def test_500_109(self):
# test case: redirect on SSL-only domain
# setup: prepare config
domain = "test500-109-" + TestDrive.dns_uniq
name = "www." + domain
conf = HttpdConf( TestDrive.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_drive_mode( "manual" )
conf.add_md( [name] )
conf.add_vhost(TestEnv.HTTP_PORT, name, aliasList=[], docRoot="htdocs/test", withSSL=False)
conf.add_vhost(TestEnv.HTTPS_PORT, name, aliasList=[], docRoot="htdocs/test", withSSL=True)
conf.install()
# setup: create resource files
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "test"), "name.txt", name)
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR), "name.txt", "not-forbidden.org")
assert TestEnv.apache_restart() == 0
# drive it
assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0
assert TestEnv.apache_restart() == 0
# test HTTP access - no redirect
assert TestEnv.get_content("not-forbidden.org", "/name.txt", useHTTPS=False) == "not-forbidden.org"
assert TestEnv.get_content(name, "/name.txt", useHTTPS=False) == name
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False)
assert int(r['http_headers']['Content-Length']) == len(name)
assert "Location" not in r['http_headers']
# test HTTPS access
assert TestEnv.get_content(name, "/name.txt", useHTTPS=True) == name
# test HTTP access again -> redirect to default HTTPS port
conf.add_require_ssl("temporary")
conf.install()
assert TestEnv.apache_restart() == 0
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False)
assert r['http_status'] == 302
expLocation = "https://%s/name.txt" % name
assert r['http_headers']['Location'] == expLocation
# should not see this
assert not 'Strict-Transport-Security' in r['http_headers']
# test default HTTP vhost -> still no redirect
assert TestEnv.get_content("not-forbidden.org", "/name.txt", useHTTPS=False) == "not-forbidden.org"
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True)
# also not for this
assert not 'Strict-Transport-Security' in r['http_headers']
# test HTTP access again -> redirect permanent
conf.add_require_ssl("permanent")
conf.install()
assert TestEnv.apache_restart() == 0
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False)
assert r['http_status'] == 301
expLocation = "https://%s/name.txt" % name
assert r['http_headers']['Location'] == expLocation
assert not 'Strict-Transport-Security' in r['http_headers']
# should see this
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True)
assert r['http_headers']['Strict-Transport-Security'] == 'max-age=15768000'
def test_500_110(self):
# test case: SSL-only domain, override headers generated by mod_md
# setup: prepare config
if not TestEnv.httpd_is_at_least("2.5.0"):
return
domain = "test500-110-" + TestDrive.dns_uniq
name = "www." + domain
conf = HttpdConf(TestDrive.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_require_ssl("permanent")
conf.add_md([name])
conf._add_line(" SSLEngine *:" + TestEnv.HTTPS_PORT)
conf.add_vhost(TestEnv.HTTPS_PORT + " *:" + TestEnv.HTTP_PORT,
name,
aliasList=[],
withSSL=False)
conf.install()
assert TestEnv.apache_restart() == 0
# drive it
assert TestEnv.a2md(["drive", name])['rv'] == 0
assert TestEnv.apache_restart() == 0
# test override HSTS header
conf._add_line(
' Header set Strict-Transport-Security "max-age=10886400; includeSubDomains; preload"'
)
conf.install()
assert TestEnv.apache_restart() == 0
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True)
assert r['http_headers'][
'Strict-Transport-Security'] == 'max-age=10886400; includeSubDomains; preload'
# test override Location header
conf._add_line(' Redirect /a /name.txt')
conf._add_line(' Redirect seeother /b /name.txt')
conf.install()
assert TestEnv.apache_restart() == 0
# check: default redirect by mod_md still works
expLocation = "https://%s/name.txt" % name
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False)
assert r['http_status'] == 301
assert r['http_headers']['Location'] == expLocation
# check: redirect as given by mod_alias
expLocation = "https://%s/a" % name
r = TestEnv.get_meta(name, "/a", useHTTPS=False)
assert r[
'http_status'] == 301 # FAIL: mod_alias generates Location header instead of mod_md
assert r['http_headers']['Location'] == expLocation
def test_500_100(self):
# test case: md with one domain
domain = self.test_domain
name = "www." + domain
self._prepare_md([name])
assert TestEnv.apache_start() == 0
# drive
prevMd = TestEnv.a2md(["list", name])['jout']['output'][0]
assert TestEnv.a2md(["drive", "-c", "http-01", name])['rv'] == 0
TestEnv.check_md_credentials([name])
self._check_account_key(name)
# check archive content
storeMd = json.loads(
open(TestEnv.store_archived_file(name, 1, 'md.json')).read())
for f in [
'name', 'ca', 'domains', 'contacts', 'renew-mode',
'renew-window', 'must-staple'
]:
assert storeMd[f] == prevMd[f]
# check file system permissions:
TestEnv.check_file_permissions(name)
# check: challenges removed
TestEnv.check_dir_empty(TestEnv.store_challenges())
# check how the challenge resources are answered in sevceral combinations
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge", False)
assert result['rv'] == 0
assert result['http_status'] == 404
