def test_7009(self):
domain = self.test_domain
dns_list = [ domain ]
# prepare md
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_drive_mode( "auto" )
conf.add_renew_window( "10d" )
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True )
conf.install()
# restart (-> drive), check that md+cert is in store, TLS is up
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion( [ domain ], 30 )
self._check_md_cert( dns_list )
cert1 = CertUtil( TestEnv.path_domain_pubcert(domain) )
# fetch cert from server
cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
assert cert1.get_serial() == cert2.get_serial()
# create self-signed cert, with critical remaining valid duration -> drive again
CertUtil.create_self_signed_cert( [domain], { "notBefore": -120, "notAfter": 9 })
cert3 = CertUtil( TestEnv.path_domain_pubcert(domain) )
assert cert3.get_serial() == 1000
time.sleep(1)
assert TestEnv.a2md([ "list", domain])['jout']['output'][0]['renew'] == True
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion( [ domain ], 30 )
# fetch cert from server -> self-signed still active, activation of new ACME is delayed
cert4 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
assert cert4.get_serial() == cert3.get_serial()
time.sleep( 1 )
# restart -> new ACME cert becomes active
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_start() == 0
time.sleep( 1 )
cert5 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
assert cert5.get_serial() != cert3.get_serial()
def test_700_030(self):
domain = self.test_domain
nameX = "x." + domain
nameA = "a." + domain
nameB = "b." + domain
dns_list = [ nameX, nameA, nameB ]
# generate 1 MD and 2 vhosts
conf = HttpdConf()
conf.add_admin( "admin@" + domain )
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a")
conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b")
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md( nameX, dns_list )
assert TestEnv.await_completion( [ nameX ] )
TestEnv.check_md_complete(nameX)
# check: SSL is running OK
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA)
assert nameA in certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
# change MD by removing 1st name
new_list = [ nameA, nameB ]
conf = HttpdConf()
conf.add_admin( "admin@" + domain )
conf.add_md( new_list )
conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a")
conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b")
conf.install()
# restart, check that host still works and have same cert
assert TestEnv.apache_restart() == 0
TestEnv.check_md( nameX, new_list )
status = TestEnv.get_certificate_status( nameA )
assert status['serial'] == certA.get_serial()
def test_602_002(self):
# test case: one md, that covers two vhosts
domain = self.test_domain
nameA = "a." + domain
nameB = "b." + domain
dnsList = [ domain, nameA, nameB ]
# - generate config with one md
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md(dnsList)
conf.install()
# - restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domain, dnsList)
# - drive
assert TestEnv.a2md( [ "drive", domain ] )['rv'] == 0
assert TestEnv.apache_restart() == 0
TestEnv.check_md_complete(domain)
# - append vhost to config
conf.add_vhost(TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a")
conf.add_vhost(TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b")
conf.install()
# - create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA)
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB)
# check: SSL is running OK
assert TestEnv.apache_restart() == 0
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA)
assert nameA in certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
assert TestEnv.get_content(nameA, "/name.txt") == nameA
assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_702_002(self):
domain = "test702-002-" + TestAuto.dns_uniq
domainA = "a-" + domain
domainB = "b-" + domain
# generate config with two MDs
dnsListA = [domainA, "www." + domainA]
dnsListB = [domainB, "www." + domainB]
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("*****@*****.**")
conf.add_drive_mode("auto")
conf.add_md(dnsListA)
conf.add_md(dnsListB)
conf.add_vhost(TestEnv.HTTPS_PORT,
domainA,
aliasList=[dnsListA[1]],
withSSL=True)
conf.add_vhost(TestEnv.HTTPS_PORT,
domainB,
aliasList=[dnsListB[1]],
withSSL=True)
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names(domainA, dnsListA)
self._check_md_names(domainB, dnsListB)
# await drive completion
assert TestEnv.await_completion([domainA, domainB])
self._check_md_cert(dnsListA)
self._check_md_cert(dnsListB)
# check: SSL is running OK
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domainA)
