def test_720_003(self):
dns01cmd = ("%s/dns01.py fail" % TestEnv.TESTROOT)
domain = self.test_domain
domains = [ domain, "*." + domain ]
conf = HttpdConf()
conf.add_admin( "*****@*****.**" )
conf.add_ca_challenges( [ "dns-01" ] )
conf.add_dns01_cmd( dns01cmd )
conf.add_md( domains )
conf.add_vhost(domains)
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md( domains )
# await drive completion
md = TestEnv.await_error(domain)
assert md
assert md['renewal']['errors'] > 0
assert md['renewal']['last']['problem'] == 'challenge-setup-failure'
def test_702_041(self):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("LogLevel core:debug")
conf.add_line("LogLevel ssl:debug")
conf.add_drive_mode("auto")
conf.add_ca_challenges(["tls-alpn-01"])
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
#
# restart (-> drive), check that MD job shows errors
# and that missing proto is detected
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# check that acme-tls/1 is available for none of the domains
stat = TestEnv.get_md_status(domain)
assert stat["proto"]["acme-tls/1"] == []
def test_602_001(self):
# test case: same as test_600_000, but with two parallel managed domains
domain_a = "a-" + self.test_domain
domain_b = "b-" + self.test_domain
# - generate config with one md
domains_a = [domain_a, "www." + domain_a]
domains_b = [domain_b, "www." + domain_b]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_drive_mode("manual")
conf.add_md(domains_a)
conf.add_md(domains_b)
conf.install()
# - restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains_a)
TestEnv.check_md(domains_b)
# - drive
assert TestEnv.a2md(["drive", domain_a])['rv'] == 0
assert TestEnv.a2md(["drive", domain_b])['rv'] == 0
assert TestEnv.apache_restart() == 0
TestEnv.check_md_complete(domain_a)
TestEnv.check_md_complete(domain_b)
# - append vhost to config
conf.add_vhost(domains_a)
conf.add_vhost(domains_b)
conf.install()
# check: SSL is running OK
assert TestEnv.apache_restart() == 0
cert_a = TestEnv.get_cert(domain_a)
assert domains_a == cert_a.get_san_list()
cert_b = TestEnv.get_cert(domain_b)
assert domains_b == cert_b.get_san_list()
def test_702_009(self):
domain = self.test_domain
domains = [domain]
#
# prepare md
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_renew_window("10d")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
#
# restart (-> drive), check that md+cert is in store, TLS is up
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem'))
# compare with what md reports as status
stat = TestEnv.get_certificate_status(domain)
assert stat['serial'] == cert1.get_serial()
#
# create self-signed cert, with critical remaining valid duration -> drive again
TestEnv.create_self_signed_cert([domain], {
"notBefore": -120,
"notAfter": 2
},
serial=7029)
cert3 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem'))
assert cert3.get_serial() == '1B75'
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_certificate_status(domain)
assert stat['serial'] == cert3.get_serial()
#
# cert should renew and be different afterwards
assert TestEnv.await_completion([domain], must_renew=True)
stat = TestEnv.get_certificate_status(domain)
assert stat['serial'] != cert3.get_serial()
def test_901_011(self):
# MD with static cert files, lifetime in warn window, check message
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_011')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, {
"notBefore": -85,
"notAfter": 5
},
serial=901011,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
time.sleep(1)
nlines = open(self.mlog).readlines()
assert 1 == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[0].strip()
# check that we do not get it resend right away again
assert TestEnv.apache_restart() == 0
time.sleep(1)
nlines = open(self.mlog).readlines()
assert 1 == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[0].strip()
def test_900_012(self):
md1 = "a-" + TestNotify.domain
domains1 = [md1, "www." + md1]
md2 = "b-" + TestNotify.domain
domains2 = [md2, "www." + md2]
command = TestNotify.notify_cmd
args = TestNotify.notify_log
