def test_702_042(self): domain = self.test_domain dns_list = [domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_line("SSLCertificateChainFile %s" % (self._path_conf_ssl("valid_cert.pem"))) conf.add_drive_mode("auto") conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, dns_list) conf.install() assert TestEnv.apache_restart() == 0
def test_700_008a(self): domain = self.test_domain domains = [domain] conf = HttpdConf(proxy=True) conf.add_admin("admin@" + domain) conf.add_drive_mode("always") conf.add_http_proxy("http://localhost:%s" % TestEnv.HTTP_PROXY_PORT) conf.add_md(domains) conf.install() # # - restart (-> drive), check that md is in store assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domain)
def test_920_004(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_line("MDCertificateStatus off") conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) status = TestEnv.get_md_status("") assert "version" in status assert "managed-domains" in status assert 1 == len(status["managed-domains"])
def test_901_001(self): domain = self.test_domain domains = [ domain, "www." + domain ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_message_cmd( "blablabla" ) conf.add_drive_mode( "auto" ) conf.add_md( domains ) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ], restart=False ) stat = TestEnv.get_md_status(domain) # this command should have failed and logged an error assert stat["renewal"]["last"]["problem"] == "urn:org:apache:httpd:log:AH10109:"
def configure_httpd(cls, domains=None, add_lines="", ssl_stapling=False): if not isinstance(domains, list): domains = [domains] if domains else [] conf = HttpdConf() conf.add_admin("admin@" + cls.domain) if ssl_stapling: conf.add_line(""" LogLevel ssl:trace2 SSLUseStapling On SSLStaplingCache \"shmcb:logs/ssl_stapling(32768)\" """) conf.add_line(add_lines) for domain in domains: conf.add_md([domain]) conf.add_vhost(domain) return conf
def test_810_004(self): domain = self.test_domain # generate config with one MD domains = [domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("MDPrivateKeys secp192r1") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last'][ 'problem'] == 'urn:ietf:params:acme:error:malformed'
def test_920_010(self): domain = self.test_domain domains = [domain] conf = HttpdConf(std_vhosts=False, text=""" LogLevel md:trace2 LogLevel ssl:debug MDBaseServer on MDPortMap http:- https:%s Listen %s ServerAdmin [email protected] ServerName %s SSLEngine on Protocols h2 http/1.1 acme-tls/1 <Location "/server-status"> SetHandler server-status </Location> <Location "/md-status"> SetHandler md-status </Location> """ % (TestEnv.HTTPS_PORT, TestEnv.HTTPS_PORT, domain)) conf.add_md(domains) conf.install() TestEnv.HTTPD_CHECK_URL = TestEnv.HTTPD_URL_SSL assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) status = TestEnv.get_md_status("") assert "version" in status assert "managed-domains" in status assert 1 == len(status["managed-domains"]) # get the html page status = TestEnv.get_server_status() assert re.search(r'<h3>Managed Certificates</h3>', status, re.MULTILINE) # get the ascii summary status = TestEnv.get_server_status(query="?auto") m = re.search( r'Managed Certificates: total=(\d+), ok=(\d+) renew=(\d+) errored=(\d+) ready=(\d+)', status, re.MULTILINE) assert 1 == int(m.group(1)) assert 0 == int(m.group(2)) assert 1 == int(m.group(3)) assert 0 == int(m.group(4)) assert 1 == int(m.group(5))
def test_702_052(self): domain = self.test_domain conf = HttpdConf() conf.add_line(""" MDBaseServer on MDPortMap http:- Protocols h2 http/1.1 acme-tls/1 ServerAdmin admin@%s ServerName %s SSLEngine on """ % (domain, domain)) conf.add_md([domain]) conf.install() assert TestEnv.apache_restart() == 0 stat = TestEnv.get_md_status(domain) assert stat["proto"]["acme-tls/1"] == [domain] assert TestEnv.await_completion([domain])
def test_740_000(self): domain = self.test_domain domains = [domain, "invalid!." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last'][ 'problem'] == 'urn:ietf:params:acme:error:rejectedIdentifier' assert md['renewal']['last']['detail'] == ( "Error creating new order :: Cannot issue for \"%s\": Domain name contains an invalid character" % (domains[1]))
def test_702_031(self): domain = self.test_domain nameX = "test-x." + domain nameA = "test-a." + domain nameB = "test-b." + domain nameC = "test-c." + domain domains = [nameX, nameA, nameB] # # generate 1 MD and 2 vhosts conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(nameA) conf.add_vhost(nameB) conf.install() # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([nameX]) TestEnv.check_md_complete(nameX) # # check: SSL is running OK certA = TestEnv.get_cert(nameA) assert nameA in certA.get_san_list() certB = TestEnv.get_cert(nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() # # change MD by removing 1st name and adding another new_list = [nameA, nameB, nameC] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(new_list) conf.add_vhost(nameA) conf.add_vhost(nameB) conf.install() # restart, check that host still works and have new cert assert TestEnv.apache_restart() == 0 TestEnv.check_md(new_list) assert TestEnv.await_completion([nameA]) # certA2 = TestEnv.get_cert(nameA) assert nameA in certA2.get_san_list() assert certA.get_serial() != certA2.get_serial()
