def test_500_107(self):
# test case: drive again on COMPLETE md, then drive --force
# setup: prepare md in store
domain = "test500-107-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([ name ])
assert TestEnv.apache_start() == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
self._check_md_cert([ name ])
orig_cert = CertUtil(TestEnv.path_domain_pubcert(name))
# drive again
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
self._check_md_cert([ name ])
cert = CertUtil(TestEnv.path_domain_pubcert(name))
# check: cert not changed
assert cert.get_serial() == orig_cert.get_serial()
# drive --force
assert TestEnv.a2md( [ "-vv", "drive", "--force", name ] )['rv'] == 0
self._check_md_cert([ name ])
cert = CertUtil(TestEnv.path_domain_pubcert(name))
# check: cert not changed
assert cert.get_serial() != orig_cert.get_serial()
# check: previous cert was archived
cert = CertUtil(TestEnv.path_domain_pubcert( name, archiveVersion=2 ))
assert cert.get_serial() == orig_cert.get_serial()
def test_500_201(self, renewWindow, testDataList):
# test case: trigger cert renew when entering renew window
# setup: prepare COMPLETE md
domain = "test500-201-" + TestDrive.dns_uniq
name = "www." + domain
conf = HttpdConf( TestDrive.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_drive_mode( "manual" )
conf.add_renew_window( renewWindow )
conf.add_md( [name] )
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md([ "list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE
# setup: drive it
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
cert1 = CertUtil(TestEnv.path_domain_pubcert(name))
assert TestEnv.a2md([ "list", name ])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
# replace cert by self-signed one -> check md status
print "TRACE: start testing renew window: %s" % renewWindow
for tc in testDataList:
print "TRACE: create self-signed cert: %s" % tc["valid"]
CertUtil.create_self_signed_cert( [name], tc["valid"])
cert2 = CertUtil(TestEnv.path_domain_pubcert(name))
assert cert2.get_serial() != cert1.get_serial()
md = TestEnv.a2md([ "list", name ])['jout']['output'][0]
assert md["renew"] == tc["renew"], \
"Expected renew == {} indicator in {}, test case {}".format(tc["renew"], md, tc)
def test_120_002(self):
# test case: validate md state in store
# check: md without pkey/cert -> INCOMPLETE
name = "example.org"
assert TestEnv.a2md(["add", name])['rv'] == 0
assert TestEnv.a2md(["update", name, "contacts",
"admin@" + name])['rv'] == 0
assert TestEnv.a2md(["update", name, "agreement",
TestEnv.ACME_TOS])['rv'] == 0
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE
# check: valid pkey/cert -> COMPLETE
copyfile(self._path_conf_ssl("valid_pkey.pem"),
TestEnv.path_domain_privkey(name))
copyfile(self._path_conf_ssl("valid_cert.pem"),
TestEnv.path_domain_pubcert(name))
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
# check: expired cert -> EXPIRED
copyfile(self._path_conf_ssl("expired_pkey.pem"),
TestEnv.path_domain_privkey(name))
copyfile(self._path_conf_ssl("expired_cert.pem"),
TestEnv.path_domain_pubcert(name))
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_EXPIRED
def test_600_002(self):
# test case: one md, that covers two vhosts
domain = "r002-" + TestRoundtrip.dns_uniq
nameA = "test-a." + domain
nameB = "test-b." + domain
dnsList = [domain, nameA, nameB]
# - generate config with one md
conf = HttpdConf(TestRoundtrip.TMP_CONF, True)
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md(dnsList)
conf.install()
# - restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dnsList)
# - drive
assert TestEnv.a2md(["drive", domain])['rv'] == 0
self._check_md_cert(dnsList)
# - append vhost to config
conf.add_vhost(TestEnv.HTTPS_PORT,
nameA,
aliasList=[],
docRoot="htdocs/a",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.add_vhost(TestEnv.HTTPS_PORT,
nameB,
aliasList=[],
docRoot="htdocs/b",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.install()
# - create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"),
"name.txt", nameB)
# check: SSL is running OK
assert TestEnv.apache_restart() == 0
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, nameA)
assert nameA in certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
assert TestEnv.get_content(nameA, "/name.txt") == nameA
assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_700_031(self):
domain = "test700-031-" + TestAuto.dns_uniq
nameX = "test-x." + domain
nameA = "test-a." + domain
nameB = "test-b." + domain
nameC = "test-c." + domain
dns_list = [ nameX, nameA, nameB ]
# generate 1 MD and 2 vhosts
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a",
withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ),
keyPath=TestEnv.path_domain_privkey( domain ) )
conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b",
withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ),
keyPath=TestEnv.path_domain_privkey( domain ) )
