Example #1
0
 def test_default_listen_addresses_t_f(self, ipv6_info):
     # pylint: disable=protected-access
     ipv6_info.return_value = (True, False)
     addrs = self.http01._default_listen_addresses()
     http_addr = Addr.fromstring("80")
     http_ipv6_addr = Addr.fromstring("[::]:80 ipv6only=on")
     self.assertEqual(addrs, [http_addr, http_ipv6_addr])
Example #2
0
    def _default_listen_addresses(self) -> List[Addr]:
        """Finds addresses for a challenge block to listen on.
        :returns: list of :class:`certbot_nginx._internal.obj.Addr` to apply
        :rtype: list
        """
        addresses: List[Optional[Addr]] = []
        default_addr = "%s" % self.configurator.config.http01_port
        ipv6_addr = "[::]:{0}".format(
            self.configurator.config.http01_port)
        port = self.configurator.config.http01_port

        ipv6, ipv6only = self.configurator.ipv6_info(str(port))

        if ipv6:
            # If IPv6 is active in Nginx configuration
            if not ipv6only:
                # If ipv6only=on is not already present in the config
                ipv6_addr = ipv6_addr + " ipv6only=on"
            addresses = [Addr.fromstring(default_addr),
                         Addr.fromstring(ipv6_addr)]
            logger.debug(("Using default addresses %s and %s for authentication."),
                        default_addr,
                        ipv6_addr)
        else:
            addresses = [Addr.fromstring(default_addr)]
            logger.debug("Using default address %s for authentication.",
                        default_addr)

        return [address for address in addresses if address]
Example #3
0
    def test_set_inclusion(self):
        from certbot_nginx._internal.obj import Addr
        set_a = {self.addr1, self.addr2}
        addr1b = Addr.fromstring("192.168.1.1")
        addr2b = Addr.fromstring("192.168.1.1:* ssl")
        set_b = {addr1b, addr2b}

