def test_300_004(self): assert TestEnv.apache_stop() == 0 HttpdConf(text=""" MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org MDomain example2.org test3.not-forbidden.org www.example2.org mail.example2.org """).install() assert TestEnv.apache_fail() == 0
def test_300_011b(self): # MDomain, misses one ServerAlias, but auto add enabled TestEnv.install_test_conf("test_001"); assert TestEnv.apache_stop() == 0 TestEnv.install_test_conf("test_011b"); assert TestEnv.apache_restart() == 0 assert (0, 0) == TestEnv.apache_err_count()
def test_801_009(self): assert TestEnv.apache_stop() == 0 md = TestStapling.mdA domains = [md] testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009') # cert that is 30 more days valid CertUtil.create_self_signed_cert(domains, { "notBefore": -60, "notAfter": 30 }, serial=801009, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.add_line("MDStapling on") conf.end_md() conf.add_vhost(md) conf.install() assert TestEnv.apache_restart() == 0 time.sleep(1) stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "no response sent"
def test_801_002(self): md = TestStapling.mdA TestStapling.configure_httpd(md, ssl_stapling=True).install() assert TestEnv.apache_stop() == 0 assert TestEnv.apache_restart() == 0 stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" stat = TestEnv.get_md_status(md) assert not stat["stapling"] # # turn stapling on, wait for it to appear in connections TestStapling.configure_httpd(md, "MDStapling on", ssl_stapling=True).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" stat = TestEnv.get_md_status(md) assert stat["stapling"] assert stat["cert"]["ocsp"]["status"] == "good" assert stat["cert"]["ocsp"]["valid"] # # turn stapling off (explicitly) again, should disappear TestStapling.configure_httpd(md, "MDStapling off", ssl_stapling=True).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" stat = TestEnv.get_md_status(md) assert not stat["stapling"]
def test_801_008(self): assert TestEnv.apache_stop() == 0 # turn stapling on, wait for it to appear in connections md = TestStapling.mdA conf = TestStapling.configure_httpd() conf.add_line("MDStapling on") conf.start_vhost(md) conf.add_line(""" SSLCertificateKeyFile %s SSLCertificateFile %s """ % (TestEnv.store_domain_file( md, 'privkey.pem'), TestEnv.store_domain_file(md, 'pubcert.pem'))) conf.end_vhost() conf.install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" # fine the file where the ocsp response is stored dir = os.path.join(TestEnv.STORE_DIR, 'ocsp', 'other') files = os.listdir(dir) ocsp_file = None for name in files: if name.startswith("ocsp-"): ocsp_file = os.path.join(dir, name) assert ocsp_file
def test_801_004(self): mdA = TestStapling.mdA mdB = TestStapling.mdB conf = TestStapling.configure_httpd(ssl_stapling=True) conf.add_line(""" <MDomain %s> MDStapling on </MDomain> <MDomain %s> </MDomain> """ % (mdA, mdB)) conf.add_vhost(mdA) conf.add_vhost(mdB) conf.install() assert TestEnv.apache_stop() == 0 assert TestEnv.apache_restart() == 0 # mdA has stapling stat = TestEnv.await_ocsp_status(mdA) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" stat = TestEnv.get_md_status(mdA) assert stat["stapling"] assert stat["cert"]["ocsp"]["status"] == "good" assert stat["cert"]["ocsp"]["valid"] # mdB has no md stapling, but mod_ssl kicks in stat = TestEnv.get_ocsp_status(mdB) assert stat['ocsp'] == "successful (0x0)" stat = TestEnv.get_md_status(mdB) assert not stat["stapling"]
def test_300_011b(self): assert TestEnv.apache_stop() == 0 HttpdConf(text=""" MDomain not-forbidden.org auto mail.not-forbidden.org <VirtualHost *:12346> ServerName not-forbidden.org ServerAlias test3.not-forbidden.org ServerAlias test4.not-forbidden.org </VirtualHost> """).install() assert TestEnv.apache_restart() == 0 assert (0, 0) == TestEnv.httpd_error_log_count()
def test_801_010(self): assert TestEnv.apache_stop() == 0 TestEnv.clear_ocsp_store() md = TestStapling.mdA domains = [md] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDStapling on") conf.end_md() conf.install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_server_status() assert stat