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
self._check_md_names( nameX, dns_list )
assert TestEnv.await_completion( [ nameX ] )
self._check_md_cert( dns_list )
# check: SSL is running OK
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA)
assert nameA in certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
# change MD by removing 1st name
new_list = [ nameA, nameB, nameC ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_md( new_list )
conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a",
withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ),
keyPath=TestEnv.path_domain_privkey( domain ) )
conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b",
withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ),
keyPath=TestEnv.path_domain_privkey( domain ) )
conf.install()
# restart, check that host still works and have same cert
assert TestEnv.apache_restart() == 0
self._check_md_names( nameX, new_list )
assert TestEnv.await_completion( [ nameX ] )
certA2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA)
assert nameA in certA2.get_san_list()
assert certA.get_serial() != certA2.get_serial()
def test_120_003(self):
# test case: broken cert file
#setup: prepare md in store
name = "not-forbidden.org"
assert TestEnv.a2md(["add", name])['rv'] == 0
assert TestEnv.a2md([ "update", name, "contacts", "admin@" + name ])['rv'] == 0
assert TestEnv.a2md([ "update", name, "agreement", TestEnv.ACME_TOS ])['rv'] == 0
# check: valid pkey/cert -> COMPLETE
copyfile(self._path_conf_ssl("valid_pkey.pem"), TestEnv.path_domain_privkey(name))
copyfile(self._path_conf_ssl("valid_cert.pem"), TestEnv.path_domain_pubcert(name))
assert TestEnv.a2md([ "list", name ])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
# check: replace cert by broken file -> ERROR
copyfile(self._path_conf_ssl("valid_cert.req"), TestEnv.path_domain_pubcert(name))
assert TestEnv.a2md([ "list", name ])['jout']['output'][0]['state'] == TestEnv.MD_S_ERROR
def test_700_032(self):
domain = "test700-032-" + TestAuto.dns_uniq
name1 = "server1." + domain
name2 = "server2." + TestAuto.dns_uniq # need a separate TLD to avoid rate limites
# generate 2 MDs and 2 vhosts
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf._add_line( "MDMembers auto" )
conf.add_md( [ name1 ] )
conf.add_md( [ name2 ] )
conf.add_vhost( TestEnv.HTTPS_PORT, name1, aliasList=[], docRoot="htdocs/a",
withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ),
keyPath=TestEnv.path_domain_privkey( domain ) )
conf.add_vhost( TestEnv.HTTPS_PORT, name2, aliasList=[], docRoot="htdocs/b",
withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ),
keyPath=TestEnv.path_domain_privkey( domain ) )
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
self._check_md_names( name1, [ name1 ] )
self._check_md_names( name2, [ name2 ] )
assert TestEnv.await_completion( [ name1 ] )
self._check_md_cert( [ name2 ] )
# check: SSL is running OK
cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, name1)
assert name1 in cert1.get_san_list()
cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, name2)
assert name2 in cert2.get_san_list()
# remove second md and vhost, add name2 to vhost1
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf._add_line( "MDMembers auto" )
conf.add_md( [ name1 ] )
conf.add_vhost( TestEnv.HTTPS_PORT, name1, aliasList=[ name2 ], docRoot="htdocs/a",
withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ),
keyPath=TestEnv.path_domain_privkey( domain ) )
conf.install()
# restart, check that host still works and have same cert
assert TestEnv.apache_restart() == 0
self._check_md_names( name1, [ name1, name2 ] )
assert TestEnv.await_completion( [ name1 ] )
cert1b = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, name1)
assert name1 in cert1b.get_san_list()
assert name2 in cert1b.get_san_list()
assert cert1.get_serial() != cert1b.get_serial()
def test_700_003(self):
domain = "test700-003-" + TestAuto.dns_uniq
nameA = "test-a." + domain
nameB = "test-b." + domain
dns_list = [domain, nameA, nameB]
# generate 1 MD and 2 vhosts
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT,
nameA,
aliasList=[],
docRoot="htdocs/a",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.add_vhost(TestEnv.HTTPS_PORT,
nameB,
aliasList=[],
docRoot="htdocs/b",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.install()
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"),
"name.txt", nameB)
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
assert TestEnv.await_completion([domain])
self._check_md_cert(dns_list)
# check: SSL is running OK
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, nameA)
assert nameA in certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
assert TestEnv.get_content(nameA, "/name.txt") == nameA
assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_7009(self):
domain = self.test_domain
dns_list = [domain]
# prepare md
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_renew_window("10d")
