def test_500_107(self): # test case: drive again on COMPLETE md, then drive --force # setup: prepare md in store domain = "test500-107-" + TestDrive.dns_uniq name = "www." + domain self._prepare_md([ name ]) assert TestEnv.apache_start() == 0 # drive assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0 self._check_md_cert([ name ]) orig_cert = CertUtil(TestEnv.path_domain_pubcert(name)) # drive again assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0 self._check_md_cert([ name ]) cert = CertUtil(TestEnv.path_domain_pubcert(name)) # check: cert not changed assert cert.get_serial() == orig_cert.get_serial() # drive --force assert TestEnv.a2md( [ "-vv", "drive", "--force", name ] )['rv'] == 0 self._check_md_cert([ name ]) cert = CertUtil(TestEnv.path_domain_pubcert(name)) # check: cert not changed assert cert.get_serial() != orig_cert.get_serial() # check: previous cert was archived cert = CertUtil(TestEnv.path_domain_pubcert( name, archiveVersion=2 )) assert cert.get_serial() == orig_cert.get_serial()
def test_500_201(self, renewWindow, testDataList): # test case: trigger cert renew when entering renew window # setup: prepare COMPLETE md domain = "test500-201-" + TestDrive.dns_uniq name = "www." + domain conf = HttpdConf( TestDrive.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "manual" ) conf.add_renew_window( renewWindow ) conf.add_md( [name] ) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md([ "list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE # setup: drive it assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0 cert1 = CertUtil(TestEnv.path_domain_pubcert(name)) assert TestEnv.a2md([ "list", name ])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE # replace cert by self-signed one -> check md status print "TRACE: start testing renew window: %s" % renewWindow for tc in testDataList: print "TRACE: create self-signed cert: %s" % tc["valid"] CertUtil.create_self_signed_cert( [name], tc["valid"]) cert2 = CertUtil(TestEnv.path_domain_pubcert(name)) assert cert2.get_serial() != cert1.get_serial() md = TestEnv.a2md([ "list", name ])['jout']['output'][0] assert md["renew"] == tc["renew"], \ "Expected renew == {} indicator in {}, test case {}".format(tc["renew"], md, tc)
def test_120_002(self): # test case: validate md state in store # check: md without pkey/cert -> INCOMPLETE name = "example.org" assert TestEnv.a2md(["add", name])['rv'] == 0 assert TestEnv.a2md(["update", name, "contacts", "admin@" + name])['rv'] == 0 assert TestEnv.a2md(["update", name, "agreement", TestEnv.ACME_TOS])['rv'] == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE # check: valid pkey/cert -> COMPLETE copyfile(self._path_conf_ssl("valid_pkey.pem"), TestEnv.path_domain_privkey(name)) copyfile(self._path_conf_ssl("valid_cert.pem"), TestEnv.path_domain_pubcert(name)) assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE # check: expired cert -> EXPIRED copyfile(self._path_conf_ssl("expired_pkey.pem"), TestEnv.path_domain_privkey(name)) copyfile(self._path_conf_ssl("expired_cert.pem"), TestEnv.path_domain_pubcert(name)) assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_EXPIRED
def test_600_002(self): # test case: one md, that covers two vhosts domain = "r002-" + TestRoundtrip.dns_uniq nameA = "test-a." + domain nameB = "test-b." + domain dnsList = [domain, nameA, nameB] # - generate config with one md conf = HttpdConf(TestRoundtrip.TMP_CONF, True) conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(dnsList) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dnsList) # - drive assert TestEnv.a2md(["drive", domain])['rv'] == 0 self._check_md_cert(dnsList) # - append vhost to config conf.add_vhost(TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.add_vhost(TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.install() # - create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB) # check: SSL is running OK assert TestEnv.apache_restart() == 0 certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() assert TestEnv.get_content(nameA, "/name.txt") == nameA assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_700_031(self): domain = "test700-031-" + TestAuto.dns_uniq nameX = "test-x." + domain nameA = "test-a." + domain nameB = "test-b." + domain nameC = "test-c." + domain dns_list = [ nameX, nameA, nameB ] # generate 1 MD and 2 vhosts conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.install() # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 self._check_md_names( nameX, dns_list ) assert TestEnv.await_completion( [ nameX ] ) self._check_md_cert( dns_list ) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() # change MD by removing 1st name new_list = [ nameA, nameB, nameC ] conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_md( new_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.install() # restart, check that host still works and have same cert assert TestEnv.apache_restart() == 0 self._check_md_names( nameX, new_list ) assert TestEnv.await_completion( [ nameX ] ) certA2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA2.get_san_list() assert certA.get_serial() != certA2.get_serial()
