def test_config1():
s = setup.Init(keep=True)
prog = setup.create_state_obj(s, config=s.config1)
cwd = Path.cwd()
with prog.log:
assert not prog.log.has_errors()
retval = config.read(prog)
assert retval == Prog.RetVal.ok
api = setup.create_api_exec_obj(str(s.bin / 'dns'))
t_a200 = setup.create_tlsa_obj('200', '12725', 'tcp', 'a.com')
t_a201 = setup.create_tlsa_obj('201', '12725', 'tcp', 'a.com')
t_a202 = setup.create_tlsa_obj('202', '12725', 'tcp', 'a.com')
t_a210 = setup.create_tlsa_obj('210', '12725', 'tcp', 'a.com')
t_a211 = setup.create_tlsa_obj('211', '12725', 'tcp', 'a.com')
t_a212 = setup.create_tlsa_obj('212', '12725', 'tcp', 'a.com')
t_a300 = setup.create_tlsa_obj('300', '12725', 'tcp', 'a.com')
t_a301 = setup.create_tlsa_obj('301', '12725', 'tcp', 'a.com')
t_a302 = setup.create_tlsa_obj('302', '12725', 'tcp', 'a.com')
t_a310 = setup.create_tlsa_obj('310', '12725', 'tcp', 'a.com')
t_a311 = setup.create_tlsa_obj('311', '12725', 'tcp', 'a.com')
t_a312 = setup.create_tlsa_obj('312', '12725', 'tcp', 'a.com')
ta = setup.create_target_obj('a.com', api, [], [
t_a200, t_a201, t_a202, t_a210, t_a211, t_a212, t_a300, t_a301,
t_a302, t_a310, t_a311, t_a312
])
assert prog.target_list == [ta]
assert prog.dane_directory == cwd / s.dane
assert prog.letsencrypt_directory == cwd / s.le
def test_config_default():
s = setup.Init(keep=True)
prog = setup.create_state_obj(s)
cwd = Path.cwd()
with prog.log:
assert not prog.log.has_errors()
retval = config.read(prog)
assert retval == Prog.RetVal.ok
api = setup.create_api_exec_obj(str(s.bin / 'dns'))
t_a1 = setup.create_tlsa_obj('311', '12725', 'tcp', 'a.com')
t_a2 = setup.create_tlsa_obj('201', '12725', 'tcp', 'a.com')
ta = setup.create_target_obj('a.com', api, [], [t_a1, t_a2])
t_b1 = setup.create_tlsa_obj('311', '12780', 'udp', 'b.com')
t_b2 = setup.create_tlsa_obj('201', '12780', 'sctp', 'A.b.com')
tb = setup.create_target_obj('b.com', api, [], [t_b1, t_b2])
t_c1 = setup.create_tlsa_obj('311', '12722', 'tcp', 'A.c.com')
t_c2 = setup.create_tlsa_obj('311', '12723', 'tcp', 'B.c.com')
tc = setup.create_target_obj('c.com', api, [], [t_c1, t_c2])
assert prog.target_list == [ta, tb, tc]
assert prog.dane_directory == cwd / s.dane
assert prog.letsencrypt_directory == cwd / s.le
def test_logging1():
s = setup.Init(keep=True)
log = Path(s.varlog / 'log')
assert not log.exists()
# if not run as root, log creation will fail; so we need to artificially
# create the log file first
if os.getuid() != 0:
with open(str(s.varlog / 'log'), 'w'):
pass
p = Popen([
'alnitak', 'configtest', '-l',
str(s.varlog / 'log'), '-Ldebug', '-c',
str(s.configX1)
],
stdout=PIPE,
stderr=PIPE)
stdout, stderr = p.communicate(timeout=300)
assert p.returncode == prog.RetVal.config_failure.value
assert log.exists()
check_for_both(log)
assert len(stdout) == 0
assert len(stderr) > 0
def test_logging0():