def test_500_110(self): # test case: SSL-only domain, override headers generated by mod_md # setup: prepare config domain = self.test_domain name = "www." + domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_require_ssl("permanent") conf.add_md([name]) conf.add_vhost(name, port=TestEnv.HTTP_PORT) conf.add_vhost(name) conf.install() assert TestEnv.apache_restart() == 0 # drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 assert TestEnv.apache_restart() == 0 # test override HSTS header conf._add_line( ' Header set Strict-Transport-Security "max-age=10886400; includeSubDomains; preload"' ) conf.install() assert TestEnv.apache_restart() == 0 r = TestEnv.get_meta(name, "/name.txt", useHTTPS=True) assert r['http_headers'][ 'Strict-Transport-Security'] == 'max-age=10886400; includeSubDomains; preload' # test override Location header conf._add_line(' Redirect /a /name.txt') conf._add_line(' Redirect seeother /b /name.txt') conf.install() assert TestEnv.apache_restart() == 0 # check: default redirect by mod_md still works expLocation = "https://%s/name.txt" % name r = TestEnv.get_meta(name, "/name.txt", useHTTPS=False) assert r['http_status'] == 301 assert r['http_headers']['Location'] == expLocation # check: redirect as given by mod_alias expLocation = "https://%s/a" % name r = TestEnv.get_meta(name, "/a", useHTTPS=False) assert r[ 'http_status'] == 301 # FAIL: mod_alias generates Location header instead of mod_md assert r['http_headers']['Location'] == expLocation
def test_700_032(self): domain = self.test_domain name1 = "server1." + domain name2 = "server2.b" + domain # need a separate TLD to avoid rate limites # # generate 2 MDs and 2 vhosts conf = HttpdConf() conf.add_admin("admin@" + domain) conf._add_line("MDMembers auto") conf.add_md([name1]) conf.add_md([name2]) conf.add_vhost(name1) conf.add_vhost(name2) conf.install() # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md([name1]) TestEnv.check_md([name2]) assert TestEnv.await_completion([name1, name2]) TestEnv.check_md_complete(name2) # # check: SSL is running OK cert1 = TestEnv.get_cert(name1) assert name1 in cert1.get_san_list() cert2 = TestEnv.get_cert(name2) assert name2 in cert2.get_san_list() # # remove second md and vhost, add name2 to vhost1 conf = HttpdConf() conf.add_admin("admin@" + domain) conf._add_line("MDMembers auto") conf.add_md([name1]) conf.add_vhost([name1, name2], docRoot="htdocs/a") conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md([name1, name2]) assert TestEnv.await_completion([name1]) # cert1b = TestEnv.get_cert(name1) assert name1 in cert1b.get_san_list() assert name2 in cert1b.get_san_list() assert cert1.get_serial() != cert1b.get_serial()
def test_901_020(self): domain = self.test_domain domains = [ domain ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) ) conf.add_drive_mode( "auto" ) conf.add_md(domains) conf.add_line("MDStapling on") conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ] ) stat = TestEnv.await_ocsp_status(domain) assert os.path.isfile(self.mlog) nlines = open(self.mlog).readlines() assert 2 == len(nlines) assert ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip() assert ("['%s', '%s', 'ocsp-renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[1].strip()
def test_700_008(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("always") conf.add_http_proxy("http://localhost:1") conf.add_md(domains) conf.install() # # - restart (-> drive) assert TestEnv.apache_restart() == 0 # await drive completion md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last'][ 'status-description'] == 'Connection refused' assert 'account' not in md['ca']
def test_720_001(self): domain = self.test_domain # generate config with DNS wildcard domains = [domain, "*." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domains) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # await drive completion md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last']['problem'] == 'challenge-mismatch'
def test_602_002(self): # test case: one md, that covers two vhosts domain = self.test_domain name_a = "a." + domain name_b = "b." + domain domains = [domain, name_a, name_b] # - generate config with one md conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(domains) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # - drive assert TestEnv.a2md(["drive", domain])['rv'] == 0 assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domain) # - append vhost to config conf.add_vhost(name_a, doc_root="htdocs/a") conf.add_vhost(name_b, doc_root="htdocs/b") conf.install() # - create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", name_a) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", name_b) # check: SSL is running OK assert TestEnv.apache_restart() == 0 cert_a = TestEnv.get_cert(name_a) assert name_a in cert_a.get_san_list() cert_b = TestEnv.get_cert(name_b) assert name_b in cert_b.get_san_list() assert cert_a.same_serial_as(cert_b) assert TestEnv.get_content(name_a, "/name.txt") == name_a assert TestEnv.get_content(name_b, "/name.txt") == name_b
