def test_901_004(self):
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
# force renew
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_line("MDRenewWindow 120d")
conf.add_line("MDActivationDelay -7d")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
time.sleep(3)
stat = TestEnv.get_md_status(domain)
nlines = open(self.mlog).readlines()
assert 1 == len(nlines)
assert ("['%s', '%s', 'renewed', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[0].strip()
def test_800_003(self):
domain = TestMustStaple.domain
TestMustStaple.configure_httpd(domain, "MDMustStaple on")
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem'))
assert cert1.get_must_staple()
domain = TestMustStaple.configure_httpd(domain, "MDMustStaple off")
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem'))
assert not cert1.get_must_staple()
def test_702_010(self):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_ca_challenges(["http-01"])
conf._add_line("MDPortMap 80:99")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert not TestEnv.is_renewing(domain)
#
# now the same with a 80 mapped to a supported port
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_ca_challenges(["http-01"])
conf._add_line("MDPortMap 80:%s" % TestEnv.HTTP_PORT)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
def test_920_020(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_line("MDStapling on")
conf.add_line("MDPrivateKeys secp256r1 RSA")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# In the stats JSON, we excpect 2 certificates under 'renewal'
stat = TestEnv.get_md_status(domain)
assert 'renewal' in stat
assert 'cert' in stat['renewal']
assert 'rsa' in stat['renewal']['cert']
assert 'secp256r1' in stat['renewal']['cert']
# In /.httpd/certificate-status 'renewal' we excpect 2 certificates
status = TestEnv.get_certificate_status(domain)
assert 'renewal' in status
assert 'cert' in status['renewal']
assert 'secp256r1' in status['renewal']['cert']
assert 'rsa' in status['renewal']['cert']
# restart and activate
# once activated, certs are listed in status
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_md_status(domain)
assert 'cert' in stat
assert 'valid' in stat['cert']
for ktype in ['rsa', 'secp256r1']:
assert ktype in stat['cert']
assert 'ocsp' in stat['cert'][ktype]
def test_920_001(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# we started without a valid certificate, so we expect /.httpd/certificate-status
# to not give information about one and - since we waited for the ACME signup
# to complete - to give information in 'renewal' about the new cert.
status = TestEnv.get_certificate_status(domain)
assert not 'sha256-fingerprint' in status
assert not 'valid' in status
assert 'renewal' in status
assert 'valid' in status['renewal']['cert']
assert 'sha256-fingerprint' in status['renewal']['cert']['rsa']
# restart and activate
# once activated, the staging must be gone and attributes exist for the active cert
assert TestEnv.apache_restart() == 0
status = TestEnv.get_certificate_status(domain)
assert not 'renewal' in status
assert 'sha256-fingerprint' in status['rsa']
assert 'valid' in status['rsa']
assert 'from' in status['rsa']['valid']
def test_920_002(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# copy a real certificate from LE over to staging
staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain,
'pubcert.pem')
real_cert = os.path.join('data', 'test_920', '002.pubcert')
assert copyfile(real_cert, staged_cert)
status = TestEnv.get_certificate_status(domain)
# status shows the copied cert's properties as staged
assert 'renewal' in status
assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['valid'][
'until']
assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['valid'][
'from']
assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal'][
'serial']
assert 'sha256-fingerprint' in status['renewal']
if 0 == 1:
assert len(status['renewal']['scts']) == 2
assert status['renewal']['scts'][0][
'logid'] == '747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56'
assert status['renewal']['scts'][0][
'signed'] == 'Fri, 31 May 2019 17:06:35 GMT'
assert status['renewal']['scts'][1][
'logid'] == '293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478'
assert status['renewal']['scts'][1][
'signed'] == 'Fri, 31 May 2019 17:06:35 GMT'
def test_920_002(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# copy a real certificate from LE over to staging
staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain,
'pubcert.pem')
real_cert = os.path.join('data', 'test_920', '002.pubcert')
assert copyfile(real_cert, staged_cert)
status = TestEnv.get_certificate_status(domain)
# status shows the copied cert's properties as staged
assert 'renewal' in status
assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['cert'][
'rsa']['valid']['until']
assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['cert'][
'rsa']['valid']['from']
assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal'][
'cert']['rsa']['serial']
assert 'sha256-fingerprint' in status['renewal']['cert']['rsa']
