package de.measite.minidns.dnssec;

import de.measite.minidns.DNSMessage;
import de.measite.minidns.DNSName;
import de.measite.minidns.DNSSECConstants;
import de.measite.minidns.DNSWorld;
import de.measite.minidns.Record;
import de.measite.minidns.cache.LRUCache;
import de.measite.minidns.dnssec.DNSSECWorld;
import de.measite.minidns.dnssec.UnverifiedReason;
import de.measite.minidns.record.DNSKEY;
import java.io.IOException;
import java.net.InetAddress;
import java.security.PrivateKey;
import java.util.Date;
import java.util.List;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:de/measite/minidns/dnssec/DNSSECClientTest.class */
public class DNSSECClientTest {
    private static DNSSECConstants.SignatureAlgorithm algorithm = DNSSECConstants.SignatureAlgorithm.RSASHA256;
    private static DNSSECConstants.DigestAlgorithm digestType = DNSSECConstants.DigestAlgorithm.SHA1;
    private static PrivateKey rootPrivateKSK;
    private static DNSKEY rootKSK;
    private static PrivateKey rootPrivateZSK;
    private static DNSKEY rootZSK;
    private static DNSKEY comKSK;
    private static DNSKEY comZSK;
    private static PrivateKey comPrivateZSK;
    private static PrivateKey comPrivateKSK;
    private DNSSECClient client;

    @BeforeClass
    public static void generateKeys() {
        rootPrivateKSK = DNSSECWorld.generatePrivateKey(algorithm, 2048);
        rootKSK = DNSWorld.dnskey(257, algorithm, DNSSECWorld.publicKey(algorithm, rootPrivateKSK));
        rootPrivateZSK = DNSSECWorld.generatePrivateKey(algorithm, 1024);
        rootZSK = DNSWorld.dnskey(256, algorithm, DNSSECWorld.publicKey(algorithm, rootPrivateZSK));
        comPrivateKSK = DNSSECWorld.generatePrivateKey(algorithm, 2048);
        comKSK = DNSWorld.dnskey(257, algorithm, DNSSECWorld.publicKey(algorithm, comPrivateKSK));
        comPrivateZSK = DNSSECWorld.generatePrivateKey(algorithm, 1024);
        comZSK = DNSWorld.dnskey(256, algorithm, DNSSECWorld.publicKey(algorithm, comPrivateZSK));
    }

    @Before
    public void setUp() throws Exception {
        this.client = new DNSSECClient(new LRUCache(0));
        this.client.addSecureEntryPoint(DNSName.EMPTY, rootKSK.getKey());
    }

    void checkCorrectExampleMessage(DNSMessage dNSMessage) {
        List list = dNSMessage.answerSection;
        Assert.assertEquals(1L, list.size());
        Assert.assertEquals(Record.TYPE.A, ((Record) list.get(0)).type);
        Assert.assertArrayEquals(new byte[]{1, 1, 1, 2}, ((Record) list.get(0)).payloadData.getIp());
    }

    @Test
    public void testBasicValid() throws IOException {
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSSECWorld.ds("com", digestType, comKSK))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSSECWorld.signedZone("com", "ns.com", "1.1.1.1", DNSSECWorld.sign(comKSK, "com", comPrivateKSK, algorithm, DNSWorld.record("com", comKSK), DNSWorld.record("com", comZSK)), DNSSECWorld.sign(comZSK, "com", comPrivateZSK, algorithm, DNSWorld.record("example.com", DNSWorld.a("1.1.1.2"))))});
        DNSMessage query = this.client.query("example.com", Record.TYPE.A);
        Assert.assertNotNull(query);
        Assert.assertTrue(query.authenticData);
        checkCorrectExampleMessage(query);
    }

    @Test
    public void testMissingDelegation() throws IOException {
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSSECWorld.signedZone("com", "ns.com", "1.1.1.1", DNSSECWorld.sign(comKSK, "com", comPrivateKSK, algorithm, DNSWorld.record("com", comKSK), DNSWorld.record("com", comZSK)), DNSSECWorld.sign(comZSK, "com", comPrivateZSK, algorithm, DNSWorld.record("example.com", DNSWorld.a("1.1.1.2"))))});
        DNSMessage query = this.client.query("example.com", Record.TYPE.A);
        Assert.assertNotNull(query);
        Assert.assertFalse(query.authenticData);
        checkCorrectExampleMessage(query);
    }