def test_7009(self): domain = self.test_domain dns_list = [domain] # prepare md conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_renew_window("10d") conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True) conf.install() # restart (-> drive), check that md+cert is in store, TLS is up assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], 30) self._check_md_cert(dns_list) cert1 = CertUtil(TestEnv.path_domain_pubcert(domain)) # fetch cert from server cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert cert1.get_serial() == cert2.get_serial() # create self-signed cert, with critical remaining valid duration -> drive again CertUtil.create_self_signed_cert([domain], { "notBefore": -120, "notAfter": 9 }) cert3 = CertUtil(TestEnv.path_domain_pubcert(domain)) assert cert3.get_serial() == 1000 time.sleep(1) assert TestEnv.a2md(["list", domain])['jout']['output'][0]['renew'] == True assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], 30) # fetch cert from server -> self-signed still active, activation of new ACME is delayed cert4 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert cert4.get_serial() == cert3.get_serial() time.sleep(1) # restart -> new ACME cert becomes active assert TestEnv.apache_stop() == 0 assert TestEnv.apache_start() == 0 time.sleep(1) cert5 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert cert5.get_serial() != cert3.get_serial()
def test_801_005(self): # TODO: mod_watchdog seems to have problems sometimes with fast restarts # stopping first works. assert TestEnv.apache_stop() == 0 # turn stapling on, wait for it to appear in connections md = TestStapling.mdA TestStapling.configure_httpd(md, "MDStapling on").install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" # fine the file where the ocsp response is stored dir = os.path.join(TestEnv.STORE_DIR, 'ocsp', md) files = os.listdir(dir) ocsp_file = None for name in files: if name.startswith("ocsp-"): ocsp_file = os.path.join(dir, name) assert ocsp_file mtime1 = os.path.getmtime(ocsp_file) # wait a sec, restart and check that file does not change time.sleep(1) assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" mtime2 = os.path.getmtime(ocsp_file) assert mtime1 == mtime2 # configure a keep time of 1 second, restart, the file is gone # (which is a side effec that we load it before the cleanup removes it. # since it was valid, no new one needed fetching TestStapling.configure_httpd( md, """ MDStapling on MDStaplingKeepResponse 1s """).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert not os.path.exists(ocsp_file) # if we restart again, a new file needs to appear assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" mtime3 = os.path.getmtime(ocsp_file) assert mtime1 != mtime3
def test_801_006(self): assert TestEnv.apache_stop() == 0 # turn stapling on, wait for it to appear in connections md = TestStapling.mdA TestStapling.configure_httpd(md, "MDStapling on").install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" assert stat['verify'] == "0 (ok)" # fine the file where the ocsp response is stored dir = os.path.join(TestEnv.STORE_DIR, 'ocsp', md) files = os.listdir(dir) ocsp_file = None for name in files: if name.startswith("ocsp-"): ocsp_file = os.path.join(dir, name) assert ocsp_file mtime1 = os.path.getmtime(ocsp_file) assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" # wait a sec, restart and check that file does not change time.sleep(1) mtime2 = os.path.getmtime(ocsp_file) assert mtime1 == mtime2 # configure a renew window of 10 days, restart, larger than any life time. TestStapling.configure_httpd( md, """ MDStapling on MDStaplingRenewWindow 10d """).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.await_ocsp_status(md) assert stat['ocsp'] == "successful (0x0)" # wait a sec, restart and check that file does change time.sleep(1) mtime3 = os.path.getmtime(ocsp_file) assert mtime1 != mtime3
def test_300_009(self): assert TestEnv.apache_stop() == 0 HttpdConf(text=""" MDMembers manual MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org MDomain example2.org www.example2.org www.example3.org <VirtualHost *:12346> ServerName example2.org ServerAlias www.example3.org </VirtualHost> <VirtualHost *:12346> ServerName www.example2.org ServerAlias example2.org </VirtualHost> <VirtualHost *:12346> ServerName not-forbidden.org ServerAlias example2.org </VirtualHost> """).install() assert TestEnv.apache_fail() == 0
def test_300_011(self): # ManagedDomain, misses one ServerAlias assert TestEnv.apache_stop() == 0 TestEnv.install_test_conf("test_011") assert TestEnv.apache_fail() == 0 assert (1, 0) == TestEnv.apache_err_count()
def test_300_004(self): # two MDomain definitions, overlapping TestEnv.install_test_conf("test_001"); assert TestEnv.apache_stop() == 0 TestEnv.install_test_conf("test_004"); assert TestEnv.apache_fail() == 0
def teardown_module(module): print("teardown_module module:%s" % module.__name__) TestEnv.apache_stop()
def test_300_003(self): # two MDomain definitions, exactly the same assert TestEnv.apache_stop() == 0 TestEnv.install_test_conf("test_003"); assert TestEnv.apache_fail() == 0
def setup_module(module): print("setup_module: %s" % module.__name__) TestEnv.init() assert TestEnv.apache_stop() == 0
def test_300_009(self): # vhosts with overlapping MDs assert TestEnv.apache_stop() == 0 TestEnv.install_test_conf("test_009"); assert TestEnv.apache_fail() == 0
def teardown_class(cls): print("teardown_class:%s" % cls.__name__) assert TestEnv.apache_stop() == 0