def test_310_400(self): # setup: create complete md in store domain = self.test_domain name = "www." + domain assert TestEnv.a2md(["add", name, "test1." + domain])['rv'] == 0 assert TestEnv.a2md(["update", name, "contacts", "admin@" + name])['rv'] == 0 assert TestEnv.a2md(["update", name, "agreement", TestEnv.ACME_TOS])['rv'] == 0 assert TestEnv.apache_start() == 0 # setup: drive it assert TestEnv.a2md(["-v", "drive", name])['rv'] == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE # remove one domain -> status stays COMPLETE assert TestEnv.a2md(["update", name, "domains", name])['rv'] == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE # add other domain -> status INCOMPLETE assert TestEnv.a2md( ["update", name, "domains", name, "test2." + domain])['rv'] == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE
def test_500_107(self): # test case: drive again on COMPLETE md, then drive --force # setup: prepare md in store domain = self.test_domain name = "www." + domain self._prepare_md([name]) assert TestEnv.apache_start() == 0 # drive assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 0 TestEnv.check_md_credentials([name]) orig_cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) # drive again assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 0 TestEnv.check_md_credentials([name]) cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) # check: cert not changed assert cert.get_serial() == orig_cert.get_serial() # drive --force assert TestEnv.a2md(["-vv", "drive", "--force", name])['rv'] == 0 TestEnv.check_md_credentials([name]) cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) # check: cert not changed assert cert.get_serial() != orig_cert.get_serial() # check: previous cert was archived cert = CertUtil(TestEnv.store_archived_file(name, 2, 'pubcert.pem')) assert cert.get_serial() == orig_cert.get_serial()
def setup_module(module): print("setup_module module:%s" % module.__name__) TestEnv.init() TestEnv.APACHE_CONF_SRC = "data/test_auto" TestEnv.check_acme() TestEnv.clear_store() HttpdConf().install() assert TestEnv.apache_start() == 0
def test_500_101(self): # test case: md with 2 domains domain = self.test_domain name = "www." + domain self._prepare_md([name, "test." + domain]) assert TestEnv.apache_start() == 0 # drive assert TestEnv.a2md(["-vv", "drive", "-c", "http-01", name])['rv'] == 0 TestEnv.check_md_credentials([name, "test." + domain])
def test_500_106(self): # Driving an MD with TLS only, without making it known to Apache # first will not work, as support for ALPN protocol acme-tls/1 cannot be checked. domain = self.test_domain name = "www." + domain self._prepare_md([name, "test." + domain]) assert TestEnv.apache_start() == 0 # drive assert TestEnv.a2md(["-vv", "drive", "-c", "tls-alpn-01", name])['rv'] == 1
def test_500_102(self): # Driving an MD with 'tls-alpn-01' challenge without making it known to Apache # first will not work, as support for ALPN protocol acme-tls/1 cannot be checked. domain = self.test_domain name = "www." + domain self._prepare_md([name]) assert TestEnv.apache_start() == 0 # setup: create account on server run = TestEnv.a2md(["acme", "newreg", "admin@" + domain], raw=True) assert run['rv'] == 0 acct = re.match("registered: (.*)$", run["stdout"]).group(1) # setup: link md to account assert TestEnv.a2md(["update", name, "account", acct])['rv'] == 0 # drive r = TestEnv.a2md(["-v", "drive", "-c", "tls-alpn-01", name]) == 1
def test_500_100(self): # test case: md with one domain domain = self.test_domain name = "www." + domain self._prepare_md([name]) assert TestEnv.apache_start() == 0 # drive prevMd = TestEnv.a2md(["list", name])['jout']['output'][0] assert TestEnv.a2md(["drive", "-c", "http-01", name])['rv'] == 0 TestEnv.check_md_credentials([name]) self._check_account_key(name) # check archive content storeMd = json.loads( open(TestEnv.store_archived_file(name, 1, 'md.json')).read()) for f in [ 'name', 'ca', 'domains', 'contacts', 'renew-mode', 'renew-window', 'must-staple' ]: assert storeMd[f] == prevMd[f] # check file system permissions: TestEnv.check_file_permissions(name) # check: challenges removed TestEnv.check_dir_empty(TestEnv.store_challenges()) # check how the challenge resources are answered in sevceral combinations result = TestEnv.get_meta(domain, "/.well-known/acme-challenge", False) assert result['rv'] == 0 assert result['http_status'] == 404 result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/", False) assert result['rv'] == 0 assert result['http_status'] == 404 result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123", False) assert result['rv'] == 0 assert result['http_status'] == 404 assert result['rv'] == 0 cdir = os.path.join(TestEnv.store_challenges(), domain) os.makedirs(cdir) open(os.path.join(cdir, 'acme-http-01.txt'), "w").write("content-of-123") result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123", False) assert result['rv'] == 0 assert result['http_status'] == 200 assert result['http_headers']['Content-Length'] == '14'
def test_500_300(self): # test case: remove one domain name from existing valid md # setup: create md in store domain = self.test_domain name = "www." + domain self._prepare_md([name, "test." + domain, "xxx." + domain]) assert TestEnv.apache_start() == 0 # setup: drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 old_cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) # setup: remove one domain assert TestEnv.a2md(["update", name, "domains"] + [name, "test." + domain])['rv'] == 0 # drive assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 0 # compare cert serial new_cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) assert old_cert.get_serial() == new_cert.get_serial()
