def _check_md_cert(self, dnsList): name = dnsList[0] md = TestEnv.a2md([ "list", name ])['jout']['output'][0] # check tos agreement, cert url assert md['state'] == TestEnv.MD_S_COMPLETE # check private key, validate certificate # TODO: find storage-independent way to read local certificate # md_store = json.loads( open( TestEnv.path_store_json(), 'r' ).read() ) # encryptKey = md_store['key'] # print "key (%s): %s" % ( type(encryptKey), encryptKey ) CertUtil.validate_privkey(TestEnv.path_domain_privkey(name)) cert = CertUtil( TestEnv.path_domain_pubcert(name) ) cert.validate_cert_matches_priv_key( TestEnv.path_domain_privkey(name) ) # check SANs and CN assert cert.get_cn() == name # compare sets twice in opposite directions: SAN may not respect ordering sanList = cert.get_san_list() assert len(sanList) == len(dnsList) assert set(sanList).issubset(dnsList) assert set(dnsList).issubset(sanList) # check valid dates interval notBefore = cert.get_not_before() notAfter = cert.get_not_after() assert notBefore < datetime.now(notBefore.tzinfo) assert notAfter > datetime.now(notAfter.tzinfo)
def test_702_005(self): domain = self.test_domain nameA = "test-a." + domain domains = [domain, nameA] # # generate 1 MD and 1 vhost conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(domains) conf.add_vhost(nameA, docRoot="htdocs/a") conf.install() # # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # # check: that request to domains give 503 Service Unavailable cert1 = TestEnv.get_cert(nameA) assert nameA in cert1.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503 # # check temporary cert from server cert2 = CertUtil(TestEnv.path_fallback_cert(domain)) assert cert1.get_serial() == cert2.get_serial(), \ "Unexpected temporary certificate on vhost %s. Expected cn: %s , but found cn: %s" % ( nameA, cert2.get_cn(), cert1.get_cn() )
def test_700_005(self): domain = "test700-005-" + TestAuto.dns_uniq nameA = "test-a." + domain dns_list = [ domain, nameA ] # generate 1 MD and 1 vhost conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "manual" ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.install() # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_renew_state( [ domain ] ) # check: that request to domains give 503 Service Unavailable cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in cert1.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503 # check temporary cert from server cert2 = CertUtil( TestEnv.path_fallback_cert( domain ) ) assert cert1.get_serial() == cert2.get_serial(), \ "Unexpected temporary certificate on vhost %s. Expected cn: %s , but found cn: %s" % ( nameA, cert2.get_cn(), cert1.get_cn() )