# if running as root, the other tests will run as intended, so we can
# skip this test...
if os.getuid() == 0:
return
# ...otherwise, the other tests will artificially create log files if
# they don't already exist because changing the permissions of the log
# file will fail if not root; let's test that failure here
s = setup.Init(keep=True)
log = Path(s.varlog / 'log')
assert not log.exists()
p = Popen([
'alnitak', 'configtest', '-l',
str(s.varlog / 'log'), '-c',
str(s.config)
],
stdout=PIPE,
stderr=PIPE)
stdout, stderr = p.communicate(timeout=300)
assert p.returncode == prog.RetVal.ok.value + 16
assert log.exists()
assert log.stat().st_size > 0
assert len(stdout) == 0
assert len(stderr) > 0
def test_print2():
s = setup.Init(keep=True)
p = Popen([
'alnitak', 'print', '-lno', '-Lno', '-c',
str(s.config1), '-C',
str(s.le)
],
stdout=PIPE,
stderr=PIPE)
stdout, stderr = p.communicate(timeout=300)
cdata = stdout.decode('ascii').splitlines()
assert p.returncode == prog.RetVal.ok.value
assert len(stdout) > 0
assert len(stderr) == 0
# [a.com]
# tlsa = 200 12725
# tlsa = 201 12725
# tlsa = 202 12725
# tlsa = 210 12725
# tlsa = 211 12725
# tlsa = 212 12725
# tlsa = 300 12725
# tlsa = 301 12725
# tlsa = 302 12725
# tlsa = 310 12725
# tlsa = 311 12725
# tlsa = 312 12725
assert (tos(s, 'a.com', 200, 'chain') in cdata
or tos(s, 'a.com', 200, 'fullchain') in cdata)
assert (tos(s, 'a.com', 201, 'chain') in cdata
or tos(s, 'a.com', 201, 'fullchain') in cdata)
assert (tos(s, 'a.com', 202, 'chain') in cdata
or tos(s, 'a.com', 202, 'fullchain') in cdata)
assert (tos(s, 'a.com', 210, 'chain') in cdata
or tos(s, 'a.com', 210, 'fullchain') in cdata)
assert (tos(s, 'a.com', 211, 'chain') in cdata
or tos(s, 'a.com', 211, 'fullchain') in cdata)
assert (tos(s, 'a.com', 212, 'chain') in cdata
or tos(s, 'a.com', 212, 'fullchain') in cdata)
assert (tos(s, 'a.com', 300, 'cert') in cdata
or tos(s, 'a.com', 300, 'fullchain') in cdata)
assert (tos(s, 'a.com', 301, 'cert') in cdata
or tos(s, 'a.com', 301, 'fullchain') in cdata)
assert (tos(s, 'a.com', 302, 'cert') in cdata
or tos(s, 'a.com', 302, 'fullchain') in cdata)
assert (tos(s, 'a.com', 310, 'cert') in cdata
or tos(s, 'a.com', 310, 'fullchain') in cdata)
assert (tos(s, 'a.com', 311, 'cert') in cdata
or tos(s, 'a.com', 311, 'fullchain') in cdata)
assert (tos(s, 'a.com', 312, 'cert') in cdata
or tos(s, 'a.com', 312, 'fullchain') in cdata)
assert len(cdata) == 12
def test_fail_configX5():
s = setup.Init(keep=True)
prog = setup.create_state_obj(s, config=s.configX5)
cwd = Path.cwd()
with prog.log:
assert not prog.log.has_errors()
retval = config.read(prog)
assert retval == Prog.RetVal.config_failure
assert prog.target_list == []
assert prog.dane_directory == Path('/tmp')
assert prog.letsencrypt_directory == Path('/var/tmp')
def test_print5():
s = setup.Init(keep=True)
cwd = Path.cwd()
p = Popen([
'alnitak', 'print', '-lno', '-Lno', '-c',
str(s.config), '-C',
str(s.le), '300:live/a.com', '301:archive/a.com',
