def test_901_004(self): domain = self.test_domain domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) # force renew conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.add_line("MDRenewWindow 120d") conf.add_line("MDActivationDelay -7d") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) time.sleep(3) stat = TestEnv.get_md_status(domain) nlines = open(self.mlog).readlines() assert 1 == len(nlines) assert ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
def test_800_003(self): domain = TestMustStaple.domain TestMustStaple.configure_httpd(domain, "MDMustStaple on") assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem')) assert cert1.get_must_staple() domain = TestMustStaple.configure_httpd(domain, "MDMustStaple off") assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem')) assert not cert1.get_must_staple()
def test_702_010(self): domain = self.test_domain domains = [domain, "www." + domain] # # generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_ca_challenges(["http-01"]) conf._add_line("MDPortMap 80:99") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert not TestEnv.is_renewing(domain) # # now the same with a 80 mapped to a supported port conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_ca_challenges(["http-01"]) conf._add_line("MDPortMap 80:%s" % TestEnv.HTTP_PORT) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain])
def test_920_020(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_line("MDStapling on") conf.add_line("MDPrivateKeys secp256r1 RSA") conf.add_md(domains) conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) # In the stats JSON, we excpect 2 certificates under 'renewal' stat = TestEnv.get_md_status(domain) assert 'renewal' in stat assert 'cert' in stat['renewal'] assert 'rsa' in stat['renewal']['cert'] assert 'secp256r1' in stat['renewal']['cert'] # In /.httpd/certificate-status 'renewal' we excpect 2 certificates status = TestEnv.get_certificate_status(domain) assert 'renewal' in status assert 'cert' in status['renewal'] assert 'secp256r1' in status['renewal']['cert'] assert 'rsa' in status['renewal']['cert'] # restart and activate # once activated, certs are listed in status assert TestEnv.apache_restart() == 0 stat = TestEnv.get_md_status(domain) assert 'cert' in stat assert 'valid' in stat['cert'] for ktype in ['rsa', 'secp256r1']: assert ktype in stat['cert'] assert 'ocsp' in stat['cert'][ktype]
def test_920_001(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) # we started without a valid certificate, so we expect /.httpd/certificate-status # to not give information about one and - since we waited for the ACME signup # to complete - to give information in 'renewal' about the new cert. status = TestEnv.get_certificate_status(domain) assert not 'sha256-fingerprint' in status assert not 'valid' in status assert 'renewal' in status assert 'valid' in status['renewal']['cert'] assert 'sha256-fingerprint' in status['renewal']['cert']['rsa'] # restart and activate # once activated, the staging must be gone and attributes exist for the active cert assert TestEnv.apache_restart() == 0 status = TestEnv.get_certificate_status(domain) assert not 'renewal' in status assert 'sha256-fingerprint' in status['rsa'] assert 'valid' in status['rsa'] assert 'from' in status['rsa']['valid']
def test_920_002(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) # copy a real certificate from LE over to staging staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain, 'pubcert.pem') real_cert = os.path.join('data', 'test_920', '002.pubcert') assert copyfile(real_cert, staged_cert) status = TestEnv.get_certificate_status(domain) # status shows the copied cert's properties as staged assert 'renewal' in status assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['valid'][ 'until'] assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['valid'][ 'from'] assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal'][ 'serial'] assert 'sha256-fingerprint' in status['renewal'] if 0 == 1: assert len(status['renewal']['scts']) == 2 assert status['renewal']['scts'][0][ 'logid'] == '747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56' assert status['renewal']['scts'][0][ 'signed'] == 'Fri, 31 May 2019 17:06:35 GMT' assert status['renewal']['scts'][1][ 'logid'] == '293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478' assert status['renewal']['scts'][1][ 'signed'] == 'Fri, 31 May 2019 17:06:35 GMT'
def test_920_002(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) # copy a real certificate from LE over to staging staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain, 'pubcert.pem') real_cert = os.path.join('data', 'test_920', '002.pubcert') assert copyfile(real_cert, staged_cert) status = TestEnv.get_certificate_status(domain) # status shows the copied cert's properties as staged assert 'renewal' in status assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['cert'][ 'rsa']['valid']['until'] assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['cert'][ 'rsa']['valid']['from'] assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal'][ 'cert']['rsa']['serial'] assert 'sha256-fingerprint' in status['renewal']['cert']['rsa']