def test_702_040(self):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# check that acme-tls/1 is available for all domains
stat = TestEnv.get_md_status(domain)
assert stat["proto"]["acme-tls/1"] == domains
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
#
# check SSL running OK
cert = TestEnv.get_cert(domain)
assert domain in cert.get_san_list()
def test_700_001(self):
# generate config with one MD
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_md(domains)
conf.install()
#
# restart, check that MD is synched to store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
stat = TestEnv.get_md_status(domain)
assert stat["watched"] == 0
#
# add vhost for MD, restart should drive it
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
stat = TestEnv.get_md_status(domain)
assert stat["watched"] == 1
#
cert = TestEnv.get_cert(domain)
assert domain in cert.get_san_list()
#
# challenges should have been removed
# file system needs to have correct permissions
TestEnv.check_dir_empty(TestEnv.store_challenges())
TestEnv.check_file_permissions(domain)
def test_700_011(self):
domain = self.test_domain
domains = [domain, "www." + domain]
# generate 1 MD and 1 vhost, map port 443 onto itself where the server does not listen
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf._add_line("MDPortMap 443:99")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert not TestEnv.is_renewing(domain)
#
# now the same with a 443 mapped to a supported port
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf._add_line("MDPortMap 443:%s" % TestEnv.HTTPS_PORT)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
def test_720_007(self):
dns01cmd = ("%s/dns01.py" % TestEnv.TESTROOT)
domain = self.test_domain
dwild = "*." + domain
wwwdomain = "www." + domain
domains = [dwild]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_ca_challenges(["dns-01"])
conf.add_dns01_cmd(dns01cmd)
conf.add_md(domains)
conf.add_vhost(wwwdomain)
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# await drive completion
assert TestEnv.await_completion([wwwdomain])
TestEnv.check_md_complete(dwild)
# check: SSL is running OK
cert_a = TestEnv.get_cert(wwwdomain)
altnames = cert_a.get_san_list()
assert domains == altnames
def test_700_003(self):
# generate 1 MD and 2 vhosts
domain = self.test_domain
nameA = "a." + domain
nameB = "b." + domain
domains = [domain, nameA, nameB]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(nameA, docRoot="htdocs/a")
conf.add_vhost(nameB, docRoot="htdocs/b")
conf.install()
#
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"),
"name.txt", nameB)
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain, nameA, nameB])
TestEnv.check_md_complete(domain)
#
# check: SSL is running OK
certA = TestEnv.get_cert(nameA)
assert nameA in certA.get_san_list()
certB = TestEnv.get_cert(nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
#
assert TestEnv.get_content(nameA, "/name.txt") == nameA
assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_901_003(self):
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_drive_mode("auto")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
stat = TestEnv.get_md_status(domain)
# this command did not fail and logged itself the correct information
assert stat["renewal"]["last"]["status"] == 0
assert stat["renewal"]["log"]["entries"]
assert stat["renewal"]["log"]["entries"][0]["type"] == "message-renewed"
# shut down server to make sure that md has completed
assert TestEnv.apache_stop() == 0
nlines = open(self.mlog).readlines()
assert 3 == len(nlines)
nlines = [s.strip() for s in nlines]
assert "['{cmd}', '{logfile}', 'challenge-setup:http-01:{dns}', '{mdomain}']".format(
cmd=self.mcmd, logfile=self.mlog, mdomain=domain, dns=domains[0]) in nlines
assert "['{cmd}', '{logfile}', 'challenge-setup:http-01:{dns}', '{mdomain}']".format(
cmd=self.mcmd, logfile=self.mlog, mdomain=domain, dns=domains[1]) in nlines
assert nlines[2].strip() == "['{cmd}', '{logfile}', 'renewed', '{mdomain}']".format(
cmd=self.mcmd, logfile=self.mlog, mdomain=domain)
def test_700_002(self):
# generate config with two MDs
domain = self.test_domain
domainA = "a-" + domain
domainB = "b-" + domain
domainsA = [domainA, "www." + domainA]
domainsB = [domainB, "www." + domainB]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_drive_mode("auto")
conf.add_md(domainsA)
conf.add_md(domainsB)
conf.add_vhost(domainsA)
conf.add_vhost(domainsB)
conf.install()
#
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domainsA)
TestEnv.check_md(domainsB)
# await drive completion
assert TestEnv.await_completion([domainA, domainB])
TestEnv.check_md_complete(domainA)
TestEnv.check_md_complete(domainB)
#
# check: SSL is running OK
certA = TestEnv.get_cert(domainA)
assert domainsA == certA.get_san_list()
certB = TestEnv.get_cert(domainB)
assert domainsB == certB.get_san_list()
#
# should have a single account now
assert 1 == len(TestEnv.list_accounts())
def test_710_001(self):
domain = self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
# generate config with one MD, restart, gets cert
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
cert1 = TestEnv.get_cert(domain)
