def test_702_050(self):
domain = self.test_domain
conf = HttpdConf()
conf.add_line("""
MDBaseServer on
ServerAdmin admin@%s
ServerName %s
""" % (domain, domain))
conf.add_md([domain])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
def test_310_120(self):
HttpdConf(text="""
MDPrivateKeys RSA 4096
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"])['jout']['output'][0]['privkey'] == {
"type": "RSA",
"bits": 4096
}
def test_310_101(self):
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(
["testdomain.org", "www.testdomain.org", "mail.testdomain.org"],
state=1)
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
MDomain testdomain2.org www.testdomain2.org mail.testdomain2.org
""").install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(
["testdomain.org", "www.testdomain.org", "mail.testdomain.org"],
state=1)
TestEnv.check_md(
["testdomain2.org", "www.testdomain2.org", "mail.testdomain2.org"],
state=1)
def test_310_116(self):
HttpdConf(text="""
MDCAChallenges http-01 tls-alpn-01
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"
])['jout']['output'][0]['ca']['challenges'] == [
'http-01', 'tls-alpn-01'
]
def test_310_105(self):
HttpdConf(text="""
ServerAdmin mailto:[email protected]
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
name = "testdomain.org"
TestEnv.check_md([name, "www.testdomain.org", "mail.testdomain.org"],
state=1,
contacts=["mailto:[email protected]"])
def test_300_010(self):
HttpdConf(text="""
MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org
<VirtualHost *:12346>
ServerName not-forbidden.org
ServerAlias test3.not-forbidden.org
</VirtualHost>
""").install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.httpd_error_log_count()
def test_702_051(self):
domain = self.test_domain
conf = HttpdConf()
conf.add_line("""
MDBaseServer on
MDPortMap http:-
ServerAdmin admin@%s
ServerName %s
""" % (domain, domain))
conf.add_md([domain])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_error(domain)
def test_310_304(self):
HttpdConf(text="""
MDRenewMode manual
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"])['jout']['output'][0]['renew-mode'] == 0
# test case: drive mode auto
HttpdConf(text="""
MDRenewMode auto
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"])['jout']['output'][0]['renew-mode'] == 1
# test case: drive mode always
HttpdConf(text="""
MDRenewMode always
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"])['jout']['output'][0]['renew-mode'] == 2
def test_310_204(self):
name = "testdomain.org"
HttpdConf(local_CA=False,
text="""
MDCertificateAuthority http://acme.test.org:4000/directory
MDCertificateProtocol ACME
MDCertificateAgreement http://acme.test.org:4000/terms/v1
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
# setup: sync with ca info removed
HttpdConf(local_CA=False,
text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md([name, "www.testdomain.org", "mail.testdomain.org"],
state=1,
ca=TestEnv.ACME_URL_DEFAULT,
protocol="ACME")
def test_300_007(self):
HttpdConf(text="""
MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org
<VirtualHost *:12346>
ServerName example2.org
MDomain example2.org www.example2.org www.example3.org
</VirtualHost>
<VirtualHost *:12346>
ServerName www.example2.org
</VirtualHost>
""").install()
assert TestEnv.apache_restart() == 0
def test_920_002(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# copy a real certificate from LE over to staging
staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain, 'pubcert.pem')
real_cert = os.path.join('data', 'test_920', '002.pubcert')
assert copyfile(real_cert, staged_cert)
status = TestEnv.get_certificate_status(domain)
# status shows the copied cert's properties as staged
assert 'renewal' in status
assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['cert']['rsa']['valid']['until']
assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['cert']['rsa']['valid']['from']
assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal']['cert']['rsa']['serial']
assert 'sha256-fingerprint' in status['renewal']['cert']['rsa']
def test_300_013(self):
HttpdConf(text="""
MDomain example2.org test-a.example2.org test-b.example2.org
<VirtualHost *:12346>
ServerName test-a.example2.org
</VirtualHost>
<VirtualHost *:12346>
ServerName test-b.example2.org
</VirtualHost>
""").install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.httpd_error_log_count()
def test_720_000(self):
domain = self.test_domain
# switch to ACMEv1
TestEnv.initv1()
# generate config with DNS wildcard
domains = [ domain, "*." + domain ]
conf = HttpdConf()
conf.add_admin( "*****@*****.**" )
conf.add_md( domains )
conf.add_vhost(domains)
