def setup_module(module):
print("setup_module module:%s" % module.__name__)
TestEnv.init()
TestEnv.apache_err_reset()
TestEnv.APACHE_CONF_SRC = "data/test_conf_store"
TestEnv.install_test_conf(None)
assert TestEnv.apache_start() == 0
def test_310_400(self):
# test case: add dns name on existing valid md
# setup: create complete md in store
domain = "test310-400-" + TestConf.dns_uniq
name = "www." + domain
assert TestEnv.a2md(["add", name, "test1." + domain])['rv'] == 0
assert TestEnv.a2md(["update", name, "contacts",
"admin@" + name])['rv'] == 0
assert TestEnv.a2md(["update", name, "agreement",
TestEnv.ACME_TOS])['rv'] == 0
assert TestEnv.apache_start() == 0
# setup: drive it
assert TestEnv.a2md(["-vvv", "drive", name])['rv'] == 0
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
# remove one domain -> status stays COMPLETE
assert TestEnv.a2md(["update", name, "domains", name])['rv'] == 0
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
# add other domain -> status INCOMPLETE
assert TestEnv.a2md(
["update", name, "domains", name, "test2." + domain])['rv'] == 0
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE
def test_500_104(self):
# test case: md with one domain, TOS agreement, ACME account and authz challenge
# setup: create md
domain = "test500-104-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([ name ])
assert TestEnv.apache_start() == 0
# setup: create account on server
run = TestEnv.a2md( ["acme", "newreg", "admin@" + domain], raw=True )
assert run['rv'] == 0
acct = re.match("registered: (.*)$", run["stdout"]).group(1)
# setup: send TOS agreement to server
assert TestEnv.a2md(["--terms", TestEnv.ACME_TOS, "acme", "agree", acct])['rv'] == 0
# setup: link md to account
assert TestEnv.a2md([ "update", name, "account", acct])['rv'] == 0
# setup: create authz resource, write it into store
run = TestEnv.a2md( ["-vv", "acme", "authz", acct, name], raw=True )
assert run['rv'] == 0
authz_url = re.match("authz: " + name + " (.*)$", run["stdout"]).group(1)
# TODO: find storage-independent way to modify local authz data
TestEnv.authz_save(name, json.dumps({
"account": acct,
"authorizations": [{
"domain": name,
"location": authz_url,
"state": 0
}]
}, indent=2))
# drive
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
self._check_md_cert([ name ])
def test_500_107(self):
# test case: drive again on COMPLETE md, then drive --force
# setup: prepare md in store
domain = "test500-107-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([ name ])
assert TestEnv.apache_start() == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
self._check_md_cert([ name ])
orig_cert = CertUtil(TestEnv.path_domain_pubcert(name))
# drive again
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
self._check_md_cert([ name ])
cert = CertUtil(TestEnv.path_domain_pubcert(name))
# check: cert not changed
assert cert.get_serial() == orig_cert.get_serial()
# drive --force
assert TestEnv.a2md( [ "-vv", "drive", "--force", name ] )['rv'] == 0
self._check_md_cert([ name ])
cert = CertUtil(TestEnv.path_domain_pubcert(name))
# check: cert not changed
assert cert.get_serial() != orig_cert.get_serial()
# check: previous cert was archived
cert = CertUtil(TestEnv.path_domain_pubcert( name, archiveVersion=2 ))
assert cert.get_serial() == orig_cert.get_serial()
def test_502_107(self):
# test case: drive again on COMPLETE md, then drive --force
# setup: prepare md in store
domain = self.test_domain
name = "www." + domain
self._prepare_md([ name ])
assert TestEnv.apache_start() == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
TestEnv.check_md_credentials(name, [ name ])
orig_cert = CertUtil( TestEnv.store_domain_file(name, 'pubcert.pem'))
# drive again
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
TestEnv.check_md_credentials(name, [ name ])
cert = CertUtil( TestEnv.store_domain_file(name, 'pubcert.pem'))
# check: cert not changed
assert cert.get_serial() == orig_cert.get_serial()
# drive --force
assert TestEnv.a2md( [ "-vv", "drive", "--force", name ] )['rv'] == 0
TestEnv.check_md_credentials(name, [ name ])
cert = CertUtil( TestEnv.store_domain_file(name, 'pubcert.pem'))
# check: cert not changed
assert cert.get_serial() != orig_cert.get_serial()
# check: previous cert was archived
cert = CertUtil(TestEnv.store_archived_file( name, 2, 'pubcert.pem'))
assert cert.get_serial() == orig_cert.get_serial()
def setup_module(module):
print("setup_module module:%s" % module.__name__)
TestEnv.initv2()
TestEnv.APACHE_CONF_SRC = "data/test_auto"
TestEnv.check_acme()
TestEnv.clear_store()
TestEnv.install_test_conf()
assert TestEnv.apache_start() == 0
def test_502_101(self):
# test case: md with 2 domains
domain = self.test_domain
name = "www." + domain
self._prepare_md([ name, "test." + domain ])
assert TestEnv.apache_start() == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", "-c", "http-01", name ] )['rv'] == 0
TestEnv.check_md_credentials(name, [ name, "test." + domain ])
def test_500_101(self):
# test case: md with 2 domains
domain = "test500-101-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([ name, "test." + domain ])
assert TestEnv.apache_start() == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", "-c", "http-01", name ] )['rv'] == 0
self._check_md_cert([ name, "test." + domain ])
def test_500_106(self):
# test case: drive using HTTPS only challenge
domain = "test500-106-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([ name, "test." + domain ])
assert TestEnv.apache_start() == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", "-c", "tls-sni-01", name ] )['rv'] == 0
self._check_md_cert([ name, "test." + domain ])
def test_500_106(self):