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_notify_cmd("%s %s" % (command, args))
conf.add_md(domains1)
conf.add_md(domains2)
conf.add_vhost(domains1)
conf.add_vhost(domains2)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([md1, md2], restart=False)
stat = TestEnv.get_md_status(md1)
assert stat["renewal"]["last"]["status"] == 0
stat = TestEnv.get_md_status(md2)
assert stat["renewal"]["last"]["status"] == 0
nlines = open(args).readlines()
assert 2 == len(nlines)
def test_901_020(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_drive_mode("auto")
conf.add_md(domains)
conf.add_line("MDStapling on")
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.await_ocsp_status(domain)
assert TestEnv.await_file(self.mlog)
time.sleep(1)
nlines = open(self.mlog).readlines()
assert 4 == len(nlines)
assert nlines[0].strip() == ("['%s', '%s', 'challenge-setup:http-01:%s', '%s']"
% (self.mcmd, self.mlog, domain, domain))
assert nlines[1].strip() == ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain))
assert nlines[2].strip() == ("['%s', '%s', 'installed', '%s']" % (self.mcmd, self.mlog, domain))
assert nlines[3].strip() == ("['%s', '%s', 'ocsp-renewed', '%s']" % (self.mcmd, self.mlog, domain))
def test_901_010(self):
# MD with static cert files, lifetime in renewal window, no message about renewal
domain = self.test_domain
domains = [ domain, 'www.%s' % domain ]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_010')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, { "notBefore": -70, "notAfter": 20 },
serial=901010, path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**" )
conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) )
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert not os.path.isfile(self.mlog)
def test_702_004(self, challengeType):
domain = self.test_domain
domains = [domain, "www." + domain]
#
# generate 1 MD and 1 vhost
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("Protocols http/1.1 acme-tls/1")
conf.add_drive_mode("auto")
conf.add_ca_challenges([challengeType])
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
#
# check SSL running OK
cert = TestEnv.get_cert(domain)
assert domain in cert.get_san_list()
def test_702_002(self):
domain = self.test_domain
domainA = "a-" + domain
domainB = "b-" + domain
#
# generate config with two MDs
domainsA = [domainA, "www." + domainA]
domainsB = [domainB, "www." + domainB]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_drive_mode("auto")
conf.add_md(domainsA)
conf.add_md(domainsB)
conf.add_vhost(domainsA)
conf.add_vhost(domainsB)
conf.install()
#
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domainsA)
TestEnv.check_md(domainsB)
#
# await drive completion, do not restart
assert TestEnv.await_completion([domainA, domainB], restart=False)
# staged certificates are now visible on the status resources
status = TestEnv.get_md_status(domainA)
assert 'renewal' in status
assert 'cert' in status['renewal']
assert 'rsa' in status['renewal']['cert']
assert 'sha256-fingerprint' in status['renewal']['cert']['rsa']
# restart and activate
assert TestEnv.apache_restart() == 0
# check: SSL is running OK
certA = TestEnv.get_cert(domainA)
assert domainsA == certA.get_san_list()
certB = TestEnv.get_cert(domainB)
assert domainsB == certB.get_san_list()
def test_720_002b(self):
dns01cmd = ("%s/dns01-not-found.py" % TestEnv.TESTROOT)
domain = self.test_domain
domains = [domain, "xxx." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_dns01_cmd(dns01cmd)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
# await drive completion
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
# check: SSL is running OK
cert_a = TestEnv.get_cert(domain)
altnames = cert_a.get_san_list()
for domain in domains:
assert domain in altnames
def test_901_020(self):
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_drive_mode("auto")
conf.add_md(domains)
conf.add_line("MDStapling on")
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
stat = TestEnv.await_ocsp_status(domain)
assert os.path.isfile(self.mlog)
nlines = open(self.mlog).readlines()
# since v2.1.10, the 'installed' message is second in log
assert 3 == len(nlines)
