def testDNSUptoolsUpdateSPF(self): stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ spf= \ ' 2>&1".format(testdomain)) stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ spf+=+mx,~all,?aaaa,-ip4:0.1.2.3/24 \ ' 2>&1".format(testdomain)) with self.subTest("check first spf a - all"): self.assertRegex(stdout, ".*add.*new.*SPF.*~all.*") with self.subTest("check first spf a - ip4"): self.assertRegex(stdout, ".*add.*new.*SPF.*-ip4:0.1.2.3/24.*") stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ spf=+ip6:00fe::1234:0000/64,-aaaa\ ' 2>&1".format(testdomain)) with self.subTest("check first spf b - ip6"): self.assertRegex(stdout, ".*update.*ip6.*") with self.subTest("check first spf b - aaaaa"): self.assertRegex(stdout, ".*update.*aaaa.*") stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ spf= \ ' 2>&1".format(testdomain)) with self.subTest("check first spf c - ip6"): self.assertRegex(stdout, ".*delete.*ip6.*")
def testDNSUptoolsUpdateMX(self): stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ mx=none \ ' 2>&1".format(testdomain)) stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ mx=mx01.mailbox.example:50,mx02.mailbox.example:10\ ' 2>&1".format(testdomain)) with self.subTest("check first mx a"): self.assertRegex(stdout, ".*add.*new.*mx01.mailbox.example.*") with self.subTest("check second mx a"): self.assertRegex(stdout, ".*add.*new.*mx02.mailbox.example.*") stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ mx.50=mx03.mailbox.example\ mx.10=mx04.mailbox.example\ ' 2>&1".format(testdomain)) with self.subTest("check first mx b"): self.assertRegex(stdout, ".*add.*new.*mx03.mailbox.example.*") with self.subTest("check second mx b"): self.assertRegex(stdout, ".*add.*new.*mx04.mailbox.example.*") with self.subTest("check previous first mx"): self.assertRegex(stdout, ".*delete.*mx01.mailbox.example.*") with self.subTest("check previous second mx"): self.assertRegex(stdout, ".*delete.*mx02.mailbox.example.*")
def testDNSUptoolsUpdateIP6(self): stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ ip6=none \ ' 2>&1".format(testdomain)) stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ ip6=86::1,23f0::23:42\ ' 2>&1".format(testdomain)) with self.subTest("check first ip6 a"): self.assertRegex(stdout, ".*add.*new.*86::1.*") with self.subTest("check second ip6 a"): self.assertRegex(stdout, ".*add.*new.*23f0::23:42.*") stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ ip6=0f::00,fe00:2345::0\ ' 2>&1".format(testdomain)) with self.subTest("check first ip6 b"): self.assertRegex(stdout, ".*add.*new.*0f::00.*") with self.subTest("check second ip6 b"): self.assertRegex(stdout, ".*add.*new.*fe00:2345::0.*") with self.subTest("check previous first ip6"): self.assertRegex(stdout, ".*delete.*86::1.*") with self.subTest("check previous second ip6"): self.assertRegex(stdout, ".*delete.*23f0::23:42.*")
def testDNSUptoolsUpdateIP4(self): stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ ip4=none \ ' 2>&1".format(testdomain)) stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ ip4=0.0.0.2,0.0.0.1\ ' 2>&1".format(testdomain)) with self.subTest("check first ip4"): self.assertRegex(stdout, ".*add.*new.*0.0.0.2.*") with self.subTest("check second ip4"): self.assertRegex(stdout, ".*add.*new.*0.0.0.1.*") stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ ip4=0.0.0.4,0.0.0.3\ ' 2>&1".format(testdomain)) with self.subTest("check first ip4"): self.assertRegex(stdout, ".*add.*new.*0.0.0.4.*") with self.subTest("check second ip4"): self.assertRegex(stdout, ".*add.*new.*0.0.0.3.*") with self.subTest("check previous first ip4"): self.assertRegex(stdout, ".*delete.*0.0.0.2.*") with self.subTest("check previous second ip4"): self.assertRegex(stdout, ".*delete.*0.0.0.1.*")
