def _prepare_md(self, domains): assert TestEnv.a2md(["add"] + domains)['rv'] == 0 assert TestEnv.a2md( ["update", domains[0], "contacts", "admin@" + domains[0]])['rv'] == 0 assert TestEnv.a2md( ["update", domains[0], "agreement", TestEnv.ACME_TOS])['rv'] == 0
def test_500_201(self, renewWindow, testDataList): # test case: trigger cert renew when entering renew window # setup: prepare COMPLETE md domain = self.test_domain name = "www." + domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_renew_window(renewWindow) conf.add_md([name]) conf.install() assert TestEnv.apache_restart() == 0 md = TestEnv.a2md(["list", name])['jout']['output'][0] assert md['state'] == TestEnv.MD_S_INCOMPLETE assert md['renew-window'] == renewWindow # setup: drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 cert1 = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) md = TestEnv.a2md(["list", name])['jout']['output'][0] assert md['state'] == TestEnv.MD_S_COMPLETE assert md['renew-window'] == renewWindow # replace cert by self-signed one -> check md status print("TRACE: start testing renew window: %s" % renewWindow) for tc in testDataList: print("TRACE: create self-signed cert: %s" % tc["valid"]) TestEnv.create_self_signed_cert([name], tc["valid"]) cert2 = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) assert cert2.get_serial() != cert1.get_serial() r = TestEnv.a2md(["-vvvv", "list", name]) md = r['jout']['output'][0] assert md["renew"] == tc["renew"], \ "Expected renew == {} indicator in {}, test case {}, stderr {}".format(tc["renew"], md, tc, r['stderr'])
def test_500_107(self): # test case: drive again on COMPLETE md, then drive --force # setup: prepare md in store domain = self.test_domain name = "www." + domain self._prepare_md([name]) assert TestEnv.apache_start() == 0 # drive assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 0 TestEnv.check_md_credentials([name]) orig_cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) # drive again assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 0 TestEnv.check_md_credentials([name]) cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) # check: cert not changed assert cert.get_serial() == orig_cert.get_serial() # drive --force assert TestEnv.a2md(["-vv", "drive", "--force", name])['rv'] == 0 TestEnv.check_md_credentials([name]) cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) # check: cert not changed assert cert.get_serial() != orig_cert.get_serial() # check: previous cert was archived cert = CertUtil(TestEnv.store_archived_file(name, 2, 'pubcert.pem')) assert cert.get_serial() == orig_cert.get_serial()
def test_310_306(self): HttpdConf(text=""" MDCAChallenges http-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list"])['jout']['output'][0]['ca']['challenges'] == ['http-01'] # test case: drive mode auto HttpdConf(text=""" MDCAChallenges tls-alpn-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md([ "list" ])['jout']['output'][0]['ca']['challenges'] == ['tls-alpn-01'] # test case: drive mode always HttpdConf(text=""" MDCAChallenges http-01 tls-alpn-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['ca']['challenges'] == [ 'http-01', 'tls-alpn-01' ]
def test_310_307(self): HttpdConf(text=""" MDPrivateKeys RSA 4096 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['privkey'] == { "type": "RSA", "bits": 4096 } HttpdConf(text=""" MDPrivateKeys RSA 2048 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['privkey'] == { "type": "RSA", "bits": 2048 } HttpdConf(text=""" MDPrivateKeys RSA 4096 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['privkey'] == { "type": "RSA", "bits": 4096 }
def test_000_201(self): domains = [["test000-201.com", "test000-201a.com", "test000-201b.com"], [ "greenbytes2.de", "www.greenbytes2.de", "mail.greenbytes2.de" ]] for dns in domains: assert TestEnv.a2md(["store", "add"] + dns)['rv'] == 0 # # list all store content jout = TestEnv.a2md(["store", "list"])['jout'] assert len(jout['output']) == len(domains) domains.reverse() jout['output'] = sorted(jout['output'], key=md_name) for i in range(0, len(jout['output'])): TestEnv.check_json_contains( jout['output'][i], { "name": domains[i][0], "domains": domains[i], "contacts": [], "ca": { "url": TestEnv.ACME_URL, "proto": "ACME" }, "state": 0 })
def test_310_308(self): # setup: nothing set HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert "require-https" not in TestEnv.a2md(["list" ])['jout']['output'][0] # test case: temporary redirect HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDRequireHttps temporary """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list"])['jout']['output'][0]['require-https'] == "temporary" # test case: permanent redirect HttpdConf(text=""" <MDomainSet testdomain.org> MDMember www.testdomain.org mail.testdomain.org MDRequireHttps permanent </MDomainSet> """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list"])['jout']['output'][0]['require-https'] == "permanent"