# Driving an MD with TLS only, without making it known to Apache
# first will not work, as support for ALPN protocol acme-tls/1 cannot be checked.
domain = self.test_domain
name = "www." + domain
self._prepare_md([name, "test." + domain])
assert TestEnv.apache_start() == 0
# drive
assert TestEnv.a2md(["-vv", "drive", "-c", "tls-alpn-01",
name])['rv'] == 1
def test_7009(self):
domain = self.test_domain
dns_list = [domain]
# prepare md
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_renew_window("10d")
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True)
conf.install()
# restart (-> drive), check that md+cert is in store, TLS is up
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], 30)
self._check_md_cert(dns_list)
cert1 = CertUtil(TestEnv.path_domain_pubcert(domain))
# fetch cert from server
cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert cert1.get_serial() == cert2.get_serial()
# create self-signed cert, with critical remaining valid duration -> drive again
CertUtil.create_self_signed_cert([domain], {
"notBefore": -120,
"notAfter": 9
})
cert3 = CertUtil(TestEnv.path_domain_pubcert(domain))
assert cert3.get_serial() == 1000
time.sleep(1)
assert TestEnv.a2md(["list",
domain])['jout']['output'][0]['renew'] == True
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], 30)
# fetch cert from server -> self-signed still active, activation of new ACME is delayed
cert4 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert cert4.get_serial() == cert3.get_serial()
time.sleep(1)
# restart -> new ACME cert becomes active
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_start() == 0
time.sleep(1)
cert5 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert cert5.get_serial() != cert3.get_serial()
def test_500_102(self):
# Driving an MD with 'tls-alpn-01' challenge without making it known to Apache
# first will not work, as support for ALPN protocol acme-tls/1 cannot be checked.
domain = self.test_domain
name = "www." + domain
self._prepare_md([name])
assert TestEnv.apache_start() == 0
# setup: create account on server
run = TestEnv.a2md(["acme", "newreg", "admin@" + domain], raw=True)
assert run['rv'] == 0
acct = re.match("registered: (.*)$", run["stdout"]).group(1)
# setup: link md to account
assert TestEnv.a2md(["update", name, "account", acct])['rv'] == 0
# drive
r = TestEnv.a2md(["-v", "drive", "-c", "tls-alpn-01", name]) == 1
def test_310_401(self):
# test case: change ca info
# setup: create complete md in store
domain = self.test_domain
name = "www." + domain
assert TestEnv.a2md(["add", name])['rv'] == 0
assert TestEnv.a2md([ "update", name, "contacts", "admin@" + name ])['rv'] == 0
assert TestEnv.a2md([ "update", name, "agreement", TestEnv.ACME_TOS ])['rv'] == 0
assert TestEnv.apache_start() == 0
# setup: drive it
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
assert TestEnv.a2md([ "list", name ])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
# setup: change CA URL
assert TestEnv.a2md([ "update", name, "ca", TestEnv.ACME_URL_DEFAULT ])['rv'] == 0
# check: state stays COMPLETE
assert TestEnv.a2md([ "list", name ])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
def test_500_102(self):
# test case: md with one domain, local TOS agreement and ACME account
# setup: create md
domain = "test500-102-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([ name ])
assert TestEnv.apache_start() == 0
# setup: create account on server
run = TestEnv.a2md( ["acme", "newreg", "admin@" + domain], raw=True )
assert run['rv'] == 0
acct = re.match("registered: (.*)$", run["stdout"]).group(1)
# setup: link md to account
assert TestEnv.a2md([ "update", name, "account", acct])['rv'] == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", "-c", "tls-sni-01", name ] )['rv'] == 0
self._check_md_cert([ name ])
def test_500_100(self):
# test case: md with one domain
domain = self.test_domain
name = "www." + domain
self._prepare_md([name])
assert TestEnv.apache_start() == 0
# drive
prevMd = TestEnv.a2md(["list", name])['jout']['output'][0]
assert TestEnv.a2md(["drive", "-c", "http-01", name])['rv'] == 0
TestEnv.check_md_credentials([name])
self._check_account_key(name)
# check archive content
storeMd = json.loads(
open(TestEnv.store_archived_file(name, 1, 'md.json')).read())
for f in [
'name', 'ca', 'domains', 'contacts', 'renew-mode',
'renew-window', 'must-staple'
]:
assert storeMd[f] == prevMd[f]
# check file system permissions:
TestEnv.check_file_permissions(name)