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md( domains )
# await drive error as ACMEv1 does not accept DNS wildcards
md = TestEnv.await_error(domain)
assert md
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'urn:acme:error:malformed'
def test_310_305(self):
HttpdConf(text="""
MDRenewWindow 14d
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
md = TestEnv.a2md(["list"])['jout']['output'][0]
assert md['renew-window'] == '14d'
HttpdConf(text="""
MDRenewWindow 10
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
md = TestEnv.a2md(["list"])['jout']['output'][0]
assert md['renew-window'] == '10d'
HttpdConf(text="""
MDRenewWindow 10%
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
md = TestEnv.a2md(["list"])['jout']['output'][0]
assert md['renew-window'] == '10%'
def test_310_500(self):
HttpdConf(text="""
MDStoreDir md-other
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"])['jout']['output'] == []
TestEnv.set_store_dir("md-other")
TestEnv.check_md(
["testdomain.org", "www.testdomain.org", "mail.testdomain.org"],
state=1)
TestEnv.clear_store()
TestEnv.set_store_dir_default()
def test_300_011(self):
HttpdConf(text="""
MDomain not-forbidden.org manual www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org
<VirtualHost *:%s>
ServerName not-forbidden.org
ServerAlias test3.not-forbidden.org
ServerAlias test4.not-forbidden.org
SSLEngine on
</VirtualHost>
""" % (TestEnv.HTTPS_PORT)).install()
assert TestEnv.apache_fail() == 0
assert (1, 0) == TestEnv.httpd_error_log_count()
def setup_module(module):
print("setup_module: %s" % module.__name__)
TestEnv.init()
HttpdConf(
).start_vhost( TestEnv.HTTPS_PORT, "push", docRoot="htdocs/test1", withSSL=True
).add_line(""" Protocols h2 http/1.1"
RewriteEngine on
RewriteRule ^/006-push(.*)?\.html$ /006.html
<Location /006-push.html>
Header add Link "</006/006.css>;rel=preload"
Header add Link "</006/006.js>;rel=preloadX"
</Location>
<Location /006-push2.html>
Header add Link "</006/006.css>;rel=preloadX, </006/006.js>; rel=preload"
</Location>
<Location /006-push3.html>
Header add Link "</006/006.css>;rel=preloa,</006/006.js>;rel=preload"
</Location>
<Location /006-push4.html>
Header add Link "</006/006.css;rel=preload, </006/006.js>; preload"
</Location>
<Location /006-push5.html>
Header add Link '</006/006.css>;rel="preload push"'
</Location>
<Location /006-push6.html>
Header add Link '</006/006.css>;rel="push preload"'
</Location>
<Location /006-push7.html>
Header add Link '</006/006.css>;rel="abc preload push"'
</Location>
<Location /006-push8.html>
Header add Link '</006/006.css>;rel="preload"; nopush'
</Location>
<Location /006-push20.html>
H2PushResource "/006/006.css" critical
H2PushResource "/006/006.js"
</Location>
<Location /006-push30.html>
H2Push off
Header add Link '</006/006.css>;rel="preload"'
</Location>
<Location /006-push31.html>
H2PushResource "/006/006.css" critical
</Location>
<Location /006-push32.html>
Header add Link "</006/006.css>;rel=preload"
</Location>
""").end_vhost(
).install()
assert TestEnv.apache_restart() == 0
def test_300_022(self):
HttpdConf(text="""
MDomain secret.com
<If "1 == 1">
MDRequireHttps temporary
</If>
<VirtualHost *:12344>
ServerName secret.com
SSLEngine on
</VirtualHost>
""").install()
assert TestEnv.apache_start() == 0
HttpdConf(text="""
MDomain secret.com
<Directory /tmp>
MDRequireHttps temporary
</Directory>
<VirtualHost *:12344>
ServerName secret.com
SSLEngine on
</VirtualHost>
""").install()
assert TestEnv.apache_restart() == 1
def test_300_011b(self):
assert TestEnv.apache_stop() == 0
HttpdConf(text="""
MDomain not-forbidden.org auto mail.not-forbidden.org
<VirtualHost *:%s>
ServerName not-forbidden.org
ServerAlias test3.not-forbidden.org
ServerAlias test4.not-forbidden.org
SSLEngine on
</VirtualHost>
""" % TestEnv.HTTPS_PORT).install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.httpd_error_log_count()
def setup_module(module):
print("setup_module: %s" % module.__name__)
TestEnv.init()
HttpdConf().start_vhost(TestEnv.HTTPS_PORT, "ssl", withSSL=True).add_line(
" Protocols h2 http/1.1"
).add_line(" SSLOptions +StdEnvVars").add_line(" ").add_line(
" <Location /h2only.html>"
).add_line(" Require expr \"%{HTTP2} == 'on'\"").add_line(
" </Location>").add_line(" <Location /noh2.html>").add_line(
" Require expr \"%{HTTP2} == 'off'\"").add_line(
" </Location>").end_vhost().install()
# the dir needs to exists for the configuration to have effect
TestEnv.mkpath("%s/htdocs/ssl-client-verify" % TestEnv.WEBROOT)
assert TestEnv.apache_restart() == 0
def test_310_303(self):
name = "testdomain.org"
HttpdConf(text="""
ServerAdmin mailto:[email protected]
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