    @Test
    public void testUnsignedRoot() throws IOException {
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSWorld.rootZone(new Record[]{DNSWorld.record("com", DNSSECWorld.ds("com", digestType, comKSK)), DNSWorld.record("com", DNSWorld.ns("ns.com")), DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1"))}), DNSSECWorld.signedZone("com", "ns.com", "1.1.1.1", DNSSECWorld.sign(comKSK, "com", comPrivateKSK, algorithm, DNSWorld.record("com", comKSK), DNSWorld.record("com", comZSK)), DNSSECWorld.sign(comZSK, "com", comPrivateZSK, algorithm, DNSWorld.record("example.com", DNSWorld.a("1.1.1.2"))))});
        DNSMessage query = this.client.query("example.com", Record.TYPE.A);
        Assert.assertNotNull(query);
        Assert.assertFalse(query.authenticData);
        checkCorrectExampleMessage(query);
    }

    @Test
    public void testNoRootSecureEntryPoint() throws IOException {
        this.client.clearSecureEntryPoints();
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSSECWorld.ds("com", digestType, comKSK))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSSECWorld.signedZone("com", "ns.com", "1.1.1.1", DNSSECWorld.sign(comKSK, "com", comPrivateKSK, algorithm, DNSWorld.record("com", comKSK), DNSWorld.record("com", comZSK)), DNSSECWorld.sign(comZSK, "com", comPrivateZSK, algorithm, DNSWorld.record("example.com", DNSWorld.a("1.1.1.2"))))});
        DNSSECMessage queryDnssec = this.client.queryDnssec("example.com", Record.TYPE.A);
        Assert.assertNotNull(queryDnssec);
        Assert.assertFalse(queryDnssec.authenticData);
        checkCorrectExampleMessage(queryDnssec);
        Assert.assertEquals(1L, queryDnssec.getUnverifiedReasons().size());
        Assert.assertTrue(queryDnssec.getUnverifiedReasons().iterator().next() instanceof UnverifiedReason.NoRootSecureEntryPointReason);
    }

    @Test
    public void testUnsignedZone() throws IOException {
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSSECWorld.ds("com", digestType, comKSK))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSWorld.zone("com", "ns.com", "1.1.1.1", new Record[]{DNSWorld.record("example.com", DNSWorld.a("1.1.1.2"))})});
        DNSMessage query = this.client.query("example.com", Record.TYPE.A);
        Assert.assertNotNull(query);
        Assert.assertFalse(query.authenticData);
        checkCorrectExampleMessage(query);
    }

    @Test(expected = DNSSECValidationFailedException.class)
    public void testInvalidDNSKEY() throws IOException {
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSSECWorld.ds("com", digestType, comKSK))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSSECWorld.signedZone("com", "ns.com", "1.1.1.1", DNSSECWorld.sign(comKSK, "com", comPrivateKSK, algorithm, DNSWorld.record("com", comKSK)), DNSSECWorld.sign(comZSK, "com", comPrivateZSK, algorithm, DNSWorld.record("example.com", DNSWorld.a("1.1.1.2"))))});
        this.client.query("example.com", Record.TYPE.A);
    }

    @Test(expected = DNSSECValidationFailedException.class)
    public void testNoDNSKEY() throws IOException {
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSSECWorld.ds("com", digestType, comKSK))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSSECWorld.signedZone("com", "ns.com", "1.1.1.1", DNSSECWorld.sign(comZSK, "com", comPrivateZSK, algorithm, DNSWorld.record("example.com", DNSWorld.a("1.1.1.2"))))});
        this.client.query("example.com", Record.TYPE.A);
    }

    @Test(expected = DNSSECValidationFailedException.class)
    public void testInvalidRRSIG() throws IOException {
        Record rrsigRecord = DNSSECWorld.rrsigRecord(comZSK, "com", comPrivateZSK, algorithm, DNSWorld.record("example.com", DNSWorld.a("1.1.1.2")));
        byte[] bArr = rrsigRecord.payloadData.signature;
        int length = bArr.length / 2;
        bArr[length] = (byte) (bArr[length] + 1);
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSSECWorld.ds("com", digestType, comKSK))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSWorld.zone("com", "ns.com", "1.1.1.1", new Record[]{DNSWorld.record("com", comKSK), DNSWorld.record("com", comZSK), DNSWorld.record("example.com", DNSWorld.a("1.1.1.2")), rrsigRecord})});
        this.client.query("example.com", Record.TYPE.A);
    }

