def test_300_004(self):
assert TestEnv.apache_stop() == 0
HttpdConf(text="""
MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org
MDomain example2.org test3.not-forbidden.org www.example2.org mail.example2.org
""").install()
assert TestEnv.apache_fail() == 0
def test_300_011b(self):
# MDomain, misses one ServerAlias, but auto add enabled
TestEnv.install_test_conf("test_001");
assert TestEnv.apache_stop() == 0
TestEnv.install_test_conf("test_011b");
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.apache_err_count()
def test_801_009(self):
assert TestEnv.apache_stop() == 0
md = TestStapling.mdA
domains = [md]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009')
# cert that is 30 more days valid
CertUtil.create_self_signed_cert(domains, {
"notBefore": -60,
"notAfter": 30
},
serial=801009,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.add_line("MDStapling on")
conf.end_md()
conf.add_vhost(md)
conf.install()
assert TestEnv.apache_restart() == 0
time.sleep(1)
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "no response sent"
def test_801_002(self):
md = TestStapling.mdA
TestStapling.configure_httpd(md, ssl_stapling=True).install()
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
stat = TestEnv.get_md_status(md)
assert not stat["stapling"]
#
# turn stapling on, wait for it to appear in connections
TestStapling.configure_httpd(md, "MDStapling on",
ssl_stapling=True).install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
stat = TestEnv.get_md_status(md)
assert stat["stapling"]
assert stat["cert"]["ocsp"]["status"] == "good"
assert stat["cert"]["ocsp"]["valid"]
#
# turn stapling off (explicitly) again, should disappear
TestStapling.configure_httpd(md, "MDStapling off",
ssl_stapling=True).install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
stat = TestEnv.get_md_status(md)
assert not stat["stapling"]
def test_801_008(self):
assert TestEnv.apache_stop() == 0
# turn stapling on, wait for it to appear in connections
md = TestStapling.mdA
conf = TestStapling.configure_httpd()
conf.add_line("MDStapling on")
conf.start_vhost(md)
conf.add_line("""
SSLCertificateKeyFile %s
SSLCertificateFile %s
""" % (TestEnv.store_domain_file(
md, 'privkey.pem'), TestEnv.store_domain_file(md, 'pubcert.pem')))
conf.end_vhost()
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
# fine the file where the ocsp response is stored
dir = os.path.join(TestEnv.STORE_DIR, 'ocsp', 'other')
files = os.listdir(dir)
ocsp_file = None
for name in files:
if name.startswith("ocsp-"):
ocsp_file = os.path.join(dir, name)
assert ocsp_file
def test_801_004(self):
mdA = TestStapling.mdA
mdB = TestStapling.mdB
conf = TestStapling.configure_httpd(ssl_stapling=True)
conf.add_line("""
<MDomain %s>
MDStapling on
</MDomain>
<MDomain %s>
</MDomain>
""" % (mdA, mdB))
conf.add_vhost(mdA)
conf.add_vhost(mdB)
conf.install()
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_restart() == 0
# mdA has stapling
stat = TestEnv.await_ocsp_status(mdA)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
stat = TestEnv.get_md_status(mdA)
assert stat["stapling"]
assert stat["cert"]["ocsp"]["status"] == "good"
assert stat["cert"]["ocsp"]["valid"]
# mdB has no md stapling, but mod_ssl kicks in
stat = TestEnv.get_ocsp_status(mdB)
assert stat['ocsp'] == "successful (0x0)"
stat = TestEnv.get_md_status(mdB)
assert not stat["stapling"]
def test_300_011b(self):
assert TestEnv.apache_stop() == 0
HttpdConf(text="""
MDomain not-forbidden.org auto mail.not-forbidden.org
<VirtualHost *:12346>
ServerName not-forbidden.org
ServerAlias test3.not-forbidden.org
ServerAlias test4.not-forbidden.org
</VirtualHost>
""").install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.httpd_error_log_count()
def test_801_010(self):
assert TestEnv.apache_stop() == 0
TestEnv.clear_ocsp_store()
md = TestStapling.mdA
domains = [md]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDStapling on")
conf.end_md()
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_server_status()
assert stat
def test_7009(self):
domain = self.test_domain
dns_list = [domain]
# prepare md
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_drive_mode("auto")
conf.add_renew_window("10d")
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True)
conf.install()
# restart (-> drive), check that md+cert is in store, TLS is up
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], 30)
self._check_md_cert(dns_list)
cert1 = CertUtil(TestEnv.path_domain_pubcert(domain))
# fetch cert from server
cert2 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert cert1.get_serial() == cert2.get_serial()
# create self-signed cert, with critical remaining valid duration -> drive again
CertUtil.create_self_signed_cert([domain], {
"notBefore": -120,
"notAfter": 9
})
cert3 = CertUtil(TestEnv.path_domain_pubcert(domain))
assert cert3.get_serial() == 1000
time.sleep(1)
assert TestEnv.a2md(["list",
domain])['jout']['output'][0]['renew'] == True
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], 30)
# fetch cert from server -> self-signed still active, activation of new ACME is delayed
cert4 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert cert4.get_serial() == cert3.get_serial()
time.sleep(1)
# restart -> new ACME cert becomes active
assert TestEnv.apache_stop() == 0
assert TestEnv.apache_start() == 0
time.sleep(1)
cert5 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST,
TestEnv.HTTPS_PORT, domain)
assert cert5.get_serial() != cert3.get_serial()
def test_801_005(self):