def testDNSUptoolsUpdateSRV(self): stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ srv=none \ ' 2>&1".format(testdomain)) stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ srv=testsrv.entroserv.de:50:10:25:tcp:smtp\ srv.smtp=mx01.mailbox.example, mx02.mailbox.example\ ' 2>&1".format(testdomain)) with self.subTest("check first srv a"): self.assertRegex(stdout, ".*add.*_smtp._tcp.{} : 10 25 testsrv.entroserv.de.*".format(testdomain)) stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ srv.smtp=mx03.mailbox.example:0:0:143:tcp\ srv.imap=mx04.mailbox.example\ ' 2>&1".format(testdomain)) with self.subTest("check first srv b"): self.assertRegex(stdout, ".*add.*new.*mx03.mailbox.example.*") with self.subTest("check second srv b"): self.assertRegex(stdout, ".*add.*new.*mx04.mailbox.example.*") with self.subTest("check previous first srv"): self.assertRegex(stdout, ".*delete.*mx01.mailbox.example.*") with self.subTest("check previous second srv"): self.assertRegex(stdout, ".*delete.*mx02.mailbox.example.*")
def testDNSUptoolsUpdateDMARC(self): stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ dmarc= \ ' 2>&1".format(testdomain)) stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ dmarc.p=quarantine \ dmarc.pct=100 \ dmarc.rua=mailto:[email protected] \ dmarc.ruf=mailto:[email protected] \ dmarc.adkim=s \ dmarc.aspf=r \ ' 2>&1".format(testdomain)) with self.subTest("check first dmarc a"): self.assertRegex(stdout, ".*add.*new.*DMARC.*_dmarc.*p=quarantine.*") stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ dmarc.sp=quarantine \ ' 2>&1".format(testdomain)) with self.subTest("check first dmarc b"): self.assertRegex(stdout, ".*update.*DMARC.*sp=quarantine.*")
def testDNSUptoolsUpdateCAA(self): stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ caa= \ ' 2>&1".format(testdomain)) stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ caa=0 issue test.example \ ' 2>&1".format(testdomain)) with self.subTest("check first caa a"): self.assertRegex(stdout, ".*add.*new.*CAA.*issue.*") stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ caa=128 issuewild test2.example \ ' 2>&1".format(testdomain)) with self.subTest("check first caa b"): self.assertRegex(stdout, ".*add.*CAA.*128.*issuewild.*test2.example") with self.subTest("check second caa b"): self.assertRegex(stdout, ".*delete.*CAA.*0.*issue.*test.example")
def testHandlerOpensslDH512(self): try: os.remove(dhfile) except: pass stdout = runCmd("python3 -m cryptdomainmgr --prepare \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [dhparam] \ handler=openssl \ [dhparam:{}] \ keysize=512 \ filename={} \ ' 2>&1".format(testdh, dhfile)) with self.subTest("check dhparam log output"): self.assertRegex(stdout, ".*Create dhparams.*{}.*".format(testdh)) with self.subTest("check dhparam file exists"): self.assertFalse(os.path.isfile(dhfile)) stdout = runCmd("python3 -m cryptdomainmgr --rollover \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [dhparam] \ handler=openssl \ [dhparam:{}] \ keysize=512 \ filename={} \ ' 2>&1".format(testdh, dhfile)) with self.subTest("check dhparam log output"): self.assertRegex(stdout, ".*Apply dhparams.*{}.*".format(testdh)) with self.subTest("check dhparam file exists"): self.assertTrue(os.path.isfile(dhfile))
