def test_901_003(self): domain = self.test_domain domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.add_drive_mode("auto") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) stat = TestEnv.get_md_status(domain) # this command did not fail and logged itself the correct information assert stat["renewal"]["last"]["status"] == 0 assert stat["renewal"]["log"]["entries"] assert stat["renewal"]["log"]["entries"][0]["type"] == "message-renewed" # shut down server to make sure that md has completed assert TestEnv.apache_stop() == 0 nlines = open(self.mlog).readlines() assert 3 == len(nlines) nlines = [s.strip() for s in nlines] assert "['{cmd}', '{logfile}', 'challenge-setup:http-01:{dns}', '{mdomain}']".format( cmd=self.mcmd, logfile=self.mlog, mdomain=domain, dns=domains[0]) in nlines assert "['{cmd}', '{logfile}', 'challenge-setup:http-01:{dns}', '{mdomain}']".format( cmd=self.mcmd, logfile=self.mlog, mdomain=domain, dns=domains[1]) in nlines assert nlines[2].strip() == "['{cmd}', '{logfile}', 'renewed', '{mdomain}']".format( cmd=self.mcmd, logfile=self.mlog, mdomain=domain)
def test_920_002(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) # copy a real certificate from LE over to staging staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain, 'pubcert.pem') real_cert = os.path.join('data', 'test_920', '002.pubcert') assert copyfile(real_cert, staged_cert) status = TestEnv.get_certificate_status(domain) # status shows the copied cert's properties as staged assert 'renewal' in status assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['valid'][ 'until'] assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['valid'][ 'from'] assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal'][ 'serial'] assert 'sha256-fingerprint' in status['renewal'] if 0 == 1: assert len(status['renewal']['scts']) == 2 assert status['renewal']['scts'][0][ 'logid'] == '747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56' assert status['renewal']['scts'][0][ 'signed'] == 'Fri, 31 May 2019 17:06:35 GMT' assert status['renewal']['scts'][1][ 'logid'] == '293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478' assert status['renewal']['scts'][1][ 'signed'] == 'Fri, 31 May 2019 17:06:35 GMT'
def test_730_002(self): # MD with static cert files, force driving domain = self.test_domain domains = [ domain, 'www.%s' % domain ] testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001') # cert that is only 10 more days valid TestEnv.create_self_signed_cert(domains, { "notBefore": -80, "notAfter": 10 }, serial=730001, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**" ) conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.add_line("MDRenewMode always") conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 # check if the domain uses it, it appears in our stats and renewal is off cert = TestEnv.get_cert(domain) assert ('%X' % 730001) == cert.get_serial() stat = TestEnv.get_md_status(domain) assert stat assert 'cert' in stat assert stat['renew'] == True assert TestEnv.await_renewal(domains)
def test_700_001(self): # generate config with one MD domain = self.test_domain domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_md(domains) conf.install() # # restart, check that MD is synched to store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) stat = TestEnv.get_md_status(domain) assert stat["watched"] == 0 # # add vhost for MD, restart should drive it conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) stat = TestEnv.get_md_status(domain) assert stat["watched"] == 1 # cert = TestEnv.get_cert(domain) assert domain in cert.get_san_list() # # challenges should have been removed # file system needs to have correct permissions TestEnv.check_dir_empty(TestEnv.store_challenges()) TestEnv.check_file_permissions(domain)
def test_720_007(self): dns01cmd = ("%s/dns01.py" % TestEnv.TESTROOT) domain = self.test_domain dwild = "*." + domain wwwdomain = "www." + domain domains = [dwild] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_ca_challenges(["dns-01"]) conf.add_dns01_cmd(dns01cmd) conf.add_md(domains) conf.add_vhost(wwwdomain) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # await drive completion assert TestEnv.await_completion([wwwdomain]) TestEnv.check_md_complete(dwild) # check: SSL is running OK cert_a = TestEnv.get_cert(wwwdomain) altnames = cert_a.get_san_list() assert domains == altnames
def test_702_040(self): domain = self.test_domain domains = [domain, "www." + domain] # # generate 1 MD and 1 vhost conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf.add_md(domains) conf.add_vhost(domains) conf.install() # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # check that acme-tls/1 is available for all domains stat = TestEnv.get_md_status(domain) assert stat["proto"]["acme-tls/1"] == domains assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # # check SSL running OK cert = TestEnv.get_cert(domain) assert domain in cert.get_san_list()