    @Test
    public void testUnknownAlgorithm() throws IOException {
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSSECWorld.ds("com", digestType, comKSK))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSWorld.zone("com", "ns.com", "1.1.1.1", new Record[]{DNSWorld.record("com", comKSK), DNSWorld.record("com", comZSK), DNSWorld.record("example.com", DNSWorld.a("1.1.1.2")), DNSWorld.record("example.com", DNSWorld.rrsig(Record.TYPE.A, 213, 2, 3600L, new Date(System.currentTimeMillis() + 1209600000), new Date(System.currentTimeMillis() - 1209600000), comZSK.getKeyTag(), "com", new byte[0]))})});
        DNSMessage query = this.client.query("example.com", Record.TYPE.A);
        Assert.assertNotNull(query);
        Assert.assertFalse(query.authenticData);
        checkCorrectExampleMessage(query);
    }

    @Test(expected = DNSSECValidationFailedException.class)
    public void testInvalidDelegation() throws IOException {
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSSECWorld.ds(comKSK.getKeyTag(), algorithm, digestType, new byte[0]))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSSECWorld.signedZone("com", "ns.com", "1.1.1.1", DNSSECWorld.sign(comKSK, "com", comPrivateKSK, algorithm, DNSWorld.record("com", comKSK), DNSWorld.record("com", comZSK)), DNSSECWorld.sign(comZSK, "com", comPrivateZSK, algorithm, DNSWorld.record("example.com", DNSWorld.a("1.1.1.2"))))});
        this.client.query("example.com", Record.TYPE.A);
    }

    @Test
    public void testUnknownDelegationDigestType() throws IOException {
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSSECWorld.ds(comKSK.getKeyTag(), algorithm, (byte) -43, new byte[0]))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSSECWorld.signedZone("com", "ns.com", "1.1.1.1", DNSSECWorld.sign(comKSK, "com", comPrivateKSK, algorithm, DNSWorld.record("com", comKSK), DNSWorld.record("com", comZSK)), DNSSECWorld.sign(comZSK, "com", comPrivateZSK, algorithm, DNSWorld.record("example.com", DNSWorld.a("1.1.1.2"))))});
        DNSMessage query = this.client.query("example.com", Record.TYPE.A);
        Assert.assertNotNull(query);
        Assert.assertFalse(query.authenticData);
        checkCorrectExampleMessage(query);
    }

    @Test
    public void testSignatureOutOfDate() throws IOException {
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSSECWorld.ds("com", digestType, comKSK))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSSECWorld.signedZone("com", "ns.com", "1.1.1.1", DNSSECWorld.sign(comKSK, "com", comPrivateKSK, algorithm, DNSWorld.record("com", comKSK), DNSWorld.record("com", comZSK)), DNSSECWorld.sign(comPrivateZSK, DNSWorld.rrsig(Record.TYPE.A, algorithm, 2, 3600L, new Date(System.currentTimeMillis() - 1209600000), new Date(System.currentTimeMillis() - 2419200000L), comZSK.getKeyTag(), "com", new byte[0]), DNSWorld.record("example.com", DNSWorld.a("1.1.1.2"))))});
        DNSMessage query = this.client.query("example.com", Record.TYPE.A);
        Assert.assertNotNull(query);
        Assert.assertFalse(query.authenticData);
        checkCorrectExampleMessage(query);
    }

    @Test
    public void testSignatureInFuture() throws IOException {
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSSECWorld.ds("com", digestType, comKSK))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSSECWorld.signedZone("com", "ns.com", "1.1.1.1", DNSSECWorld.sign(comKSK, "com", comPrivateKSK, algorithm, DNSWorld.record("com", comKSK), DNSWorld.record("com", comZSK)), DNSSECWorld.sign(comPrivateZSK, DNSWorld.rrsig(Record.TYPE.A, algorithm, 2, 3600L, new Date(System.currentTimeMillis() + 2419200000L), new Date(System.currentTimeMillis() + 1209600000), comZSK.getKeyTag(), "com", new byte[0]), DNSWorld.record("example.com", DNSWorld.a("1.1.1.2"))))});
        DNSMessage query = this.client.query("example.com", Record.TYPE.A);
        Assert.assertNotNull(query);
        Assert.assertFalse(query.authenticData);
        checkCorrectExampleMessage(query);
    }