'302:live/a.com/cert.pem', '310:live/a.com/fullchain.pem',
'311:archive/a.com/cert2.pem',
'312:archive/a.com/fullchain3.pem', '300:{}/{}/b.com/cert.pem'.format(
cwd, s.live), '301:{}/{}/b.com/fullchain.pem'.format(cwd, s.live),
'302:{}/{}/b.com/cert3.pem'.format(cwd, s.archive),
'310:{}/{}/b.com/fullchain2.pem'.format(cwd, s.archive)
],
stdout=PIPE,
stderr=PIPE)
stdout, stderr = p.communicate(timeout=300)
cdata = stdout.decode('ascii').splitlines()
assert p.returncode == prog.RetVal.ok.value
assert len(stdout) > 0
assert len(stderr) == 0
assert (tos(s, 'a.com', 300, 'cert') in cdata
or tos(s, 'a.com', 300, 'fullchain') in cdata)
assert (tos(s, 'a.com', 301, 'cert', 1) in cdata
or tos(s, 'a.com', 301, 'fullchain', 1) in cdata)
assert (tos(s, 'a.com', 301, 'cert', 2) in cdata
or tos(s, 'a.com', 301, 'fullchain', 2) in cdata)
assert (tos(s, 'a.com', 301, 'cert', 3) in cdata
or tos(s, 'a.com', 301, 'fullchain', 3) in cdata)
assert tos(s, 'a.com', 302, 'cert') in cdata
assert tos(s, 'a.com', 310, 'fullchain') in cdata
assert tos(s, 'a.com', 311, 'cert', 2) in cdata
assert tos(s, 'a.com', 312, 'fullchain', 3) in cdata
assert tos(s, 'b.com', 300, 'cert') in cdata
assert tos(s, 'b.com', 301, 'fullchain') in cdata
assert tos(s, 'b.com', 302, 'cert', 3) in cdata
assert tos(s, 'b.com', 310, 'fullchain', 2) in cdata
assert len(cdata) == 12
def test_fail_configX22():
s = setup.Init(keep=True)
prog = setup.create_state_obj(s, config=s.configX22)
cwd = Path.cwd()
with prog.log:
assert not prog.log.has_errors()
retval = config.read(prog)
assert retval == Prog.RetVal.config_failure
t_a1 = setup.create_tlsa_obj('202', '1', 'tcp', 'a.com')
ta = setup.create_target_obj('a.com', None, [], [t_a1])
assert prog.target_list == [ta]
assert prog.dane_directory == cwd / s.dane
assert prog.letsencrypt_directory == cwd / s.le
def test_fail_configX19():
s = setup.Init(keep=True)
prog = setup.create_state_obj(s, config=s.configX19)
cwd = Path.cwd()
with prog.log:
assert not prog.log.has_errors()
retval = config.read(prog)
assert retval == Prog.RetVal.config_failure
api = setup.create_api_exec_obj(str(s.bin / 'dns'))
ta = setup.create_target_obj('a.com', api, [], [])
assert prog.target_list == [ta]
assert prog.dane_directory == Path('/tmp')
assert prog.letsencrypt_directory == Path('/var/tmp')
def test_logging9():
s = setup.Init(keep=True)
log = Path(s.varlog / 'log')
assert not log.exists()
p = Popen(['alnitak', 'configtest', '-lno', '-Lno', '-c',
str(s.configX1)],
stdout=PIPE,
stderr=PIPE)
stdout, stderr = p.communicate(timeout=300)
assert p.returncode == prog.RetVal.config_failure.value
assert not log.exists()
assert len(stdout) == 0
assert len(stderr) > 0
def test_print1():
s = setup.Init(keep=True)
p = Popen([
'alnitak', 'print', '-lno', '-Lno', '-c',
str(s.config), '-C',
str(s.le)
],
stdout=PIPE,
stderr=PIPE)
stdout, stderr = p.communicate(timeout=300)
cdata = stdout.decode('ascii').splitlines()
assert p.returncode == prog.RetVal.ok.value
