def test_702_003(self): domain = self.test_domain nameA = "test-a." + domain nameB = "test-b." + domain domains = [domain, nameA, nameB] # # generate 1 MD and 2 vhosts conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(nameA, docRoot="htdocs/a") conf.add_vhost(nameB, docRoot="htdocs/b") conf.install() # # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB) # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # # check: SSL is running OK certA = TestEnv.get_cert(nameA) assert nameA in certA.get_san_list() certB = TestEnv.get_cert(nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() # assert TestEnv.get_content(nameA, "/name.txt") == nameA assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_700_003(self): # generate 1 MD and 2 vhosts domain = self.test_domain nameA = "a." + domain nameB = "b." + domain dns_list = [ domain, nameA, nameB ] conf = HttpdConf() conf.add_admin( "admin@" + domain ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a") conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b") conf.install() # create docRoot folder self._write_res_file( os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA ) self._write_res_file( os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB ) # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md( domain, dns_list ) assert TestEnv.await_completion( [ domain, nameA, nameB ] ) TestEnv.check_md_complete(domain) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() assert TestEnv.get_content( nameA, "/name.txt" ) == nameA assert TestEnv.get_content( nameB, "/name.txt" ) == nameB
def test_500_109(self): # test case: redirect on SSL-only domain # setup: prepare config domain = "test500-109-" + TestDrive.dns_uniq name = "www." + domain conf = HttpdConf( TestDrive.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "manual" ) conf.add_md( [name] ) conf.add_vhost(TestEnv.HTTP_PORT, name, aliasList=[], docRoot="htdocs/test", withSSL=False) conf.add_vhost(TestEnv.HTTPS_PORT, name, aliasList=[], docRoot="htdocs/test", withSSL=True) conf.install() # setup: create resource files self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "test"), "name.txt", name) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR), "name.txt", "not-forbidden.org") assert TestEnv.apache_restart() == 0 # drive it assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0 assert TestEnv.apache_restart() == 0 # test HTTP access - no redirect assert TestEnv.get_content("not-forbidden.org", "/name.txt", useHTTPS=False) == "not-forbidden.org" assert TestEnv.get_content(name, "/name.txt", useHTTPS=False) == name r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert int(r['http_headers']['Content-Length']) == len(name) assert "Location" not in r['http_headers'] # test HTTPS access assert TestEnv.get_content(name, "/name.txt", useHTTPS=True) == name # test HTTP access again -> redirect to default HTTPS port conf.add_require_ssl("temporary") conf.install() assert TestEnv.apache_restart() == 0 r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert r['http_status'] == 302 expLocation = "https://%s/name.txt" % name assert r['http_headers']['Location'] == expLocation # should not see this assert not 'Strict-Transport-Security' in r['http_headers'] # test default HTTP vhost -> still no redirect assert TestEnv.get_content("not-forbidden.org", "/name.txt", useHTTPS=False) == "not-forbidden.org" r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True) # also not for this assert not 'Strict-Transport-Security' in r['http_headers'] # test HTTP access again -> redirect permanent conf.add_require_ssl("permanent") conf.install() assert TestEnv.apache_restart() == 0 r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert r['http_status'] == 301 expLocation = "https://%s/name.txt" % name assert r['http_headers']['Location'] == expLocation assert not 'Strict-Transport-Security' in r['http_headers'] # should see this r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True) assert r['http_headers']['Strict-Transport-Security'] == 'max-age=15768000'
def test_600_002(self): # test case: one md, that covers two vhosts domain = "r002-" + TestRoundtrip.dns_uniq nameA = "test-a." + domain nameB = "test-b." + domain dnsList = [domain, nameA, nameB] # - generate config with one md conf = HttpdConf(TestRoundtrip.TMP_CONF, True) conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(dnsList) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dnsList) # - drive assert TestEnv.a2md(["drive", domain])['rv'] == 0 self._check_md_cert(dnsList) # - append vhost to config conf.add_vhost(TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.add_vhost(TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.install() # - create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB) # check: SSL is running OK assert TestEnv.apache_restart() == 0 certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() assert TestEnv.get_content(nameA, "/name.txt") == nameA assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_600_002(self): # test case: one md, that covers two vhosts domain = self.test_domain nameA = "a-" + domain nameB = "b-" + domain dnsList = [domain, nameA, nameB] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(dnsList) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domain, dnsList) # - drive assert TestEnv.a2md(["drive", domain])['rv'] == 0 assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domain) # - append vhost to config conf.add_vhost(TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a") conf.add_vhost(TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b") conf.install() # - create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB) # check: SSL is running OK assert TestEnv.apache_restart() == 0 certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() assert TestEnv.get_content(nameA, "/name.txt") == nameA assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_700_003(self): domain = "test700-003-" + TestAuto.dns_uniq nameA = "test-a." + domain nameB = "test-b." + domain dns_list = [domain, nameA, nameB] # generate 1 MD and 2 vhosts conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.add_vhost(TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b", withSSL=True, certPath=TestEnv.path_domain_pubcert(domain), keyPath=TestEnv.path_domain_privkey(domain)) conf.install() # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB) # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_completion([domain]) self._check_md_cert(dns_list) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() assert TestEnv.get_content(nameA, "/name.txt") == nameA assert TestEnv.get_content(nameB, "/name.txt") == nameB