A\195\027\1912\203\176D\016Y\160\203\009Y\160\203\009u\210\207\137' outfile; then 101 echo "OK" 102 else 103 echo "Not OK" 104 exit 1 105 fi 106done 107 108exit 0 109