assert len(stdout) > 0
assert len(stderr) == 0
# [a.com]
# tlsa = 311 12725
# tlsa = 201 12725
assert (tos(s, 'a.com', 311, 'cert') in cdata
or tos(s, 'a.com', 311, 'fullchain') in cdata)
assert (tos(s, 'a.com', 201, 'chain') in cdata
or tos(s, 'a.com', 201, 'fullchain') in cdata)
# [b.com]
# tlsa = 311 12780 udp
# tlsa = 201 12780 sctp A.b.com
assert (tos(s, 'b.com', 311, 'cert') in cdata
or tos(s, 'b.com', 311, 'fullchain') in cdata)
assert (tos(s, 'b.com', 201, 'chain') in cdata
or tos(s, 'b.com', 201, 'fullchain') in cdata)
# [c.com]
# tlsa = 311 12722 A.c.com
# tlsa = 311 12723 B.c.com
assert (tos(s, 'c.com', 311, 'cert') in cdata
or tos(s, 'c.com', 311, 'fullchain') in cdata)
assert len(cdata) == 5
def test_printX2():
s = setup.Init(keep=True)
cwd = Path.cwd()
p = Popen([
'alnitak', 'print', '-lno', '-Lno', '-c',
str(s.config), '-C',
str(s.le), '300:{}/{}'.format(cwd, s.archive)
],
stdout=PIPE,
stderr=PIPE)
stdout, stderr = p.communicate(timeout=300)
cdata = stdout.decode('ascii').splitlines()
assert p.returncode == prog.RetVal.exit_failure.value
assert len(stdout) == 0
assert len(stderr) > 0
def test_config6():
s = setup.Init(keep=True)
prog = setup.create_state_obj(s, config=s.config6)
cwd = Path.cwd()
with prog.log:
assert not prog.log.has_errors()
retval = config.read(prog)
assert retval == Prog.RetVal.ok
api0 = setup.create_api_exec_obj(str(s.bin / 'dns'))
api1 = setup.create_api_exec_obj(
['bin', '--flag1', 'input', "input with\t whitespace"])
api2 = setup.create_api_c4_obj(email='*****@*****.**', key='KEY')
t_a1 = setup.create_tlsa_obj('201', '12725', 'tcp', 'a.com')
t_a2 = setup.create_tlsa_obj('211', '12725', 'tcp', 'a.com')
t_a3 = setup.create_tlsa_obj('301', '12725', 'tcp', 'a.com')
t_a4 = setup.create_tlsa_obj('311', '12725', 'tcp', 'a.com')
ta = setup.create_target_obj('a.com', api1, [],
[t_a1, t_a2, t_a3, t_a4])
t_b1 = setup.create_tlsa_obj('200', '1', 'sctp', 'b.com')
t_b2 = setup.create_tlsa_obj('201', '1', 'sctp', 'W.com')
t_b3 = setup.create_tlsa_obj('202', '1', 'tcp', 'X.com')
t_b4 = setup.create_tlsa_obj('210', '1', 'sctp', 'Y.com')
t_b5 = setup.create_tlsa_obj('211', '1', 'sctp', 'Z.com')
t_b6 = setup.create_tlsa_obj('212', '1', 'sctp', 'A.com')
t_b7 = setup.create_tlsa_obj('212', '1', 'udp', 'B.com')
tb = setup.create_target_obj(
'b.com', api2, [], [t_b1, t_b2, t_b3, t_b4, t_b5, t_b6, t_b7])
t_c1 = setup.create_tlsa_obj('200', '2', 'tcp', 'c.com')
tc = setup.create_target_obj('c.com', api0, [], [t_c1])
assert prog.target_list == [ta, tb, tc]
assert prog.dane_directory == Path('/tmp/Q')
assert prog.letsencrypt_directory == cwd / '../relative_path'
def test_print3():
s = setup.Init(keep=True)
p = Popen([
'alnitak', 'print', '-lno', '-Lno', '-c',
str(s.config), '-C',
str(s.le), '200:b.com'
],
stdout=PIPE,
stderr=PIPE)
stdout, stderr = p.communicate(timeout=300)
cdata = stdout.decode('ascii').splitlines()
assert p.returncode == prog.RetVal.ok.value
assert len(stdout) > 0
