def test_801_003(self): mdA = TestStapling.mdA mdB = TestStapling.mdB conf = TestStapling.configure_httpd() conf.add_line(""" <MDomain %s> MDStapling on </MDomain> <MDomain %s> </MDomain> """ % (mdA, mdB)) conf.add_vhost(mdA) conf.add_vhost(mdB) conf.install() assert TestEnv.apache_stop() == 0 assert TestEnv.apache_restart() == 0 # mdA has stapling stat = TestEnv.await_ocsp_status(mdA) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" stat = TestEnv.get_md_status(mdA) assert stat["stapling"] assert stat["cert"]["ocsp"]["status"] == "good" assert stat["cert"]["ocsp"]["valid"] # mdB has no stapling stat = TestEnv.get_ocsp_status(mdB) assert stat['ocsp'] == "no response sent" stat = TestEnv.get_md_status(mdB) assert not stat["stapling"]
def test_300_004(self): assert TestEnv.apache_stop() == 0 HttpdConf(text=""" MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org MDomain example2.org test3.not-forbidden.org www.example2.org mail.example2.org """).install() assert TestEnv.apache_fail() == 0
def test_801_004(self): md_a = TestStapling.mdA md_b = TestStapling.mdB conf = TestStapling.configure_httpd(ssl_stapling=True) conf.add_line(""" <MDomain %s> MDStapling on </MDomain> <MDomain %s> </MDomain> """ % (md_a, md_b)) conf.add_vhost(md_a) conf.add_vhost(md_b) conf.install() assert TestEnv.apache_stop() == 0 assert TestEnv.apache_restart() == 0 # mdA has stapling stat = TestEnv.await_ocsp_status(md_a) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" stat = TestEnv.get_md_status(md_a) assert stat["stapling"] pkey = 'rsa' assert stat["cert"][pkey]["ocsp"]["status"] == "good" assert stat["cert"][pkey]["ocsp"]["valid"] # mdB has no md stapling, but mod_ssl kicks in stat = TestEnv.get_ocsp_status(md_b) assert stat['ocsp'] == "successful (0x0)" stat = TestEnv.get_md_status(md_b) assert not stat["stapling"]
def test_300_009(self): assert TestEnv.apache_stop() == 0 HttpdConf(text=""" ServerAdmin [email protected] MDMembers manual MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org MDomain example2.org www.example2.org www.example3.org <VirtualHost *:12346> ServerName example2.org ServerAlias www.example3.org SSLEngine on </VirtualHost> <VirtualHost *:12346> ServerName www.example2.org ServerAlias example2.org SSLEngine on </VirtualHost> <VirtualHost *:12346> ServerName not-forbidden.org ServerAlias example2.org SSLEngine on </VirtualHost> """).install() assert TestEnv.apache_fail() == 0
def test_801_009(self): assert TestEnv.apache_stop() == 0 md = TestStapling.mdA domains = [md] testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009') # cert that is 30 more days valid TestEnv.create_self_signed_cert(domains, { "notBefore": -60, "notAfter": 30 }, serial=801009, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDCertificateFile %s" % cert_file) conf.add_line("MDCertificateKeyFile %s" % pkey_file) conf.add_line("MDStapling on") conf.end_md() conf.add_vhost(md) conf.install() assert TestEnv.apache_restart() == 0 time.sleep(1) stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "no response sent"
def test_801_002(self): md = TestStapling.mdA TestStapling.configure_httpd(md, ssl_stapling=True).install() assert TestEnv.apache_stop() == 0 assert TestEnv.apache_restart() == 0 stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" stat = TestEnv.get_md_status(md) assert not stat["stapling"] # # turn stapling on, wait for it to appear in connections TestStapling.configure_httpd(md, "MDStapling on", ssl_stapling=True).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" stat = TestEnv.get_md_status(md) assert stat["stapling"] pkey = 'rsa' assert stat["cert"][pkey]["ocsp"]["status"] == "good" assert stat["cert"][pkey]["ocsp"]["valid"] # # turn stapling off (explicitly) again, should disappear TestStapling.configure_httpd(md, "MDStapling off", ssl_stapling=True).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" stat = TestEnv.get_md_status(md) assert not stat["stapling"]
def test_801_008(self): assert TestEnv.apache_stop() == 0 # turn stapling on, wait for it to appear in connections md = TestStapling.mdA conf = TestStapling.configure_httpd() conf.add_line("MDStapling on") conf.start_vhost(md) conf.add_line(""" SSLCertificateKeyFile %s SSLCertificateFile %s """ % (TestEnv.store_domain_file( md, 'privkey.pem'), TestEnv.store_domain_file(md, 'pubcert.pem'))) conf.end_vhost() conf.install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" # fine the file where the ocsp response is stored dirpath = os.path.join(TestEnv.STORE_DIR, 'ocsp', 'other') files = os.listdir(dirpath) ocsp_file = None for name in files: if name.startswith("ocsp-"): ocsp_file = os.path.join(dirpath, name) assert ocsp_file
def test_901_003(self): domain = self.test_domain domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.add_drive_mode("auto") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) stat = TestEnv.get_md_status(domain) # this command did not fail and logged itself the correct information assert stat["renewal"]["last"]["status"] == 0 assert stat["renewal"]["log"]["entries"] assert stat["renewal"]["log"]["entries"][0]["type"] == "message-renewed" # shut down server to make sure that md has completed assert TestEnv.apache_stop() == 0 nlines = open(self.mlog).readlines() assert 3 == len(nlines) nlines = [s.strip() for s in nlines] assert "['{cmd}', '{logfile}', 'challenge-setup:http-01:{dns}', '{mdomain}']".format( cmd=self.mcmd, logfile=self.mlog, mdomain=domain, dns=domains[0]) in nlines assert "['{cmd}', '{logfile}', 'challenge-setup:http-01:{dns}', '{mdomain}']".format( cmd=self.mcmd, logfile=self.mlog, mdomain=domain, dns=domains[1]) in nlines assert nlines[2].strip() == "['{cmd}', '{logfile}', 'renewed', '{mdomain}']".format( cmd=self.mcmd, logfile=self.mlog, mdomain=domain)
