def test_920_001(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# we started without a valid certificate, so we expect /.httpd/certificate-status
# to not give information about one and - since we waited for the ACME signup
# to complete - to give information in 'renewal' about the new cert.
status = TestEnv.get_certificate_status(domain)
assert not 'sha256-fingerprint' in status
assert not 'valid' in status
assert 'renewal' in status
assert 'valid' in status['renewal']['cert']
assert 'sha256-fingerprint' in status['renewal']['cert']['rsa']
# restart and activate
# once activated, the staging must be gone and attributes exist for the active cert
assert TestEnv.apache_restart() == 0
status = TestEnv.get_certificate_status(domain)
assert not 'renewal' in status
assert 'sha256-fingerprint' in status['rsa']
assert 'valid' in status['rsa']
assert 'from' in status['rsa']['valid']
def test_920_002(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# copy a real certificate from LE over to staging
staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain,
'pubcert.pem')
real_cert = os.path.join('data', 'test_920', '002.pubcert')
assert copyfile(real_cert, staged_cert)
status = TestEnv.get_certificate_status(domain)
# status shows the copied cert's properties as staged
assert 'renewal' in status
assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['cert'][
'rsa']['valid']['until']
assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['cert'][
'rsa']['valid']['from']
assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal'][
'cert']['rsa']['serial']
assert 'sha256-fingerprint' in status['renewal']['cert']['rsa']
def test_920_020(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_line("MDStapling on")
conf.add_line("MDPrivateKeys secp256r1 RSA")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# In the stats JSON, we excpect 2 certificates under 'renewal'
stat = TestEnv.get_md_status(domain)
assert 'renewal' in stat
assert 'cert' in stat['renewal']
assert 'rsa' in stat['renewal']['cert']
assert 'secp256r1' in stat['renewal']['cert']
# In /.httpd/certificate-status 'renewal' we excpect 2 certificates
status = TestEnv.get_certificate_status(domain)
assert 'renewal' in status
assert 'cert' in status['renewal']
assert 'secp256r1' in status['renewal']['cert']
assert 'rsa' in status['renewal']['cert']
# restart and activate
# once activated, certs are listed in status
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_md_status(domain)
assert 'cert' in stat
assert 'valid' in stat['cert']
for ktype in ['rsa', 'secp256r1']:
assert ktype in stat['cert']
assert 'ocsp' in stat['cert'][ktype]
def test_920_002(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# copy a real certificate from LE over to staging
staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain,
'pubcert.pem')
real_cert = os.path.join('data', 'test_920', '002.pubcert')
assert copyfile(real_cert, staged_cert)
status = TestEnv.get_certificate_status(domain)
# status shows the copied cert's properties as staged
assert 'renewal' in status
assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['valid'][
'until']
assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['valid'][
'from']
assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal'][
'serial']
assert 'sha256-fingerprint' in status['renewal']
if 0 == 1:
assert len(status['renewal']['scts']) == 2
assert status['renewal']['scts'][0][
'logid'] == '747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56'
assert status['renewal']['scts'][0][
'signed'] == 'Fri, 31 May 2019 17:06:35 GMT'
assert status['renewal']['scts'][1][
'logid'] == '293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478'
assert status['renewal']['scts'][1][
'signed'] == 'Fri, 31 May 2019 17:06:35 GMT'
def test_710_001(self):
domain = self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
# generate config with one MD, restart, gets cert
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
cert1 = TestEnv.get_cert(domain)
assert domain in cert1.get_san_list()
# use ACMEv2 now for everything
TestEnv.set_acme('acmev2')
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
# restart, gets cert, should still be the same cert as it remains valid
assert TestEnv.apache_restart() == 0
status = TestEnv.get_certificate_status(domain)
assert status['serial'] == cert1.get_serial()
# change the MD so that we need a new cert
domains = [domain, "www." + domain, "another." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
# should no longer the same cert
status = TestEnv.get_certificate_status(domain)
assert status['serial'] != cert1.get_serial()
TestEnv.check_md_complete(domain)
# should have a 2 accounts now
assert 2 == len(TestEnv.list_accounts())
def test_920_003(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_line("MDCertificateStatus off")
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
status = TestEnv.get_certificate_status(domain)
assert not status
def test_702_009(self):
domain = self.test_domain
domains = [domain]
#
# prepare md
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_renew_window("10d")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
#
# restart (-> drive), check that md+cert is in store, TLS is up
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem'))
# compare with what md reports as status
stat = TestEnv.get_certificate_status(domain)
assert stat['serial'] == cert1.get_serial()
#
# create self-signed cert, with critical remaining valid duration -> drive again
TestEnv.create_self_signed_cert([domain], {
"notBefore": -120,
"notAfter": 2
},
serial=7029)
cert3 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem'))
assert cert3.get_serial() == '1B75'
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_certificate_status(domain)
assert stat['serial'] == cert3.get_serial()
#
# cert should renew and be different afterwards
assert TestEnv.await_completion([domain], must_renew=True)
stat = TestEnv.get_certificate_status(domain)
assert stat['serial'] != cert3.get_serial()
def test_700_031(self):
domain = self.test_domain
nameX = "x." + domain
nameA = "a." + domain
nameB = "b." + domain
nameC = "c." + domain
domains = [nameX, nameA, nameB]
#
# generate 1 MD and 2 vhosts
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(nameA)
conf.add_vhost(nameB)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([nameX])
TestEnv.check_md_complete(nameX)
#
# check: SSL is running OK
certA = TestEnv.get_cert(nameA)
assert nameA in certA.get_san_list()
certB = TestEnv.get_cert(nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
#
# change MD by removing 1st name
new_list = [nameA, nameB, nameC]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(new_list)
conf.add_vhost(nameA)
conf.add_vhost(nameB)
conf.install()
# restart, check that host still works and have same cert
assert TestEnv.apache_restart() == 0
TestEnv.check_md(new_list)
status = TestEnv.get_certificate_status(nameA)
assert status['serial'] == certA.get_serial()