assert ("['%s', '%s', 'renewed', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[0].strip()
assert ("['%s', '%s', 'installed', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[1].strip()
assert ("['%s', '%s', 'ocsp-renewed', '%s']" %
(self.mcmd, self.mlog, domain)) == nlines[2].strip()
def test_500_202(self, keyType, keyParams, expKeyLength):
# test case: specify RSA key length and verify resulting cert key
# setup: prepare md
domain = self.test_domain
name = "www." + domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_private_key(keyType, keyParams)
conf.add_md([name])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_INCOMPLETE
# setup: drive it
assert TestEnv.a2md( [ "-vv", "drive", name ] )['rv'] == 0, \
"Expected drive to succeed for MDPrivateKeys {} {}".format(keyType, keyParams)
assert TestEnv.a2md(
["list",
name])['jout']['output'][0]['state'] == TestEnv.MD_S_COMPLETE
# check cert key length
cert = CertUtil(TestEnv.store_domain_file(name, 'pubcert.pem'))
assert cert.get_key_length() == expKeyLength
def test_901_003(self):
domain = self.test_domain
domains = [ domain, "www." + domain ]
conf = HttpdConf()
conf.add_admin( "*****@*****.**" )
conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) )
conf.add_drive_mode( "auto" )
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion( [ domain ], restart=False )
stat = TestEnv.get_md_status(domain)
# this command did not fail and logged itself the correct information
assert stat["renewal"]["last"]["status"] == 0
assert stat["renewal"]["log"]["entries"]
assert stat["renewal"]["log"]["entries"][0]["type"] == "message-renewed"
# shut down server to make sure that md has completed
assert TestEnv.apache_stop() == 0
nlines = open(self.mlog).readlines()
assert 1+self.menv_lines == len(nlines)
assert ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
assert (re.match(r'MD_VERSION=(\d+\.\d+\.\d+)(-.+)?', nlines[1].strip()))
assert ("MD_STORE=%s" % (TestEnv.STORE_DIR)) == nlines[2].strip()
def test_910_01(self):
# generate a simple MD
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_drive_mode("manual")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
# create valid/invalid challenges subdirs
challenges_dir = TestEnv.store_challenges()
dirs_before = ["aaa", "bbb", domain, "zzz"]
for name in dirs_before:
os.makedirs(os.path.join(challenges_dir, name))
assert TestEnv.apache_restart() == 0
# the one we use is still there
assert os.path.isdir(os.path.join(challenges_dir, domain))
# and the others are gone
missing_after = ["aaa", "bbb", "zzz"]
for name in missing_after:
assert not os.path.exists(os.path.join(challenges_dir, name))
def test_600_001(self):
# test case: same as test_600_000, but with two parallel managed domains
domainA = "a-" + self.test_domain
domainB = "b-" + self.test_domain
domainsA = [domainA, "www." + domainA]
domainsB = [domainB, "www." + domainB]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_drive_mode("manual")
conf.add_md(domainsA)
conf.add_md(domainsB)
conf.install()
# - restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domainsA)
TestEnv.check_md(domainsB)
# - drive
assert TestEnv.a2md(["drive", domainA])['rv'] == 0
assert TestEnv.a2md(["drive", domainB])['rv'] == 0
assert TestEnv.apache_restart() == 0
TestEnv.check_md_complete(domainA)
TestEnv.check_md_complete(domainB)
# - append vhost to config
conf.add_vhost(domainsA)
conf.add_vhost(domainsB)
conf.install()
# check: SSL is running OK
assert TestEnv.apache_restart() == 0
certA = TestEnv.get_cert(domainA)
assert domainsA == certA.get_san_list()
certB = TestEnv.get_cert(domainB)
assert domainsB == certB.get_san_list()
def test_740_000(self):
domain = self.test_domain
domains = [domain, "invalid!." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
md = TestEnv.await_error(domain)
assert md
assert md['renewal']['errors'] > 0
if TestEnv.ACME_SERVER == 'pebble':
assert md['renewal']['last'][
'problem'] == 'urn:ietf:params:acme:error:malformed'
assert md['renewal']['last'][
'detail'] == "Order included DNS identifier with a value containing an illegal character: '!'"