assert dnsListA == certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domainB)
assert dnsListB == certB.get_san_list()
def test_600_001(self):
# test case: same as test_600_000, but with two parallel managed domains
domainA = "a-" + self.test_domain
domainB = "b-" + self.test_domain
dnsListA = [domainA, "www." + domainA]
dnsListB = [domainB, "www." + domainB]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_drive_mode("manual")
conf.add_md(dnsListA)
conf.add_md(dnsListB)
conf.install()
# - restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domainA, dnsListA)
TestEnv.check_md(domainB, dnsListB)
# - drive
assert TestEnv.a2md(["drive", domainA])['rv'] == 0
assert TestEnv.a2md(["drive", domainB])['rv'] == 0
assert TestEnv.apache_restart() == 0
TestEnv.check_md_complete(domainA)
TestEnv.check_md_complete(domainB)
# - append vhost to config
conf.add_vhost(TestEnv.HTTPS_PORT, domainA, aliasList=[dnsListA[1]])
conf.add_vhost(TestEnv.HTTPS_PORT, domainB, aliasList=[dnsListB[1]])
conf.install()
# check: SSL is running OK
assert TestEnv.apache_restart() == 0
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domainA)
assert dnsListA == certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domainB)
assert dnsListB == certB.get_san_list()
def test_702_002(self):
domain = self.test_domain
domainA = "a-" + domain
domainB = "b-" + domain
# generate config with two MDs
dnsListA = [domainA, "www." + domainA]
dnsListB = [domainB, "www." + domainB]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_drive_mode("auto")
conf.add_md(dnsListA)
conf.add_md(dnsListB)
conf.add_vhost(TestEnv.HTTPS_PORT, domainA, aliasList=[dnsListA[1]])
conf.add_vhost(TestEnv.HTTPS_PORT, domainB, aliasList=[dnsListB[1]])
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domainA, dnsListA)
TestEnv.check_md(domainB, dnsListB)
# await drive completion, do not restart
assert TestEnv.await_completion([domainA, domainB], restart=False)
# staged certificates are now visible on the status resources
status = TestEnv.get_md_status(domainA)
assert 'renewal' in status
assert 'cert' in status['renewal']
assert 'sha256-fingerprint' in status['renewal']['cert']
# restart and activate
assert TestEnv.apache_restart() == 0
# check: SSL is running OK
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domainA)
assert dnsListA == certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domainB)
assert dnsListB == certB.get_san_list()
def test_700_003(self):
domain = "test700-003-" + TestAuto.dns_uniq
nameA = "test-a." + domain
nameB = "test-b." + domain
dns_list = [ domain, nameA, nameB ]
# generate 1 MD and 2 vhosts
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a",
withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ),
keyPath=TestEnv.path_domain_privkey( domain ) )
conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b",
withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ),
keyPath=TestEnv.path_domain_privkey( domain ) )
conf.install()
# create docRoot folder
self._write_res_file( os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA )
self._write_res_file( os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB )
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
self._check_md_names( domain, dns_list )
assert TestEnv.await_completion( [ domain ] )
self._check_md_cert( dns_list )
# check: SSL is running OK
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA)
assert nameA in certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
assert TestEnv.get_content( nameA, "/name.txt" ) == nameA
assert TestEnv.get_content( nameB, "/name.txt" ) == nameB
def test_710_001(self):
domain = self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
# generate config with one MD, restart, gets cert
dns_list = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert domain in cert1.get_san_list()
# use ACMEv2 now for everything
TestEnv.set_acme('acmev2')
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]])
conf.install()
# restart, gets cert, should still be the same cert as it remains valid
assert TestEnv.apache_restart() == 0
status = TestEnv.get_certificate_status(domain)
assert status['serial'] == cert1.get_serial()
# change the MD so that we need a new cert
dns_list = [domain, "www." + domain, "another." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
# should no longer the same cert
status = TestEnv.get_certificate_status(domain)
assert status['serial'] != cert1.get_serial()
TestEnv.check_md_complete(domain)
# should have a 2 accounts now
assert 2 == len(TestEnv.list_accounts())
def test_700_001(self):
domain = "test700-001-" + TestAuto.dns_uniq
# generate config with one MD
dns_list = [domain, "www." + domain]