def test_120_003(self): # test case: broken cert file #setup: prepare md in store name = "not-forbidden.org" assert TestEnv.a2md(["add", name])['rv'] == 0 assert TestEnv.a2md([ "update", name, "contacts", "admin@" + name ])['rv'] == 0 assert TestEnv.a2md([ "update", name, "agreement", TestEnv.ACME_TOS ])['rv'] == 0 # check: valid pkey/cert -> COMPLETE copyfile(self._path_conf_ssl("valid_pkey.pem"), TestEnv.path_domain_privkey(name)) copyfile(self._path_conf_ssl("valid_cert.pem"), TestEnv.path_domain_pubcert(name)) assert TestEnv.a2md([ "list", name ])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE # check: replace cert by broken file -> ERROR copyfile(self._path_conf_ssl("valid_cert.req"), TestEnv.path_domain_pubcert(name)) assert TestEnv.a2md([ "list", name ])['jout']['output'][0]['state'] == TestEnv.MD_S_ERROR
def test_700_032(self): domain = "test700-032-" + TestAuto.dns_uniq name1 = "server1." + domain name2 = "server2." + TestAuto.dns_uniq # need a separate TLD to avoid rate limites # generate 2 MDs and 2 vhosts conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf._add_line( "MDMembers auto" ) conf.add_md( [ name1 ] ) conf.add_md( [ name2 ] ) conf.add_vhost( TestEnv.HTTPS_PORT, name1, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.add_vhost( TestEnv.HTTPS_PORT, name2, aliasList=[], docRoot="htdocs/b", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.install() # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 self._check_md_names( name1, [ name1 ] ) self._check_md_names( name2, [ name2 ] ) assert TestEnv.await_completion( [ name1 ] ) self._check_md_cert( [ name2 ] ) # check: SSL is running OK cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, name1) assert name1 in cert1.get_san_list() cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, name2) assert name2 in cert2.get_san_list() # remove second md and vhost, add name2 to vhost1 conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf._add_line( "MDMembers auto" ) conf.add_md( [ name1 ] ) conf.add_vhost( TestEnv.HTTPS_PORT, name1, aliasList=[ name2 ], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.install() # restart, check that host still works and have same cert assert TestEnv.apache_restart() == 0 self._check_md_names( name1, [ name1, name2 ] ) assert TestEnv.await_completion( [ name1 ] ) cert1b = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, name1) assert name1 in cert1b.get_san_list() assert name2 in cert1b.get_san_list() assert cert1.get_serial() != cert1b.get_serial()
def test_700_003(self): domain = "test700-003-" + TestAuto.dns_uniq nameA = "test-a." + domain nameB = "test-b." + domain dns_list = [domain, nameA, nameB] # generate 1 MD and 2 vhosts conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.add_vhost(TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.install() # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB) # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_completion([domain]) self._check_md_cert(dns_list) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() assert TestEnv.get_content(nameA, "/name.txt") == nameA assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_7009(self): domain = self.test_domain dns_list = [domain] # prepare md conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_renew_window("10d") conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True) conf.install() # restart (-> drive), check that md+cert is in store, TLS is up assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], 30) self._check_md_cert(dns_list) cert1 = CertUtil(TestEnv.path_domain_pubcert(domain)) # fetch cert from server cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert cert1.get_serial() == cert2.get_serial() # create self-signed cert, with critical remaining valid duration -> drive again