assert domain in cert1.get_san_list()
# use ACMEv2 now for everything
TestEnv.set_acme('acmev2')
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
# restart, gets cert, should still be the same cert as it remains valid
assert TestEnv.apache_restart() == 0
status = TestEnv.get_certificate_status(domain)
assert status['serial'] == cert1.get_serial()
# change the MD so that we need a new cert
domains = [domain, "www." + domain, "another." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
# should no longer the same cert
status = TestEnv.get_certificate_status(domain)
assert status['serial'] != cert1.get_serial()
TestEnv.check_md_complete(domain)
# should have a 2 accounts now
assert 2 == len(TestEnv.list_accounts())
def test_702_031(self):
domain = self.test_domain
nameX = "test-x." + domain
nameA = "test-a." + domain
nameB = "test-b." + domain
nameC = "test-c." + domain
domains = [nameX, nameA, nameB]
#
# generate 1 MD and 2 vhosts
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(nameA)
conf.add_vhost(nameB)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([nameX])
TestEnv.check_md_complete(nameX)
#
# check: SSL is running OK
certA = TestEnv.get_cert(nameA)
assert nameA in certA.get_san_list()
certB = TestEnv.get_cert(nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
#
# change MD by removing 1st name and adding another
new_list = [nameA, nameB, nameC]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(new_list)
conf.add_vhost(nameA)
conf.add_vhost(nameB)
conf.install()
# restart, check that host still works and have new cert
assert TestEnv.apache_restart() == 0
TestEnv.check_md(new_list)
assert TestEnv.await_completion([nameA])
#
certA2 = TestEnv.get_cert(nameA)
assert nameA in certA2.get_san_list()
assert certA.get_serial() != certA2.get_serial()
def setup_class(cls):
print("setup_class:%s" % cls.__name__)
TestEnv.init()
TestEnv.clear_store()
TestEnv.check_acme()
cls.domain = TestEnv.get_class_domain(cls)
cls.configure_httpd(cls.domain)
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([cls.domain])
def test_700_032(self):
domain = self.test_domain
name1 = "server1." + domain
name2 = "server2.b" + domain # need a separate TLD to avoid rate limites
#
# generate 2 MDs and 2 vhosts
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf._add_line("MDMembers auto")
conf.add_md([name1])
conf.add_md([name2])
conf.add_vhost(name1)
conf.add_vhost(name2)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md([name1])
TestEnv.check_md([name2])
assert TestEnv.await_completion([name1, name2])
TestEnv.check_md_complete(name2)
#
# check: SSL is running OK
cert1 = TestEnv.get_cert(name1)
assert name1 in cert1.get_san_list()
cert2 = TestEnv.get_cert(name2)
assert name2 in cert2.get_san_list()
#
# remove second md and vhost, add name2 to vhost1
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf._add_line("MDMembers auto")
conf.add_md([name1])
conf.add_vhost([name1, name2], docRoot="htdocs/a")
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md([name1, name2])
assert TestEnv.await_completion([name1])
#
cert1b = TestEnv.get_cert(name1)
assert name1 in cert1b.get_san_list()
assert name2 in cert1b.get_san_list()
assert cert1.get_serial() != cert1b.get_serial()
def test_901_030(self):
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
# set the warn window that triggers right away and a failing message command
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmdfail, self.mlog))
conf.add_md(domains)
conf.add_line("""
MDWarnWindow 100d
""")
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.get_md_status(domain)
# this command should have failed and logged an error
# shut down server to make sure that md has completed
assert TestEnv.await_file(TestEnv.store_staged_file(domain, 'job.json'))
while True:
with open(TestEnv.store_staged_file(domain, 'job.json')) as f:
job = json.load(f)
if job["errors"] > 0:
assert job["errors"] > 0, "unexpected job result: {0}".format(job)
assert job["last"]["problem"] == "urn:org:apache:httpd:log:AH10109:"
break
time.sleep(0.1)
# reconfigure to a working notification command and restart
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_md(domains)
conf.add_line("""
MDWarnWindow 100d
""")
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_file(self.mlog)
# we see the notification logged by the command
nlines = open(self.mlog).readlines()
assert 1 == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
# the error needs to be gone
assert TestEnv.await_file(TestEnv.store_staged_file(domain, 'job.json'))
with open(TestEnv.store_staged_file(domain, 'job.json')) as f:
job = json.load(f)
assert job["errors"] == 0
def set_get_pkeys(self, domain, pkeys, conf=None):
domains = [domain]
if conf is None:
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("MDPrivateKeys {0}".format(" ".join(
[p['spec'] for p in pkeys])))
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
def test_710_003(self):
domain = "a-" + self.test_domain
domainb = "b-" + self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
ca_url = TestEnv.ACME_URL
domains = [domain, "www." + domain]
conf = HttpdConf(local_CA=False,
text="""
