From 3d90e7f8ca0f51f7740d3952a36b30314d3c65d1 Mon Sep 17 00:00:00 2001 From: peterzen Date: Thu, 26 Jun 2025 01:44:20 +0200 Subject: [PATCH 1/2] make test fixtures timeless --- lookup_test.go | 12 ++++++++++++ signedzone.go | 7 ++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/lookup_test.go b/lookup_test.go index 9296934..e54177c 100644 --- a/lookup_test.go +++ b/lookup_test.go @@ -6,6 +6,7 @@ import ( "path" "strings" "testing" + "time" "github.com/miekg/dns" ) @@ -45,6 +46,17 @@ func mockQueryUpdate(t *testing.T, qname string, qtype uint16) (*dns.Msg, error) func newResolver(t *testing.T) (res *Resolver) { resolver, _ := NewResolver("./testdata/resolv.conf") + + // The DNS fixture data embedded in the test suite contain + // expired RRSIG records. Override the current time so that + // signature validation succeeds when using the archived + // responses. + nowFunc = func() time.Time { + // 15 March 2019 00:00:00 UTC falls within the validity + // period of all recorded signatures. + return time.Date(2019, 3, 15, 0, 0, 0, 0, time.UTC) + } + t.Cleanup(func() { nowFunc = time.Now }) resolver.queryFn = func(qname string, qtype uint16) (*dns.Msg, error) { msg := &dns.Msg{} if isMockQuery == false { diff --git a/signedzone.go b/signedzone.go index c5e3ca2..1a91a5f 100644 --- a/signedzone.go +++ b/signedzone.go @@ -7,6 +7,11 @@ import ( "time" ) +// nowFunc returns the current time. It is a variable so +// tests can override it to ensure deterministic behaviour +// with archived DNS fixture data. +var nowFunc = time.Now + // SignedZone represents a DNSSEC-enabled zone, its DNSKEY and DS records type SignedZone struct { zone string @@ -50,7 +55,7 @@ func (z SignedZone) verifyRRSIG(signedRRset *RRSet) (err error) { return err } - if !signedRRset.rrSig.ValidityPeriod(time.Now()) { + if !signedRRset.rrSig.ValidityPeriod(nowFunc()) { log.Println("invalid validity period", err) return ErrRrsigValidityPeriod } From d2232e7dc6ec7dbd6c4a2fc5127c8c040fdc85fd Mon Sep 17 00:00:00 2001 From: peterzen Date: Thu, 26 Jun 2025 02:02:30 +0200 Subject: [PATCH 2/2] Set fixed time for tests --- lookup_test.go | 11 ----------- main_test.go | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+), 11 deletions(-) create mode 100644 main_test.go diff --git a/lookup_test.go b/lookup_test.go index e54177c..d60a9d6 100644 --- a/lookup_test.go +++ b/lookup_test.go @@ -6,7 +6,6 @@ import ( "path" "strings" "testing" - "time" "github.com/miekg/dns" ) @@ -47,16 +46,6 @@ func mockQueryUpdate(t *testing.T, qname string, qtype uint16) (*dns.Msg, error) func newResolver(t *testing.T) (res *Resolver) { resolver, _ := NewResolver("./testdata/resolv.conf") - // The DNS fixture data embedded in the test suite contain - // expired RRSIG records. Override the current time so that - // signature validation succeeds when using the archived - // responses. - nowFunc = func() time.Time { - // 15 March 2019 00:00:00 UTC falls within the validity - // period of all recorded signatures. - return time.Date(2019, 3, 15, 0, 0, 0, 0, time.UTC) - } - t.Cleanup(func() { nowFunc = time.Now }) resolver.queryFn = func(qname string, qtype uint16) (*dns.Msg, error) { msg := &dns.Msg{} if isMockQuery == false { diff --git a/main_test.go b/main_test.go new file mode 100644 index 0000000..bd74910 --- /dev/null +++ b/main_test.go @@ -0,0 +1,20 @@ +package goresolver + +import ( + "os" + "testing" + "time" +) + +// TestMain sets a fixed current time so that DNSSEC signatures in +// archived fixture data remain valid during the tests. +func TestMain(m *testing.M) { + nowFunc = func() time.Time { + // 15 March 2019 00:00:00 UTC is within the validity period of + // all RRSIG records used in the fixture data. + return time.Date(2019, 3, 15, 0, 0, 0, 0, time.UTC) + } + code := m.Run() + nowFunc = time.Now + os.Exit(code) +}