def test_500_201(self, renewWindow, testDataList): # test case: trigger cert renew when entering renew window # setup: prepare COMPLETE md domain = "test500-201-" + TestDrive.dns_uniq name = "www." + domain conf = HttpdConf( TestDrive.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "manual" ) conf.add_renew_window( renewWindow ) conf.add_md( [name] ) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md([ "list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE # setup: drive it assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0 cert1 = CertUtil(TestEnv.path_domain_pubcert(name)) assert TestEnv.a2md([ "list", name ])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE # replace cert by self-signed one -> check md status print "TRACE: start testing renew window: %s" % renewWindow for tc in testDataList: print "TRACE: create self-signed cert: %s" % tc["valid"] CertUtil.create_self_signed_cert( [name], tc["valid"]) cert2 = CertUtil(TestEnv.path_domain_pubcert(name)) assert cert2.get_serial() != cert1.get_serial() md = TestEnv.a2md([ "list", name ])['jout']['output'][0] assert md["renew"] == tc["renew"], \ "Expected renew == {} indicator in {}, test case {}".format(tc["renew"], md, tc)
def test_500_201(self, renewWindow, testDataList): # test case: trigger cert renew when entering renew window # setup: prepare COMPLETE md domain = self.test_domain name = "www." + domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_renew_window(renewWindow) conf.add_md([name]) conf.install() assert TestEnv.apache_restart() == 0 md = TestEnv.a2md(["list", name])['jout']['output'][0] assert md['state'] == TestEnv.MD_S_INCOMPLETE assert md['renew-window'] == renewWindow # setup: drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 cert1 = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) md = TestEnv.a2md(["list", name])['jout']['output'][0] assert md['state'] == TestEnv.MD_S_COMPLETE assert md['renew-window'] == renewWindow # replace cert by self-signed one -> check md status print("TRACE: start testing renew window: %s" % renewWindow) for tc in testDataList: print("TRACE: create self-signed cert: %s" % tc["valid"]) CertUtil.create_self_signed_cert([name], tc["valid"]) cert2 = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) assert cert2.get_serial() != cert1.get_serial() r = TestEnv.a2md(["-vvvv", "list", name]) md = r['jout']['output'][0] assert md["renew"] == tc["renew"], \ "Expected renew == {} indicator in {}, test case {}, stderr {}".format(tc["renew"], md, tc, r['stderr'])
def test_700_009(self): domain = self.test_domain dns_list = [ domain ] # prepare md conf = HttpdConf() conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "auto" ) conf.add_renew_window( "10d" ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[]) conf.install() # restart (-> drive), check that md+cert is in store, TLS is up assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ] ) TestEnv.check_md_complete(domain) cert1 = CertUtil( TestEnv.store_domain_file(domain, 'pubcert.pem') ) # compare with what md reports as status stat = TestEnv.get_certificate_status(domain); assert stat['serial'] == cert1.get_serial() # create self-signed cert, with critical remaining valid duration -> drive again CertUtil.create_self_signed_cert( [domain], { "notBefore": -120, "notAfter": 2 }, serial=7009) cert3 = CertUtil( TestEnv.store_domain_file(domain, 'pubcert.pem') ) assert cert3.get_serial() == '1B61' assert TestEnv.apache_restart() == 0 stat = TestEnv.get_certificate_status(domain); assert stat['serial'] == cert3.get_serial() # cert should renew and be different afterwards assert TestEnv.await_completion( [ domain ], must_renew=True ) stat = TestEnv.get_certificate_status(domain); assert stat['serial'] != cert3.get_serial()
def test_310_310(self, window): # non-default renewal setting domain = self.test_domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.start_md( [domain]) conf.add_drive_mode("manual") conf.add_renew_window(window) conf.end_md() conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ domain ]) conf.install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_md_status(domain) assert stat["renew-window"] == window
def test_7009(self): domain = self.test_domain dns_list = [domain] # prepare md conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_renew_window("10d") conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True) conf.install() # restart (-> drive), check that md+cert is in store, TLS is up assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], 30) self._check_md_cert(dns_list) cert1 = CertUtil(TestEnv.path_domain_pubcert(domain)) # fetch cert from server cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert cert1.get_serial() == cert2.get_serial() # create self-signed cert, with critical remaining valid duration -> drive again CertUtil.create_self_signed_cert([domain], { "notBefore": -120, "notAfter": 9 }) cert3 = CertUtil(TestEnv.path_domain_pubcert(domain)) assert cert3.get_serial() == 1000 time.sleep(1) assert TestEnv.a2md(["list", domain])['jout']['output'][0]['renew'] == True assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], 30) # fetch cert from server -> self-signed still active, activation of new ACME is delayed cert4 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert cert4.get_serial() == cert3.get_serial() time.sleep(1) # restart -> new ACME cert becomes active assert TestEnv.apache_stop() == 0 assert TestEnv.apache_start() == 0 time.sleep(1) cert5 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert cert5.get_serial() != cert3.get_serial()