def test_500_301(self): # test case: change contact info on existing valid md # setup: create md in store domain = self.test_domain name = "www." + domain self._prepare_md([name]) assert TestEnv.apache_start() == 0 # setup: drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 old_cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) # setup: add second domain assert TestEnv.a2md(["update", name, "contacts", "test@" + domain])['rv'] == 0 # drive assert TestEnv.a2md(["drive", name])['rv'] == 0 # compare cert serial new_cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) assert old_cert.get_serial() == new_cert.get_serial()
def test_502_103(self): # test case: md with one domain, ACME account and TOS agreement on server # setup: create md domain = self.test_domain name = "www." + domain assert TestEnv.a2md(["add", name])['rv'] == 0 assert TestEnv.a2md(["update", name, "contacts", "admin@" + domain])['rv'] == 0 assert TestEnv.apache_start() == 0 # setup: create account on server run = TestEnv.a2md( ["-t", "accepted", "acme", "newreg", "admin@" + domain], raw=True) assert run['rv'] == 0 acct = re.match("registered: (.*)$", run["stdout"]).group(1) # setup: link md to account assert TestEnv.a2md(["update", name, "account", acct])['rv'] == 0 # drive assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 0 TestEnv.check_md_credentials([name])
def test_500_200(self): # test case: add dns name on existing valid md # setup: create md in store domain = self.test_domain name = "www." + domain self._prepare_md([name]) assert TestEnv.apache_start() == 0 # setup: drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 old_cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) # setup: add second domain assert TestEnv.a2md( ["update", name, "domains", name, "test." + domain])['rv'] == 0 # drive assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 0 # check new cert TestEnv.check_md_credentials([name, "test." + domain]) new_cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) assert old_cert.get_serial() != new_cert.get_serial()
def test_500_105(self): # test case: md with one domain, local TOS agreement and ACME account that is deleted (!) on server # setup: create md domain = self.test_domain name = "www." + domain self._prepare_md([name]) assert TestEnv.apache_start() == 0 # setup: create account on server run = TestEnv.a2md(["acme", "newreg", "test@" + domain], raw=True) assert run['rv'] == 0 acct = re.match("registered: (.*)$", run["stdout"]).group(1) # setup: link md to account assert TestEnv.a2md(["update", name, "account", acct])['rv'] == 0 # setup: delete account on server assert TestEnv.a2md(["acme", "delreg", acct])['rv'] == 0 # drive run = TestEnv.a2md(["drive", name]) print(run["stderr"]) assert run['rv'] == 0 TestEnv.check_md_credentials([name])
def test_310_401(self): # setup: create complete md in store domain = self.test_domain name = "www." + domain assert TestEnv.a2md(["add", name])['rv'] == 0 assert TestEnv.a2md(["update", name, "contacts", "admin@" + name])['rv'] == 0 assert TestEnv.a2md(["update", name, "agreement", TestEnv.ACME_TOS])['rv'] == 0 assert TestEnv.apache_start() == 0 # setup: drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE # setup: change CA URL assert TestEnv.a2md(["update", name, "ca", TestEnv.ACME_URL_DEFAULT])['rv'] == 0 # check: state stays COMPLETE assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
def test_500_104(self): # test case: md with one domain, TOS agreement, ACME account and authz challenge # setup: create md domain = self.test_domain name = "www." + domain self._prepare_md([name]) assert TestEnv.apache_start() == 0 # setup: create account on server run = TestEnv.a2md(["acme", "newreg", "admin@" + domain], raw=True) assert run['rv'] == 0 acct = re.match("registered: (.*)$", run["stdout"]).group(1) # setup: send TOS agreement to server assert TestEnv.a2md( ["--terms", TestEnv.ACME_TOS, "acme", "agree", acct])['rv'] == 0 # setup: link md to account assert TestEnv.a2md(["update", name, "account", acct])['rv'] == 0 # setup: create authz resource, write it into store run = TestEnv.a2md(["-vv", "acme", "authz", acct, name], raw=True) assert run['rv'] == 0 authz_url = re.match("authz: " + name + " (.*)$", run["stdout"]).group(1) # TODO: find storage-independent way to modify local authz data TestEnv.authz_save( name, json.dumps( { "account": acct, "authorizations": [{ "domain": name, "location": authz_url, "state": 0 }] }, indent=2)) # drive assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 0 TestEnv.check_md_credentials([name])
def test_300_022(self): HttpdConf(text=""" MDomain secret.com <If "1 == 1"> MDRequireHttps temporary </If> <VirtualHost *:12344> ServerName secret.com SSLEngine on </VirtualHost> """).install() assert TestEnv.apache_start() == 0 HttpdConf(text=""" MDomain secret.com <Directory /tmp> MDRequireHttps temporary </Directory> <VirtualHost *:12344> ServerName secret.com SSLEngine on </VirtualHost> """).install() assert TestEnv.apache_restart() == 1
def setup_method(self, method): print("setup_method: %s" % method.__name__) assert TestEnv.apache_start() == 0
def setup_module(module): print("setup_module: %s" % module.__name__) TestEnv.init() HttpdConf().add_vhost_test1().add_vhost_test2().install() assert TestEnv.apache_start() == 0
def setup_method(self, method): print("setup_method: %s" % method.__name__) assert TestEnv.apache_start() == 0
def setup_module(module): print("setup_module: %s" % module.__name__) TestEnv.init() HttpdConf().add_vhost_test1().add_vhost_test2().install() assert TestEnv.apache_start() == 0