else:
assert md['renewal']['last'][
'problem'] == 'urn:ietf:params:acme:error:rejectedIdentifier'
assert md['renewal']['last']['detail'] == (
"Error creating new order :: Cannot issue for "
"\"%s\": Domain name contains an invalid character" %
domains[1])
def test_901_030(self):
domain = self.test_domain
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
# set the warn window that triggers right away and a failing message command
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmdfail, self.mlog))
conf.add_md(domains)
conf.add_line("""
MDWarnWindow 100d
""")
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.get_md_status(domain)
# this command should have failed and logged an error
# shut down server to make sure that md has completed
assert TestEnv.await_file(TestEnv.store_staged_file(domain, 'job.json'))
while True:
with open(TestEnv.store_staged_file(domain, 'job.json')) as f:
job = json.load(f)
if job["errors"] > 0:
assert job["errors"] > 0, "unexpected job result: {0}".format(job)
assert job["last"]["problem"] == "urn:org:apache:httpd:log:AH10109:"
break
time.sleep(0.1)
# reconfigure to a working notification command and restart
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.add_md(domains)
conf.add_line("""
MDWarnWindow 100d
""")
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_file(self.mlog)
# we see the notification logged by the command
nlines = open(self.mlog).readlines()
assert 1 == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
# the error needs to be gone
assert TestEnv.await_file(TestEnv.store_staged_file(domain, 'job.json'))
with open(TestEnv.store_staged_file(domain, 'job.json')) as f:
job = json.load(f)
assert job["errors"] == 0
def test_710_001(self):
domain = self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
# generate config with one MD, restart, gets cert
domains = [domain, "www." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
cert1 = TestEnv.get_cert(domain)
assert domain in cert1.get_san_list()
# use ACMEv2 now for everything
TestEnv.set_acme('acmev2')
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
# restart, gets cert, should still be the same cert as it remains valid
assert TestEnv.apache_restart() == 0
status = TestEnv.get_certificate_status(domain)
assert status['serial'] == cert1.get_serial()
# change the MD so that we need a new cert
domains = [domain, "www." + domain, "another." + domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
# should no longer the same cert
status = TestEnv.get_certificate_status(domain)
assert status['serial'] != cert1.get_serial()
TestEnv.check_md_complete(domain)
# should have a 2 accounts now
assert 2 == len(TestEnv.list_accounts())
def test_500_110(self):
# test case: SSL-only domain, override headers generated by mod_md
# setup: prepare config
domain = self.test_domain
name = "www." + domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_require_ssl("permanent")
conf.add_md([name])
conf.add_vhost(name, port=TestEnv.HTTP_PORT)
conf.add_vhost(name)
conf.install()
assert TestEnv.apache_restart() == 0
# drive it
assert TestEnv.a2md(["drive", name])['rv'] == 0
assert TestEnv.apache_restart() == 0
# test override HSTS header
conf._add_line(
' Header set Strict-Transport-Security "max-age=10886400; includeSubDomains; preload"'
)
conf.install()
assert TestEnv.apache_restart() == 0
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True)
assert r['http_headers'][
'Strict-Transport-Security'] == 'max-age=10886400; includeSubDomains; preload'
# test override Location header
conf._add_line(' Redirect /a /name.txt')
conf._add_line(' Redirect seeother /b /name.txt')
conf.install()
assert TestEnv.apache_restart() == 0
# check: default redirect by mod_md still works
expLocation = "https://%s/name.txt" % name
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False)
assert r['http_status'] == 301
assert r['http_headers']['Location'] == expLocation
# check: redirect as given by mod_alias
expLocation = "https://%s/a" % name
r = TestEnv.get_meta(name, "/a", useHTTPS=False)
assert r[