def test_740_001(self): domain = self.test_domain domains = [domain, "invalid1!." + domain, "invalid2!." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last'][ 'problem'] == 'urn:ietf:params:acme:error:rejectedIdentifier' # just check the beginning, reported name seems to vary sometimes assert md['renewal']['last']['detail'].startswith( "Error creating new order :: Cannot issue for") assert md['renewal']['last']['subproblems'] assert len(md['renewal']['last']['subproblems']) == 2
def test_901_003(self): domain = self.test_domain domains = [ domain, "www." + domain ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) ) conf.add_drive_mode( "auto" ) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ], restart=False ) stat = TestEnv.get_md_status(domain) # this command did not fail and logged itself the correct information assert stat["renewal"]["last"]["status"] == 0 assert stat["renewal"]["log"]["entries"] assert stat["renewal"]["log"]["entries"][0]["type"] == "message-renewed" nlines = open(self.mlog).readlines() assert 1 == len(nlines) assert ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
def test_500_120(self): # test case: NP dereference reported by Daniel Caminada <*****@*****.**> domain = self.test_domain name = "www." + domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md([name]) conf.add_vhost(name) conf.install() assert TestEnv.apache_restart() == 0 r = TestEnv.run([ "openssl", "s_client", "-connect", "%s:%s" % (TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT), "-servername", "example.com", "-crlf" ], "GET https:// HTTP/1.1\nHost: example.com\n\n") assert TestEnv.apache_restart() == 0 # assert that no crash is reported in the log assert not TestEnv.httpd_error_log_scan( re.compile("^.* child pid \S+ exit .*$"))
def test_600_002(self): # test case: one md, that covers two vhosts domain = self.test_domain nameA = "a-" + domain nameB = "b-" + domain domains = [domain, nameA, nameB] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(domains) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # - drive assert TestEnv.a2md(["drive", domain])['rv'] == 0 assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domain) # - append vhost to config conf.add_vhost(nameA, docRoot="htdocs/a") conf.add_vhost(nameB, docRoot="htdocs/b") conf.install() # - create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB) # check: SSL is running OK assert TestEnv.apache_restart() == 0 certA = TestEnv.get_cert(nameA) assert nameA in certA.get_san_list() certB = TestEnv.get_cert(nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() assert TestEnv.get_content(nameA, "/name.txt") == nameA assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_700_030(self): domain = self.test_domain nameX = "x." + domain nameA = "a." + domain nameB = "b." + domain domains = [nameX, nameA, nameB] # # generate 1 MD and 2 vhosts conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(nameA) conf.add_vhost(nameB) conf.install() # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([nameX]) TestEnv.check_md_complete(nameX) # # check: SSL is running OK certA = TestEnv.get_cert(nameA) assert nameA in certA.get_san_list() certB = TestEnv.get_cert(nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() # # change MD by removing 1st name new_list = [nameA, nameB] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(new_list) conf.add_vhost(nameA) conf.add_vhost(nameB) conf.install() # restart, check that host still works and have same cert assert TestEnv.apache_restart() == 0 TestEnv.check_md(new_list) status = TestEnv.get_certificate_status(nameA) assert status['serial'] == certA.get_serial()
def test_920_002(self): domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) # copy a real certificate from LE over to staging staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain, 'pubcert.pem') real_cert = os.path.join('data', 'test_920', '002.pubcert') assert copyfile(real_cert, staged_cert) status = TestEnv.get_certificate_status(domain) # status shows the copied cert's properties as staged assert 'renewal' in status assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['cert']['rsa']['valid']['until'] assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['cert']['rsa']['valid']['from'] assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal']['cert']['rsa']['serial'] assert 'sha256-fingerprint' in status['renewal']['cert']['rsa']
def test_500_111(self): # test case: vhost with parallel HTTP/HTTPS, check mod_alias redirects # setup: prepare config domain = self.test_domain name = "www." + domain conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md([name]) conf._add_line(" LogLevel alias:debug") conf.add_vhost(name, port=TestEnv.HTTP_PORT) conf.add_vhost(name) conf.install() assert TestEnv.apache_restart() == 0 # drive it assert TestEnv.a2md(["drive", name])['rv'] == 0 assert TestEnv.apache_restart() == 0 # setup: place redirect rules conf._add_line(' Redirect /a /name.txt') conf._add_line(' Redirect seeother /b /name.txt') conf.install() assert TestEnv.apache_restart() == 0 # check: redirects on HTTP expLocation = "http://%s:%s/name.txt" % (name, TestEnv.HTTP_PORT) r = TestEnv.get_meta(name, "/a", useHTTPS=False) assert r['http_status'] == 302 assert r['http_headers']['Location'] == expLocation r = TestEnv.get_meta(name, "/b", useHTTPS=False) assert r['http_status'] == 303 assert r['http_headers']['Location'] == expLocation # check: redirects on HTTPS expLocation = "https://%s:%s/name.txt" % (name, TestEnv.HTTPS_PORT) r = TestEnv.get_meta(name, "/a", useHTTPS=True) assert r['http_status'] == 302 assert r['http_headers'][ 'Location'] == expLocation # FAIL: expected 'https://...' but found 'http://...' r = TestEnv.get_meta(name, "/b", useHTTPS=True) assert r['http_status'] == 303 assert r['http_headers']['Location'] == expLocation