# check: challenges removed
TestEnv.check_dir_empty(TestEnv.store_challenges())
# check how the challenge resources are answered in sevceral combinations
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge", False)
assert result['rv'] == 0
assert result['http_status'] == 404
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/",
False)
assert result['rv'] == 0
assert result['http_status'] == 404
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123",
False)
assert result['rv'] == 0
assert result['http_status'] == 404
assert result['rv'] == 0
cdir = os.path.join(TestEnv.store_challenges(), domain)
os.makedirs(cdir)
open(os.path.join(cdir, 'acme-http-01.txt'),
"w").write("content-of-123")
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123",
False)
assert result['rv'] == 0
assert result['http_status'] == 200
assert result['http_headers']['Content-Length'] == '14'
def test_502_301(self):
# test case: change contact info on existing valid md
# setup: create md in store
domain = self.test_domain
name = "www." + domain
self._prepare_md([ name ])
assert TestEnv.apache_start() == 0
# setup: drive it
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
old_cert = CertUtil( TestEnv.store_domain_file(name, 'pubcert.pem'))
# setup: add second domain
assert TestEnv.a2md([ "update", name, "contacts", "test@" + domain ])['rv'] == 0
# drive
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
# compare cert serial
new_cert = CertUtil( TestEnv.store_domain_file(name, 'pubcert.pem'))
assert old_cert.get_serial() == new_cert.get_serial()
def test_500_301(self):
# test case: change contact info on existing valid md
# setup: create md in store
domain = "test500-301-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([ name ])
assert TestEnv.apache_start() == 0
# setup: drive it
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
old_cert = CertUtil(TestEnv.path_domain_pubcert(name))
# setup: add second domain
assert TestEnv.a2md([ "update", name, "contacts", "test@" + domain ])['rv'] == 0
# drive
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
# compare cert serial
new_cert = CertUtil(TestEnv.path_domain_pubcert(name))
assert old_cert.get_serial() == new_cert.get_serial()
def test_500_300(self):
# test case: remove one domain name from existing valid md
# setup: create md in store
domain = "test500-300-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([ name, "test." + domain, "xxx." + domain ])
assert TestEnv.apache_start() == 0
# setup: drive it
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
old_cert = CertUtil(TestEnv.path_domain_pubcert(name))
# setup: remove one domain
assert TestEnv.a2md([ "update", name, "domains"] + [ name, "test." + domain ])['rv'] == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
# compare cert serial
new_cert = CertUtil(TestEnv.path_domain_pubcert(name))
assert old_cert.get_serial() == new_cert.get_serial()
def test_502_103(self):
# test case: md with one domain, ACME account and TOS agreement on server
# setup: create md
domain = self.test_domain
name = "www." + domain
assert TestEnv.a2md(["add", name])['rv'] == 0
assert TestEnv.a2md([ "update", name, "contacts", "admin@" + domain ])['rv'] == 0
assert TestEnv.apache_start() == 0
# setup: create account on server
run = TestEnv.a2md( ["-t", "accepted", "acme", "newreg", "admin@" + domain], raw=True )
assert run['rv'] == 0
acct = re.match("registered: (.*)$", run["stdout"]).group(1)
# setup: link md to account
assert TestEnv.a2md([ "update", name, "account", acct])['rv'] == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
TestEnv.check_md_credentials(name, [ name ])
def test_500_200(self):
# test case: add dns name on existing valid md
# setup: create md in store
domain = "test500-200-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([ name ])
assert TestEnv.apache_start() == 0
# setup: drive it
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
old_cert = CertUtil(TestEnv.path_domain_pubcert(name))
# setup: add second domain
assert TestEnv.a2md([ "update", name, "domains", name, "test." + domain ])['rv'] == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
# check new cert
self._check_md_cert([ name, "test." + domain ])
new_cert = CertUtil(TestEnv.path_domain_pubcert(name))
assert old_cert.get_serial() != new_cert.get_serial()
def test_502_200(self):
# test case: add dns name on existing valid md
# setup: create md in store
domain = self.test_domain