    @Test
    public void testValidNSEC() throws Exception {
        DNSWorld applyZones = DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSSECWorld.ds("com", digestType, comKSK))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSSECWorld.signedZone("com", "ns.com", "1.1.1.1", DNSSECWorld.sign(comKSK, "com", comPrivateKSK, algorithm, DNSWorld.record("com", comKSK), DNSWorld.record("com", comZSK)), DNSSECWorld.sign(comZSK, "com", comPrivateZSK, algorithm, DNSWorld.record("example.com", DNSWorld.a("1.1.1.2"))))});
        DNSMessage.Builder builder = DNSMessage.builder();
        builder.setNameserverRecords(DNSSECWorld.merge(DNSSECWorld.sign(comZSK, "com", comPrivateZSK, algorithm, DNSWorld.record("example.com", DNSWorld.nsec("www.example.com", new Record.TYPE[]{Record.TYPE.A}))), DNSSECWorld.sign(comZSK, "com", comPrivateZSK, algorithm, DNSWorld.record("example.com", DNSWorld.soa("sns.dns.icann.org", "noc.dns.icann.org", 2015081265L, 7200, 3600, 1209600, 3600L)))));
        builder.setAuthoritativeAnswer(true);
        applyZones.addPreparedResponse(new DNSSECWorld.AddressedNsecResponse(InetAddress.getByAddress("ns.com", new byte[]{1, 1, 1, 1}), builder.build()));
        DNSMessage query = this.client.query("nsec.example.com", Record.TYPE.A);
        this.client.setStripSignatureRecords(false);
        Assert.assertNotNull(query);
        Assert.assertEquals(0L, query.answerSection.size());
        Assert.assertTrue(query.authenticData);
    }

    @Test
    public void testValidDLV() throws IOException {
        PrivateKey generatePrivateKey = DNSSECWorld.generatePrivateKey(algorithm, 2048);
        DNSKEY dnskey = DNSWorld.dnskey(257, algorithm, DNSSECWorld.publicKey(algorithm, generatePrivateKey));
        PrivateKey generatePrivateKey2 = DNSSECWorld.generatePrivateKey(algorithm, 1024);
        DNSKEY dnskey2 = DNSWorld.dnskey(256, algorithm, DNSSECWorld.publicKey(algorithm, generatePrivateKey2));
        DNSWorld.applyZones(this.client, new DNSWorld.Zone[]{DNSSECWorld.signedRootZone(DNSSECWorld.sign(rootKSK, "", rootPrivateKSK, algorithm, DNSWorld.record("", rootKSK), DNSWorld.record("", rootZSK)), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("dlv", DNSSECWorld.ds("dlv", digestType, dnskey))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("dlv", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("com", DNSWorld.ns("ns.com"))), DNSSECWorld.sign(rootZSK, "", rootPrivateZSK, algorithm, DNSWorld.record("ns.com", DNSWorld.a("1.1.1.1")))), DNSSECWorld.signedZone("com", "ns.com", "1.1.1.1", DNSSECWorld.sign(comKSK, "com", comPrivateKSK, algorithm, DNSWorld.record("com", comKSK), DNSWorld.record("com", comZSK)), DNSSECWorld.sign(comZSK, "com", comPrivateZSK, algorithm, DNSWorld.record("example.com", DNSWorld.a("1.1.1.2")))), DNSSECWorld.signedZone("dlv", "ns.com", "1.1.1.1", DNSSECWorld.sign(dnskey, "dlv", generatePrivateKey, algorithm, DNSWorld.record("dlv", dnskey), DNSWorld.record("dlv", dnskey2)), DNSSECWorld.sign(dnskey2, "dlv", generatePrivateKey2, algorithm, DNSWorld.record("com.dlv", DNSSECWorld.dlv("com", digestType, comKSK))))});
        this.client.configureLookasideValidation(DNSName.from("dlv"));
        DNSMessage query = this.client.query("example.com", Record.TYPE.A);
        Assert.assertNotNull(query);
        Assert.assertTrue(query.authenticData);
        checkCorrectExampleMessage(query);
        this.client.disableLookasideValidation();
        DNSMessage query2 = this.client.query("example.com", Record.TYPE.A);
        Assert.assertNotNull(query2);
        Assert.assertFalse(query2.authenticData);
        checkCorrectExampleMessage(query2);
    }
}