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True)
conf.install()
# restart (-> drive), check that md+cert is in store, TLS is up
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], 30)
self._check_md_cert(dns_list)
cert1 = CertUtil(TestEnv.path_domain_pubcert(domain))
# fetch cert from server
cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert cert1.get_serial() == cert2.get_serial()
# create self-signed cert, with critical remaining valid duration -> drive again
CertUtil.create_self_signed_cert([domain], {
"notBefore": -120,
"notAfter": 9
})
cert3 = CertUtil(TestEnv.path_domain_pubcert(domain))
assert cert3.get_serial() == 1000
time.sleep(1)
assert TestEnv.a2md(["list",
domain])['jout']['output'][0]['renew'] == True
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], 30)
# fetch cert from server -> self-signed still active, activation of new ACME is delayed
cert4 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert cert4.get_serial() == cert3.get_serial()
time.sleep(1)
# restart -> new ACME cert becomes active
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_start() == 0
time.sleep(1)
cert5 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert cert5.get_serial() != cert3.get_serial()
def test_700_006(self):
domain = "test700-006-" + TestAuto.dns_uniq
nameA = "test-a." + domain
dns_list = [ domain, nameA ]
# generate 1 MD, 1 vhost
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_ca_challenges([ "invalid-01", "invalid-02" ])
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a",
withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ),
keyPath=TestEnv.path_domain_privkey( domain ) )
conf.install()
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA)
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
time.sleep( 2 )
# assert drive did not start
md = TestEnv.a2md([ "-j", "list", domain ])['jout']['output'][0]
assert md['state'] == TestEnv.MD_S_INCOMPLETE
assert 'account' not in md['ca']
assert TestEnv.apache_err_scan( re.compile('.*\[md:warn\].*the server offers no ACME challenge that is configured for this MD') )
# check: that request to domains give 503 Service Unavailable
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA)
assert nameA in cert.get_san_list()
assert TestEnv.getStatus(nameA, "/name.txt") == 503
def test_700_005(self):
domain = "test700-005-" + TestAuto.dns_uniq
nameA = "test-a." + domain
dns_list = [ domain, nameA ]
# generate 1 MD and 1 vhost
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_drive_mode( "manual" )
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a",
withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ),
keyPath=TestEnv.path_domain_privkey( domain ) )
conf.install()
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA)
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
assert TestEnv.await_renew_state( [ domain ] )
# check: that request to domains give 503 Service Unavailable
cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA)
assert nameA in cert1.get_san_list()
assert TestEnv.getStatus(nameA, "/name.txt") == 503
# check temporary cert from server
cert2 = CertUtil( TestEnv.path_fallback_cert( domain ) )
assert cert1.get_serial() == cert2.get_serial(), \
"Unexpected temporary certificate on vhost %s. Expected cn: %s , but found cn: %s" % ( nameA, cert2.get_cn(), cert1.get_cn() )
def _check_md_cert(self, dns_list):
name = dns_list[0]
md = self._get_md(name)
# check tos agreement, cert url
assert md['state'] == TestEnv.MD_S_COMPLETE
assert os.path.isfile(TestEnv.path_domain_privkey(name))
assert os.path.isfile(TestEnv.path_domain_pubcert(name))
def _check_md_cert(self, dns_list):
name = dns_list[0]
md = TestEnv.a2md([ "list", name ])['jout']['output'][0]
# check tos agreement, cert url
assert md['state'] == TestEnv.MD_S_COMPLETE
assert os.path.isfile( TestEnv.path_domain_privkey(name) )
assert os.path.isfile( TestEnv.path_domain_pubcert(name) )
def _check_md_cert(self, dnsList):
name = dnsList[0]
md = TestEnv.a2md([ "list", name ])['jout']['output'][0]
# check tos agreement, cert url
assert md['state'] == TestEnv.MD_S_COMPLETE
# check private key, validate certificate
# TODO: find storage-independent way to read local certificate
# md_store = json.loads( open( TestEnv.path_store_json(), 'r' ).read() )
# encryptKey = md_store['key']
# print "key (%s): %s" % ( type(encryptKey), encryptKey )
CertUtil.validate_privkey(TestEnv.path_domain_privkey(name))
cert = CertUtil( TestEnv.path_domain_pubcert(name) )
cert.validate_cert_matches_priv_key( TestEnv.path_domain_privkey(name) )
# check SANs and CN
assert cert.get_cn() == name
# compare sets twice in opposite directions: SAN may not respect ordering
sanList = cert.get_san_list()
assert len(sanList) == len(dnsList)
assert set(sanList).issubset(dnsList)
assert set(dnsList).issubset(sanList)
# check valid dates interval
notBefore = cert.get_not_before()
notAfter = cert.get_not_after()
