def test_add_http_directives(self): nparser = parser.NginxParser(self.config_path, self.ssl_options) filep = nparser.abs_path('nginx.conf') block = [['server'], [['listen', '80'], ['server_name', 'localhost']]] nparser.add_http_directives(filep, block) root = nparser.parsed[filep] self.assertTrue(util.contains_at_depth(root, ['http'], 1)) self.assertTrue(util.contains_at_depth(root, block, 2)) # Check that our server block got inserted first among all server # blocks. http_block = [x for x in root if x[0] == ['http']][0][1] server_blocks = [x for x in http_block if x[0] == ['server']] self.assertEqual(server_blocks[0], block)
def test_deploy_cert_stapling(self): # Choose a version of Nginx greater than 1.3.7 so stapling code gets # invoked. self.config.version = (1, 9, 6) example_conf = self.config.parser.abs_path("sites-enabled/example.com") self.config.deploy_cert( "www.example.com", "example/cert.pem", "example/key.pem", "example/chain.pem", "example/fullchain.pem" ) self.config.save() self.config.parser.load() generated_conf = self.config.parser.parsed[example_conf] self.assertTrue(util.contains_at_depth(generated_conf, ["ssl_stapling", "on"], 2)) self.assertTrue(util.contains_at_depth(generated_conf, ["ssl_stapling_verify", "on"], 2)) self.assertTrue(util.contains_at_depth(generated_conf, ["ssl_trusted_certificate", "example/chain.pem"], 2))
def test_perform2(self): acme_responses = [] for achall in self.achalls: self.sni.add_chall(achall) acme_responses.append(achall.response(self.account_key)) mock_setup_cert = mock.MagicMock(side_effect=acme_responses) # pylint: disable=protected-access self.sni._setup_challenge_cert = mock_setup_cert sni_responses = self.sni.perform() self.assertEqual(mock_setup_cert.call_count, 3) for index, achall in enumerate(self.achalls): self.assertEqual( mock_setup_cert.call_args_list[index], mock.call(achall)) http = self.sni.configurator.parser.parsed[ self.sni.configurator.parser.loc["root"]][-1] self.assertTrue(['include', self.sni.challenge_conf] in http[1]) self.assertTrue( util.contains_at_depth(http, ['server_name', 'blah'], 3)) self.assertEqual(len(sni_responses), 3) for i in xrange(3): self.assertEqual(sni_responses[i], acme_responses[i])
def test_deploy_cert(self): server_conf = self.config.parser.abs_path('server.conf') nginx_conf = self.config.parser.abs_path('nginx.conf') example_conf = self.config.parser.abs_path('sites-enabled/example.com') # Choose a version of Nginx less than 1.3.7 so stapling code doesn't get # invoked. self.config.version = (1, 3, 1) # Get the default SSL vhost self.config.deploy_cert( "www.example.com", "example/cert.pem", "example/key.pem", "example/chain.pem", "example/fullchain.pem") self.config.deploy_cert( "another.alias", "/etc/nginx/cert.pem", "/etc/nginx/key.pem", "/etc/nginx/chain.pem", "/etc/nginx/fullchain.pem") self.config.save() self.config.parser.load() parsed_example_conf = util.filter_comments(self.config.parser.parsed[example_conf]) parsed_server_conf = util.filter_comments(self.config.parser.parsed[server_conf]) parsed_nginx_conf = util.filter_comments(self.config.parser.parsed[nginx_conf]) self.assertEqual([[['server'], [ ['listen', '69.50.225.155:9000'], ['listen', '127.0.0.1'], ['server_name', '.example.com'], ['server_name', 'example.*'], ['listen', '5001 ssl'], ['ssl_certificate', 'example/fullchain.pem'], ['ssl_certificate_key', 'example/key.pem'], ['include', self.config.parser.loc["ssl_options"]] ]]], parsed_example_conf) self.assertEqual([['server_name', 'somename alias another.alias']], parsed_server_conf) self.assertTrue(util.contains_at_depth( parsed_nginx_conf, [['server'], [ ['listen', '8000'], ['listen', 'somename:8080'], ['include', 'server.conf'], [['location', '/'], [['root', 'html'], ['index', 'index.html index.htm']]], ['listen', '5001 ssl'], ['ssl_certificate', '/etc/nginx/fullchain.pem'], ['ssl_certificate_key', '/etc/nginx/key.pem'], ['include', self.config.parser.loc["ssl_options"]]]], 2))
def test_redirect_enhance(self): expected = [["if", '($scheme != "https")'], [["return", "301 https://$host$request_uri"]]] example_conf = self.config.parser.abs_path("sites-enabled/example.com") self.config.enhance("www.example.com", "redirect") generated_conf = self.config.parser.parsed[example_conf] self.assertTrue(util.contains_at_depth(generated_conf, expected, 2))