assert len(stderr) == 0
assert (tos(s, 'b.com', 200, 'chain') in cdata
or tos(s, 'b.com', 200, 'fullchain') in cdata)
assert len(cdata) == 1
from alnitak.tests import setup
from alnitak import prog
from alnitak import parser as Parser
from alnitak import exceptions as Except
from pathlib import Path
from subprocess import Popen, PIPE
s = setup.Init(keep=True)
prog = setup.create_state_obj(s)
a_flag = Parser.Flag(Parser.FlagType.bare, '-a', '--aflag')
b_flag = Parser.Flag(Parser.FlagType.bare, '-b', '--bflag')
c_flag = Parser.Flag(Parser.FlagType.bare, '-c', '--cflag')
x_flag = Parser.Flag(Parser.FlagType.option, '-x', '--xflag')
y_flag = Parser.Flag(Parser.FlagType.option, '-y', '--yflag')
z_flag = Parser.Flag(Parser.FlagType.option, '-z', '--zflag')
m_flag = Parser.Flag(Parser.FlagType.mandatory, '-m', '--mflag')
n_flag = Parser.Flag(Parser.FlagType.mandatory, '-n', '--nflag')
o_flag = Parser.Flag(Parser.FlagType.mandatory, '-o', '--oflag')
def icheck(prog, pos, name, input):
if input == 'A':
return 1
if input == 'B':
return 2
if input == '1100':
raise Except.Error1100('pos1', 'arg1', 'ref1', 'max1')
def test_cloudflare(cloudflare_api):
if not api_file_exists(cloudflare_api):
pytest.skip("no cloudflare.api file")
# need the domain
domain = get_domain(cloudflare_api)
assert domain
s = setup.Init(keep=True)
s.create_cloudflare_config(cloudflare_api, domain)
prog = setup.create_state_obj(s, config=s.configC1)
# need this to log if create_state_obj set 'log=True', otherwise this will
# do nothing.
with prog.log:
retval = config.read(prog)
assert retval == Prog.RetVal.ok
t_a2 = setup.create_tlsa_obj('211', '53527', 'tcp', domain)
t_a1 = setup.create_tlsa_obj('311', '53527', 'tcp', domain)
assert len(prog.target_list) == 1
target = prog.target_list[0]
assert len(target.tlsa) == 2
assert t_a1 in target.tlsa
assert t_a2 in target.tlsa
tlsa1 = target.tlsa[0]
tlsa2 = target.tlsa[1]
api = target.api
assert api.domain == domain
assert len(api.email) > 0
assert len(api.key) > 0
hash211 = s.hash['a.com']['cert1'][211]
hash311 = s.hash['a.com']['cert1'][311]
cloudflare.api_publish(prog, api, tlsa1, hash211)
cloudflare.api_publish(prog, api, tlsa2, hash311)
# error encountered: Except.DNSProcessingError
# record is already up: Except.DNSSkipProcessing
sleep(3)
records211 = cloudflare.api_read(prog, api, tlsa1)
records311 = cloudflare.api_read(prog, api, tlsa2)
# error encountered: Except.DNSProcessingError
# record is not up: Except.DNSNotLive
assert len(records211) == 1
assert hash211 in records211
assert len(records311) == 1
assert hash311 in records311
id211 = records211[hash211]
id311 = records311[hash311]
sleep(3)
cloudflare.api_delete(prog, api, tlsa1, id211)
cloudflare.api_delete(prog, api, tlsa2, id311)
# error encountered: Except.DNSProcessingError
sleep(3)
with pytest.raises(Except.DNSNotLive) as ex:
cloudflare.api_read(prog, api, tlsa1)
with pytest.raises(Except.DNSNotLive) as ex:
cloudflare.api_read(prog, api, tlsa2)