'http_status'] == 301 # FAIL: mod_alias generates Location header instead of mod_md
assert r['http_headers']['Location'] == expLocation
def test_500_109(self):
# test case: redirect on SSL-only domain
# setup: prepare config
domain = self.test_domain
name = "www." + domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md([name])
conf.add_vhost(name, port=TestEnv.HTTP_PORT, docRoot="htdocs/test")
conf.add_vhost(name, docRoot="htdocs/test")
conf.install()
# setup: create resource files
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "test"),
"name.txt", name)
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR),
"name.txt", "not-forbidden.org")
assert TestEnv.apache_restart() == 0
# drive it
assert TestEnv.a2md(["drive", name])['rv'] == 0
assert TestEnv.apache_restart() == 0
# test HTTP access - no redirect
assert TestEnv.get_content("not-forbidden.org",
"/name.txt",
useHTTPS=False) == "not-forbidden.org"
assert TestEnv.get_content(name, "/name.txt", useHTTPS=False) == name
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False)
assert int(r['http_headers']['Content-Length']) == len(name)
assert "Location" not in r['http_headers']
# test HTTPS access
assert TestEnv.get_content(name, "/name.txt", useHTTPS=True) == name
# test HTTP access again -> redirect to default HTTPS port
conf.add_require_ssl("temporary")
conf.install()
assert TestEnv.apache_restart() == 0
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False)
assert r['http_status'] == 302
expLocation = "https://%s/name.txt" % name
assert r['http_headers']['Location'] == expLocation
# should not see this
assert not 'Strict-Transport-Security' in r['http_headers']
# test default HTTP vhost -> still no redirect
assert TestEnv.get_content("not-forbidden.org",
"/name.txt",
useHTTPS=False) == "not-forbidden.org"
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True)
# also not for this
assert not 'Strict-Transport-Security' in r['http_headers']
# test HTTP access again -> redirect permanent
conf.add_require_ssl("permanent")
conf.install()
assert TestEnv.apache_restart() == 0
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False)
assert r['http_status'] == 301
expLocation = "https://%s/name.txt" % name
assert r['http_headers']['Location'] == expLocation
assert not 'Strict-Transport-Security' in r['http_headers']
# should see this
r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True)
assert r['http_headers'][
'Strict-Transport-Security'] == 'max-age=15768000'
def test_710_002(self):
domain = self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
domainA = "a-" + domain
domainB = "b-" + domain
# generate config with two MDs
domainsA = [domainA, "www." + domainA]
domainsB = [domainB, "www." + domainB]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_line("MDMembers auto")
conf.add_md([domainA])
conf.add_md([domainB])
conf.add_vhost(domainsA)
conf.add_vhost(domainsB)
conf.install()
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domainsA)
TestEnv.check_md(domainsB)
# await drive completion
assert TestEnv.await_completion([domainA, domainB])
TestEnv.check_md_complete(domainsA[0])
TestEnv.check_md_complete(domainsB[0])
cert1 = TestEnv.get_cert(domainA)
# should have a single account now
assert 1 == len(TestEnv.list_accounts())
# use ACMEv2 now for everything
TestEnv.set_acme('acmev2')
# change the MDs so that we need a new cert
domainsA = [domainA, "www." + domainA, "another." + domainA]
domainsB = [domainB, "www." + domainB, "another." + domainB]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_line("MDMembers auto")
conf.add_md([domainA])
conf.add_md([domainB])
conf.add_vhost(domainsA)
conf.add_vhost(domainsB)
conf.install()
# restart, gets cert
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domainA, domainB])
TestEnv.check_md(domainsA)
TestEnv.check_md(domainsB)
TestEnv.check_md_complete(domainsA[0])
cert2 = TestEnv.get_cert(domainA)
# should no longer the same cert
assert cert1.get_serial() != cert2.get_serial()
# should have a 2 accounts now
assert 2 == len(TestEnv.list_accounts())