ServerAdmin [email protected]
MDCertificateAuthority %s
MDCertificateAgreement accepted
MDMembers auto
""" % (ca_url))
conf.add_md([domain])
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
assert (0, 0) == TestEnv.httpd_error_log_count()
TestEnv.check_md(domains, ca=ca_url)
# use ACMEv2 now, same MD, no CA url
TestEnv.set_acme('acmev2')
# this changes the default CA url
assert TestEnv.ACME_URL_DEFAULT != ca_url
conf = HttpdConf(local_CA=False,
text="""
ServerAdmin [email protected]
MDCertificateAgreement accepted
MDMembers auto
""")
conf.start_md([domain])
conf.end_md()
conf.start_md2([domainb])
# this willg get the reald Let's Encrypt URL assigned, turn off
# auto renewal, so we will not talk to them
conf.add_line("MDRenewMode manual")
conf.end_md2()
conf.add_vhost(domains)
conf.add_vhost(domainb)
conf.install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.httpd_error_log_count()
# the existing MD was migrated to new CA url
TestEnv.check_md(domains, ca=TestEnv.ACME_URL_DEFAULT)
# the new MD got the new default anyway
TestEnv.check_md([domainb], ca=TestEnv.ACME_URL_DEFAULT)
def test_702_050(self):
domain = self.test_domain
conf = HttpdConf()
conf.add_line("""
MDBaseServer on
ServerAdmin admin@%s
ServerName %s
""" % (domain, domain))
conf.add_md([domain])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
def test_920_003(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_line("MDCertificateStatus off")
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
status = TestEnv.get_certificate_status(domain)
assert not status
def test_900_002(self):
domain = TestNotify.domain
command = "%s/notifail.py" % TestEnv.TESTROOT
args = ""
TestNotify.configure_httpd(
domain, """
MDNotifyCmd %s %s
""" % (command, args))
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
stat = TestEnv.get_md_status(domain)
assert stat["renewal"]["last"][
"problem"] == "urn:org:apache:httpd:log:AH10108:"
def setup_class(cls):
print("setup_class:%s" % cls.__name__)
TestEnv.init()
TestEnv.clear_store()
TestEnv.check_acme()
cls.domain = TestEnv.get_class_domain(cls)
cls.mdA = "a-" + cls.domain
cls.mdB = "b-" + cls.domain
cls.configure_httpd([cls.mdA, cls.mdB]).install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([cls.mdA, cls.mdB])
TestEnv.check_md_complete(cls.mdA)
TestEnv.check_md_complete(cls.mdB)
def test_702_009(self):
domain = self.test_domain
domains = [domain]
#
# prepare md
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_renew_window("10d")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
#
# restart (-> drive), check that md+cert is in store, TLS is up
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem'))
# compare with what md reports as status
stat = TestEnv.get_certificate_status(domain)
assert stat['serial'] == cert1.get_serial()
#
# create self-signed cert, with critical remaining valid duration -> drive again
TestEnv.create_self_signed_cert([domain], {
"notBefore": -120,
"notAfter": 2
},
serial=7029)
cert3 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem'))
assert cert3.get_serial() == '1B75'
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_certificate_status(domain)
assert stat['serial'] == cert3.get_serial()
#
# cert should renew and be different afterwards
assert TestEnv.await_completion([domain], must_renew=True)
stat = TestEnv.get_certificate_status(domain)
assert stat['serial'] != cert3.get_serial()
def test_700_008a(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf(proxy=True)
conf.add_admin("admin@" + domain)
conf.add_drive_mode("always")
conf.add_http_proxy("http://localhost:%s" % TestEnv.HTTP_PROXY_PORT)
conf.add_md(domains)
conf.install()
#
# - restart (-> drive), check that md is in store
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
assert TestEnv.apache_restart() == 0
TestEnv.check_md_complete(domain)
def test_920_004(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_line("MDCertificateStatus off")
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
status = TestEnv.get_md_status("")
assert "version" in status
assert "managed-domains" in status
assert 1 == len(status["managed-domains"])
def test_901_001(self):
domain = self.test_domain
domains = [ domain, "www." + domain ]
conf = HttpdConf()
conf.add_admin( "*****@*****.**" )
conf.add_message_cmd( "blablabla" )
conf.add_drive_mode( "auto" )
conf.add_md( domains )
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion( [ domain ], restart=False )
stat = TestEnv.get_md_status(domain)
# this command should have failed and logged an error
assert stat["renewal"]["last"]["problem"] == "urn:org:apache:httpd:log:AH10109:"
def test_900_011(self):
domain = TestNotify.domain
command = TestNotify.notify_cmd
args = TestNotify.notify_log
extra_arg = "test_900_011_extra"
TestNotify.configure_httpd(
domain, """
MDNotifyCmd %s %s %s
""" % (command, args, extra_arg))
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
stat = TestEnv.get_md_status(domain)
assert stat["renewal"]["last"]["status"] == 0
nlines = open(TestNotify.notify_log).readlines()
assert ("['%s', '%s', '%s', '%s']" %
(command, args, extra_arg, domain)) == nlines[0].strip()
