def test_500_109(self): # test case: redirect on SSL-only domain # setup: prepare config domain = "test500-109-" + TestDrive.dns_uniq name = "www." + domain conf = HttpdConf( TestDrive.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "manual" ) conf.add_md( [name] ) conf.add_vhost(TestEnv.HTTP_PORT, name, aliasList=[], docRoot="htdocs/test", withSSL=False) conf.add_vhost(TestEnv.HTTPS_PORT, name, aliasList=[], docRoot="htdocs/test", withSSL=True) conf.install() # setup: create resource files self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "test"), "name.txt", name) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR), "name.txt", "not-forbidden.org") assert TestEnv.apache_restart() == 0 # drive it assert TestEnv.a2md( [ "drive", name ] )['rv'] == 0 assert TestEnv.apache_restart() == 0 # test HTTP access - no redirect assert TestEnv.get_content("not-forbidden.org", "/name.txt", useHTTPS=False) == "not-forbidden.org" assert TestEnv.get_content(name, "/name.txt", useHTTPS=False) == name r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert int(r['http_headers']['Content-Length']) == len(name) assert "Location" not in r['http_headers'] # test HTTPS access assert TestEnv.get_content(name, "/name.txt", useHTTPS=True) == name # test HTTP access again -> redirect to default HTTPS port conf.add_require_ssl("temporary") conf.install() assert TestEnv.apache_restart() == 0 r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert r['http_status'] == 302 expLocation = "https://%s/name.txt" % name assert r['http_headers']['Location'] == expLocation # should not see this assert not 'Strict-Transport-Security' in r['http_headers'] # test default HTTP vhost -> still no redirect assert TestEnv.get_content("not-forbidden.org", "/name.txt", useHTTPS=False) == "not-forbidden.org" r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True) # also not for this assert not 'Strict-Transport-Security' in r['http_headers'] # test HTTP access again -> redirect permanent conf.add_require_ssl("permanent") conf.install() assert TestEnv.apache_restart() == 0 r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert r['http_status'] == 301 expLocation = "https://%s/name.txt" % name assert r['http_headers']['Location'] == expLocation assert not 'Strict-Transport-Security' in r['http_headers'] # should see this r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True) assert r['http_headers']['Strict-Transport-Security'] == 'max-age=15768000'
def test_500_110(self): # test case: SSL-only domain, override headers generated by mod_md # setup: prepare config if not TestEnv.httpd_is_at_least("2.5.0"): return domain = "test500-110-" + TestDrive.dns_uniq name = "www." + domain conf = HttpdConf(TestDrive.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_require_ssl("permanent") conf.add_md([name]) conf._add_line(" SSLEngine *:" + TestEnv.HTTPS_PORT) conf.add_vhost(TestEnv.HTTPS_PORT + " *:" + TestEnv.HTTP_PORT, name, aliasList=[], withSSL=False) conf.install() assert TestEnv.apache_restart() == 0 # drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 assert TestEnv.apache_restart() == 0 # test override HSTS header conf._add_line( ' Header set Strict-Transport-Security "max-age=10886400; includeSubDomains; preload"' ) conf.install() assert TestEnv.apache_restart() == 0 r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True) assert r['http_headers'][ 'Strict-Transport-Security'] == 'max-age=10886400; includeSubDomains; preload' # test override Location header conf._add_line(' Redirect /a /name.txt') conf._add_line(' Redirect seeother /b /name.txt') conf.install() assert TestEnv.apache_restart() == 0 # check: default redirect by mod_md still works expLocation = "https://%s/name.txt" % name r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert r['http_status'] == 301 assert r['http_headers']['Location'] == expLocation # check: redirect as given by mod_alias expLocation = "https://%s/a" % name r = TestEnv.get_meta(name, "/a", useHTTPS=False) assert r[ 'http_status'] == 301 # FAIL: mod_alias generates Location header instead of mod_md assert r['http_headers']['Location'] == expLocation
def test_500_100(self): # test case: md with one domain domain = self.test_domain name = "www." + domain self._prepare_md([name]) assert TestEnv.apache_start() == 0 # drive prevMd = TestEnv.a2md(["list", name])['jout']['output'][0] assert TestEnv.a2md(["drive", "-c", "http-01", name])['rv'] == 0 TestEnv.check_md_credentials([name]) self._check_account_key(name) # check archive content storeMd = json.loads( open(TestEnv.store_archived_file(name, 1, 'md.json')).read()) for f in [ 'name', 'ca', 'domains', 'contacts', 'renew-mode', 'renew-window', 'must-staple' ]: assert storeMd[f] == prevMd[f] # check file system permissions: TestEnv.check_file_permissions(name) # check: challenges removed TestEnv.check_dir_empty(TestEnv.store_challenges()) # check how the challenge resources are answered in sevceral combinations result = TestEnv.get_meta(domain, "/.well-known/acme-challenge", False) assert result['rv'] == 0 assert result['http_status'] == 404 result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/", False) assert result['rv'] == 0 assert result['http_status'] == 404 result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123", False) assert result['rv'] == 0 assert result['http_status'] == 404 assert result['rv'] == 0 cdir = os.path.join(TestEnv.store_challenges(), domain) os.makedirs(cdir) open(os.path.join(cdir, 'acme-http-01.txt'), "w").write("content-of-123") result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123", False) assert result['rv'] == 0 assert result['http_status'] == 200 assert result['http_headers']['Content-Length'] == '14'
def test_500_111(self): # test case: vhost with parallel HTTP/HTTPS, check mod_alias redirects # setup: prepare config if not TestEnv.httpd_is_at_least("2.5.0"): return domain = "test500-111-" + TestDrive.dns_uniq name = "www." + domain conf = HttpdConf(TestDrive.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md([name]) conf._add_line(" LogLevel alias:debug") conf._add_line(" SSLEngine *:" + TestEnv.HTTPS_PORT) conf.start_vhost(TestEnv.HTTPS_PORT + " *:" + TestEnv.HTTP_PORT, name, aliasList=[], withSSL=False) conf.end_vhost() conf.install() assert TestEnv.apache_restart() == 0 # drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 assert TestEnv.apache_restart() == 0 # setup: place redirect rules conf._add_line(' Redirect /a /name.txt') conf._add_line(' Redirect seeother /b /name.txt') conf.install() assert TestEnv.apache_restart() == 0 # check: redirects on HTTP expLocation = "http://%s:%s/name.txt" % (name, TestEnv.HTTP_PORT) r = TestEnv.get_meta(name, "/a", useHTTPS=False) assert r['http_status'] == 302 assert r['http_headers']['Location'] == expLocation r = TestEnv.get_meta(name, "/b", useHTTPS=False) assert r['http_status'] == 303 assert r['http_headers']['Location'] == expLocation # check: redirects on HTTPS expLocation = "https://%s:%s/name.txt" % (name, TestEnv.HTTPS_PORT) r = TestEnv.get_meta(name, "/a", useHTTPS=True) assert r['http_status'] == 302 assert r['http_headers'][ 'Location'] == expLocation # FAIL: expected 'https://...' but found 'http://...' r = TestEnv.get_meta(name, "/b", useHTTPS=True) assert r['http_status'] == 303 assert r['http_headers']['Location'] == expLocation
def test_502_100(self): # test case: md with one domain domain = "test502-100-" + TestDrive.dns_uniq name = "www." + domain self._prepare_md([name]) assert TestEnv.apache_start() == 0 # drive prevMd = TestEnv.a2md(["list", name])['jout']['output'][0] assert TestEnv.a2md(["-v", "drive", "-c", "http-01", name])['rv'] == 0 self._check_md_cert([name]) self._check_account_key(name) # check archive content assert json.loads( open(TestEnv.path_domain(name, archiveVersion=1)).read()) == prevMd # check file system permissions: TestEnv.check_file_permissions(name) # check: challenges removed TestEnv.check_dir_empty(TestEnv.path_challenges()) # check how the challenge resources are answered in sevceral combinations result = TestEnv.get_meta(domain, "/.well-known/acme-challenge", False) assert result['rv'] == 0 assert result['http_status'] == 404 result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/", False) assert result['rv'] == 0 assert result['http_status'] == 404 result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123", False) assert result['rv'] == 0 assert result['http_status'] == 404 assert result['rv'] == 0 cdir = os.path.join(TestEnv.path_challenges(), domain) os.makedirs(cdir) open(os.path.join(cdir, 'acme-http-01.txt'), "w").write("content-of-123") result = TestEnv.get_meta(domain, "/.well-known/acme-challenge/123", False) assert result['rv'] == 0 assert result['http_status'] == 200 assert result['http_headers']['Content-Length'] == '14'
def test_500_111(self): # test case: vhost with parallel HTTP/HTTPS, check mod_alias redirects # setup: prepare config domain = self.test_domain name = "www." + domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md([name]) conf._add_line(" LogLevel alias:debug") conf.add_vhost(name, port=TestEnv.HTTP_PORT) conf.add_vhost(name) conf.install() assert TestEnv.apache_restart() == 0 # drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 assert TestEnv.apache_restart() == 0 # setup: place redirect rules conf._add_line(' Redirect /a /name.txt') conf._add_line(' Redirect seeother /b /name.txt') conf.install() assert TestEnv.apache_restart() == 0 # check: redirects on HTTP expLocation = "http://%s:%s/name.txt" % (name, TestEnv.HTTP_PORT) r = TestEnv.get_meta(name, "/a", useHTTPS=False) assert r['http_status'] == 302 assert r['http_headers']['Location'] == expLocation r = TestEnv.get_meta(name, "/b", useHTTPS=False) assert r['http_status'] == 303 assert r['http_headers']['Location'] == expLocation # check: redirects on HTTPS expLocation = "https://%s:%s/name.txt" % (name, TestEnv.HTTPS_PORT) r = TestEnv.get_meta(name, "/a", useHTTPS=True) assert r['http_status'] == 302 assert r['http_headers'][ 'Location'] == expLocation # FAIL: expected 'https://...' but found 'http://...' r = TestEnv.get_meta(name, "/b", useHTTPS=True) assert r['http_status'] == 303 assert r['http_headers']['Location'] == expLocation