def test_730_002(self):
# MD with static cert files, force driving
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001')
# cert that is only 10 more days valid
CertUtil.create_self_signed_cert(domains, {
"notBefore": -80,
"notAfter": 10
},
serial=730001,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.add_line("MDRenewMode always")
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
# check if the domain uses it, it appears in our stats and renewal is off
cert = TestEnv.get_cert(domain)
assert ('%X' % 730001) == cert.get_serial()
stat = TestEnv.get_md_status(domain)
assert stat
assert 'cert' in stat
assert stat['renew'] == True
assert TestEnv.await_renewal(domains)
def test_730_003(self):
# just configuring one file will not work
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001')
# cert that is only 10 more days valid
CertUtil.create_self_signed_cert(domains, {
"notBefore": -80,
"notAfter": 10
},
serial=730001,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_fail() == 0
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_fail() == 0
def test_901_010(self):
# MD with static cert files, lifetime in renewal window, no message about renewal
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_010')
# cert that is only 10 more days valid
CertUtil.create_self_signed_cert(domains, {
"notBefore": -70,
"notAfter": 20
},
serial=901010,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert not os.path.isfile(self.mlog)
def test_801_009(self):
assert TestEnv.apache_stop() == 0
md = TestStapling.mdA
domains = [md]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009')
# cert that is 30 more days valid
CertUtil.create_self_signed_cert(domains, {
"notBefore": -60,
"notAfter": 30
},
serial=801009,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.add_line("MDStapling on")
conf.end_md()
conf.add_vhost(md)
conf.install()
assert TestEnv.apache_restart() == 0
time.sleep(1)
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "no response sent"
def test_710_003(self):
domain = "a-" + self.test_domain
domainb = "b-" + self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
ca_url = TestEnv.ACME_URL
domains = [ domain, "www." + domain ]
conf = HttpdConf()
conf.clear()
conf.add_admin( "*****@*****.**" )
conf.add_line( "MDCertificateAgreement accepted" )
conf.add_line( "MDMembers auto" )
conf.start_md2( [ domain ] )
conf.add_line( "MDCertificateAuthority %s" % (ca_url) )
conf.end_md2()
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md( domains )
assert TestEnv.await_completion( [ domain ] )
assert (0, 0) == TestEnv.httpd_error_log_count()
TestEnv.check_md(domains, ca=ca_url)
# use ACMEv2 now, same MD, no CA url
TestEnv.set_acme('acmev2')
# this changes the default CA url
assert TestEnv.ACME_URL_DEFAULT != ca_url
conf = HttpdConf()
conf.clear()
conf.add_admin( "*****@*****.**" )
conf.add_line( "MDCertificateAgreement accepted" )
conf.add_line( "MDMembers auto" )
conf.start_md( [ domain ] )
conf.end_md()
conf.start_md2( [ domainb ] )
# this willg get the reald Let's Encrypt URL assigned, turn off
# auto renewal, so we will not talk to them
conf.add_line( "MDRenewMode manual" )
conf.end_md2()
conf.add_vhost(domains)
conf.add_vhost(domainb)
conf.install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.httpd_error_log_count()
# the existing MD was migrated to new CA url
TestEnv.check_md(domains, ca=TestEnv.ACME_URL_DEFAULT)
# the new MD got the new default anyway
TestEnv.check_md([ domainb ], ca=TestEnv.ACME_URL_DEFAULT)
def test_310_310(self, window):
# non-default renewal setting
domain = self.test_domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.start_md( [domain])
conf.add_drive_mode("manual")
conf.add_renew_window(window)
conf.end_md()
conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ domain ])
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_md_status(domain)
assert stat["renew-window"] == window
def test_801_010(self):
assert TestEnv.apache_stop() == 0
TestEnv.clear_ocsp_store()
md = TestStapling.mdA
domains = [md]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDStapling on")
conf.end_md()
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_server_status()
assert stat
def test_901_011(self):
# MD with static cert files, lifetime in warn window, check message
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_011')
# cert that is only 10 more days valid
CertUtil.create_self_signed_cert(domains, {
"notBefore": -85,
"notAfter": 5
},
serial=901011,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
time.sleep(1)
nlines = open(self.mlog).readlines()
assert 1 == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[0].strip()
# check that we do not get it resend right away again
assert TestEnv.apache_restart() == 0
time.sleep(1)
nlines = open(self.mlog).readlines()
assert 1 == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[0].strip()
