def check_md_credentials(cls, domain):
if isinstance(domain, list):
domains = domain
domain = domains[0]
# check private key, validate certificate, etc
CertUtil.validate_privkey(cls.store_domain_file(domain, 'privkey.pem'))
cert = CertUtil(cls.store_domain_file(domain, 'pubcert.pem'))
cert.validate_cert_matches_priv_key(
cls.store_domain_file(domain, 'privkey.pem'))
# check SANs and CN
assert cert.get_cn() == domain
# compare lists twice in opposite directions: SAN may not respect ordering
sanList = list(cert.get_san_list())
assert len(sanList) == len(domains)
assert set(sanList).issubset(domains)
assert set(domains).issubset(sanList)
# check valid dates interval
notBefore = cert.get_not_before()
notAfter = cert.get_not_after()
assert notBefore < datetime.now(notBefore.tzinfo)
assert notAfter > datetime.now(notAfter.tzinfo)
def test_700_005(self):
# generate 1 MD and 1 vhost
domain = self.test_domain
nameA = "a." + domain
domains = [domain, nameA]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_drive_mode("manual")
conf.add_md(domains)
conf.add_vhost(nameA, docRoot="htdocs/a")
conf.install()
#
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
#
# restart, check that md is in store
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
#
# check: that request to domains give 503 Service Unavailable
cert1 = TestEnv.get_cert(nameA)
assert nameA in cert1.get_san_list()
assert TestEnv.getStatus(nameA, "/name.txt") == 503
#
# check temporary cert from server
cert2 = CertUtil(TestEnv.path_fallback_cert(domain))
assert cert1.get_serial() == cert2.get_serial(), \
"Unexpected temporary certificate on vhost %s. Expected cn: %s , but found cn: %s" % ( nameA, cert2.get_cn(), cert1.get_cn() )