def test_702_040(self): domain = self.test_domain domains = [domain, "www." + domain] # # generate 1 MD and 1 vhost conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf.add_md(domains) conf.add_vhost(domains) conf.install() # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # check that acme-tls/1 is available for all domains stat = TestEnv.get_md_status(domain) assert stat["proto"]["acme-tls/1"] == domains assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # # check SSL running OK cert = TestEnv.get_cert(domain) assert domain in cert.get_san_list()
def test_700_001(self): # generate config with one MD domain = self.test_domain domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_md(domains) conf.install() # # restart, check that MD is synched to store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) stat = TestEnv.get_md_status(domain) assert stat["watched"] == 0 # # add vhost for MD, restart should drive it conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) stat = TestEnv.get_md_status(domain) assert stat["watched"] == 1 # cert = TestEnv.get_cert(domain) assert domain in cert.get_san_list() # # challenges should have been removed # file system needs to have correct permissions TestEnv.check_dir_empty(TestEnv.store_challenges()) TestEnv.check_file_permissions(domain)
def test_700_011(self): domain = self.test_domain domains = [domain, "www." + domain] # generate 1 MD and 1 vhost, map port 443 onto itself where the server does not listen conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf._add_line("MDPortMap 443:99") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert not TestEnv.is_renewing(domain) # # now the same with a 443 mapped to a supported port conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf._add_line("MDPortMap 443:%s" % TestEnv.HTTPS_PORT) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain])
def test_720_007(self): dns01cmd = ("%s/dns01.py" % TestEnv.TESTROOT) domain = self.test_domain dwild = "*." + domain wwwdomain = "www." + domain domains = [dwild] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_ca_challenges(["dns-01"]) conf.add_dns01_cmd(dns01cmd) conf.add_md(domains) conf.add_vhost(wwwdomain) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # await drive completion assert TestEnv.await_completion([wwwdomain]) TestEnv.check_md_complete(dwild) # check: SSL is running OK cert_a = TestEnv.get_cert(wwwdomain) altnames = cert_a.get_san_list() assert domains == altnames
def test_700_003(self): # generate 1 MD and 2 vhosts domain = self.test_domain nameA = "a." + domain nameB = "b." + domain domains = [domain, nameA, nameB] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(nameA, docRoot="htdocs/a") conf.add_vhost(nameB, docRoot="htdocs/b") conf.install() # # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB) # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain, nameA, nameB]) TestEnv.check_md_complete(domain) # # check: SSL is running OK certA = TestEnv.get_cert(nameA) assert nameA in certA.get_san_list() certB = TestEnv.get_cert(nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() # assert TestEnv.get_content(nameA, "/name.txt") == nameA assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_901_003(self): domain = self.test_domain domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.add_drive_mode("auto") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) stat = TestEnv.get_md_status(domain) # this command did not fail and logged itself the correct information assert stat["renewal"]["last"]["status"] == 0 assert stat["renewal"]["log"]["entries"] assert stat["renewal"]["log"]["entries"][0]["type"] == "message-renewed" # shut down server to make sure that md has completed assert TestEnv.apache_stop() == 0 nlines = open(self.mlog).readlines() assert 3 == len(nlines) nlines = [s.strip() for s in nlines] assert "['{cmd}', '{logfile}', 'challenge-setup:http-01:{dns}', '{mdomain}']".format( cmd=self.mcmd, logfile=self.mlog, mdomain=domain, dns=domains[0]) in nlines assert "['{cmd}', '{logfile}', 'challenge-setup:http-01:{dns}', '{mdomain}']".format( cmd=self.mcmd, logfile=self.mlog, mdomain=domain, dns=domains[1]) in nlines assert nlines[2].strip() == "['{cmd}', '{logfile}', 'renewed', '{mdomain}']".format( cmd=self.mcmd, logfile=self.mlog, mdomain=domain)
def test_700_002(self): # generate config with two MDs domain = self.test_domain domainA = "a-" + domain domainB = "b-" + domain domainsA = [domainA, "www." + domainA] domainsB = [domainB, "www." + domainB] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_drive_mode("auto") conf.add_md(domainsA) conf.add_md(domainsB) conf.add_vhost(domainsA) conf.add_vhost(domainsB) conf.install() # # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domainsA) TestEnv.check_md(domainsB) # await drive completion assert TestEnv.await_completion([domainA, domainB]) TestEnv.check_md_complete(domainA) TestEnv.check_md_complete(domainB) # # check: SSL is running OK certA = TestEnv.get_cert(domainA) assert domainsA == certA.get_san_list() certB = TestEnv.get_cert(domainB) assert domainsB == certB.get_san_list() # # should have a single account now assert 1 == len(TestEnv.list_accounts())