def test_500_203(self): # test case: reproduce issue with initially wrong agreement URL domain = self.test_domain name = "www." + domain # setup: prepare md with invalid TOS url conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("MDCertificateAgreement %s" % (TestEnv.ACME_TOS2)) conf.add_drive_mode("manual") conf.add_md([name]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE # drive it -> fail after account registration assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 1 # adjust config: replace TOS url with correct one conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md([name]) conf.install() time.sleep(1) assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE # drive it -> runs OK assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
def test_120_001(self): domains = [["test120-001.com", "test120-001a.com", "test120-001b.com"], [ "greenbytes2.de", "www.greenbytes2.de", "mail.greenbytes2.de" ]] for dns in domains: assert TestEnv.a2md(["add"] + dns)['rv'] == 0 # # list all store content jout = TestEnv.a2md(["list"])['jout'] assert len(jout['output']) == len(domains) domains.reverse() for i in range(0, len(jout['output'])): TestEnv.check_json_contains( jout['output'][i], { "name": domains[i][0], "domains": domains[i], "contacts": [], "ca": { "url": TestEnv.ACME_URL, "proto": "ACME" }, "state": TestEnv.MD_S_INCOMPLETE }) # list md by name for dns in ["test120-001.com", "greenbytes2.de"]: md = TestEnv.a2md(["list", dns])['jout']['output'][0] assert md['name'] == dns
def test_500_000(self): # test case: md without contact info domain = self.test_domain name = "www." + domain assert TestEnv.a2md(["add", name])['rv'] == 0 run = TestEnv.a2md(["drive", name]) assert run['rv'] == 1 assert re.search("No contact information", run["stderr"])
def setup_method(self, method): print("setup_method: %s" % method.__name__) TestEnv.clear_store() # add managed domains domains = [[self.NAME1, "www.greenbytes2.de", "mail.greenbytes2.de"], [self.NAME2, "test-101.com", "test-102.com"]] for dns in domains: TestEnv.a2md(["-a", TestEnv.ACME_URL, "add"] + dns)
def test_000_404(self): dns1 = "test000-404.com" dns2 = "greenbytes.com" args = ["store", "add", dns1] assert TestEnv.a2md(args)['jout']['output'][0]['domains'] == [dns1] # override domains list args = ["store", "update", dns1, "domains", dns2] assert TestEnv.a2md(args)['jout']['output'][0]['domains'] == [dns2]
def test_000_401(self): dns1 = "test000-401.com" jout1 = TestEnv.a2md(["store", "add", dns1])['jout'] dns2 = "test-101.com" args = ["store", "update", dns1, "domains", dns1, dns2] assert TestEnv.a2md(args)['jout']['output'][0]['domains'] == [ dns1, dns2 ]
def test_110_201(self): assert TestEnv.a2md(["update", self.NAME1, "account", "test.account.id"])['rv'] == 0 md = TestEnv.a2md(["update", self.NAME1, "account"])['jout']['output'][0] TestEnv.check_json_contains(md['ca'], { "url": TestEnv.ACME_URL, "proto": "ACME" }) assert md['state'] == 1
def test_110_402(self): assert TestEnv.a2md(["update", self.NAME1, "agreement", TestEnv.ACME_TOS])['rv'] == 0 md = TestEnv.a2md(["update", self.NAME1, "agreement"])['jout']['output'][0] TestEnv.check_json_contains(md['ca'], { "url": TestEnv.ACME_URL, "proto": "ACME" }) assert md['state'] == 1
def test_110_303(self): assert TestEnv.a2md( ["update", self.NAME1, "contacts", "*****@*****.**"])['rv'] == 0 md = TestEnv.a2md( ["update", self.NAME1, "contacts", "*****@*****.**"])['jout']['output'][0] assert md['contacts'] == ["mailto:[email protected]"] assert md['state'] == 1
def test_500_003(self): # test case: md with unknown protocol FOO domain = self.test_domain name = "www." + domain self._prepare_md([name]) assert TestEnv.a2md(["update", name, "ca", TestEnv.ACME_URL, "FOO"])['rv'] == 0 run = TestEnv.a2md(["drive", name]) assert run['rv'] == 1 assert re.search("Unknown CA protocol", run["stderr"])
def test_100_007(self): assert TestEnv.a2md(["add", "test-100.com", "test-101.com"])['rv'] == 0 # 1: alternate DNS exists as primary name assert TestEnv.a2md(["add", "greenbytes2.de", "test-100.com"])['rv'] == 1 # 2: alternate DNS exists as alternate DNS assert TestEnv.a2md(["add", "greenbytes2.de", "test-101.com"])['rv'] == 1 # 3: primary name exists as alternate DNS assert TestEnv.a2md(["add", "test-101.com"])['rv'] == 1
