def test_702_050(self): domain = self.test_domain conf = HttpdConf() conf.add_line(""" MDBaseServer on ServerAdmin admin@%s ServerName %s """ % (domain, domain)) conf.add_md([domain]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain])
def test_310_120(self): HttpdConf(text=""" MDPrivateKeys RSA 4096 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['privkey'] == { "type": "RSA", "bits": 4096 }
def test_310_101(self): HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 TestEnv.check_md( ["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1) HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDomain testdomain2.org www.testdomain2.org mail.testdomain2.org """).install() assert TestEnv.apache_restart() == 0 TestEnv.check_md( ["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1) TestEnv.check_md( ["testdomain2.org", "www.testdomain2.org", "mail.testdomain2.org"], state=1)
def test_310_116(self): HttpdConf(text=""" MDCAChallenges http-01 tls-alpn-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['ca']['challenges'] == [ 'http-01', 'tls-alpn-01' ]
def test_310_105(self): HttpdConf(text=""" ServerAdmin mailto:[email protected] MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 name = "testdomain.org" TestEnv.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, contacts=["mailto:[email protected]"])
def test_300_010(self): HttpdConf(text=""" MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org <VirtualHost *:12346> ServerName not-forbidden.org ServerAlias test3.not-forbidden.org </VirtualHost> """).install() assert TestEnv.apache_restart() == 0 assert (0, 0) == TestEnv.httpd_error_log_count()
def test_702_051(self): domain = self.test_domain conf = HttpdConf() conf.add_line(""" MDBaseServer on MDPortMap http:- ServerAdmin admin@%s ServerName %s """ % (domain, domain)) conf.add_md([domain]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_error(domain)
def test_310_304(self): HttpdConf(text=""" MDRenewMode manual MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['renew-mode'] == 0 # test case: drive mode auto HttpdConf(text=""" MDRenewMode auto MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['renew-mode'] == 1 # test case: drive mode always HttpdConf(text=""" MDRenewMode always MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['renew-mode'] == 2
def test_310_204(self): name = "testdomain.org" HttpdConf(local_CA=False, text=""" MDCertificateAuthority http://acme.test.org:4000/directory MDCertificateProtocol ACME MDCertificateAgreement http://acme.test.org:4000/terms/v1 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # setup: sync with ca info removed HttpdConf(local_CA=False, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 TestEnv.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, ca=TestEnv.ACME_URL_DEFAULT, protocol="ACME")
def test_300_007(self): HttpdConf(text=""" MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org <VirtualHost *:12346> ServerName example2.org MDomain example2.org www.example2.org www.example3.org </VirtualHost> <VirtualHost *:12346> ServerName www.example2.org </VirtualHost> """).install() assert TestEnv.apache_restart() == 0
def test_920_002(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) # copy a real certificate from LE over to staging staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain, 'pubcert.pem') real_cert = os.path.join('data', 'test_920', '002.pubcert') assert copyfile(real_cert, staged_cert) status = TestEnv.get_certificate_status(domain) # status shows the copied cert's properties as staged assert 'renewal' in status assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['cert']['rsa']['valid']['until'] assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['cert']['rsa']['valid']['from'] assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal']['cert']['rsa']['serial'] assert 'sha256-fingerprint' in status['renewal']['cert']['rsa']
def test_300_013(self): HttpdConf(text=""" MDomain example2.org test-a.example2.org test-b.example2.org <VirtualHost *:12346> ServerName test-a.example2.org </VirtualHost> <VirtualHost *:12346> ServerName test-b.example2.org </VirtualHost> """).install() assert TestEnv.apache_restart() == 0 assert (0, 0) == TestEnv.httpd_error_log_count()
def test_720_000(self): domain = self.test_domain # switch to ACMEv1 TestEnv.initv1() # generate config with DNS wildcard domains = [ domain, "*." + domain ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_md( domains ) conf.add_vhost(domains) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md( domains ) # await drive error as ACMEv1 does not accept DNS wildcards md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last']['problem'] == 'urn:acme:error:malformed'