def test_300_011b(self): assert TestEnv.apache_stop() == 0 HttpdConf(text=""" MDomain not-forbidden.org auto mail.not-forbidden.org <VirtualHost *:%s> ServerName not-forbidden.org ServerAlias test3.not-forbidden.org ServerAlias test4.not-forbidden.org SSLEngine on </VirtualHost> """ % (TestEnv.HTTPS_PORT)).install() assert TestEnv.apache_restart() == 0 assert (0, 0) == TestEnv.httpd_error_log_count()
def test_801_010(self): assert TestEnv.apache_stop() == 0 TestEnv.clear_ocsp_store() md = TestStapling.mdA domains = [md] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDStapling on") conf.end_md() conf.install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_server_status() assert stat
def test_801_005(self): # TODO: mod_watchdog seems to have problems sometimes with fast restarts # stopping first works. assert TestEnv.apache_stop() == 0 # turn stapling on, wait for it to appear in connections md = TestStapling.mdA TestStapling.configure_httpd(md, "MDStapling on").install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" # fine the file where the ocsp response is stored dirpath = os.path.join(TestEnv.STORE_DIR, 'ocsp', md) files = os.listdir(dirpath) ocsp_file = None for name in files: if name.startswith("ocsp-"): ocsp_file = os.path.join(dirpath, name) assert ocsp_file mtime1 = os.path.getmtime(ocsp_file) # wait a sec, restart and check that file does not change time.sleep(1) assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" mtime2 = os.path.getmtime(ocsp_file) assert mtime1 == mtime2 # configure a keep time of 1 second, restart, the file is gone # (which is a side effec that we load it before the cleanup removes it. # since it was valid, no new one needed fetching TestStapling.configure_httpd( md, """ MDStapling on MDStaplingKeepResponse 1s """).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert not os.path.exists(ocsp_file) # if we restart again, a new file needs to appear assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" mtime3 = os.path.getmtime(ocsp_file) assert mtime1 != mtime3
def test_801_006(self): assert TestEnv.apache_stop() == 0 # turn stapling on, wait for it to appear in connections md = TestStapling.mdA TestStapling.configure_httpd(md, "MDStapling on").install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" # fine the file where the ocsp response is stored dirpath = os.path.join(TestEnv.STORE_DIR, 'ocsp', md) files = os.listdir(dirpath) ocsp_file = None for name in files: if name.startswith("ocsp-"): ocsp_file = os.path.join(dirpath, name) assert ocsp_file mtime1 = os.path.getmtime(ocsp_file) assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" # wait a sec, restart and check that file does not change time.sleep(1) mtime2 = os.path.getmtime(ocsp_file) assert mtime1 == mtime2 # configure a renew window of 10 days, restart, larger than any life time. TestStapling.configure_httpd( md, """ MDStapling on MDStaplingRenewWindow 10d """).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" # wait a sec, restart and check that file does change time.sleep(1) mtime3 = os.path.getmtime(ocsp_file) assert mtime1 != mtime3
def test_901_003(self): domain = self.test_domain domains = [ domain, "www." + domain ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) ) conf.add_drive_mode( "auto" ) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ], restart=False ) stat = TestEnv.get_md_status(domain) # this command did not fail and logged itself the correct information assert stat["renewal"]["last"]["status"] == 0 assert stat["renewal"]["log"]["entries"] assert stat["renewal"]["log"]["entries"][0]["type"] == "message-renewed" # shut down server to make sure that md has completed assert TestEnv.apache_stop() == 0 nlines = open(self.mlog).readlines() assert 1+self.menv_lines == len(nlines) assert ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip() assert (re.match(r'MD_VERSION=(\d+\.\d+\.\d+)(-.+)?', nlines[1].strip())) assert ("MD_STORE=%s" % (TestEnv.STORE_DIR)) == nlines[2].strip()
def setup_module(module): print("setup_module: %s" % module.__name__) TestEnv.init() HttpdConf().install() assert TestEnv.apache_stop() == 0
def teardown_module(module): print("teardown_module:%s" % module.__name__) assert TestEnv.apache_stop() == 0
def teardown_module(module): print("teardown_module: %s" % module.__name__) assert TestEnv.apache_stop() == 0
def teardown_class(cls): print("teardown_class:%s" % cls.__name__) assert TestEnv.apache_stop() == 0
def teardown_method(self, method): print("teardown_method: %s" % method.__name__) assert TestEnv.apache_stop() == 0
def teardown_method(self, method): print("teardown_method: %s" % method.__name__) assert TestEnv.apache_stop() == 0