def test_310_302(self): name = "testdomain.org" HttpdConf(text=""" MDCertificateAuthority http://acme.test.org:4000/directory MDCertificateProtocol ACME MDCertificateAgreement http://acme.test.org:4000/terms/v1 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # setup: sync with changed ca info HttpdConf(text=""" ServerAdmin mailto:[email protected] MDCertificateAuthority http://somewhere.com:6666/directory MDCertificateProtocol ACME MDCertificateAgreement http://somewhere.com:6666/terms/v1 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # check: md stays the same with previous ca info TestEnv.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, ca="http://somewhere.com:6666/directory", protocol="ACME", agreement="http://somewhere.com:6666/terms/v1")
def test_920_002(self): # simple MD, drive it, manipulate staged credentials and check status domain = self.test_domain dnsList = [ domain ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_md( dnsList ) conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ], restart=False ) # copy a real certificate from LE over to staging staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain, 'pubcert.pem') real_cert = os.path.join('data', 'test_920', '002.pubcert') assert copyfile(real_cert, staged_cert) == None status = TestEnv.get_certificate_status( domain ) # status shows the copied cert's properties as staged assert 'renewal' in status assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['valid-until'] assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['valid-from'] assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal']['serial'] assert 'sha256-fingerprint' in status['renewal'] assert len(status['renewal']['scts']) == 2 assert status['renewal']['scts'][0]['logid'] == '747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56' assert status['renewal']['scts'][0]['signed'] == 'Fri, 31 May 2019 17:06:35 GMT' assert status['renewal']['scts'][1]['logid'] == '293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478' assert status['renewal']['scts'][1]['signed'] == 'Fri, 31 May 2019 17:06:35 GMT'
def test_700_003(self): # generate 1 MD and 2 vhosts domain = self.test_domain nameA = "a." + domain nameB = "b." + domain dns_list = [ domain, nameA, nameB ] conf = HttpdConf() conf.add_admin( "admin@" + domain ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a") conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b") conf.install() # create docRoot folder self._write_res_file( os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA ) self._write_res_file( os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB ) # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md( domain, dns_list ) assert TestEnv.await_completion( [ domain, nameA, nameB ] ) TestEnv.check_md_complete(domain) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() assert TestEnv.get_content( nameA, "/name.txt" ) == nameA assert TestEnv.get_content( nameB, "/name.txt" ) == nameB
def test_310_308(self): # setup: nothing set HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert "require-https" not in TestEnv.a2md(["list" ])['jout']['output'][0] # test case: temporary redirect HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDRequireHttps temporary """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list"])['jout']['output'][0]['require-https'] == "temporary" # test case: permanent redirect HttpdConf(text=""" <MDomainSet testdomain.org> MDMember www.testdomain.org mail.testdomain.org MDRequireHttps permanent </MDomainSet> """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list"])['jout']['output'][0]['require-https'] == "permanent"
def test_702_003(self): domain = self.test_domain nameA = "test-a." + domain nameB = "test-b." + domain domains = [domain, nameA, nameB] # # generate 1 MD and 2 vhosts conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(nameA, docRoot="htdocs/a") conf.add_vhost(nameB, docRoot="htdocs/b") conf.install() # # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB) # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # # check: SSL is running OK certA = TestEnv.get_cert(nameA) assert nameA in certA.get_san_list() certB = TestEnv.get_cert(nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() # assert TestEnv.get_content(nameA, "/name.txt") == nameA assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_920_001(self): # simple MD, drive it, check status before activation domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) # we started without a valid certificate, so we expect /.httpd/certificate-status # to not give information about one and - since we waited for the ACME signup # to complete - to give information in 'renewal' about the new cert. status = TestEnv.get_certificate_status(domain) assert not 'sha256-fingerprint' in status assert not 'valid' in status assert 'renewal' in status assert 'valid' in status['renewal'] assert 'sha256-fingerprint' in status['renewal'] # restart and activate # once activated, the staging must be gone and attributes exist for the active cert assert TestEnv.apache_restart() == 0 status = TestEnv.get_certificate_status(domain) assert not 'renewal' in status assert 'sha256-fingerprint' in status assert 'valid' in status assert 'from' in status['valid']
def test_310_307(self): HttpdConf(text=""" MDPrivateKeys RSA 4096 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['privkey'] == { "type": "RSA", "bits": 4096 } HttpdConf(text=""" MDPrivateKeys RSA 2048 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['privkey'] == { "type": "RSA", "bits": 2048 } HttpdConf(text=""" MDPrivateKeys RSA 4096 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['privkey'] == { "type": "RSA", "bits": 4096 }
def test_310_306(self): HttpdConf(text=""" MDCAChallenges http-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list"])['jout']['output'][0]['ca']['challenges'] == ['http-01'] # test case: drive mode auto HttpdConf(text=""" MDCAChallenges tls-alpn-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md([ "list" ])['jout']['output'][0]['ca']['challenges'] == ['tls-alpn-01'] # test case: drive mode always HttpdConf(text=""" MDCAChallenges http-01 tls-alpn-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['ca']['challenges'] == [ 'http-01', 'tls-alpn-01' ]
def test_310_200(self): dnsList = [ "testdomain.org", "www.testdomain.org", "mail.testdomain.org" ] TestEnv.a2md(["add"] + dnsList) TestEnv.check_md(dnsList, state=1) conf = HttpdConf() conf.install() assert TestEnv.apache_restart() == 0 # check: md stays in store TestEnv.check_md(dnsList, state=1)