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/",
False)
assert result['rv'] == 0
assert result['http_status'] == 404
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123",
False)
assert result['rv'] == 0
assert result['http_status'] == 404
assert result['rv'] == 0
cdir = os.path.join(TestEnv.store_challenges(), domain)
os.makedirs(cdir)
open(os.path.join(cdir, 'acme-http-01.txt'),
"w").write("content-of-123")
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123",
False)
assert result['rv'] == 0
assert result['http_status'] == 200
assert result['http_headers']['Content-Length'] == '14'
def test_500_111(self):
# test case: vhost with parallel HTTP/HTTPS, check mod_alias redirects
# setup: prepare config
if not TestEnv.httpd_is_at_least("2.5.0"):
return
domain = "test500-111-" + TestDrive.dns_uniq
name = "www." + domain
conf = HttpdConf(TestDrive.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md([name])
conf._add_line(" LogLevel alias:debug")
conf._add_line(" SSLEngine *:" + TestEnv.HTTPS_PORT)
conf.start_vhost(TestEnv.HTTPS_PORT + " *:" + TestEnv.HTTP_PORT,
name,
aliasList=[],
withSSL=False)
conf.end_vhost()
conf.install()
assert TestEnv.apache_restart() == 0
# drive it
assert TestEnv.a2md(["drive", name])['rv'] == 0
assert TestEnv.apache_restart() == 0
# setup: place redirect rules
conf._add_line(' Redirect /a /name.txt')
conf._add_line(' Redirect seeother /b /name.txt')
conf.install()
assert TestEnv.apache_restart() == 0
# check: redirects on HTTP
expLocation = "http://%s:%s/name.txt" % (name, TestEnv.HTTP_PORT)
r = TestEnv.get_meta(name, "/a", useHTTPS=False)
assert r['http_status'] == 302
assert r['http_headers']['Location'] == expLocation
r = TestEnv.get_meta(name, "/b", useHTTPS=False)
assert r['http_status'] == 303
assert r['http_headers']['Location'] == expLocation
# check: redirects on HTTPS
expLocation = "https://%s:%s/name.txt" % (name, TestEnv.HTTPS_PORT)
r = TestEnv.get_meta(name, "/a", useHTTPS=True)
assert r['http_status'] == 302
assert r['http_headers'][
'Location'] == expLocation # FAIL: expected 'https://...' but found 'http://...'
r = TestEnv.get_meta(name, "/b", useHTTPS=True)
assert r['http_status'] == 303
assert r['http_headers']['Location'] == expLocation
def test_502_100(self):
# test case: md with one domain
domain = "test502-100-" + TestDrive.dns_uniq
name = "www." + domain
self._prepare_md([name])
assert TestEnv.apache_start() == 0
# drive
prevMd = TestEnv.a2md(["list", name])['jout']['output'][0]
assert TestEnv.a2md(["-v", "drive", "-c", "http-01", name])['rv'] == 0
self._check_md_cert([name])
self._check_account_key(name)
# check archive content
assert json.loads(
open(TestEnv.path_domain(name, archiveVersion=1)).read()) == prevMd
# check file system permissions:
TestEnv.check_file_permissions(name)
# check: challenges removed
TestEnv.check_dir_empty(TestEnv.path_challenges())
# check how the challenge resources are answered in sevceral combinations
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge", False)
assert result['rv'] == 0
assert result['http_status'] == 404
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/",
False)
assert result['rv'] == 0
assert result['http_status'] == 404
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123",
False)
assert result['rv'] == 0
assert result['http_status'] == 404
assert result['rv'] == 0
cdir = os.path.join(TestEnv.path_challenges(), domain)
os.makedirs(cdir)
open(os.path.join(cdir, 'acme-http-01.txt'),
"w").write("content-of-123")
result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123",
False)
assert result['rv'] == 0
assert result['http_status'] == 200
assert result['http_headers']['Content-Length'] == '14'
def test_500_111(self):
# test case: vhost with parallel HTTP/HTTPS, check mod_alias redirects
# setup: prepare config
domain = self.test_domain
name = "www." + domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md([name])
conf._add_line(" LogLevel alias:debug")
conf.add_vhost(name, port=TestEnv.HTTP_PORT)
conf.add_vhost(name)
conf.install()
assert TestEnv.apache_restart() == 0
# drive it
assert TestEnv.a2md(["drive", name])['rv'] == 0
assert TestEnv.apache_restart() == 0
# setup: place redirect rules
conf._add_line(' Redirect /a /name.txt')
conf._add_line(' Redirect seeother /b /name.txt')
conf.install()
assert TestEnv.apache_restart() == 0
# check: redirects on HTTP
expLocation = "http://%s:%s/name.txt" % (name, TestEnv.HTTP_PORT)
r = TestEnv.get_meta(name, "/a", useHTTPS=False)
assert r['http_status'] == 302
assert r['http_headers']['Location'] == expLocation
r = TestEnv.get_meta(name, "/b", useHTTPS=False)
assert r['http_status'] == 303
assert r['http_headers']['Location'] == expLocation
# check: redirects on HTTPS
expLocation = "https://%s:%s/name.txt" % (name, TestEnv.HTTPS_PORT)
r = TestEnv.get_meta(name, "/a", useHTTPS=True)
assert r['http_status'] == 302
assert r['http_headers'][
'Location'] == expLocation # FAIL: expected 'https://...' but found 'http://...'
r = TestEnv.get_meta(name, "/b", useHTTPS=True)
assert r['http_status'] == 303
assert r['http_headers']['Location'] == expLocation