def testDNSUptoolsUpdateACME(self): stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ acme= \ ' 2>&1".format(testdomain)) stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ acme=test \ ' 2>&1".format(testdomain)) with self.subTest("check first adsp a"): self.assertRegex(stdout, ".*add.*new.*ACME.*test.*") stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ acme= \ ' 2>&1".format(testdomain)) with self.subTest("check first acme b"): self.assertRegex(stdout, ".*delete.*ACME.*test.*")
def testDNSUptoolsUpdateADSP(self): stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ adsp= \ ' 2>&1".format(testdomain)) stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ adsp=all \ ' 2>&1".format(testdomain)) with self.subTest("check first adsp a"): self.assertRegex(stdout, ".*add.*new.*ADSP.*dkim=all.*") stdout = runCmd("python3 -m cryptdomainmgr --update \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir=/tmp/test_cryptdomainmgr \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ adsp=unknown \ ' 2>&1".format(testdomain)) with self.subTest("check first adsp b"): self.assertRegex(stdout, ".*update.*ADSP.*dkim=unknown.*")
def testHandlerDehydratedCreateCert(self): log.relog("test") stdout = runCmd("python3 -m cryptdomainmgr --prepare \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ cert=mycert \ [cert] \ handler=dehydrated/letsencrypt \ email={} \ keysize=4096 \ [cert:mycert] \ destination={} \ extraflags=--staging,-x \ ' 2>&1".format(tmpdir, testdomain, testcertemail, testcertpath)) with self.subTest("check cert file is created in tmp"): self.assertTrue( os.path.isfile( os.path.join(tmpdir, "modules/cert", "mycert", "certs", testdomain, certname))) stdout = runCmd("python3 -m cryptdomainmgr --rollover \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ cert=mycert \ [cert] \ handler=dehydrated/letsencrypt \ email={} \ keysize=4096 \ [cert:mycert] \ destination={} \ extraflags=--staging,-x \ ' 2>&1".format(tmpdir, testdomain, testcertemail, testcertpath)) with self.subTest("check cert file is copied to destination"): self.assertTrue( os.path.isfile(os.path.join(testcertpath, testdomain, certname))) stdout = runCmd("python3 -m cryptdomainmgr --cleanup \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ cert=mycert \ [cert] \ handler=dehydrated/letsencrypt \ email={} \ keysize=4096 \ [cert:mycert] \ destination={} \ extraflags=--staging,-x \ ' 2>&1".format(tmpdir, testdomain, testcertemail, testcertpath)) with self.subTest("check current cert is not deleted"): self.assertTrue( os.path.isfile( os.path.join(tmpdir, "modules/cert", "mycert", "certs", testdomain, certname)))
def testHandlerDehydratedCreateMultiCert(self): stdout = runCmd("python3 -m cryptdomainmgr --prepare \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ cert=mycert,mycert2 \ [cert] \ handler=dehydrated/letsencrypt \ email={} \ keysize=4096 \ [cert:mycert] \ destination={} \ extraflags=--staging,-x \ [cert:mycert2] \ destination={} \ extraflags=--staging,-x \ ' 2>&1".format(tmpdir, testdomain, testcertemail, testcertpath, testcertpath + "2")) with self.subTest("check cert file is created in tmp 1"): self.assertTrue( os.path.isfile( os.path.join(tmpdir, "modules/cert", "mycert", "certs", testdomain, certname))) with self.subTest("check cert file is created in tmp 2"): self.assertTrue( os.path.isfile( os.path.join(tmpdir, "modules/cert", "mycert2", "certs", testdomain, certname))) stdout = runCmd("python3 -m cryptdomainmgr --rollover \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ cert=mycert,mycert2 \ [cert] \ handler=dehydrated/letsencrypt \ email={} \ keysize=4096 \ [cert:mycert] \ destination={} \ extraflags=--staging,-x \ [cert:mycert2] \ destination={} \ extraflags=--staging,-x \ ' 2>&1".format(tmpdir, testdomain, testcertemail, testcertpath, testcertpath + "2")) with self.subTest("check cert file is copied to destination 1"): self.assertTrue( os.path.isfile(os.path.join(testcertpath, testdomain, certname))) with self.subTest("check cert file is copied to destination 2"): self.assertTrue( os.path.isfile( os.path.join(testcertpath + "2", testdomain, certname))) with self.subTest( "check if correct number of files in destination dir 1 before cleanup" ): self.assertEqual( 4, numberOfFiles(os.path.join(testcertpath, testdomain))) with self.subTest( "check if correct number of files in destination dir 2 before cleanup" ): self.assertEqual( 4, numberOfFiles(os.path.join(testcertpath + "2", testdomain))) stdout = runCmd("python3 -m cryptdomainmgr --cleanup \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ cert=mycert,mycert2 \ [cert] \ handler=dehydrated/letsencrypt \ email={} \ keysize=4096 \ [cert:mycert] \ destination={} \ extraflags=--staging,-x \ [cert:mycert2] \ destination={} \ extraflags=--staging,-x \ ' 2>&1".format(tmpdir, testdomain, testcertemail, testcertpath, testcertpath + "2")) with self.subTest("check current cert is not deleted 1 in source dir"): self.assertTrue( os.path.isfile( os.path.join(tmpdir, "modules/cert", "mycert", "certs", testdomain, certname))) with self.subTest( "check if correct number of files in source dir 1 after cleanup" ): self.assertEqual( 8, numberOfFiles( os.path.join(tmpdir, "modules/cert", "mycert", "certs", testdomain))) with self.subTest("check current cert is not deleted 2 in source dir"): self.assertTrue( os.path.isfile( os.path.join(tmpdir, "modules/cert", "mycert2", "certs", testdomain, certname))) with self.subTest( "check if correct number of files in source dir 2 after cleanup" ): self.assertEqual( 8, numberOfFiles( os.path.join(tmpdir, "modules/cert", "mycert2", "certs", testdomain))) with self.subTest( "check current cert is not deleted 1 in destination dir"): self.assertTrue( os.path.isfile(os.path.join(testcertpath, testdomain, certname))) with self.subTest( "check if correct number of files in destination dir 1 after cleanup" ): self.assertEqual( 4, numberOfFiles(os.path.join(testcertpath, testdomain))) with self.subTest( "check current cert is not deleted 2 in destination dir"): self.assertTrue( os.path.isfile( os.path.join(testcertpath + "2", testdomain, certname))) with self.subTest( "check if correct number of files in destination dir 2 after cleanup" ): self.assertEqual( 4, numberOfFiles(os.path.join(testcertpath + "2", testdomain)))
def prepare(certConfig, certState, statedir, domainList, domainAccessTable): if 'dehydrated' != certConfig['handler'].split('/')[0]: return if 0 == len(domainList): return email = certConfig['email'] keysize = 4096 if 'keysize' in certConfig: keysize = certConfig['keysize'] if 'extraflags' in certConfig: extraFlags = certConfig['extraflags'] extraFlags = [e if '-' == e[0] else '--' + e for e in extraFlags] if '--staging' in extraFlags: ca = "https://acme-staging-v02.api.letsencrypt.org/directory" extraFlags.remove('--staging') if 'staging' in extraFlags: extraFlags.remove('staging') elif 'ca' in certConfig: ca = certConfig['ca'] else: ca = "https://acme-v02.api.letsencrypt.org/directory" makeDir(os.path.realpath(statedir)) confFilename = os.path.normpath(os.path.join(statedir, 'dehydrated.conf')) confFile = open(confFilename, 'w') confFile.write('CA={}\n'.format(str(ca))) confFile.write('CONTACT_EMAIL={}\n'.format(str(email))) confFile.write('KEYSIZE={}\n'.format(int(keysize))) confFile.write('CERTDIR={}\n'.format(os.path.join(statedir, 'certs'))) confFile.write('\n') confFile.close() here = os.path.dirname(os.path.realpath(__file__)) args = [ os.path.join(here, 'dehydrated/dehydrated'), '-f', confFilename, '--accept-terms', '-c', '-t', 'dns-01', '-k', os.path.join(here, 'hook.sh') ] log.debug(extraFlags) args.extend(extraFlags) for d in domainList: args.extend(['-d', str(d)]) log.debug(args) certState.setOpStateRunning() i = 2 while True: try: log.info('Starting DNS-01 authentication') rv = runCmd(' '.join(args), stderr=STDOUT, env=dict(os.environ, DOMAINACCESSTABLE=domainAccessTable, STATEDIR=statedir, WAITSEC="{}".format(3**i))) break except CalledProcessError as e: if 'ERROR: Lock file' in e.output: lockFilename = e.output.split('ERROR: Lock file \'')[-1].split( '\' present, aborting')[0] log.warn('Lock file from imcomplete run found: {}'.format( lockFilename)) log.warn(' -> Removing') os.remove(lockFilename) elif 'Incorrect TXT record' in e.output: log.info( ' -> Invalid DNS-01 challenge, maybe due to DNS caching interval. Trying to wait longer!' ) i += 1 log.info( ' -> Will wait {} s to give challenge time to propagate DNS cache.' .format(3**i)) elif 'NXDOMAIN' in e.output: log.info( ' -> Missing DNS-01 challenge, maybe due to DNS caching interval. Trying to wait longer!' ) i += 1 log.info( ' -> Will wait {} s to give challenge time to propagate DNS cache.' .format(3**i)) else: raise (e) if 9 == i: raise (e) res = [] rv = rv.splitlines() for s, e in enumerate(rv): if '---- DEPLOYMENTRESULT ----' == e[:len('---- DEPLOYMENTRESULT ----' )]: break for i, e in enumerate(rv[s + 1:]): if '---- END DEPLOYMENTRESULT ----' == e[:len( '---- END DEPLOYMENTRESULT ----')]: break res.append(e) resDict = {e.split('=')[0].lower(): e.split('=')[1] for e in res} resDict['san'] = list(domainList) if 'running' == certState.opstate: certState.registerResult(resDict) certState.setOpStateDone() return rv
def testDKIMemailSigningSimple(self): stdout = runCmd("python3 -m cryptdomainmgr --prepare \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ dkim.mydkim=auto \ [dkim] \ handler=rspamd \ [dkim:mydkim] \ signingconfdestinationfile={} \ keybasename={} \ keysize={} \ keyname={} \ keylocation={} \ [service:rspamd] \ dkim=mydkim \ ' 2>&1".format(tmpdir, testdomain, signingConfDestFile, keybasename, keysize, keyname, keylocation)) stdout = runCmd("python3 -m cryptdomainmgr --rollover \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ dkim.mydkim=auto \ [dkim] \ handler=rspamd \ [dkim:mydkim] \ signingconfdestinationfile={} \ keybasename={} \ keysize={} \ keyname={} \ keylocation={} \ [service:rspamd] \ dkim=mydkim \ ' 2>&1".format(tmpdir, testdomain, signingConfDestFile, keybasename, keysize, keyname, keylocation)) time.sleep(10) # wait until rspamd reloads username = getpass.getuser() stdout = runCmd( "sendmail {}@localhost <<EOF\nsubject: test\ncdmtestrspamd\n\n.\n\nEOF\n 2>&1" .format(username)) time.sleep(10) # wait until email is received by the mailbox with open("/var/mail/{}".format(username), "r") as f: mail = f.read() with open( os.path.join(tmpdir, "modules/dkim", "mydkim", "conf", "dkim.conf"), 'r') as f: confStr = f.read() dkimSelector = confStr.split("selector")[1].split("=")[1].split( "\"")[1] with self.subTest("check if dkim selector in mails"): self.assertIn(dkimSelector, mail)