assert notBefore < datetime.now(notBefore.tzinfo)
assert notAfter > datetime.now(notAfter.tzinfo)
def test_8003(self):
domain = self.test_domain
dns_list = [domain]
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_must_staple("on")
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
assert TestEnv.apache_restart() == 0
self._check_md_cert(dns_list)
cert1 = CertUtil(TestEnv.path_domain_pubcert(domain))
assert cert1.get_must_staple()
# toggle MDMustStaple off, expect a cert that has it disabled
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_must_staple("off")
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
assert TestEnv.apache_restart() == 0
self._check_md_cert(dns_list)
cert1 = CertUtil(TestEnv.path_domain_pubcert(domain))
assert not cert1.get_must_staple()
# toggle MDMustStaple on again, expect a cert that has it enabled
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_must_staple("on")
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
assert TestEnv.apache_restart() == 0
self._check_md_cert(dns_list)
cert1 = CertUtil(TestEnv.path_domain_pubcert(domain))
assert cert1.get_must_staple()
def test_500_301(self):
# test case: change contact info on existing valid md
# setup: create md in store
domain = "test500-301-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([ name ])
assert TestEnv.apache_start() == 0
# setup: drive it
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
old_cert = CertUtil(TestEnv.path_domain_pubcert(name))
# setup: add second domain
assert TestEnv.a2md([ "update", name, "contacts", "test@" + domain ])['rv'] == 0
# drive
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
# compare cert serial
new_cert = CertUtil(TestEnv.path_domain_pubcert(name))
assert old_cert.get_serial() == new_cert.get_serial()
def test_500_300(self):
# test case: remove one domain name from existing valid md
# setup: create md in store
domain = "test500-300-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([ name, "test." + domain, "xxx." + domain ])
assert TestEnv.apache_start() == 0
# setup: drive it
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
old_cert = CertUtil(TestEnv.path_domain_pubcert(name))
# setup: remove one domain
assert TestEnv.a2md([ "update", name, "domains"] + [ name, "test." + domain ])['rv'] == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
# compare cert serial
new_cert = CertUtil(TestEnv.path_domain_pubcert(name))
assert old_cert.get_serial() == new_cert.get_serial()
def test_500_200(self):
# test case: add dns name on existing valid md
# setup: create md in store
domain = "test500-200-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([ name ])
assert TestEnv.apache_start() == 0
# setup: drive it
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
old_cert = CertUtil(TestEnv.path_domain_pubcert(name))
# setup: add second domain
assert TestEnv.a2md([ "update", name, "domains", name, "test." + domain ])['rv'] == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
# check new cert
self._check_md_cert([ name, "test." + domain ])
new_cert = CertUtil(TestEnv.path_domain_pubcert(name))
assert old_cert.get_serial() != new_cert.get_serial()
def test_8001(self):
domain = self.test_domain
dns_list = [domain]
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True)
conf.install()
# - restart (-> drive), check that md is in store
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
assert TestEnv.apache_restart() == 0
self._check_md_cert(dns_list)
cert1 = CertUtil(TestEnv.path_domain_pubcert(domain))
assert not cert1.get_must_staple()
def test_7007(self):
domain = self.test_domain
dns_list = [ domain ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_drive_mode( "always" )
conf.add_must_staple( "on" )
conf.add_md( dns_list )
conf.install()
# - restart (-> drive), check that md is in store
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion( [ domain ], 30 )
assert TestEnv.apache_restart() == 0
self._check_md_cert( dns_list )
cert1 = CertUtil( TestEnv.path_domain_pubcert(domain) )
assert cert1.get_must_staple()
def test_500_202(self, keyType, keyParams, expKeyLength):
# test case: specify RSA key length and verify resulting cert key
# setup: prepare md
domain = "test500-202-" + TestDrive.dns_uniq
name = "www." + domain
conf = HttpdConf( TestDrive.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_drive_mode( "manual" )
conf.add_private_key(keyType, keyParams)
conf.add_md( [name] )
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md([ "list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE
# setup: drive it
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0, \
"Expected drive to succeed for MDPrivateKeys {} {}".format(keyType, keyParams)
assert TestEnv.a2md([ "list", name ])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
# check cert key length
cert = CertUtil(TestEnv.path_domain_pubcert(name))
assert cert.get_key_length() == expKeyLength