def test_702_041(self): domain = self.test_domain domains = [domain, "www." + domain] # # generate 1 MD and 1 vhost conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf.add_md(domains) conf.add_vhost(domains) conf.install() # # restart (-> drive), check that MD job shows errors # and that missing proto is detected assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # check that acme-tls/1 is available for none of the domains stat = TestEnv.get_md_status(domain) assert stat["proto"]["acme-tls/1"] == []
def test_720_000(self): domain = self.test_domain # switch to ACMEv1 TestEnv.initv1() # generate config with DNS wildcard domains = [ domain, "*." + domain ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_md( domains ) conf.add_vhost(domains) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md( domains ) # await drive error as ACMEv1 does not accept DNS wildcards md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last']['problem'] == 'urn:acme:error:malformed'
def test_700_004(self, challengeType): # generate 1 MD and 1 vhost domain = self.test_domain domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges([challengeType]) conf.add_md(domains) conf.add_vhost(domains) conf.install() # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # # check SSL running OK cert = TestEnv.get_cert(domain) assert domain in cert.get_san_list()
def test_720_002(self): dns01cmd = ("%s/dns01-not-found.py" % TestEnv.TESTROOT) domain = self.test_domain domains = [domain, "*." + domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_ca_challenges(["dns-01"]) conf.add_dns01_cmd(dns01cmd) conf.add_md(domains) conf.add_vhost(domains) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # await drive completion md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last']['problem'] == 'challenge-setup-failure'
def test_901_020(self): domain = self.test_domain domains = [ domain ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) ) conf.add_drive_mode( "auto" ) conf.add_md(domains) conf.add_line("MDStapling on") conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ] ) stat = TestEnv.await_ocsp_status(domain) assert TestEnv.await_file(self.mlog) nlines = open(self.mlog).readlines() # since v2.1.10, the 'installed' message is second in log lc = 1+self.menv_lines assert 3*lc == len(nlines) assert ("['%s', '%s', 'renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0*lc].strip() assert ("['%s', '%s', 'installed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[1*lc].strip() assert ("['%s', '%s', 'ocsp-renewed', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[2*lc].strip()
def test_602_001(self): # test case: same as test_600_000, but with two parallel managed domains domain_a = "a-" + self.test_domain domain_b = "b-" + self.test_domain # - generate config with one md domains_a = [domain_a, "www." + domain_a] domains_b = [domain_b, "www." + domain_b] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_drive_mode("manual") conf.add_md(domains_a) conf.add_md(domains_b) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains_a) TestEnv.check_md(domains_b) # - drive assert TestEnv.a2md(["drive", domain_a])['rv'] == 0 assert TestEnv.a2md(["drive", domain_b])['rv'] == 0 assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domain_a) TestEnv.check_md_complete(domain_b) # - append vhost to config conf.add_vhost(domains_a) conf.add_vhost(domains_b) conf.install() # check: SSL is running OK assert TestEnv.apache_restart() == 0 cert_a = TestEnv.get_cert(domain_a) assert domains_a == cert_a.get_san_list() cert_b = TestEnv.get_cert(domain_b) assert domains_b == cert_b.get_san_list()
def test_702_009(self): domain = self.test_domain domains = [domain] # # prepare md conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_renew_window("10d") conf.add_md(domains) conf.add_vhost(domain) conf.install() # # restart (-> drive), check that md+cert is in store, TLS is up assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem')) # compare with what md reports as status stat = TestEnv.get_certificate_status(domain) assert stat['serial'] == cert1.get_serial() # # create self-signed cert, with critical remaining valid duration -> drive again TestEnv.create_self_signed_cert([domain], { "notBefore": -120, "notAfter": 2 }, serial=7029) cert3 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem')) assert cert3.get_serial() == '1B75' assert TestEnv.apache_restart() == 0 stat = TestEnv.get_certificate_status(domain) assert stat['serial'] == cert3.get_serial() # # cert should renew and be different afterwards assert TestEnv.await_completion([domain], must_renew=True) stat = TestEnv.get_certificate_status(domain) assert stat['serial'] != cert3.get_serial()