CertUtil.create_self_signed_cert([domain], { "notBefore": -120, "notAfter": 9 }) cert3 = CertUtil(TestEnv.path_domain_pubcert(domain)) assert cert3.get_serial() == 1000 time.sleep(1) assert TestEnv.a2md(["list", domain])['jout']['output'][0]['renew'] == True assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], 30) # fetch cert from server -> self-signed still active, activation of new ACME is delayed cert4 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert cert4.get_serial() == cert3.get_serial() time.sleep(1) # restart -> new ACME cert becomes active assert TestEnv.apache_stop() == 0 assert TestEnv.apache_start() == 0 time.sleep(1) cert5 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert cert5.get_serial() != cert3.get_serial()
def test_700_006(self): domain = "test700-006-" + TestAuto.dns_uniq nameA = "test-a." + domain dns_list = [ domain, nameA ] # generate 1 MD, 1 vhost conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_ca_challenges([ "invalid-01", "invalid-02" ]) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.install() # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) time.sleep( 2 ) # assert drive did not start md = TestEnv.a2md([ "-j", "list", domain ])['jout']['output'][0] assert md['state'] == TestEnv.MD_S_INCOMPLETE assert 'account' not in md['ca'] assert TestEnv.apache_err_scan( re.compile('.*\[md:warn\].*the server offers no ACME challenge that is configured for this MD') ) # check: that request to domains give 503 Service Unavailable cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in cert.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503
def test_700_005(self): domain = "test700-005-" + TestAuto.dns_uniq nameA = "test-a." + domain dns_list = [ domain, nameA ] # generate 1 MD and 1 vhost conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "manual" ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.install() # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_renew_state( [ domain ] ) # check: that request to domains give 503 Service Unavailable cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in cert1.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503 # check temporary cert from server cert2 = CertUtil( TestEnv.path_fallback_cert( domain ) ) assert cert1.get_serial() == cert2.get_serial(), \ "Unexpected temporary certificate on vhost %s. Expected cn: %s , but found cn: %s" % ( nameA, cert2.get_cn(), cert1.get_cn() )
def _check_md_cert(self, dns_list): name = dns_list[0] md = self._get_md(name) # check tos agreement, cert url assert md['state'] == TestEnv.MD_S_COMPLETE assert os.path.isfile(TestEnv.path_domain_privkey(name)) assert os.path.isfile(TestEnv.path_domain_pubcert(name))
def _check_md_cert(self, dns_list): name = dns_list[0] md = TestEnv.a2md([ "list", name ])['jout']['output'][0] # check tos agreement, cert url assert md['state'] == TestEnv.MD_S_COMPLETE assert os.path.isfile( TestEnv.path_domain_privkey(name) ) assert os.path.isfile( TestEnv.path_domain_pubcert(name) )
def _check_md_cert(self, dnsList): name = dnsList[0] md = TestEnv.a2md([ "list", name ])['jout']['output'][0] # check tos agreement, cert url assert md['state'] == TestEnv.MD_S_COMPLETE # check private key, validate certificate # TODO: find storage-independent way to read local certificate # md_store = json.loads( open( TestEnv.path_store_json(), 'r' ).read() ) # encryptKey = md_store['key'] # print "key (%s): %s" % ( type(encryptKey), encryptKey ) CertUtil.validate_privkey(TestEnv.path_domain_privkey(name)) cert = CertUtil( TestEnv.path_domain_pubcert(name) ) cert.validate_cert_matches_priv_key( TestEnv.path_domain_privkey(name) ) # check SANs and CN assert cert.get_cn() == name # compare sets twice in opposite directions: SAN may not respect ordering sanList = cert.get_san_list() assert len(sanList) == len(dnsList) assert set(sanList).issubset(dnsList) assert set(dnsList).issubset(sanList) # check valid dates interval notBefore = cert.get_not_before() notAfter = cert.get_not_after() assert notBefore < datetime.now(notBefore.tzinfo) assert notAfter > datetime.now(notAfter.tzinfo)