def test_702_010(self): domain = self.test_domain domains = [domain, "www." + domain] # # generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_ca_challenges(["http-01"]) conf._add_line("MDPortMap 80:99") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert not TestEnv.is_renewing(domain) # # now the same with a 80 mapped to a supported port conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_ca_challenges(["http-01"]) conf._add_line("MDPortMap 80:%s" % TestEnv.HTTP_PORT) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain])
def test_901_004(self): domain = self.test_domain domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) # force renew conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.add_line("MDRenewWindow 120d") conf.add_line("MDActivationDelay -7d") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) time.sleep(3) stat = TestEnv.get_md_status(domain) nlines = open(self.mlog).readlines() assert 1 == len(nlines) assert ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
def test_740_001(self): domain = self.test_domain domains = [domain, "invalid1!." + domain, "invalid2!." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 if TestEnv.ACME_SERVER == 'pebble': assert md['renewal']['last'][ 'problem'] == 'urn:ietf:params:acme:error:malformed' assert md['renewal']['last']['detail'].startswith( "Order included DNS identifier with a value containing an illegal character" ) else: assert md['renewal']['last'][ 'problem'] == 'urn:ietf:params:acme:error:rejectedIdentifier' assert md['renewal']['last']['detail'].startswith( "Error creating new order :: Cannot issue for") assert md['renewal']['last']['subproblems'] assert len(md['renewal']['last']['subproblems']) == 2
def test_920_001(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) # we started without a valid certificate, so we expect /.httpd/certificate-status # to not give information about one and - since we waited for the ACME signup # to complete - to give information in 'renewal' about the new cert. status = TestEnv.get_certificate_status(domain) assert not 'sha256-fingerprint' in status assert not 'valid' in status assert 'renewal' in status assert 'valid' in status['renewal']['cert'] assert 'sha256-fingerprint' in status['renewal']['cert']['rsa'] # restart and activate # once activated, the staging must be gone and attributes exist for the active cert assert TestEnv.apache_restart() == 0 status = TestEnv.get_certificate_status(domain) assert not 'renewal' in status assert 'sha256-fingerprint' in status['rsa'] assert 'valid' in status['rsa'] assert 'from' in status['rsa']['valid']
def test_500_201(self, renewWindow, testDataList): # test case: trigger cert renew when entering renew window # setup: prepare COMPLETE md domain = self.test_domain name = "www." + domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_renew_window(renewWindow) conf.add_md([name]) conf.install() assert TestEnv.apache_restart() == 0 md = TestEnv.a2md(["list", name])['jout']['output'][0] assert md['state'] == TestEnv.MD_S_INCOMPLETE assert md['renew-window'] == renewWindow # setup: drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 cert1 = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) md = TestEnv.a2md(["list", name])['jout']['output'][0] assert md['state'] == TestEnv.MD_S_COMPLETE assert md['renew-window'] == renewWindow # replace cert by self-signed one -> check md status print("TRACE: start testing renew window: %s" % renewWindow) for tc in testDataList: print("TRACE: create self-signed cert: %s" % tc["valid"]) TestEnv.create_self_signed_cert([name], tc["valid"]) cert2 = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem')) assert cert2.get_serial() != cert1.get_serial() r = TestEnv.a2md(["-vvvv", "list", name]) md = r['jout']['output'][0] assert md["renew"] == tc["renew"], \ "Expected renew == {} indicator in {}, test case {}, stderr {}".format(tc["renew"], md, tc, r['stderr'])
def test_500_203(self): # test case: reproduce issue with initially wrong agreement URL domain = self.test_domain name = "www." + domain # setup: prepare md with invalid TOS url conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("MDCertificateAgreement %s" % (TestEnv.ACME_TOS2)) conf.add_drive_mode("manual") conf.add_md([name]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE # drive it -> fail after account registration assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 1 # adjust config: replace TOS url with correct one conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md([name]) conf.install() time.sleep(1) assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE # drive it -> runs OK assert TestEnv.a2md(["-vv", "drive", name])['rv'] == 0 assert TestEnv.a2md( ["list", name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