def test_310_118(self): HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 HttpdConf(text=""" MDRenewWindow 14d MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_md_status("testdomain.org") assert stat['renew-window'] == '14d'
def test_310_209(self, keySize): HttpdConf(text=""" MDPrivateKeys RSA %s MDomain testdomain.org www.testdomain.org mail.testdomain.org """ % (keySize)).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list"])['jout']['output'][0]['privkey']['type'] == "RSA" # HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert "privkey" not in TestEnv.a2md(["list"])['jout']['output'][0]
def test_310_207(self, renewMode, expCode): HttpdConf(text=""" MDRenewMode %s MDomain testdomain.org www.testdomain.org mail.testdomain.org """ % (renewMode)).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['renew-mode'] == expCode # HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['renew-mode'] == 1
def test_310_211(self): HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDMustStaple on """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['must-staple'] == True # HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['must-staple'] == False
def test_310_208(self): HttpdConf(text=""" MDCAChallenges http-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list"])['jout']['output'][0]['ca']['challenges'] == ['http-01'] # HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert 'challenges' not in TestEnv.a2md(["list" ])['jout']['output'][0]['ca']
def test_310_206(self): HttpdConf(text=""" MDRenewWindow 14d MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['renew-window'] == '14d' HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # check: renew window not set assert TestEnv.a2md(["list" ])['jout']['output'][0]['renew-window'] == '33%'
def test_310_205(self): name = "testdomain.org" HttpdConf(text=""" ServerAdmin mailto:[email protected] MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # setup: sync with admin info removed HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 # check: md stays the same with previous admin info TestEnv.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, contacts=["mailto:[email protected]"])
def test_310_112(self): HttpdConf(text=""" MDRenewMode always MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list"])['jout']['output'][0]['renew-mode'] == 2
def test_310_107(self): HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDomain testdomain2.org www.testdomain2.org mail.testdomain2.org <VirtualHost *:12346> ServerName testdomain.org ServerAlias www.testdomain.org ServerAdmin mailto:[email protected] </VirtualHost> <VirtualHost *:12346> ServerName testdomain2.org ServerAlias www.testdomain2.org ServerAdmin mailto:[email protected] </VirtualHost> """).install() assert TestEnv.apache_restart() == 0 name1 = "testdomain.org" name2 = "testdomain2.org" TestEnv.check_md([name1, "www." + name1, "mail." + name1], state=1, contacts=["mailto:admin@" + name1]) TestEnv.check_md([name2, "www." + name2, "mail." + name2], state=1, contacts=["mailto:admin@" + name2])
def test_300_004(self): assert TestEnv.apache_stop() == 0 HttpdConf(text=""" MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org MDomain example2.org test3.not-forbidden.org www.example2.org mail.example2.org """).install() assert TestEnv.apache_fail() == 0
def test_300_005(self): HttpdConf(text=""" MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org <VirtualHost *:12346> MDomain example2.org www.example2.org www.example3.org </VirtualHost> """).install() assert TestEnv.apache_restart() == 0
def test_310_121(self): HttpdConf(text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDRequireHttps temporary """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md( ["list"])['jout']['output'][0]['require-https'] == "temporary"
def test_310_113b(self): HttpdConf(text=""" MDRenewWindow 10% MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert TestEnv.apache_restart() == 0 assert TestEnv.a2md(["list" ])['jout']['output'][0]['renew-window'] == '10%'
def test_8001(self): domain = self.test_domain dns_list = [domain] conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True) conf.install() # - restart (-> drive), check that md is in store assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) assert TestEnv.apache_restart() == 0 self._check_md_cert(dns_list) cert1 = CertUtil(TestEnv.path_domain_pubcert(domain)) assert not cert1.get_must_staple()
def test_740_000(self): domain = self.test_domain domains = [domain, "invalid!." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last'][ 'problem'] == 'urn:ietf:params:acme:error:rejectedIdentifier' assert md['renewal']['last']['detail'] == ( "Error creating new order :: Cannot issue for \"%s\": Invalid character in DNS name" % (domains[1]))
def test_8001(self): domain = self.test_domain dns_list = [domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[]) conf.install() # - restart (-> drive), check that md is in store assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domain) cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem')) assert not cert1.get_must_staple()
def test_310_108(self): HttpdConf(text=""" MDomain testdomain.org WWW.testdomain.org MAIL.testdomain.org """).install() assert TestEnv.apache_restart() == 0 TestEnv.check_md( ["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state=1)
def test_300_015(self): HttpdConf(text=""" MDPrivateKeys Default MDPrivateKeys RSA MDPrivateKeys RSA 2048 MDPrivateKeys RSA 3072 MDPrivateKeys RSA 4096 """).install() assert TestEnv.apache_restart() == 0 assert (0, 0) == TestEnv.httpd_error_log_count()
def test_300_014(self): HttpdConf(text=""" MDomain %s www.example2.org <VirtualHost *:12346> ServerName www.example2.org </VirtualHost> """ % (TestEnv.HOSTNAME)).install() assert TestEnv.apache_restart() == 0 assert (0, 0) == TestEnv.httpd_error_log_count()
def test_300_012(self): HttpdConf(text=""" MDomain example3.org www.example3.org <VirtualHost *:12346> ServerName not-forbidden.org ServerAlias test3.not-forbidden.org </VirtualHost> """).install() assert TestEnv.apache_restart() == 0 assert (0, 1) == TestEnv.httpd_error_log_count()
def test_702_050(self): domain = self.test_domain conf = HttpdConf() conf.add_line(""" MDBaseServer on ServerAdmin admin@%s ServerName %s """ % (domain, domain)) conf.add_md([domain]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain])