def test_801_003(self):
mdA = TestStapling.mdA
mdB = TestStapling.mdB
conf = TestStapling.configure_httpd()
conf.add_line("""
<MDomain %s>
MDStapling on
</MDomain>
<MDomain %s>
</MDomain>
""" % (mdA, mdB))
conf.add_vhost(mdA)
conf.add_vhost(mdB)
conf.install()
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_restart() == 0
# mdA has stapling
stat = TestEnv.await_ocsp_status(mdA)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
stat = TestEnv.get_md_status(mdA)
assert stat["stapling"]
assert stat["cert"]["ocsp"]["status"] == "good"
assert stat["cert"]["ocsp"]["valid"]
# mdB has no stapling
stat = TestEnv.get_ocsp_status(mdB)
assert stat['ocsp'] == "no response sent"
stat = TestEnv.get_md_status(mdB)
assert not stat["stapling"]
def test_300_004(self):
assert TestEnv.apache_stop() == 0
HttpdConf(text="""
MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org
MDomain example2.org test3.not-forbidden.org www.example2.org mail.example2.org
""").install()
assert TestEnv.apache_fail() == 0
def test_801_004(self):
md_a = TestStapling.mdA
md_b = TestStapling.mdB
conf = TestStapling.configure_httpd(ssl_stapling=True)
conf.add_line("""
<MDomain %s>
MDStapling on
</MDomain>
<MDomain %s>
</MDomain>
""" % (md_a, md_b))
conf.add_vhost(md_a)
conf.add_vhost(md_b)
conf.install()
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_restart() == 0
# mdA has stapling
stat = TestEnv.await_ocsp_status(md_a)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
stat = TestEnv.get_md_status(md_a)
assert stat["stapling"]
pkey = 'rsa'
assert stat["cert"][pkey]["ocsp"]["status"] == "good"
assert stat["cert"][pkey]["ocsp"]["valid"]
# mdB has no md stapling, but mod_ssl kicks in
stat = TestEnv.get_ocsp_status(md_b)
assert stat['ocsp'] == "successful (0x0)"
stat = TestEnv.get_md_status(md_b)
assert not stat["stapling"]
def test_300_009(self):
assert TestEnv.apache_stop() == 0
HttpdConf(text="""
ServerAdmin [email protected]
MDMembers manual
MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org
MDomain example2.org www.example2.org www.example3.org
<VirtualHost *:12346>
ServerName example2.org
ServerAlias www.example3.org
SSLEngine on
</VirtualHost>
<VirtualHost *:12346>
ServerName www.example2.org
ServerAlias example2.org
SSLEngine on
</VirtualHost>
<VirtualHost *:12346>
ServerName not-forbidden.org
ServerAlias example2.org
SSLEngine on
</VirtualHost>
""").install()
assert TestEnv.apache_fail() == 0
def test_801_009(self):
assert TestEnv.apache_stop() == 0
md = TestStapling.mdA
domains = [md]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009')
# cert that is 30 more days valid
TestEnv.create_self_signed_cert(domains, {
"notBefore": -60,
"notAfter": 30
},
serial=801009,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % cert_file)
conf.add_line("MDCertificateKeyFile %s" % pkey_file)
conf.add_line("MDStapling on")
conf.end_md()
conf.add_vhost(md)
conf.install()
assert TestEnv.apache_restart() == 0
time.sleep(1)
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "no response sent"
def test_801_002(self):
md = TestStapling.mdA
TestStapling.configure_httpd(md, ssl_stapling=True).install()
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
stat = TestEnv.get_md_status(md)
assert not stat["stapling"]
#
# turn stapling on, wait for it to appear in connections
TestStapling.configure_httpd(md, "MDStapling on",
ssl_stapling=True).install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
stat = TestEnv.get_md_status(md)
assert stat["stapling"]
pkey = 'rsa'
assert stat["cert"][pkey]["ocsp"]["status"] == "good"
assert stat["cert"][pkey]["ocsp"]["valid"]
#
# turn stapling off (explicitly) again, should disappear
TestStapling.configure_httpd(md, "MDStapling off",
ssl_stapling=True).install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
stat = TestEnv.get_md_status(md)
assert not stat["stapling"]
def test_801_008(self):
assert TestEnv.apache_stop() == 0
# turn stapling on, wait for it to appear in connections
md = TestStapling.mdA
conf = TestStapling.configure_httpd()
conf.add_line("MDStapling on")
conf.start_vhost(md)
conf.add_line("""
SSLCertificateKeyFile %s
SSLCertificateFile %s
""" % (TestEnv.store_domain_file(
md, 'privkey.pem'), TestEnv.store_domain_file(md, 'pubcert.pem')))
conf.end_vhost()
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
# fine the file where the ocsp response is stored
dirpath = os.path.join(TestEnv.STORE_DIR, 'ocsp', 'other')
files = os.listdir(dirpath)
ocsp_file = None
for name in files:
if name.startswith("ocsp-"):
ocsp_file = os.path.join(dirpath, name)
assert ocsp_file
def test_901_003(self):
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_drive_mode("auto")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
stat = TestEnv.get_md_status(domain)
# this command did not fail and logged itself the correct information
assert stat["renewal"]["last"]["status"] == 0
assert stat["renewal"]["log"]["entries"]
assert stat["renewal"]["log"]["entries"][0]["type"] == "message-renewed"
# shut down server to make sure that md has completed
assert TestEnv.apache_stop() == 0
nlines = open(self.mlog).readlines()
assert 3 == len(nlines)
nlines = [s.strip() for s in nlines]
assert "['{cmd}', '{logfile}', 'challenge-setup:http-01:{dns}', '{mdomain}']".format(
cmd=self.mcmd, logfile=self.mlog, mdomain=domain, dns=domains[0]) in nlines
assert "['{cmd}', '{logfile}', 'challenge-setup:http-01:{dns}', '{mdomain}']".format(
cmd=self.mcmd, logfile=self.mlog, mdomain=domain, dns=domains[1]) in nlines
assert nlines[2].strip() == "['{cmd}', '{logfile}', 'renewed', '{mdomain}']".format(
cmd=self.mcmd, logfile=self.mlog, mdomain=domain)
def test_300_011b(self):
assert TestEnv.apache_stop() == 0
HttpdConf(text="""
MDomain not-forbidden.org auto mail.not-forbidden.org
<VirtualHost *:%s>
ServerName not-forbidden.org
ServerAlias test3.not-forbidden.org
ServerAlias test4.not-forbidden.org
SSLEngine on
</VirtualHost>
""" % (TestEnv.HTTPS_PORT)).install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.httpd_error_log_count()
def test_801_010(self):
assert TestEnv.apache_stop() == 0
TestEnv.clear_ocsp_store()
md = TestStapling.mdA
domains = [md]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDStapling on")
conf.end_md()
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_server_status()
assert stat
def test_801_005(self):
# TODO: mod_watchdog seems to have problems sometimes with fast restarts
# stopping first works.
assert TestEnv.apache_stop() == 0
# turn stapling on, wait for it to appear in connections
md = TestStapling.mdA
TestStapling.configure_httpd(md, "MDStapling on").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
# fine the file where the ocsp response is stored
dirpath = os.path.join(TestEnv.STORE_DIR, 'ocsp', md)
files = os.listdir(dirpath)
ocsp_file = None
for name in files:
if name.startswith("ocsp-"):
ocsp_file = os.path.join(dirpath, name)
assert ocsp_file
mtime1 = os.path.getmtime(ocsp_file)
# wait a sec, restart and check that file does not change
time.sleep(1)
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
mtime2 = os.path.getmtime(ocsp_file)
assert mtime1 == mtime2
# configure a keep time of 1 second, restart, the file is gone
# (which is a side effec that we load it before the cleanup removes it.
# since it was valid, no new one needed fetching
TestStapling.configure_httpd(
md, """
MDStapling on
MDStaplingKeepResponse 1s
""").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert not os.path.exists(ocsp_file)
# if we restart again, a new file needs to appear
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
mtime3 = os.path.getmtime(ocsp_file)
assert mtime1 != mtime3
def test_801_006(self):
assert TestEnv.apache_stop() == 0
# turn stapling on, wait for it to appear in connections
md = TestStapling.mdA
TestStapling.configure_httpd(md, "MDStapling on").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
# fine the file where the ocsp response is stored
dirpath = os.path.join(TestEnv.STORE_DIR, 'ocsp', md)
files = os.listdir(dirpath)
ocsp_file = None
for name in files:
if name.startswith("ocsp-"):
ocsp_file = os.path.join(dirpath, name)
assert ocsp_file
mtime1 = os.path.getmtime(ocsp_file)
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
# wait a sec, restart and check that file does not change
time.sleep(1)
mtime2 = os.path.getmtime(ocsp_file)
assert mtime1 == mtime2
# configure a renew window of 10 days, restart, larger than any life time.
TestStapling.configure_httpd(
md, """
MDStapling on
MDStaplingRenewWindow 10d
""").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
# wait a sec, restart and check that file does change
time.sleep(1)
mtime3 = os.path.getmtime(ocsp_file)
assert mtime1 != mtime3
def test_901_003(self):
domain = self.test_domain
domains = [ domain, "www." + domain ]
conf = HttpdConf()
conf.add_admin( "*****@*****.**" )
conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) )
conf.add_drive_mode( "auto" )
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion( [ domain ], restart=False )
stat = TestEnv.get_md_status(domain)
# this command did not fail and logged itself the correct information
assert stat["renewal"]["last"]["status"] == 0
assert stat["renewal"]["log"]["entries"]
assert stat["renewal"]["log"]["entries"][0]["type"] == "message-renewed"
# shut down server to make sure that md has completed
assert TestEnv.apache_stop() == 0
nlines = open(self.mlog).readlines()
assert 1+self.menv_lines == len(nlines)
assert ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
assert (re.match(r'MD_VERSION=(\d+\.\d+\.\d+)(-.+)?', nlines[1].strip()))
assert ("MD_STORE=%s" % (TestEnv.STORE_DIR)) == nlines[2].strip()
def setup_module(module):
print("setup_module: %s" % module.__name__)
TestEnv.init()
HttpdConf().install()
assert TestEnv.apache_stop() == 0
def teardown_module(module):
print("teardown_module:%s" % module.__name__)
assert TestEnv.apache_stop() == 0
def teardown_module(module):
print("teardown_module: %s" % module.__name__)
assert TestEnv.apache_stop() == 0
def teardown_class(cls):
print("teardown_class:%s" % cls.__name__)
assert TestEnv.apache_stop() == 0
def teardown_method(self, method):
print("teardown_method: %s" % method.__name__)
assert TestEnv.apache_stop() == 0
def teardown_method(self, method):
print("teardown_method: %s" % method.__name__)
assert TestEnv.apache_stop() == 0