def test_310_305(self): HttpdConf(text=""" MDRenewWindow 14d MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 md = TestEnv.a2md(["list"])['jout']['output'][0] assert md['renew-window'] == '14d' HttpdConf(text=""" MDRenewWindow 10 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 md = TestEnv.a2md(["list"])['jout']['output'][0] assert md['renew-window'] == '10d' HttpdConf(text=""" MDRenewWindow 10% MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 md = TestEnv.a2md(["list"])['jout']['output'][0] assert md['renew-window'] == '10%'
def test_310_500(self): HttpdConf(text=""" MDStoreDir md-other MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'] == [] TestEnv.set_store_dir("md-other") TestEnv.check_md( ["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1) TestEnv.clear_store() TestEnv.set_store_dir_default()
def test_300_011(self): HttpdConf(text=""" MDomain not-forbidden.org manual www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org <VirtualHost *:%s> ServerName not-forbidden.org ServerAlias test3.not-forbidden.org ServerAlias test4.not-forbidden.org SSLEngine on </VirtualHost> """ % (TestEnv.HTTPS_PORT)).install() assert TestEnv.apache_fail() == 0 assert (1, 0) == TestEnv.httpd_error_log_count()
def setup_module(module): print("setup_module: %s" % module.__name__) TestEnv.init() HttpdConf( ).start_vhost( TestEnv.HTTPS_PORT, "push", docRoot="htdocs/test1", withSSL=True ).add_line(""" Protocols h2 http/1.1" RewriteEngine on RewriteRule ^/006-push(.*)?\.html$ /006.html <Location /006-push.html> Header add Link "</006/006.css>;rel=preload" Header add Link "</006/006.js>;rel=preloadX" </Location> <Location /006-push2.html> Header add Link "</006/006.css>;rel=preloadX, </006/006.js>; rel=preload" </Location> <Location /006-push3.html> Header add Link "</006/006.css>;rel=preloa,</006/006.js>;rel=preload" </Location> <Location /006-push4.html> Header add Link "</006/006.css;rel=preload, </006/006.js>; preload" </Location> <Location /006-push5.html> Header add Link '</006/006.css>;rel="preload push"' </Location> <Location /006-push6.html> Header add Link '</006/006.css>;rel="push preload"' </Location> <Location /006-push7.html> Header add Link '</006/006.css>;rel="abc preload push"' </Location> <Location /006-push8.html> Header add Link '</006/006.css>;rel="preload"; nopush' </Location> <Location /006-push20.html> H2PushResource "/006/006.css" critical H2PushResource "/006/006.js" </Location> <Location /006-push30.html> H2Push off Header add Link '</006/006.css>;rel="preload"' </Location> <Location /006-push31.html> H2PushResource "/006/006.css" critical </Location> <Location /006-push32.html> Header add Link "</006/006.css>;rel=preload" </Location> """).end_vhost( ).install() assert TestEnv.apache_restart() == 0
def test_300_022(self): HttpdConf(text=""" MDomain secret.com <If "1 == 1"> MDRequireHttps temporary </If> <VirtualHost *:12344> ServerName secret.com SSLEngine on </VirtualHost> """).install() assert TestEnv.apache_start() == 0 HttpdConf(text=""" MDomain secret.com <Directory /tmp> MDRequireHttps temporary </Directory> <VirtualHost *:12344> ServerName secret.com SSLEngine on </VirtualHost> """).install() assert TestEnv.apache_restart() == 1
def test_300_011b(self): assert TestEnv.apache_stop() == 0 HttpdConf(text=""" MDomain not-forbidden.org auto mail.not-forbidden.org <VirtualHost *:%s> ServerName not-forbidden.org ServerAlias test3.not-forbidden.org ServerAlias test4.not-forbidden.org SSLEngine on </VirtualHost> """ % TestEnv.HTTPS_PORT).install() assert TestEnv.apache_restart() == 0 assert (0, 0) == TestEnv.httpd_error_log_count()
def setup_module(module): print("setup_module: %s" % module.__name__) TestEnv.init() HttpdConf().start_vhost(TestEnv.HTTPS_PORT, "ssl", withSSL=True).add_line( " Protocols h2 http/1.1" ).add_line(" SSLOptions +StdEnvVars").add_line(" ").add_line( " <Location /h2only.html>" ).add_line(" Require expr \"%{HTTP2} == 'on'\"").add_line( " </Location>").add_line(" <Location /noh2.html>").add_line( " Require expr \"%{HTTP2} == 'off'\"").add_line( " </Location>").end_vhost().install() # the dir needs to exists for the configuration to have effect TestEnv.mkpath("%s/htdocs/ssl-client-verify" % TestEnv.WEBROOT) assert TestEnv.apache_restart() == 0
