def test_700_003(self):
# generate 1 MD and 2 vhosts
domain = self.test_domain
nameA = "a." + domain
nameB = "b." + domain
domains = [domain, nameA, nameB]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(nameA, docRoot="htdocs/a")
conf.add_vhost(nameB, docRoot="htdocs/b")
conf.install()
#
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"),
"name.txt", nameB)
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain, nameA, nameB])
TestEnv.check_md_complete(domain)
#
# check: SSL is running OK
certA = TestEnv.get_cert(nameA)
assert nameA in certA.get_san_list()
certB = TestEnv.get_cert(nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
#
assert TestEnv.get_content(nameA, "/name.txt") == nameA
assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_602_002(self):
# test case: one md, that covers two vhosts
domain = self.test_domain
name_a = "a." + domain
name_b = "b." + domain
domains = [domain, name_a, name_b]
# - generate config with one md
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md(domains)
conf.install()
# - restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# - drive
assert TestEnv.a2md(["drive", domain])['rv'] == 0
assert TestEnv.apache_restart() == 0
TestEnv.check_md_complete(domain)
# - append vhost to config
conf.add_vhost(name_a, doc_root="htdocs/a")
conf.add_vhost(name_b, doc_root="htdocs/b")
conf.install()
# - create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", name_a)
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"),
"name.txt", name_b)
# check: SSL is running OK
assert TestEnv.apache_restart() == 0
cert_a = TestEnv.get_cert(name_a)
assert name_a in cert_a.get_san_list()
cert_b = TestEnv.get_cert(name_b)
assert name_b in cert_b.get_san_list()
assert cert_a.same_serial_as(cert_b)
assert TestEnv.get_content(name_a, "/name.txt") == name_a
assert TestEnv.get_content(name_b, "/name.txt") == name_b
def test_600_002(self):
# test case: one md, that covers two vhosts
domain = self.test_domain
nameA = "a-" + domain
nameB = "b-" + domain
domains = [domain, nameA, nameB]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md(domains)
conf.install()
# - restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# - drive
assert TestEnv.a2md(["drive", domain])['rv'] == 0
assert TestEnv.apache_restart() == 0
TestEnv.check_md_complete(domain)
# - append vhost to config
conf.add_vhost(nameA, docRoot="htdocs/a")
conf.add_vhost(nameB, docRoot="htdocs/b")
conf.install()
# - create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"),
"name.txt", nameB)
# check: SSL is running OK
assert TestEnv.apache_restart() == 0
certA = TestEnv.get_cert(nameA)
assert nameA in certA.get_san_list()
certB = TestEnv.get_cert(nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
assert TestEnv.get_content(nameA, "/name.txt") == nameA
assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_500_109(self):
# test case: redirect on SSL-only domain
# setup: prepare config
domain = self.test_domain
name = "www." + domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md([name])
conf.add_vhost(name, port=TestEnv.HTTP_PORT, docRoot="htdocs/test")
conf.add_vhost(name, docRoot="htdocs/test")
conf.install()
# setup: create resource files
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "test"),
"name.txt", name)
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR),
"name.txt", "not-forbidden.org")
assert TestEnv.apache_restart() == 0
# drive it
assert TestEnv.a2md(["drive", name])['rv'] == 0
assert TestEnv.apache_restart() == 0
# test HTTP access - no redirect
assert TestEnv.get_content("not-forbidden.org",
"/name.txt",
useHTTPS=False) == "not-forbidden.org"
assert TestEnv.get_content(name, "/name.txt", useHTTPS=False) == name
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False)
assert int(r['http_headers']['Content-Length']) == len(name)
assert "Location" not in r['http_headers']
# test HTTPS access
assert TestEnv.get_content(name, "/name.txt", useHTTPS=True) == name
# test HTTP access again -> redirect to default HTTPS port
conf.add_require_ssl("temporary")
conf.install()
assert TestEnv.apache_restart() == 0
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False)
assert r['http_status'] == 302
expLocation = "https://%s/name.txt" % name
assert r['http_headers']['Location'] == expLocation
# should not see this
assert not 'Strict-Transport-Security' in r['http_headers']
# test default HTTP vhost -> still no redirect
assert TestEnv.get_content("not-forbidden.org",
"/name.txt",
useHTTPS=False) == "not-forbidden.org"
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True)
# also not for this
assert not 'Strict-Transport-Security' in r['http_headers']
# test HTTP access again -> redirect permanent
conf.add_require_ssl("permanent")
conf.install()
assert TestEnv.apache_restart() == 0
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False)
assert r['http_status'] == 301
expLocation = "https://%s/name.txt" % name
assert r['http_headers']['Location'] == expLocation
assert not 'Strict-Transport-Security' in r['http_headers']
# should see this
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True)
assert r['http_headers'][
'Strict-Transport-Security'] == 'max-age=15768000'