def testHandlerRspamdCreateDKIMkey(self): stdout = runCmd("python3 -m cryptdomainmgr --prepare \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ dkim.mydkim=auto \ [dkim] \ handler=rspamd \ [dkim:mydkim] \ signingconfdestinationfile={} \ keybasename={} \ keysize={} \ keyname={} \ keylocation={} \ ' 2>&1".format(tmpdir,testdomain,signingConfDestFile,keybasename,keysize,keyname,keylocation)) with self.subTest("check dkim key file is created in tmp"): self.assertTrue(os.path.isfile(os.path.join(tmpdir,"modules/dkim","mydkim","key","dkim.key"))) with self.subTest("check dkim conf file is created in tmp"): self.assertTrue(os.path.isfile(os.path.join(tmpdir,"modules/dkim","mydkim","conf","dkim.conf"))) with open(os.path.join(tmpdir,"modules/dkim","mydkim","conf","dkim.conf"), 'r') as f: confStr = f.read() dkimSelector = confStr.split("selector")[1].split("=")[1].split("\"")[1] with open(os.path.join(tmpdir,"modules/dkim","mydkim","key","dkim.key"),'r') as f: privKeyStr = f.read() privKey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, privKeyStr) privKeyCrypto = privKey.to_cryptography_key() pubKey = privKeyCrypto.public_key() pubKeyStr = pubKey.public_bytes(serialization.Encoding.PEM,serialization.PublicFormat.SubjectPublicKeyInfo) pubKeyStrContent = pubKeyStr.decode('utf8').replace('\n','').split('-----BEGIN PUBLIC KEY-----')[1].split('-----END PUBLIC KEY-----')[0] dkimpubkey = re.escape(pubKeyStrContent) with self.subTest("check dkim keyname"): self.assertTrue(dkimSelector[:len(keybasename)] == keybasename) self.assertRegex(stdout, ".*add.*new.*DKIM.*{}._domainkey.{}.*{}.*".format(dkimSelector,testdomain,dkimpubkey)) with self.subTest("check add dkim mydkim"): self.assertRegex(stdout, ".*add.*new.*DKIM.*{}._domainkey.{}.*{}.*".format(dkimSelector,testdomain,dkimpubkey)) #self.assertRegex(stdout, ".*add.*new.*DKIM.*{}.*._domainkey.{}.*".format(keybasename,testdomain)) stdout = runCmd("python3 -m cryptdomainmgr --rollover \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ dkim.mydkim=auto \ [dkim] \ handler=rspamd \ [dkim:mydkim] \ signingconfdestinationfile={} \ keybasename={} \ keysize={} \ keyname={} \ keylocation={} \ ' 2>&1".format(tmpdir,testdomain,signingConfDestFile,keybasename,keysize,keyname,keylocation)) with self.subTest("check dkim key file is copied to destination"): self.assertTrue(os.path.isfile(os.path.join(keylocation,keyname))) with self.subTest("check dkim conf file is copied to destination"): self.assertTrue(os.path.isfile(signingConfDestFile))
def testMultiCertTLSACreate(self): stdout = runCmd("python3 -m cryptdomainmgr --prepare \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ cert=mycert,mycert2 \ tlsa.tcp.443=auto:3:1:1,auto:2:0:1 \ [cert] \ handler=dehydrated/letsencrypt \ email={} \ keysize=4096 \ [cert:mycert] \ destination={} \ extraflags=--staging,-x \ [cert:mycert2] \ destination={} \ extraflags=--staging,-x \ ' 2>&1".format(tmpdir, testdomain, testcertemail, testcertpath, testcertpath + "2")) tlsa311mycert = tlsaFromCertFile( os.path.join(tmpdir, "modules/cert/mycert/certs", testdomain, "fullchain.pem"), 3, 1, 1) tlsa311mycert2 = tlsaFromCertFile( os.path.join(tmpdir, "modules/cert/mycert2/certs", testdomain, "fullchain.pem"), 3, 1, 1) tlsa201mycert = tlsaFromCertFile( os.path.join(tmpdir, "modules/cert/mycert/certs", testdomain, "fullchain.pem"), 2, 0, 1) tlsa201mycert2 = tlsaFromCertFile( os.path.join(tmpdir, "modules/cert/mycert2/certs", testdomain, "fullchain.pem"), 2, 0, 1) with self.subTest("check add tlsa 3 1 1 mycert"): self.assertRegex( stdout, ".