def test_redirect_enhance(self): expected = [['if', '($scheme != "https")'], [['return', '301 https://$host$request_uri']]] example_conf = self.config.parser.abs_path('sites-enabled/example.com') self.config.enhance("www.example.com", "redirect") generated_conf = self.config.parser.parsed[example_conf] self.assertTrue(util.contains_at_depth(generated_conf, expected, 2))
def test_deploy_cert_stapling(self): # Choose a version of Nginx greater than 1.3.7 so stapling code gets # invoked. self.config.version = (1, 9, 6) example_conf = self.config.parser.abs_path('sites-enabled/example.com') self.config.deploy_cert("www.example.com", "example/cert.pem", "example/key.pem", "example/chain.pem", "example/fullchain.pem") self.config.save() self.config.parser.load() generated_conf = self.config.parser.parsed[example_conf] self.assertTrue( util.contains_at_depth(generated_conf, ['ssl_stapling', 'on'], 2)) self.assertTrue( util.contains_at_depth(generated_conf, ['ssl_stapling_verify', 'on'], 2)) self.assertTrue( util.contains_at_depth( generated_conf, ['ssl_trusted_certificate', 'example/chain.pem'], 2))
def test_perform1(self, mock_save): self.sni.add_chall(self.achalls[0]) response = self.achalls[0].gen_response(self.account_key) mock_setup_cert = mock.MagicMock(return_value=response) # pylint: disable=protected-access self.sni._setup_challenge_cert = mock_setup_cert responses = self.sni.perform() mock_setup_cert.assert_called_once_with(self.achalls[0]) self.assertEqual([response], responses) self.assertEqual(mock_save.call_count, 2) # Make sure challenge config is included in main config http = self.sni.configurator.parser.parsed[self.sni.configurator.parser.loc["root"]][-1] self.assertTrue(util.contains_at_depth(http, ["include", self.sni.challenge_conf], 1))
def test_perform1(self, mock_save): self.sni.add_chall(self.achalls[0]) response = self.achalls[0].response(self.account_key) mock_setup_cert = mock.MagicMock(return_value=response) # pylint: disable=protected-access self.sni._setup_challenge_cert = mock_setup_cert responses = self.sni.perform() mock_setup_cert.assert_called_once_with(self.achalls[0]) self.assertEqual([response], responses) self.assertEqual(mock_save.call_count, 2) # Make sure challenge config is included in main config http = self.sni.configurator.parser.parsed[ self.sni.configurator.parser.loc["root"]][-1] self.assertTrue( util.contains_at_depth(http, ['include', self.sni.challenge_conf], 1))
def test_deploy_cert(self): server_conf = self.config.parser.abs_path("server.conf") nginx_conf = self.config.parser.abs_path("nginx.conf") example_conf = self.config.parser.abs_path("sites-enabled/example.com") # Choose a version of Nginx less than 1.3.7 so stapling code doesn't get # invoked. self.config.version = (1, 3, 1) # Get the default SSL vhost self.config.deploy_cert( "www.example.com", "example/cert.pem", "example/key.pem", "example/chain.pem", "example/fullchain.pem" ) self.config.deploy_cert( "another.alias", "/etc/nginx/cert.pem", "/etc/nginx/key.pem", "/etc/nginx/chain.pem", "/etc/nginx/fullchain.pem", ) self.config.save() self.config.parser.load() parsed_example_conf = util.filter_comments(self.config.parser.parsed[example_conf]) parsed_server_conf = util.filter_comments(self.config.parser.parsed[server_conf]) parsed_nginx_conf = util.filter_comments(self.config.parser.parsed[nginx_conf]) access_log = os.path.join(self.work_dir, "access.log") error_log = os.path.join(self.work_dir, "error.log") self.assertEqual( [ [ ["server"], [ ["include", self.config.parser.loc["ssl_options"]], ["ssl_certificate_key", "example/key.pem"], ["ssl_certificate", "example/fullchain.pem"], ["error_log", error_log], ["access_log", access_log], ["listen", "5001 ssl"], ["listen", "69.50.225.155:9000"], ["listen", "127.0.0.1"], ["server_name", ".example.com"], ["server_name", "example.*"], ], ] ], parsed_example_conf, ) self.assertEqual([["server_name", "somename alias another.alias"]], parsed_server_conf) self.assertTrue( util.contains_at_depth( parsed_nginx_conf, [ ["server"], [ ["include", self.config.parser.loc["ssl_options"]], ["ssl_certificate_key", "/etc/nginx/key.pem"], ["ssl_certificate", "/etc/nginx/fullchain.pem"], ["error_log", error_log], ["access_log", access_log], ["listen", "5001 ssl"], ["listen", "8000"], ["listen", "somename:8080"], ["include", "server.conf"], [["location", "/"], [["root", "html"], ["index", "index.html index.htm"]]], ], ], 2, ) )