def test_710_001(self): domain = self.test_domain # use ACMEv1 initially TestEnv.set_acme('acmev1') # generate config with one MD, restart, gets cert domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) cert1 = TestEnv.get_cert(domain) assert domain in cert1.get_san_list() # use ACMEv2 now for everything TestEnv.set_acme('acmev2') conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(domains) conf.install() # restart, gets cert, should still be the same cert as it remains valid assert TestEnv.apache_restart() == 0 status = TestEnv.get_certificate_status(domain) assert status['serial'] == cert1.get_serial() # change the MD so that we need a new cert domains = [domain, "www." + domain, "another." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) # should no longer the same cert status = TestEnv.get_certificate_status(domain) assert status['serial'] != cert1.get_serial() TestEnv.check_md_complete(domain) # should have a 2 accounts now assert 2 == len(TestEnv.list_accounts())
def test_702_031(self): domain = self.test_domain nameX = "test-x." + domain nameA = "test-a." + domain nameB = "test-b." + domain nameC = "test-c." + domain domains = [nameX, nameA, nameB] # # generate 1 MD and 2 vhosts conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(nameA) conf.add_vhost(nameB) conf.install() # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([nameX]) TestEnv.check_md_complete(nameX) # # check: SSL is running OK certA = TestEnv.get_cert(nameA) assert nameA in certA.get_san_list() certB = TestEnv.get_cert(nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() # # change MD by removing 1st name and adding another new_list = [nameA, nameB, nameC] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(new_list) conf.add_vhost(nameA) conf.add_vhost(nameB) conf.install() # restart, check that host still works and have new cert assert TestEnv.apache_restart() == 0 TestEnv.check_md(new_list) assert TestEnv.await_completion([nameA]) # certA2 = TestEnv.get_cert(nameA) assert nameA in certA2.get_san_list() assert certA.get_serial() != certA2.get_serial()
def setup_class(cls): print("setup_class:%s" % cls.__name__) TestEnv.init() TestEnv.clear_store() TestEnv.check_acme() cls.domain = TestEnv.get_class_domain(cls) cls.configure_httpd(cls.domain) assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([cls.domain])
def test_700_032(self): domain = self.test_domain name1 = "server1." + domain name2 = "server2.b" + domain # need a separate TLD to avoid rate limites # # generate 2 MDs and 2 vhosts conf = HttpdConf() conf.add_admin("admin@" + domain) conf._add_line("MDMembers auto") conf.add_md([name1]) conf.add_md([name2]) conf.add_vhost(name1) conf.add_vhost(name2) conf.install() # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md([name1]) TestEnv.check_md([name2]) assert TestEnv.await_completion([name1, name2]) TestEnv.check_md_complete(name2) # # check: SSL is running OK cert1 = TestEnv.get_cert(name1) assert name1 in cert1.get_san_list() cert2 = TestEnv.get_cert(name2) assert name2 in cert2.get_san_list() # # remove second md and vhost, add name2 to vhost1 conf = HttpdConf() conf.add_admin("admin@" + domain) conf._add_line("MDMembers auto") conf.add_md([name1]) conf.add_vhost([name1, name2], docRoot="htdocs/a") conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md([name1, name2]) assert TestEnv.await_completion([name1]) # cert1b = TestEnv.get_cert(name1) assert name1 in cert1b.get_san_list() assert name2 in cert1b.get_san_list() assert cert1.get_serial() != cert1b.get_serial()
def test_901_030(self): domain = self.test_domain domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) # set the warn window that triggers right away and a failing message command conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmdfail, self.mlog)) conf.add_md(domains) conf.add_line(""" MDWarnWindow 100d """) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.get_md_status(domain) # this command should have failed and logged an error # shut down server to make sure that md has completed assert TestEnv.await_file(TestEnv.store_staged_file(domain, 'job.json')) while True: with open(TestEnv.store_staged_file(domain, 'job.json')) as f: job = json.load(f) if job["errors"] > 0: assert job["errors"] > 0, "unexpected job result: {0}".format(job) assert job["last"]["problem"] == "urn:org:apache:httpd:log:AH10109:" break time.sleep(0.1) # reconfigure to a working notification command and restart conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.add_md(domains) conf.add_line(""" MDWarnWindow 100d """) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_file(self.mlog) # we see the notification logged by the command nlines = open(self.mlog).readlines() assert 1 == len(nlines) assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip() # the error needs to be gone assert TestEnv.await_file(TestEnv.store_staged_file(domain, 'job.json')) with open(TestEnv.store_staged_file(domain, 'job.json')) as f: job = json.load(f) assert job["errors"] == 0
def set_get_pkeys(self, domain, pkeys, conf=None): domains = [domain] if conf is None: conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("MDPrivateKeys {0}".format(" ".join( [p['spec'] for p in pkeys]))) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain])