*add.*new.*_443._tcp.{}.*3 1 1 {}.*".format( testdomain, tlsa311mycert)) with self.subTest("check add tlsa 3 1 1 mycert2"): self.assertRegex( stdout, ".*add.*new.*_443._tcp.{}.*3 1 1 {}.*".format( testdomain, tlsa311mycert2)) with self.subTest("check add tlsa 2 0 1 mycert"): self.assertRegex( stdout, ".*add.*_443._tcp.{}.*2 0 1 {}.*".format( testdomain, tlsa201mycert)) with self.subTest("check add tlsa 2 0 1 mycert2"): self.assertRegex( stdout, ".*add.*_443._tcp.{}.*2 0 1 {}.*".format( testdomain, tlsa201mycert2)) stdout = runCmd("python3 -m cryptdomainmgr --rollover \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ cert=mycert,mycert2 \ tlsa.tcp.443=auto:3:1:1,auto:2:0:1 \ [cert] \ handler=dehydrated/letsencrypt \ email={} \ keysize=4096 \ [cert:mycert] \ destination={} \ extraflags=--staging,-x \ [cert:mycert2] \ destination={} \ extraflags=--staging,-x \ ' 2>&1".format(tmpdir, testdomain, testcertemail, testcertpath, testcertpath + "2")) #print(stdout) with self.subTest("check cert file exists - mycert"): self.assertTrue( os.path.isfile( os.path.join(testcertpath, testdomain, "fullchain.pem"))) with self.subTest("check cert file exists - mycert2"): self.assertTrue( os.path.isfile( os.path.join(testcertpath + "2", testdomain, "fullchain.pem"))) stdout = runCmd("python3 -m cryptdomainmgr --cleanup \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ cert=mycert,mycert2 \ tlsa.tcp.443=auto:3:1:1,auto:2:0:1 \ [cert] \ handler=dehydrated/letsencrypt \ email={} \ keysize=4096 \ [cert:mycert] \ destination={} \ extraflags=--staging,-x \ [cert:mycert2] \ destination={} \ extraflags=--staging,-x \ ' 2>&1".format(tmpdir, testdomain, testcertemail, testcertpath, testcertpath + "2")) stdout = runCmd("python3 -m cryptdomainmgr --prepare \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ cert=mycert,mycert2 \ tlsa.tcp.443=auto:3:1:1,auto:2:0:1 \ [cert] \ handler=dehydrated/letsencrypt \ email={} \ keysize=4096 \ [cert:mycert] \ destination={} \ extraflags=--staging,-x \ [cert:mycert2] \ destination={} \ extraflags=--staging,-x \ ' 2>&1".format(tmpdir, testdomain, testcertemail, testcertpath, testcertpath + "2")) stdout = runCmd("python3 -m cryptdomainmgr --rollover \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ cert=mycert,mycert2 \ tlsa.tcp.443=auto:3:1:1,auto:2:0:1 \ [cert] \ handler=dehydrated/letsencrypt \ email={} \ keysize=4096 \ [cert:mycert] \ destination={} \ extraflags=--staging,-x \ [cert:mycert2] \ destination={} \ extraflags=--staging,-x \ ' 2>&1".format(tmpdir, testdomain, testcertemail, testcertpath, testcertpath + "2")) stdout = runCmd("python3 -m cryptdomainmgr --cleanup \ test_inwxcreds.conf --config-content \ '\ [cdm] \ statedir={} \ [domain] \ handler=dnsuptools/inwx \ [domain:{}] \ cert=mycert,mycert2 \ tlsa.tcp.443=auto:3:1:1,auto:2:0:1 \ [cert] \ handler=dehydrated/letsencrypt \ email={} \ keysize=4096 \ [cert:mycert] \ destination={} \ extraflags=--staging,-x \ [cert:mycert2] \ destination={} \ extraflags=--staging,-x \ ' 2>&1".format(tmpdir, testdomain, testcertemail, testcertpath, testcertpath + "2")) with self.subTest("check delete tlsa 3 1 1 mycert"): self.assertRegex( stdout, ".*delete.*_443._tcp.{}.*3 1 1 {}.*".format( testdomain, tlsa311mycert)) with self.subTest("check delete tlsa 3 1 1 mycert2"): self.assertRegex( stdout, ".*delet.*_443._tcp.{}.*3 1 1 {}.*".format( testdomain, tlsa311mycert2))