        self.assertEqual(set_a, set_b)
Example #4
0
 def test_contains_list(self):
     from certbot_nginx._internal.obj import VirtualHost
     from certbot_nginx._internal.obj import Addr
     from certbot_nginx._internal.configurator import _test_block_from_block
     test_block = [[
         '\n    ', 'return', ' ', '301', ' ', 'https://$host$request_uri'
     ], ['\n']]
     test_needle = _test_block_from_block(test_block)
     test_haystack = [
         ['listen', '80'], ['root', '/var/www/html'],
         ['index', 'index.html index.htm index.nginx-debian.html'],
         ['server_name', 'two.functorkitten.xyz'], ['listen', '443 ssl'],
         ['#', ' managed by Certbot'],
         [
             'ssl_certificate',
             '/etc/letsencrypt/live/two.functorkitten.xyz/fullchain.pem'
         ], ['#', ' managed by Certbot'],
         [
             'ssl_certificate_key',
             '/etc/letsencrypt/live/two.functorkitten.xyz/privkey.pem'
         ], ['#', ' managed by Certbot'],
         ['return', '301', 'https://$host$request_uri'],
         ['#', ' managed by Certbot'], []
     ]
     vhost_haystack = VirtualHost("filp",
                                  set([Addr.fromstring("localhost")]),
                                  False, False, set(['localhost']),
                                  test_haystack, [])
     test_bad_haystack = [
         ['listen', '80'], ['root', '/var/www/html'],
         ['index', 'index.html index.htm index.nginx-debian.html'],
         ['server_name', 'two.functorkitten.xyz'], ['listen', '443 ssl'],
         ['#', ' managed by Certbot'],
         [
             'ssl_certificate',
             '/etc/letsencrypt/live/two.functorkitten.xyz/fullchain.pem'
         ], ['#', ' managed by Certbot'],
         [
             'ssl_certificate_key',
             '/etc/letsencrypt/live/two.functorkitten.xyz/privkey.pem'
         ], ['#', ' managed by Certbot'],
         [['if', '($scheme', '!=', '"https")'],
          [['return', '302', 'https://$host$request_uri']]],
         ['#', ' managed by Certbot'], []
     ]
     vhost_bad_haystack = VirtualHost("filp",
                                      set([Addr.fromstring("localhost")]),
                                      False, False, set(['localhost']),
                                      test_bad_haystack, [])
     self.assertTrue(vhost_haystack.contains_list(test_needle))
     self.assertFalse(vhost_bad_haystack.contains_list(test_needle))
Example #5
0
 def setUp(self):
     from certbot_nginx._internal.obj import VirtualHost
     from certbot_nginx._internal.obj import Addr
     raw1 = [
         ['listen', '69.50.225.155:9000'],
         [['if', '($scheme', '!=', '"https") '],
             [['return', '301', 'https://$host$request_uri']]
         ],
         ['#', ' managed by Certbot']
     ]
     self.vhost1 = VirtualHost(
         "filep",
         {Addr.fromstring("localhost")}, False, False,
         {'localhost'}, raw1, [])
     raw2 = [
         ['listen', '69.50.225.155:9000'],
         [['if', '($scheme', '!=', '"https") '],
             [['return', '301', 'https://$host$request_uri']]
         ]
     ]
     self.vhost2 = VirtualHost(
         "filep",
         {Addr.fromstring("localhost")}, False, False,
         {'localhost'}, raw2, [])
     raw3 = [
         ['listen', '69.50.225.155:9000'],
         ['rewrite', '^(.*)$', '$scheme://www.domain.com$1', 'permanent']
     ]
     self.vhost3 = VirtualHost(
         "filep",
         {Addr.fromstring("localhost")}, False, False,
         {'localhost'}, raw3, [])
     raw4 = [
         ['listen', '69.50.225.155:9000'],
         ['server_name', 'return.com']
     ]
     self.vhost4 = VirtualHost(
         "filp",
         {Addr.fromstring("localhost")}, False, False,
         {'localhost'}, raw4, [])
     raw_has_hsts = [
         ['listen', '69.50.225.155:9000'],
         ['server_name', 'return.com'],
         ['add_header', 'always', 'set', 'Strict-Transport-Security', '\"max-age=31536000\"'],
     ]
     self.vhost_has_hsts = VirtualHost(
         "filep",
         {Addr.fromstring("localhost")}, False, False,
         {'localhost'}, raw_has_hsts, [])
Example #6
0
 def setUp(self):
     from certbot_nginx._internal.obj import Addr
     self.addr1 = Addr.fromstring("192.168.1.1")
     self.addr2 = Addr.fromstring("192.168.1.1:* ssl")
     self.addr3 = Addr.fromstring("192.168.1.1:80")
     self.addr4 = Addr.fromstring("*:80 default_server ssl")
     self.addr5 = Addr.fromstring("myhost")
     self.addr6 = Addr.fromstring("80 default_server spdy")
     self.addr7 = Addr.fromstring("unix:/var/run/nginx.sock")
     self.addr8 = Addr.fromstring("*:80 default ssl")
Example #7
0
    def test_eq(self):
        from certbot_nginx._internal.obj import Addr
        from certbot_nginx._internal.obj import VirtualHost
        vhost1b = VirtualHost("filep", {Addr.fromstring("localhost blah")},
                              False, False, {'localhost'}, [], [])

        self.assertEqual(vhost1b, self.vhost1)
        self.assertEqual(str(vhost1b), str(self.vhost1))
        self.assertFalse(vhost1b == 1234)
Example #8
0
    def test_equivalent_any_addresses(self):
        from certbot_nginx._internal.obj import Addr
        any_addresses = ("0.0.0.0:80 default_server ssl",
                         "80 default_server ssl", "*:80 default_server ssl",
                         "80 default ssl")
        for first, second in itertools.combinations(any_addresses, 2):
            self.assertEqual(Addr.fromstring(first), Addr.fromstring(second))

        # Also, make sure ports are checked.
        self.assertNotEqual(Addr.fromstring(any_addresses[0]),
                            Addr.fromstring("0.0.0.0:443 default_server ssl"))

        # And they aren't equivalent to a specified address.
        for any_address in any_addresses:
            self.assertNotEqual(
                Addr.fromstring("192.168.1.2:80 default_server ssl"),
                Addr.fromstring(any_address))
Example #9
0
 def test_eq(self):
     from certbot_nginx._internal.obj import Addr
     new_addr1 = Addr.fromstring("192.168.1.1 spdy")
     self.assertEqual(self.addr1, new_addr1)
     self.assertNotEqual(self.addr1, self.addr2)
     self.assertFalse(self.addr1 == 3333)