def _check_certificate_and_key(config):
if not os.path.isfile(filesystem.realpath(config.cert_path)):
raise errors.ConfigurationError("Error while reading certificate from path "
"{0}".format(config.cert_path))
if not os.path.isfile(filesystem.realpath(config.key_path)):
raise errors.ConfigurationError("Error while reading private key from path "
"{0}".format(config.key_path))
def test_update_live_symlinks(self):
"""Test update_live_symlinks"""
# create files with incorrect symlinks
from certbot._internal import cert_manager
archive_paths = {}
for domain in self.domains:
custom_archive = self.domains[domain]
if custom_archive is not None:
archive_dir_path = custom_archive
else:
archive_dir_path = os.path.join(self.config.default_archive_dir, domain)
archive_paths[domain] = {kind:
os.path.join(archive_dir_path, kind + "1.pem") for kind in ALL_FOUR}
for kind in ALL_FOUR:
live_path = self.config_files[domain][kind]
archive_path = archive_paths[domain][kind]
open(archive_path, 'a').close()
# path is incorrect but base must be correct
os.symlink(os.path.join(self.config.config_dir, kind + "1.pem"), live_path)
# run update symlinks
cert_manager.update_live_symlinks(self.config)
# check that symlinks go where they should
prev_dir = os.getcwd()
try:
for domain in self.domains:
for kind in ALL_FOUR:
os.chdir(os.path.dirname(self.config_files[domain][kind]))
self.assertEqual(
filesystem.realpath(filesystem.readlink(self.config_files[domain][kind])),
filesystem.realpath(archive_paths[domain][kind]))
finally:
os.chdir(prev_dir)
def test_symlink_loop_mitigation(self):
link1_path = os.path.join(self.tempdir, 'link1')
link2_path = os.path.join(self.tempdir, 'link2')
link3_path = os.path.join(self.tempdir, 'link3')
os.symlink(link1_path, link2_path)
os.symlink(link2_path, link3_path)
os.symlink(link3_path, link1_path)
with self.assertRaises(RuntimeError) as error:
filesystem.realpath(link1_path)
self.assertTrue('link1 is a loop!' in str(error.exception))
def restart(self): # type: ignore
"""Restart or refresh the server content.
:raises .PluginError: when server cannot be restarted
"""
print("*********** ReStart Initiated ********* ")
try:
if self.conf("service-name"):
logger.debug("Restarting tomcat as a service")
if platform.system() in ('Windows'):
value = subprocess.call('''sc stop ''' +
self.conf("service-name"),
shell=True)
time.sleep(10)
value = subprocess.call('''sc start ''' +
self.conf("service-name"),
shell=True)
else:
value = subprocess.call('''service ''' +
self.conf("service-name") +
''' stop ''',
shell=True)
time.sleep(10)
value = subprocess.call('''service ''' +
self.conf("service-name") +
''' start ''',
shell=True)
else:
os.environ["CATALINA_HOME"] = (os.path.dirname(
os.path.dirname(filesystem.realpath(self.conf("ctl")))))
os.environ["CATALINA_BASE"] = (os.path.dirname(
filesystem.realpath(self.conf("server-root"))))
logger.debug("Restarting tomcat as a process")
if platform.system() in ('Windows'):
value = subprocess.call(self.conf("ctl"), shell=True)
time.sleep(5)
with open(os.devnull, 'w') as FNULL:
value = subprocess.call(self.conf("ctl").replace(
"shutdown.bat", "startup.bat"),
stdout=FNULL,
stderr=FNULL,
shell=True)
else:
value = subprocess.call(self.conf("ctl"), shell=True)
time.sleep(5)
value = subprocess.call(self.conf("ctl").replace(
"shutdown.sh", "startup.sh"),
shell=True)
except (OSError, ValueError):
raise errors.MisconfigurationError("Tomcat restart failed")
def test_read_file(self):
curr_dir = os.getcwd()
try:
# On Windows current directory may be on a different drive than self.tempdir.
# However a relative path between two different drives is invalid. So we move to
# self.tempdir to ensure that we stay on the same drive.
os.chdir(self.tempdir)
# The read-only filesystem introduced with macOS Catalina can break
# code using relative paths below. See
# https://bugs.python.org/issue38295 for another example of this.
# Eliminating any possible symlinks in self.tempdir before passing
# it to os.path.relpath solves the problem. This is done by calling
# filesystem.realpath which removes any symlinks in the path on
# POSIX systems.
real_path = filesystem.realpath(os.path.join(self.tempdir, 'foo'))
relative_path = os.path.relpath(real_path)
self.assertRaises(argparse.ArgumentTypeError, cli.read_file,
relative_path)
test_contents = b'bar\n'
with open(relative_path, 'wb') as f:
f.write(test_contents)
path, contents = cli.read_file(relative_path)
self.assertEqual(path, os.path.abspath(path))
self.assertEqual(contents, test_contents)
finally:
os.chdir(curr_dir)
def expanded_tempdir(prefix):
"""Return the real path of a temp directory with the specified prefix
Some plugins rely on real paths of symlinks for working correctly. For
example, certbot-apache uses real paths of configuration files to tell
a virtual host from another. On systems where TMP itself is a symbolic
link, (ex: OS X) such plugins will be confused. This function prevents
such a case.