# setup: sync with changed admin info
HttpdConf(local_CA=False,
text="""
ServerAdmin mailto:[email protected]
MDCertificateAuthority http://somewhere.com:6666/directory
MDCertificateProtocol ACME
MDCertificateAgreement http://somewhere.com:6666/terms/v1
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
# check: md stays the same with previous admin info
TestEnv.check_md([name, "www.testdomain.org", "mail.testdomain.org"],
state=1,
contacts=["mailto:[email protected]"])
def test_310_300(self):
dnsList = [
"testdomain.org", "mail.testdomain.org", "www.testdomain.org"
]
TestEnv.a2md(["add"] + dnsList)
TestEnv.check_md(dnsList, state=1)
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
# check: dns list changes
TestEnv.check_md(
["testdomain.org", "www.testdomain.org", "mail.testdomain.org"],
state=1)
def test_310_103(self):
HttpdConf(text="""
MDCertificateAuthority http://acme.test.org:4000/directory
MDCertificateProtocol ACME
MDCertificateAgreement http://acme.test.org:4000/terms/v1
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
name = "testdomain.org"
TestEnv.check_md([name, "www.testdomain.org", "mail.testdomain.org"],
state=1,
ca="http://acme.test.org:4000/directory",
protocol="ACME",
agreement="http://acme.test.org:4000/terms/v1")
def test_310_309(self):
# setup: nothing set
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"
])['jout']['output'][0]['must-staple'] == False
# test case: OCSP stapling on
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
MDMustStaple on
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"
])['jout']['output'][0]['must-staple'] == True
# test case: OCSP stapling off
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
MDMustStaple off
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"
])['jout']['output'][0]['must-staple'] == False
def test_740_000(self):
domain = self.test_domain
domains = [domain, "invalid!." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
md = TestEnv.await_error(domain)
assert md
assert md['renewal']['errors'] > 0
if TestEnv.ACME_SERVER == 'pebble':
assert md['renewal']['last'][
'problem'] == 'urn:ietf:params:acme:error:malformed'
assert md['renewal']['last'][
'detail'] == "Order included DNS identifier with a value containing an illegal character: '!'"
else:
assert md['renewal']['last'][
'problem'] == 'urn:ietf:params:acme:error:rejectedIdentifier'
assert md['renewal']['last']['detail'] == (
"Error creating new order :: Cannot issue for "
"\"%s\": Domain name contains an invalid character" %
domains[1])
def test_702_052(self):
domain = self.test_domain
conf = HttpdConf()
conf.add_line("""
MDBaseServer on
MDPortMap http:-
Protocols h2 http/1.1 acme-tls/1
ServerAdmin admin@%s
ServerName %s
SSLEngine on
""" % (domain, domain))
conf.add_md([domain])
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_md_status(domain)
assert stat["proto"]["acme-tls/1"] == [domain]
assert TestEnv.await_completion([domain])
def test_310_201(self):
dnsList = [
"testdomain.org", "test.testdomain.org", "www.testdomain.org",
"mail.testdomain.org"
]
TestEnv.a2md(["add"] + dnsList)
TestEnv.check_md(dnsList, state=1)
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
# check: DNS has been removed from md in store
TestEnv.check_md(
["testdomain.org", "www.testdomain.org", "mail.testdomain.org"],
state=1)
def test_310_117(self):
HttpdConf(text="""
MDMember auto
MDomain testdomain.org
<VirtualHost *:12346>
ServerName testdomain.org
ServerAlias test.testdomain.org
ServerAlias mail.testdomain.org
DocumentRoot htdocs
SSLEngine on
</VirtualHost>
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"])['jout']['output'][0]['domains'] == \
['testdomain.org', 'test.testdomain.org', 'mail.testdomain.org']
def test_300_021(self):
HttpdConf(text="""
MDMembers manual
MDomain secret.com
<VirtualHost *:12344>
ServerName not.secret.com
ServerAlias secret.com
SSLEngine on
</VirtualHost>
""").install()
assert TestEnv.apache_fail() == 0
assert (1, 0) == TestEnv.httpd_error_log_count()
assert TestEnv.httpd_error_log_scan(
re.compile(
".*Virtual Host not.secret.com:0 matches Managed Domain 'secret.com', but the name/alias not.secret.com itself is not managed. A requested MD certificate will not match ServerName.*"
))
def test_310_202(self):
dnsList = [
"name.testdomain.org", "testdomain.org", "www.testdomain.org",
"mail.testdomain.org"
]
TestEnv.a2md(["add"] + dnsList)
TestEnv.check_md(dnsList, state=1)
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
# check: md overwrite previous name and changes name
TestEnv.check_md(
["testdomain.org", "www.testdomain.org", "mail.testdomain.org"],
md="testdomain.org",
state=1)