# TODO: mod_watchdog seems to have problems sometimes with fast restarts
# stopping first works.
assert TestEnv.apache_stop() == 0
# turn stapling on, wait for it to appear in connections
md = TestStapling.mdA
TestStapling.configure_httpd(md, "MDStapling on").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
# fine the file where the ocsp response is stored
dir = os.path.join(TestEnv.STORE_DIR, 'ocsp', md)
files = os.listdir(dir)
ocsp_file = None
for name in files:
if name.startswith("ocsp-"):
ocsp_file = os.path.join(dir, name)
assert ocsp_file
mtime1 = os.path.getmtime(ocsp_file)
# wait a sec, restart and check that file does not change
time.sleep(1)
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
mtime2 = os.path.getmtime(ocsp_file)
assert mtime1 == mtime2
# configure a keep time of 1 second, restart, the file is gone
# (which is a side effec that we load it before the cleanup removes it.
# since it was valid, no new one needed fetching
TestStapling.configure_httpd(
md, """
MDStapling on
MDStaplingKeepResponse 1s
""").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert not os.path.exists(ocsp_file)
# if we restart again, a new file needs to appear
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
mtime3 = os.path.getmtime(ocsp_file)
assert mtime1 != mtime3
def test_801_006(self):
assert TestEnv.apache_stop() == 0
# turn stapling on, wait for it to appear in connections
md = TestStapling.mdA
TestStapling.configure_httpd(md, "MDStapling on").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
assert stat['verify'] == "0 (ok)"
# fine the file where the ocsp response is stored
dir = os.path.join(TestEnv.STORE_DIR, 'ocsp', md)
files = os.listdir(dir)
ocsp_file = None
for name in files:
if name.startswith("ocsp-"):
ocsp_file = os.path.join(dir, name)
assert ocsp_file
mtime1 = os.path.getmtime(ocsp_file)
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
# wait a sec, restart and check that file does not change
time.sleep(1)
mtime2 = os.path.getmtime(ocsp_file)
assert mtime1 == mtime2
# configure a renew window of 10 days, restart, larger than any life time.
TestStapling.configure_httpd(
md, """
MDStapling on
MDStaplingRenewWindow 10d
""").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.await_ocsp_status(md)
assert stat['ocsp'] == "successful (0x0)"
# wait a sec, restart and check that file does change
time.sleep(1)
mtime3 = os.path.getmtime(ocsp_file)
assert mtime1 != mtime3
def test_300_009(self):
assert TestEnv.apache_stop() == 0
HttpdConf(text="""
MDMembers manual
MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org
MDomain example2.org www.example2.org www.example3.org
<VirtualHost *:12346>
ServerName example2.org
ServerAlias www.example3.org
</VirtualHost>
<VirtualHost *:12346>
ServerName www.example2.org
ServerAlias example2.org
</VirtualHost>
<VirtualHost *:12346>
ServerName not-forbidden.org
ServerAlias example2.org
</VirtualHost>
""").install()
assert TestEnv.apache_fail() == 0
def test_300_011(self):
# ManagedDomain, misses one ServerAlias
assert TestEnv.apache_stop() == 0
TestEnv.install_test_conf("test_011")
assert TestEnv.apache_fail() == 0
assert (1, 0) == TestEnv.apache_err_count()
def test_300_004(self):
# two MDomain definitions, overlapping
TestEnv.install_test_conf("test_001");
assert TestEnv.apache_stop() == 0
TestEnv.install_test_conf("test_004");
assert TestEnv.apache_fail() == 0
def teardown_module(module):
print("teardown_module module:%s" % module.__name__)
TestEnv.apache_stop()
def test_300_003(self):
# two MDomain definitions, exactly the same
assert TestEnv.apache_stop() == 0
TestEnv.install_test_conf("test_003");
assert TestEnv.apache_fail() == 0
def setup_module(module):
print("setup_module: %s" % module.__name__)
TestEnv.init()
assert TestEnv.apache_stop() == 0
def test_300_009(self):
# vhosts with overlapping MDs
assert TestEnv.apache_stop() == 0
TestEnv.install_test_conf("test_009");
assert TestEnv.apache_fail() == 0
def teardown_class(cls):
print("teardown_class:%s" % cls.__name__)
assert TestEnv.apache_stop() == 0