def test_310_303(self): name = "testdomain.org" HttpdConf(text=""" ServerAdmin mailto:[email protected] MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # setup: sync with changed admin info HttpdConf(local_CA=False, text=""" ServerAdmin mailto:[email protected] MDCertificateAuthority http://somewhere.com:6666/directory MDCertificateProtocol ACME MDCertificateAgreement http://somewhere.com:6666/terms/v1 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # check: md stays the same with previous admin info TestEnv.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, contacts=["mailto:[email protected]"])
def test_310_300(self): dnsList = [ "testdomain.org", "mail.testdomain.org", "www.testdomain.org" ] TestEnv.a2md(["add"] + dnsList) TestEnv.check_md(dnsList, state=1) HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # check: dns list changes TestEnv.check_md( ["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1)
def test_310_103(self): HttpdConf(text=""" MDCertificateAuthority http://acme.test.org:4000/directory MDCertificateProtocol ACME MDCertificateAgreement http://acme.test.org:4000/terms/v1 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 name = "testdomain.org" TestEnv.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, ca="http://acme.test.org:4000/directory", protocol="ACME", agreement="http://acme.test.org:4000/terms/v1")
def test_310_309(self): # setup: nothing set HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['must-staple'] == False # test case: OCSP stapling on HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDMustStaple on """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['must-staple'] == True # test case: OCSP stapling off HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDMustStaple off """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['must-staple'] == False
def test_740_000(self): domain = self.test_domain domains = [domain, "invalid!." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 if TestEnv.ACME_SERVER == 'pebble': assert md['renewal']['last'][ 'problem'] == 'urn:ietf:params:acme:error:malformed' assert md['renewal']['last'][ 'detail'] == "Order included DNS identifier with a value containing an illegal character: '!'" else: assert md['renewal']['last'][ 'problem'] == 'urn:ietf:params:acme:error:rejectedIdentifier' assert md['renewal']['last']['detail'] == ( "Error creating new order :: Cannot issue for " "\"%s\": Domain name contains an invalid character" % domains[1])
def test_702_052(self): domain = self.test_domain conf = HttpdConf() conf.add_line(""" MDBaseServer on MDPortMap http:- Protocols h2 http/1.1 acme-tls/1 ServerAdmin admin@%s ServerName %s SSLEngine on """ % (domain, domain)) conf.add_md([domain]) conf.install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_md_status(domain) assert stat["proto"]["acme-tls/1"] == [domain] assert TestEnv.await_completion([domain])
def test_310_201(self): dnsList = [ "testdomain.org", "test.testdomain.org", "www.testdomain.org", "mail.testdomain.org" ] TestEnv.a2md(["add"] + dnsList) TestEnv.check_md(dnsList, state=1) HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # check: DNS has been removed from md in store TestEnv.check_md( ["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1)
def test_310_117(self): HttpdConf(text=""" MDMember auto MDomain testdomain.org <VirtualHost *:12346> ServerName testdomain.org ServerAlias test.testdomain.org ServerAlias mail.testdomain.org DocumentRoot htdocs SSLEngine on </VirtualHost> """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['domains'] == \ ['testdomain.org', 'test.testdomain.org', 'mail.testdomain.org']
def test_300_021(self): HttpdConf(text=""" MDMembers manual MDomain secret.com <VirtualHost *:12344> ServerName not.secret.com ServerAlias secret.com SSLEngine on </VirtualHost> """).install() assert TestEnv.apache_fail() == 0 assert (1, 0) == TestEnv.httpd_error_log_count() assert TestEnv.httpd_error_log_scan( re.compile( ".*Virtual Host not.secret.com:0 matches Managed Domain 'secret.com', but the name/alias not.secret.com itself is not managed. A requested MD certificate will not match ServerName.*" ))
def test_310_202(self): dnsList = [ "name.testdomain.org", "testdomain.org", "www.testdomain.org", "mail.testdomain.org" ] TestEnv.a2md(["add"] + dnsList) TestEnv.check_md(dnsList, state=1) HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # check: md overwrite previous name and changes name TestEnv.check_md( ["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], md="testdomain.org", state=1)