def test_920_002(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) # copy a real certificate from LE over to staging staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain, 'pubcert.pem') real_cert = os.path.join('data', 'test_920', '002.pubcert') assert copyfile(real_cert, staged_cert) status = TestEnv.get_certificate_status(domain) # status shows the copied cert's properties as staged assert 'renewal' in status assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['cert'][ 'rsa']['valid']['until'] assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['cert'][ 'rsa']['valid']['from'] assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal'][ 'cert']['rsa']['serial'] assert 'sha256-fingerprint' in status['renewal']['cert']['rsa']
def test_901_010(self): # MD with static cert files, lifetime in renewal window, no message about renewal domain = self.test_domain domains = [domain, 'www.%s' % domain] testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_010') # cert that is only 10 more days valid TestEnv.create_self_signed_cert(domains, { "notBefore": -70, "notAfter": 20 }, serial=901010, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert not os.path.isfile(self.mlog)
def test_901_011(self): # MD with static cert files, lifetime in warn window, check message domain = self.test_domain domains = [ domain, 'www.%s' % domain ] testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_011') # cert that is only 10 more days valid TestEnv.create_self_signed_cert(domains, { "notBefore": -85, "notAfter": 5 }, serial=901011, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**" ) conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) ) conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_file(self.mlog) nlines = open(self.mlog).readlines() assert 1+self.menv_lines == len(nlines) assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip() # check that we do not get it resend right away again assert TestEnv.apache_restart() == 0 time.sleep(1) nlines = open(self.mlog).readlines() assert 1+self.menv_lines == len(nlines) assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
def test_700_002(self): # generate config with two MDs domain = self.test_domain domainA = "a-" + domain domainB = "b-" + domain domainsA = [domainA, "www." + domainA] domainsB = [domainB, "www." + domainB] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_drive_mode("auto") conf.add_md(domainsA) conf.add_md(domainsB) conf.add_vhost(domainsA) conf.add_vhost(domainsB) conf.install() # # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domainsA) TestEnv.check_md(domainsB) # await drive completion assert TestEnv.await_completion([domainA, domainB]) TestEnv.check_md_complete(domainA) TestEnv.check_md_complete(domainB) # # check: SSL is running OK certA = TestEnv.get_cert(domainA) assert domainsA == certA.get_san_list() certB = TestEnv.get_cert(domainB) assert domainsB == certB.get_san_list() # # should have a single account now assert 1 == len(TestEnv.list_accounts())
def test_602_000(self): # test case: generate config with md -> restart -> drive -> generate config # with vhost and ssl -> restart -> check HTTPS access domain = self.test_domain domains = [domain, "www." + domain] # - generate config with one md conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(domains) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # - drive assert TestEnv.a2md(["-v", "drive", domain])['rv'] == 0 assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domain) # - append vhost to config conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 # check: SSL is running OK cert = TestEnv.get_cert(domain) assert domain in cert.get_san_list() # check file system permissions: TestEnv.check_file_permissions(domain)
def test_700_011(self): domain = self.test_domain domains = [domain, "www." + domain] # generate 1 MD and 1 vhost, map port 443 onto itself where the server does not listen conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf._add_line("MDPortMap 443:99") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert not TestEnv.is_renewing(domain) # # now the same with a 443 mapped to a supported port conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf._add_line("MDPortMap 443:%s" % TestEnv.HTTPS_PORT) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain])
def test_730_003(self): # just configuring one file will not work domain = self.test_domain domains = [ domain, 'www.%s' % domain ] testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001') # cert that is only 10 more days valid TestEnv.create_self_signed_cert(domains, { "notBefore": -80, "notAfter": 10 }, serial=730001, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**" ) conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_fail() == 0 conf = HttpdConf() conf.add_admin("*****@*****.**" ) conf.start_md(domains) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_fail() == 0
def test_700_006(self): # generate 1 MD, 1 vhost domain = self.test_domain nameA = "a." + domain domains = [domain, nameA] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_ca_challenges(["invalid-01", "invalid-02"]) conf.add_md(domains) conf.add_vhost(nameA, docRoot="htdocs/a") conf.install() # # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # # restart, check that md is in store assert TestEnv.apache_restart() == 0 # await drive completion md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last']['problem'] == 'challenge-mismatch' assert 'account' not in md['ca'] # # check: that request to domains give 503 Service Unavailable cert = TestEnv.get_cert(nameA) assert nameA in cert.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503