def test_710_003(self): domain = "a-" + self.test_domain domainb = "b-" + self.test_domain # use ACMEv1 initially TestEnv.set_acme('acmev1') ca_url = TestEnv.ACME_URL domains = [domain, "www." + domain] conf = HttpdConf(local_CA=False, text=""" ServerAdmin [email protected] MDCertificateAuthority %s MDCertificateAgreement accepted MDMembers auto """ % (ca_url)) conf.add_md([domain]) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain]) assert (0, 0) == TestEnv.httpd_error_log_count() TestEnv.check_md(domains, ca=ca_url) # use ACMEv2 now, same MD, no CA url TestEnv.set_acme('acmev2') # this changes the default CA url assert TestEnv.ACME_URL_DEFAULT != ca_url conf = HttpdConf(local_CA=False, text=""" ServerAdmin [email protected] MDCertificateAgreement accepted MDMembers auto """) conf.start_md([domain]) conf.end_md() conf.start_md2([domainb]) # this willg get the reald Let's Encrypt URL assigned, turn off # auto renewal, so we will not talk to them conf.add_line("MDRenewMode manual") conf.end_md2() conf.add_vhost(domains) conf.add_vhost(domainb) conf.install() assert TestEnv.apache_restart() == 0 assert (0, 0) == TestEnv.httpd_error_log_count() # the existing MD was migrated to new CA url TestEnv.check_md(domains, ca=TestEnv.ACME_URL_DEFAULT) # the new MD got the new default anyway TestEnv.check_md([domainb], ca=TestEnv.ACME_URL_DEFAULT)
def test_702_050(self): domain = self.test_domain conf = HttpdConf() conf.add_line(""" MDBaseServer on ServerAdmin admin@%s ServerName %s """ % (domain, domain)) conf.add_md([domain]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain])
def test_920_003(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_line("MDCertificateStatus off") conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) status = TestEnv.get_certificate_status(domain) assert not status
def test_900_002(self): domain = TestNotify.domain command = "%s/notifail.py" % TestEnv.TESTROOT args = "" TestNotify.configure_httpd( domain, """ MDNotifyCmd %s %s """ % (command, args)) assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) stat = TestEnv.get_md_status(domain) assert stat["renewal"]["last"][ "problem"] == "urn:org:apache:httpd:log:AH10108:"
def setup_class(cls): print("setup_class:%s" % cls.__name__) TestEnv.init() TestEnv.clear_store() TestEnv.check_acme() cls.domain = TestEnv.get_class_domain(cls) cls.mdA = "a-" + cls.domain cls.mdB = "b-" + cls.domain cls.configure_httpd([cls.mdA, cls.mdB]).install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([cls.mdA, cls.mdB]) TestEnv.check_md_complete(cls.mdA) TestEnv.check_md_complete(cls.mdB)
def test_702_009(self): domain = self.test_domain domains = [domain] # # prepare md conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_renew_window("10d") conf.add_md(domains) conf.add_vhost(domain) conf.install() # # restart (-> drive), check that md+cert is in store, TLS is up assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem')) # compare with what md reports as status stat = TestEnv.get_certificate_status(domain) assert stat['serial'] == cert1.get_serial() # # create self-signed cert, with critical remaining valid duration -> drive again TestEnv.create_self_signed_cert([domain], { "notBefore": -120, "notAfter": 2 }, serial=7029) cert3 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem')) assert cert3.get_serial() == '1B75' assert TestEnv.apache_restart() == 0 stat = TestEnv.get_certificate_status(domain) assert stat['serial'] == cert3.get_serial() # # cert should renew and be different afterwards assert TestEnv.await_completion([domain], must_renew=True) stat = TestEnv.get_certificate_status(domain) assert stat['serial'] != cert3.get_serial()
def test_700_008a(self): domain = self.test_domain domains = [domain] conf = HttpdConf(proxy=True) conf.add_admin("admin@" + domain) conf.add_drive_mode("always") conf.add_http_proxy("http://localhost:%s" % TestEnv.HTTP_PROXY_PORT) conf.add_md(domains) conf.install() # # - restart (-> drive), check that md is in store assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domain)
def test_920_004(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_line("MDCertificateStatus off") conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) status = TestEnv.get_md_status("") assert "version" in status assert "managed-domains" in status assert 1 == len(status["managed-domains"])
def test_901_001(self): domain = self.test_domain domains = [ domain, "www." + domain ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_message_cmd( "blablabla" ) conf.add_drive_mode( "auto" ) conf.add_md( domains ) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ], restart=False ) stat = TestEnv.get_md_status(domain) # this command should have failed and logged an error assert stat["renewal"]["last"]["problem"] == "urn:org:apache:httpd:log:AH10109:"
def test_900_011(self): domain = TestNotify.domain command = TestNotify.notify_cmd args = TestNotify.notify_log extra_arg = "test_900_011_extra" TestNotify.configure_httpd( domain, """ MDNotifyCmd %s %s %s """ % (command, args, extra_arg)) assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) stat = TestEnv.get_md_status(domain) assert stat["renewal"]["last"]["status"] == 0 nlines = open(TestNotify.notify_log).readlines() assert ("['%s', '%s', '%s', '%s']" % (command, args, extra_arg, domain)) == nlines[0].strip()