"""
return filesystem.realpath(tempfile.mkdtemp(prefix))
def test_get_sysconfig_vars(self):
"""Make sure we read the Gentoo APACHE2_OPTS variable correctly"""
defines = ['DEFAULT_VHOST', 'INFO',
'SSL', 'SSL_DEFAULT_VHOST', 'LANGUAGE']
self.config.parser.apacheconfig_filep = filesystem.realpath(
os.path.join(self.config.parser.root, "../conf.d/apache2"))
self.config.parser.variables = {}
with mock.patch("certbot_apache._internal.override_gentoo.GentooParser.update_modules"):
self.config.parser.update_runtime_variables()
for define in defines:
self.assertTrue(define in self.config.parser.variables.keys())
def test_symlink_resolution(self):
# Absolute resolution
link_path = os.path.join(self.tempdir, 'link_abs')
os.symlink(self.probe_path, link_path)
self.assertEqual(self.probe_path, filesystem.realpath(self.probe_path))
self.assertEqual(self.probe_path, filesystem.realpath(link_path))
# Relative resolution
curdir = os.getcwd()
link_path = os.path.join(self.tempdir, 'link_rel')
probe_name = os.path.basename(self.probe_path)
try:
os.chdir(os.path.dirname(self.probe_path))
os.symlink(probe_name, link_path)
self.assertEqual(self.probe_path, filesystem.realpath(probe_name))
self.assertEqual(self.probe_path, filesystem.realpath(link_path))
finally:
os.chdir(curdir)
def enable_site(self, vhost: VirtualHost) -> None:
"""Enables an available site, Apache reload required.
.. note:: Does not make sure that the site correctly works or that all
modules are enabled appropriately.
:param vhost: vhost to enable
:type vhost: :class:`~certbot_apache._internal.obj.VirtualHost`
:raises .errors.NotSupportedError: If filesystem layout is not
supported.
"""
if vhost.enabled:
return None
enabled_path = ("%s/sites-enabled/%s" %
(self.parser.root,
os.path.basename(vhost.filep)))
if not os.path.isdir(os.path.dirname(enabled_path)):
# For some reason, sites-enabled / sites-available do not exist
# Call the parent method
return super().enable_site(vhost)
self.reverter.register_file_creation(False, enabled_path)
try:
os.symlink(vhost.filep, enabled_path)
except OSError as err:
if os.path.islink(enabled_path) and filesystem.realpath(
enabled_path) == vhost.filep:
# Already in shape
vhost.enabled = True
return None
logger.error(
"Could not symlink %s to %s, got error: %s", enabled_path,
vhost.filep, err.strerror)
errstring = ("Encountered error while trying to enable a " +
"newly created VirtualHost located at {0} by " +
"linking to it from {1}")
raise errors.NotSupportedError(errstring.format(vhost.filep,
enabled_path))
vhost.enabled = True
logger.info("Enabling available site: %s", vhost.filep)
self.save_notes += "Enabled site %s\n" % vhost.filep
return None
def test_get_sysconfig_vars(self, mock_cfg):
"""Make sure we read the sysconfig OPTIONS variable correctly"""
# Return nothing for the process calls
mock_cfg.return_value = ""
self.config.parser.sysconfig_filep = filesystem.realpath(
os.path.join(self.config.parser.root, "../sysconfig/httpd"))
self.config.parser.variables = {}
with mock.patch("certbot.util.get_os_info") as mock_osi:
# Make sure we have the have the CentOS httpd constants
mock_osi.return_value = ("centos", "7")
self.config.parser.update_runtime_variables()
self.assertTrue("mock_define" in self.config.parser.variables.keys())
self.assertTrue("mock_define_too" in self.config.parser.variables.keys())
self.assertTrue("mock_value" in self.config.parser.variables.keys())
self.assertEqual("TRUE", self.config.parser.variables["mock_value"])
self.assertTrue("MOCK_NOSEP" in self.config.parser.variables.keys())
self.assertEqual("NOSEP_VAL", self.config.parser.variables["NOSEP_TWO"])
