def test_730_002(self): # MD with static cert files, force driving domain = self.test_domain domains = [domain, 'www.%s' % domain] testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001') # cert that is only 10 more days valid CertUtil.create_self_signed_cert(domains, { "notBefore": -80, "notAfter": 10 }, serial=730001, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.add_line("MDRenewMode always") conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 # check if the domain uses it, it appears in our stats and renewal is off cert = TestEnv.get_cert(domain) assert ('%X' % 730001) == cert.get_serial() stat = TestEnv.get_md_status(domain) assert stat assert 'cert' in stat assert stat['renew'] == True assert TestEnv.await_renewal(domains)
def test_730_003(self): # just configuring one file will not work domain = self.test_domain domains = [domain, 'www.%s' % domain] testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001') # cert that is only 10 more days valid CertUtil.create_self_signed_cert(domains, { "notBefore": -80, "notAfter": 10 }, serial=730001, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_fail() == 0 conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_fail() == 0
def test_901_010(self): # MD with static cert files, lifetime in renewal window, no message about renewal domain = self.test_domain domains = [domain, 'www.%s' % domain] testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_010') # cert that is only 10 more days valid CertUtil.create_self_signed_cert(domains, { "notBefore": -70, "notAfter": 20 }, serial=901010, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert not os.path.isfile(self.mlog)
def test_801_009(self): assert TestEnv.apache_stop() == 0 md = TestStapling.mdA domains = [md] testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009') # cert that is 30 more days valid CertUtil.create_self_signed_cert(domains, { "notBefore": -60, "notAfter": 30 }, serial=801009, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.add_line("MDStapling on") conf.end_md() conf.add_vhost(md) conf.install() assert TestEnv.apache_restart() == 0 time.sleep(1) stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "no response sent"
def test_710_003(self): domain = "a-" + self.test_domain domainb = "b-" + self.test_domain # use ACMEv1 initially TestEnv.set_acme('acmev1') ca_url = TestEnv.ACME_URL domains = [ domain, "www." + domain ] conf = HttpdConf() conf.clear() conf.add_admin( "*****@*****.**" ) conf.add_line( "MDCertificateAgreement accepted" ) conf.add_line( "MDMembers auto" ) conf.start_md2( [ domain ] ) conf.add_line( "MDCertificateAuthority %s" % (ca_url) ) conf.end_md2() conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md( domains ) assert TestEnv.await_completion( [ domain ] ) assert (0, 0) == TestEnv.httpd_error_log_count() TestEnv.check_md(domains, ca=ca_url) # use ACMEv2 now, same MD, no CA url TestEnv.set_acme('acmev2') # this changes the default CA url assert TestEnv.ACME_URL_DEFAULT != ca_url conf = HttpdConf() conf.clear() conf.add_admin( "*****@*****.**" ) conf.add_line( "MDCertificateAgreement accepted" ) conf.add_line( "MDMembers auto" ) conf.start_md( [ domain ] ) conf.end_md() conf.start_md2( [ domainb ] ) # this willg get the reald Let's Encrypt URL assigned, turn off # auto renewal, so we will not talk to them conf.add_line( "MDRenewMode manual" ) conf.end_md2() conf.add_vhost(domains) conf.add_vhost(domainb) conf.install() assert TestEnv.apache_restart() == 0 assert (0, 0) == TestEnv.httpd_error_log_count() # the existing MD was migrated to new CA url TestEnv.check_md(domains, ca=TestEnv.ACME_URL_DEFAULT) # the new MD got the new default anyway TestEnv.check_md([ domainb ], ca=TestEnv.ACME_URL_DEFAULT)
def test_310_310(self, window): # non-default renewal setting domain = self.test_domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.start_md( [domain]) conf.add_drive_mode("manual") conf.add_renew_window(window) conf.end_md() conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ domain ]) conf.install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_md_status(domain) assert stat["renew-window"] == window
def test_801_010(self): assert TestEnv.apache_stop() == 0 TestEnv.clear_ocsp_store() md = TestStapling.mdA domains = [md] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDStapling on") conf.end_md() conf.install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_server_status() assert stat
def test_901_011(self): # MD with static cert files, lifetime in warn window, check message domain = self.test_domain domains = [domain, 'www.%s' % domain] testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_011') # cert that is only 10 more days valid CertUtil.create_self_signed_cert(domains, { "notBefore": -85, "notAfter": 5 }, serial=901011, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 time.sleep(1) nlines = open(self.mlog).readlines() assert 1 == len(nlines) assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip() # check that we do not get it resend right away again assert TestEnv.apache_restart() == 0 time.sleep(1) nlines = open(self.mlog).readlines() assert 1 == len(nlines) assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()