def test_8003(self): domain = self.test_domain dns_list = [domain] conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_must_staple("on") conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) assert TestEnv.apache_restart() == 0 self._check_md_cert(dns_list) cert1 = CertUtil(TestEnv.path_domain_pubcert(domain)) assert cert1.get_must_staple() # toggle MDMustStaple off, expect a cert that has it disabled conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_must_staple("off") conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) assert TestEnv.apache_restart() == 0 self._check_md_cert(dns_list) cert1 = CertUtil(TestEnv.path_domain_pubcert(domain)) assert not cert1.get_must_staple() # toggle MDMustStaple on again, expect a cert that has it enabled conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_must_staple("on") conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) assert TestEnv.apache_restart() == 0 self._check_md_cert(dns_list) cert1 = CertUtil(TestEnv.path_domain_pubcert(domain)) assert cert1.get_must_staple()
def test_500_301(self): # test case: change contact info on existing valid md # setup: create md in store domain = "test500-301-" + TestDrive.dns_uniq name = "www." + domain self._prepare_md([ name ]) assert TestEnv.apache_start() == 0 # setup: drive it assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0 old_cert = CertUtil(TestEnv.path_domain_pubcert(name)) # setup: add second domain assert TestEnv.a2md([ "update", name, "contacts", "test@" + domain ])['rv'] == 0 # drive assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0 # compare cert serial new_cert = CertUtil(TestEnv.path_domain_pubcert(name)) assert old_cert.get_serial() == new_cert.get_serial()
def test_500_300(self): # test case: remove one domain name from existing valid md # setup: create md in store domain = "test500-300-" + TestDrive.dns_uniq name = "www." + domain self._prepare_md([ name, "test." + domain, "xxx." + domain ]) assert TestEnv.apache_start() == 0 # setup: drive it assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0 old_cert = CertUtil(TestEnv.path_domain_pubcert(name)) # setup: remove one domain assert TestEnv.a2md([ "update", name, "domains"] + [ name, "test." + domain ])['rv'] == 0 # drive assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0 # compare cert serial new_cert = CertUtil(TestEnv.path_domain_pubcert(name)) assert old_cert.get_serial() == new_cert.get_serial()
def test_500_200(self): # test case: add dns name on existing valid md # setup: create md in store domain = "test500-200-" + TestDrive.dns_uniq name = "www." + domain self._prepare_md([ name ]) assert TestEnv.apache_start() == 0 # setup: drive it assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0 old_cert = CertUtil(TestEnv.path_domain_pubcert(name)) # setup: add second domain assert TestEnv.a2md([ "update", name, "domains", name, "test." + domain ])['rv'] == 0 # drive assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0 # check new cert self._check_md_cert([ name, "test." + domain ]) new_cert = CertUtil(TestEnv.path_domain_pubcert(name)) assert old_cert.get_serial() != new_cert.get_serial()
def test_8001(self): domain = self.test_domain dns_list = [domain] conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True) conf.install() # - restart (-> drive), check that md is in store assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) assert TestEnv.apache_restart() == 0 self._check_md_cert(dns_list) cert1 = CertUtil(TestEnv.path_domain_pubcert(domain)) assert not cert1.get_must_staple()
def test_7007(self): domain = self.test_domain dns_list = [ domain ] conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "always" ) conf.add_must_staple( "on" ) conf.add_md( dns_list ) conf.install() # - restart (-> drive), check that md is in store assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ], 30 ) assert TestEnv.apache_restart() == 0 self._check_md_cert( dns_list ) cert1 = CertUtil( TestEnv.path_domain_pubcert(domain) ) assert cert1.get_must_staple()
def test_500_202(self, keyType, keyParams, expKeyLength): # test case: specify RSA key length and verify resulting cert key # setup: prepare md domain = "test500-202-" + TestDrive.dns_uniq name = "www." + domain conf = HttpdConf( TestDrive.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "manual" ) conf.add_private_key(keyType, keyParams) conf.add_md( [name] ) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md([ "list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE # setup: drive it assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0, \ "Expected drive to succeed for MDPrivateKeys {} {}".format(keyType, keyParams) assert TestEnv.a2md([ "list", name ])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE # check cert key length cert = CertUtil(TestEnv.path_domain_pubcert(name)) assert cert.get_key_length() == expKeyLength