def test_801_009(self):
assert TestEnv.apache_stop() == 0
md = TestStapling.mdA
domains = [md]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009')
# cert that is 30 more days valid
TestEnv.create_self_signed_cert(domains, {
"notBefore": -60,
"notAfter": 30
},
serial=801009,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % cert_file)
conf.add_line("MDCertificateKeyFile %s" % pkey_file)
conf.add_line("MDStapling on")
conf.end_md()
conf.add_vhost(md)
conf.install()
assert TestEnv.apache_restart() == 0
time.sleep(1)
stat = TestEnv.get_ocsp_status(md)
assert stat['ocsp'] == "no response sent"
def test_901_011(self):
# MD with static cert files, lifetime in warn window, check message
domain = self.test_domain
domains = [ domain, 'www.%s' % domain ]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_011')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, { "notBefore": -85, "notAfter": 5 },
serial=901011, path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**" )
conf.add_message_cmd( "%s %s" % (self.mcmd, self.mlog) )
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_file(self.mlog)
nlines = open(self.mlog).readlines()
assert 1+self.menv_lines == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
# check that we do not get it resend right away again
assert TestEnv.apache_restart() == 0
time.sleep(1)
nlines = open(self.mlog).readlines()
assert 1+self.menv_lines == len(nlines)
assert ("['%s', '%s', 'expiring', '%s']" % (self.mcmd, self.mlog, domain)) == nlines[0].strip()
def test_901_010(self):
# MD with static cert files, lifetime in renewal window, no message about renewal
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_010')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, {
"notBefore": -70,
"notAfter": 20
},
serial=901010,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog))
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert not os.path.isfile(self.mlog)
def test_730_002(self):
# MD with static cert files, force driving
domain = self.test_domain
domains = [ domain, 'www.%s' % domain ]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, { "notBefore": -80, "notAfter": 10 },
serial=730001, path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**" )
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.add_line("MDRenewMode always")
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
# check if the domain uses it, it appears in our stats and renewal is off
cert = TestEnv.get_cert(domain)
assert ('%X' % 730001) == cert.get_serial()
stat = TestEnv.get_md_status(domain)
assert stat
assert 'cert' in stat
assert stat['renew'] == True
assert TestEnv.await_renewal(domains)
def test_730_003(self):
# just configuring one file will not work
domain = self.test_domain
domains = [ domain, 'www.%s' % domain ]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, { "notBefore": -80, "notAfter": 10 },
serial=730001, path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf.add_admin("*****@*****.**" )
conf.start_md(domains)
conf.add_line("MDCertificateFile %s" % (cert_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_fail() == 0
conf = HttpdConf()
conf.add_admin("*****@*****.**" )
conf.start_md(domains)
conf.add_line("MDCertificateKeyFile %s" % (pkey_file))
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_fail() == 0
def test_710_003(self):
domain = "a-" + self.test_domain
domainb = "b-" + self.test_domain
# use ACMEv1 initially
TestEnv.set_acme('acmev1')
ca_url = TestEnv.ACME_URL
domains = [domain, "www." + domain]
conf = HttpdConf(local_CA=False,
text="""
ServerAdmin [email protected]
MDCertificateAuthority %s
MDCertificateAgreement accepted
MDMembers auto
""" % (ca_url))
conf.add_md([domain])
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
assert (0, 0) == TestEnv.httpd_error_log_count()
TestEnv.check_md(domains, ca=ca_url)
# use ACMEv2 now, same MD, no CA url
TestEnv.set_acme('acmev2')
# this changes the default CA url
assert TestEnv.ACME_URL_DEFAULT != ca_url
conf = HttpdConf(local_CA=False,
text="""
ServerAdmin [email protected]
MDCertificateAgreement accepted
MDMembers auto
""")
conf.start_md([domain])
conf.end_md()
conf.start_md2([domainb])
# this willg get the reald Let's Encrypt URL assigned, turn off
# auto renewal, so we will not talk to them
conf.add_line("MDRenewMode manual")
conf.end_md2()
conf.add_vhost(domains)
conf.add_vhost(domainb)
conf.install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.httpd_error_log_count()
# the existing MD was migrated to new CA url
TestEnv.check_md(domains, ca=TestEnv.ACME_URL_DEFAULT)
# the new MD got the new default anyway
TestEnv.check_md([domainb], ca=TestEnv.ACME_URL_DEFAULT)
def test_920_011(self):
# MD with static cert files in base server, see issue #161
domain = self.test_domain
domains = [domain, 'www.%s' % domain]
testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_011')
# cert that is only 10 more days valid
TestEnv.create_self_signed_cert(domains, {
"notBefore": -70,
"notAfter": 20
},
serial=920011,
path=testpath)
cert_file = os.path.join(testpath, 'pubcert.pem')
pkey_file = os.path.join(testpath, 'privkey.pem')
assert os.path.exists(cert_file)
assert os.path.exists(pkey_file)
conf = HttpdConf()
conf = HttpdConf(std_vhosts=False,
text=f"""
LogLevel md:trace2
LogLevel ssl:debug
MDPortMap http:- https:{TestEnv.HTTPS_PORT}
Listen {TestEnv.HTTPS_PORT}
ServerAdmin [email protected]
ServerName {domain}
SSLEngine on
Protocols h2 http/1.1 acme-tls/1
MDBaseServer on
<Location "/server-status">
SetHandler server-status
</Location>
<Location "/md-status">
SetHandler md-status
</Location>
""")
conf.start_md(domains)
conf.add_line(f"MDCertificateFile {cert_file}")
conf.add_line(f"MDCertificateKeyFile {pkey_file}")
conf.end_md()
conf.install()
TestEnv.HTTPD_CHECK_URL = TestEnv.HTTPD_URL_SSL
assert TestEnv.apache_restart() == 0
status = TestEnv.get_md_status(domain)
assert status
assert not 'renewal' in status
print(status)
assert status['state'] == TestEnv.MD_S_COMPLETE
assert status['renew-mode'] == 1 # manual
def test_310_310(self, window):
# non-default renewal setting
domain = self.test_domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.start_md([domain])
conf.add_drive_mode("manual")
conf.add_renew_window(window)
conf.end_md()
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_md_status(domain)
assert stat["renew-window"] == window
def test_801_010(self):
assert TestEnv.apache_stop() == 0
TestEnv.clear_ocsp_store()
md = TestStapling.mdA
domains = [md]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.start_md(domains)
conf.add_line("MDStapling on")
conf.end_md()
conf.install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_server_status()
assert stat
def test_310_501(self):
# setup: create complete md in store
domain = self.test_domain
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.start_md([domain])
conf.end_md()
conf.add_vhost(domain)
conf.add_line('LogLevel md:trace1')
conf.install()
assert TestEnv.apache_restart() == 0
# add a file at top level
assert TestEnv.await_completion([domain])
fpath = os.path.join(TestEnv.store_domains(), "wrong.com")
with open(fpath, 'w') as fd:
fd.write("this does not belong here\n")
assert TestEnv.apache_restart() == 0
def test_810_002(self):
domain = self.test_domain
# generate config with one MD
domains = [domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_line("MDPrivateKeys secp256r1")
conf.start_md(domains)
conf.add_line(" MDPrivateKeys secp384r1")
conf.end_md()
conf.add_vhost(domains)
self.set_get_check_pkeys(domain, [
{
'spec': "secp384r1",
'ciphers': "ECDSA",
'keylen': 384
},
{
'spec': "",
'ciphers': "RSA",
'keylen': 0
},
])