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_md(dns_list)
conf.install()
# restart, check that MD is synched to store
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
time.sleep(2)
# assert drive did not start
md = TestEnv.a2md(["-j", "list", domain])['jout']['output'][0]
assert md['state'] == TestEnv.MD_S_INCOMPLETE
assert 'account' not in md['ca']
assert TestEnv.apache_err_scan(
re.compile('.*\[md:debug\].*no mds to auto drive'))
# add vhost for MD, restart should drive it
conf.add_vhost(TestEnv.HTTPS_PORT,
domain,
aliasList=[dns_list[1]],
withSSL=True)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
self._check_md_cert(dns_list)
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert domain in cert.get_san_list()
# challenges should have been removed
TestEnv.check_dir_empty(TestEnv.path_challenges())
# file system needs to have correct permissions
TestEnv.check_file_permissions(domain)
def test_700_006(self):
domain = "test700-006-" + TestAuto.dns_uniq
nameA = "test-a." + domain
dns_list = [domain, nameA]
# generate 1 MD, 1 vhost
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_ca_challenges(["invalid-01", "invalid-02"])
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT,
nameA,
aliasList=[],
docRoot="htdocs/a",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.install()
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
time.sleep(2)
# assert drive did not start
md = TestEnv.a2md(["-j", "list", domain])['jout']['output'][0]
assert md['state'] == TestEnv.MD_S_INCOMPLETE
assert 'account' not in md['ca']
assert TestEnv.apache_err_scan(
re.compile(
'.*\[md:warn\].*the server offers no ACME challenge that is configured for this MD'
))
# check: that request to domains give 503 Service Unavailable
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, nameA)
assert nameA in cert.get_san_list()
assert TestEnv.getStatus(nameA, "/name.txt") == 503
def test_700_004(self, challengeType):
domain = "test700-004-" + TestAuto.dns_uniq
dns_list = [ domain, "www." + domain ]
# generate 1 MD and 1 vhost
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "admin@" + domain )
conf.add_drive_mode( "auto" )
conf.add_ca_challenges( [ challengeType ] )
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True )
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
assert TestEnv.await_completion( [ domain ] )
self._check_md_cert(dns_list)
# check SSL running OK
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
assert domain in cert.get_san_list()
def test_700_004(self, challengeType):
# generate 1 MD and 1 vhost
domain = self.test_domain
dns_list = [ domain, "www." + domain ]
conf = HttpdConf()
conf.add_admin( "admin@" + domain )
conf.add_line( "Protocols http/1.1 acme-tls/1" )
conf.add_drive_mode( "auto" )
conf.add_ca_challenges( [ challengeType ] )
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ])
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domain, dns_list)
assert TestEnv.await_completion( [ domain ] )
TestEnv.check_md_complete(domain)
# check SSL running OK
cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain)
assert domain in cert.get_san_list()
def test_700_005(self):
domain = "test700-005-" + TestAuto.dns_uniq
nameA = "test-a." + domain
dns_list = [domain, nameA]
# generate 1 MD and 1 vhost
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT,
nameA,
aliasList=[],
docRoot="htdocs/a",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.install()
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names(domain, dns_list)
assert TestEnv.await_renew_state([domain])
# check: that request to domains give 503 Service Unavailable
cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, nameA)
assert nameA in cert1.get_san_list()
assert TestEnv.getStatus(nameA, "/name.txt") == 503
# check temporary cert from server
cert2 = CertUtil(TestEnv.path_fallback_cert(domain))
assert cert1.get_serial() == cert2.get_serial(), \
"Unexpected temporary certificate on vhost %s. Expected cn: %s , but found cn: %s" % ( nameA, cert2.get_cn(), cert1.get_cn() )
def test_710_002(self):
domain = "test710-002-" + TestAuto.dns_uniq
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
domainA = "a-" + domain
domainB = "b-" + domain
# generate config with two MDs
dnsListA = [ domainA, "www." + domainA ]
dnsListB = [ domainB, "www." + domainB ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "*****@*****.**" )
conf.add_line( "MDMembers auto" )
conf.add_md( [ domainA ] )
conf.add_md( [ domainB ] )
conf.add_vhost( TestEnv.HTTPS_PORT, domainA, aliasList=dnsListA[1:], withSSL=True )
conf.add_vhost( TestEnv.HTTPS_PORT, domainB, aliasList=dnsListB[1:], withSSL=True )
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