name = "www." + domain
self._prepare_md([ name ])
assert TestEnv.apache_start() == 0
# setup: drive it
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
old_cert = CertUtil( TestEnv.store_domain_file(name, 'pubcert.pem'))
# setup: add second domain
assert TestEnv.a2md([ "update", name, "domains", name, "test." + domain ])['rv'] == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
# check new cert
TestEnv.check_md_credentials(name, [ name, "test." + domain ])
new_cert = CertUtil( TestEnv.store_domain_file(name, 'pubcert.pem'))
assert old_cert.get_serial() != new_cert.get_serial()
def test_500_103(self):
# test case: md with one domain, ACME account and TOS agreement on server
# setup: create md
domain = "test500-103-" + TestDrive.dns_uniq
name = "www." + domain
assert TestEnv.a2md(["add", name])['rv'] == 0
assert TestEnv.a2md([ "update", name, "contacts", "admin@" + domain ])['rv'] == 0
assert TestEnv.apache_start() == 0
# setup: create account on server
run = TestEnv.a2md( ["acme", "newreg", "admin@" + domain], raw=True )
assert run['rv'] == 0
acct = re.match("registered: (.*)$", run["stdout"]).group(1)
# setup: send TOS agreement to server
assert TestEnv.a2md(["--terms", TestEnv.ACME_TOS, "acme", "agree", acct])['rv'] == 0
# setup: link md to account
assert TestEnv.a2md([ "update", name, "account", acct])['rv'] == 0
# drive
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0
self._check_md_cert([ name ])
def test_500_100(self):
# test case: md with one domain
domain = "test500-100-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([name])
assert TestEnv.apache_start() == 0
# drive
prevMd = TestEnv.a2md(["list", name])['jout']['output'][0]
assert TestEnv.a2md(["drive", "-c", "http-01", name])['rv'] == 0
self._check_md_cert([name])
self._check_account_key(name)
# check: challenges removed
TestEnv.check_dir_empty(TestEnv.path_challenges())
# check archive content
assert json.loads(
open(TestEnv.path_domain(name, archiveVersion=1)).read()) == prevMd
# check file system permissions:
TestEnv.check_file_permissions(name)
def test_502_105(self):
# test case: md with one domain, local TOS agreement and ACME account that is deleted (!) on server
# setup: create md
domain = self.test_domain
name = "www." + domain
self._prepare_md([ name ])
assert TestEnv.apache_start() == 0
# setup: create account on server
run = TestEnv.a2md( ["-t", "accepted", "acme", "newreg", "test@" + domain], raw=True )
assert run['rv'] == 0
acct = re.match("registered: (.*)$", run["stdout"]).group(1)
# setup: link md to account
assert TestEnv.a2md([ "update", name, "account", acct])['rv'] == 0
# setup: delete account on server
assert TestEnv.a2md( ["acme", "delreg", acct] )['rv'] == 0
# drive
run = TestEnv.a2md( [ "drive", name ] )
print run["stderr"]
assert run['rv'] == 0
TestEnv.check_md_credentials(name, [ name ])
def test_502_100(self):
# test case: md with one domain
domain = "test502-100-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([name])
assert TestEnv.apache_start() == 0
# drive
prevMd = TestEnv.a2md(["list", name])['jout']['output'][0]
assert TestEnv.a2md(["-v", "drive", "-c", "http-01", name])['rv'] == 0
self._check_md_cert([name])
self._check_account_key(name)
# check archive content
assert json.loads(
open(TestEnv.path_domain(name, archiveVersion=1)).read()) == prevMd
# check file system permissions:
TestEnv.check_file_permissions(name)
# check: challenges removed
TestEnv.check_dir_empty(TestEnv.path_challenges())
# check how the challenge resources are answered in sevceral combinations
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge", False)
assert result['rv'] == 0
assert result['http_status'] == 404
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/",
False)
assert result['rv'] == 0
assert result['http_status'] == 404
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123",
False)
assert result['rv'] == 0
assert result['http_status'] == 404
assert result['rv'] == 0
cdir = os.path.join(TestEnv.path_challenges(), domain)
os.makedirs(cdir)
open(os.path.join(cdir, 'acme-http-01.txt'),
"w").write("content-of-123")
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123",
False)
assert result['rv'] == 0
assert result['http_status'] == 200
assert result['http_headers']['Content-Length'] == '14'
def setup_method(self, method):
print("setup_method: %s" % method.__name__)
TestEnv.check_acme()
TestEnv.clear_store()
TestEnv.install_test_conf(None)
assert TestEnv.apache_start() == 0