def test_700_005(self): # generate 1 MD and 1 vhost domain = self.test_domain nameA = "a." + domain domains = [domain, nameA] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(domains) conf.add_vhost(nameA, docRoot="htdocs/a") conf.install() # # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # # check: that request to domains give 503 Service Unavailable cert1 = TestEnv.get_cert(nameA) assert nameA in cert1.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503 # # check temporary cert from server cert2 = CertUtil(TestEnv.path_fallback_cert(domain)) assert cert1.get_serial() == cert2.get_serial(), \ "Unexpected temporary certificate on vhost %s. Expected cn: %s , but found cn: %s" % ( nameA, cert2.get_cn(), cert1.get_cn() )
def test_700_003(self): # generate 1 MD and 2 vhosts domain = self.test_domain nameA = "a." + domain nameB = "b." + domain domains = [domain, nameA, nameB] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(nameA, docRoot="htdocs/a") conf.add_vhost(nameB, docRoot="htdocs/b") conf.install() # # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB) # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain, nameA, nameB]) TestEnv.check_md_complete(domain) # # check: SSL is running OK certA = TestEnv.get_cert(nameA) assert nameA in certA.get_san_list() certB = TestEnv.get_cert(nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() # assert TestEnv.get_content(nameA, "/name.txt") == nameA assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_920_020(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_line("MDStapling on") conf.add_line("MDPrivateKeys secp256r1 RSA") conf.add_md(domains) conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) # In the stats JSON, we excpect 2 certificates under 'renewal' stat = TestEnv.get_md_status(domain) assert 'renewal' in stat assert 'cert' in stat['renewal'] assert 'rsa' in stat['renewal']['cert'] assert 'secp256r1' in stat['renewal']['cert'] # In /.httpd/certificate-status 'renewal' we excpect 2 certificates status = TestEnv.get_certificate_status(domain) assert 'renewal' in status assert 'cert' in status['renewal'] assert 'secp256r1' in status['renewal']['cert'] assert 'rsa' in status['renewal']['cert'] # restart and activate # once activated, certs are listed in status assert TestEnv.apache_restart() == 0 stat = TestEnv.get_md_status(domain) assert 'cert' in stat assert 'valid' in stat['cert'] for ktype in ['rsa', 'secp256r1']: assert ktype in stat['cert'] assert 'ocsp' in stat['cert'][ktype]
def test_801_009(self): assert TestEnv.apache_stop() == 0 md = TestStapling.mdA domains = [md] testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009') # cert that is 30 more days valid TestEnv.create_self_signed_cert(domains, { "notBefore": -60, "notAfter": 30 }, serial=801009, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDCertificateFile %s" % cert_file) conf.add_line("MDCertificateKeyFile %s" % pkey_file) conf.add_line("MDStapling on") conf.end_md() conf.add_vhost(md) conf.install() assert TestEnv.apache_restart() == 0 time.sleep(1) stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "no response sent"
def configure_httpd(cls, domain, add_lines=""): cls.domain = domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line(add_lines) conf.add_md([domain]) conf.add_vhost(domain) conf.install() return domain
def set_get_pkeys(self, domain, pkeys, conf=None): domains = [domain] if conf is None: conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("MDPrivateKeys {0}".format(" ".join( [p['spec'] for p in pkeys]))) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain])
def test_920_003(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_line("MDCertificateStatus off") conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) status = TestEnv.get_certificate_status(domain) assert not status
def test_702_042(self): domain = self.test_domain dns_list = [domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_line("SSLCertificateChainFile %s" % (self._path_conf_ssl("valid_cert.pem"))) conf.add_drive_mode("auto") conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, dns_list) conf.install() assert TestEnv.apache_restart() == 0
def test_801_010(self): assert TestEnv.apache_stop() == 0 TestEnv.clear_ocsp_store() md = TestStapling.mdA domains = [md] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDStapling on") conf.end_md() conf.install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_server_status() assert stat
def test_310_310(self, window): # non-default renewal setting domain = self.test_domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.start_md([domain]) conf.add_drive_mode("manual") conf.add_renew_window(window) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_md_status(domain) assert stat["renew-window"] == window