self._check_md_names( domainA, dnsListA )
self._check_md_names( domainB, dnsListB )
# await drive completion
assert TestEnv.await_completion( [ domainA, domainB ] )
self._check_md_cert(dnsListA)
self._check_md_cert(dnsListB)
self._check_md_cert( dnsListA )
cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA)
# should have a single account now
assert 1 == len(TestEnv.list_accounts())
# use ACMEv2 now for everything
TestEnv.set_acme('acmev2')
# change the MDs so that we need a new cert
dnsListA = [ domainA, "www." + domainA, "another." + domainA ]
dnsListB = [ domainB, "www." + domainB, "another." + domainB ]
conf = HttpdConf( TestAuto.TMP_CONF )
conf.add_admin( "*****@*****.**" )
conf.add_line( "MDMembers auto" )
conf.add_md( [ domainA ] )
conf.add_md( [ domainB ] )
conf.add_vhost( TestEnv.HTTPS_PORT, domainA, aliasList=dnsListA[1:], withSSL=True )
conf.add_vhost( TestEnv.HTTPS_PORT, domainB, aliasList=dnsListB[1:], withSSL=True )
conf.install()
# restart, gets cert
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([ domainA, domainB ] )
self._check_md_names( domainA, dnsListA )
self._check_md_names( domainB, dnsListB )
self._check_md_cert( dnsListA )
cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA)
# should no longer the same cert
assert cert1.get_serial() != cert2.get_serial()
# should have a 2 accounts now
assert 2 == len(TestEnv.list_accounts())
def test_700_032(self):
domain = "test700-032-" + TestAuto.dns_uniq
name1 = "server1." + domain
name2 = "server2." + TestAuto.dns_uniq # need a separate TLD to avoid rate limites
# generate 2 MDs and 2 vhosts
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf._add_line("MDMembers auto")
conf.add_md([name1])
conf.add_md([name2])
conf.add_vhost(TestEnv.HTTPS_PORT,
name1,
aliasList=[],
docRoot="htdocs/a",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.add_vhost(TestEnv.HTTPS_PORT,
name2,
aliasList=[],
docRoot="htdocs/b",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
self._check_md_names(name1, [name1])
self._check_md_names(name2, [name2])
assert TestEnv.await_completion([name1])
self._check_md_cert([name2])
# check: SSL is running OK
cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, name1)
assert name1 in cert1.get_san_list()
cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, name2)
assert name2 in cert2.get_san_list()
# remove second md and vhost, add name2 to vhost1
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf._add_line("MDMembers auto")
conf.add_md([name1])
conf.add_vhost(TestEnv.HTTPS_PORT,
name1,
aliasList=[name2],
docRoot="htdocs/a",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.install()
# restart, check that host still works and have same cert
assert TestEnv.apache_restart() == 0
self._check_md_names(name1, [name1, name2])
assert TestEnv.await_completion([name1])
cert1b = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, name1)
assert name1 in cert1b.get_san_list()
assert name2 in cert1b.get_san_list()
assert cert1.get_serial() != cert1b.get_serial()
def test_700_031(self):
domain = "test700-031-" + TestAuto.dns_uniq
nameX = "test-x." + domain
nameA = "test-a." + domain
nameB = "test-b." + domain
nameC = "test-c." + domain
dns_list = [nameX, nameA, nameB]
# generate 1 MD and 2 vhosts
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT,
nameA,
aliasList=[],
docRoot="htdocs/a",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.add_vhost(TestEnv.HTTPS_PORT,
nameB,
aliasList=[],
docRoot="htdocs/b",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.install()
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
self._check_md_names(nameX, dns_list)
assert TestEnv.await_completion([nameX])
self._check_md_cert(dns_list)
# check: SSL is running OK
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, nameA)
assert nameA in certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
# change MD by removing 1st name
new_list = [nameA, nameB, nameC]
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_md(new_list)
conf.add_vhost(TestEnv.HTTPS_PORT,
nameA,
aliasList=[],
docRoot="htdocs/a",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.add_vhost(TestEnv.HTTPS_PORT,
nameB,
aliasList=[],
docRoot="htdocs/b",
withSSL=True,
certPath=TestEnv.path_domain_pubcert(domain),
keyPath=TestEnv.path_domain_privkey(domain))
conf.install()
# restart, check that host still works and have same cert
assert TestEnv.apache_restart() == 0
self._check_md_names(nameX, new_list)
assert TestEnv.await_completion([nameX])
certA2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, nameA)
assert nameA in certA2.get_san_list()
assert certA.get_serial() != certA2.get_serial()