def test_310_400(self): # setup: create complete md in store domain = self.test_domain name = "www." + domain assert TestEnv.a2md(["add", name, "test1." + domain])['rv'] == 0 assert TestEnv.a2md(["update", name, "contacts", "admin@" + name])['rv'] == 0 assert TestEnv.a2md(["update", name, "agreement", TestEnv.ACME_TOS])['rv'] == 0 assert TestEnv.apache_start() == 0 # setup: drive it assert TestEnv.a2md(["-v", "drive", name])['rv'] == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE # remove one domain -> status stays COMPLETE assert TestEnv.a2md(["update", name, "domains", name])['rv'] == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE # add other domain -> status INCOMPLETE assert TestEnv.a2md( ["update", name, "domains", name, "test2." + domain])['rv'] == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE
def test_000_301(self): dns1 = ["test000-301.com", "test000-301a.com", "test000-301b.com"] assert TestEnv.a2md(["store", "add"] + dns1)['rv'] == 0 # dns2 = ["greenbytes2.de", "www.greenbytes2.de", "mail.greenbytes2.de"] jout1 = TestEnv.a2md(["store", "add"] + dns2)['jout'] # remove managed domain assert TestEnv.a2md(["store", "remove", "test000-301.com"])['jout'] == TestEnv.EMPTY_JOUT # list store content assert TestEnv.a2md(["store", "list"])['jout'] == jout1
def test_310_200(self): dnsList = [ "testdomain.org", "www.testdomain.org", "mail.testdomain.org" ] TestEnv.a2md(["add"] + dnsList) TestEnv.check_md(dnsList, state=1) conf = HttpdConf() conf.install() assert TestEnv.apache_restart() == 0 # check: md stays in store TestEnv.check_md(dnsList, state=1)
def test_500_001(self): # test case: md with contact, but without TOS domain = self.test_domain name = "www." + domain assert TestEnv.a2md(["add", name])['rv'] == 0 assert TestEnv.a2md( ["update", name, "contacts", "*****@*****.**"])['rv'] == 0 run = TestEnv.a2md(["drive", name]) assert run['rv'] == 1 assert re.search( "the CA requires you to accept the terms-of-service as specified in ", run["stderr"])
def test_500_400(self): # test case: server not reachable domain = self.test_domain name = "www." + domain self._prepare_md([name]) assert TestEnv.a2md( ["update", name, "ca", "http://localhost:4711/directory"])['rv'] == 0 # drive run = TestEnv.a2md(["drive", name]) assert run['rv'] == 1 assert run['jout']['status'] != 0 assert run['jout']['description'] == 'Connection refused'
def test_310_300(self): dnsList = [ "testdomain.org", "mail.testdomain.org", "www.testdomain.org" ] TestEnv.a2md(["add"] + dnsList) TestEnv.check_md(dnsList, state=1) HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # check: dns list changes TestEnv.check_md( ["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1)
def test_310_209(self, keySize): HttpdConf(text=""" MDPrivateKeys RSA %s MDomain testdomain.org www.testdomain.org mail.testdomain.org """ % (keySize)).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list"])['jout']['output'][0]['privkey']['type'] == "RSA" # HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert "privkey" not in TestEnv.a2md(["list"])['jout']['output'][0]
def test_310_207(self, renewMode, expCode): HttpdConf(text=""" MDRenewMode %s MDomain testdomain.org www.testdomain.org mail.testdomain.org """ % (renewMode)).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['renew-mode'] == expCode # HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['renew-mode'] == 1
def test_310_211(self): HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDMustStaple on """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['must-staple'] == True # HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['must-staple'] == False
def test_310_208(self): HttpdConf(text=""" MDCAChallenges http-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list"])['jout']['output'][0]['ca']['challenges'] == ['http-01'] # HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert 'challenges' not in TestEnv.a2md(["list" ])['jout']['output'][0]['ca']
def test_310_206(self): HttpdConf(text=""" MDRenewWindow 14d MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['renew-window'] == '14d' HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # check: renew window not set assert TestEnv.a2md(["list" ])['jout']['output'][0]['renew-window'] == '33%'
def test_310_201(self): dnsList = [ "testdomain.org", "test.testdomain.org", "www.testdomain.org", "mail.testdomain.org" ] TestEnv.a2md(["add"] + dnsList) TestEnv.check_md(dnsList, state=1) HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # check: DNS has been removed from md in store TestEnv.check_md( ["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1)