示例#1
0
    def test_loadmod_rootconf_exists(self):
        sslmod_args = ["ssl_module", "modules/mod_ssl.so"]
        rootconf_ifmod = self.config.parser.get_ifmod(parser.get_aug_path(
            self.config.parser.loc["default"]),
                                                      "!mod_ssl.c",
                                                      beginning=True)
        self.config.parser.add_dir(rootconf_ifmod[:-1], "LoadModule",
                                   sslmod_args)
        self.config.save()
        # Get the example vhost
        self.config.assoc["test.example.com"] = self.vh_truth[0]
        self.config.deploy_cert("random.demo", "example/cert.pem",
                                "example/key.pem", "example/cert_chain.pem",
                                "example/fullchain.pem")
        self.config.save()

        root_loadmods = self.config.parser.find_dir(
            "LoadModule",
            "ssl_module",
            start=parser.get_aug_path(self.config.parser.loc["default"]),
            exclude=False)

        mods = [
            lm for lm in root_loadmods
            if self.config.parser.loc["default"] in lm
        ]

        self.assertEqual(len(mods), 1)
        # [:-7] removes "/arg[#]" from the path
        self.assertEqual(self.config.parser.get_all_args(mods[0][:-7]),
                         sslmod_args)
示例#2
0
    def test_loadmod_rootconf_exists(self):
        sslmod_args = ["ssl_module", "modules/mod_ssl.so"]
        rootconf_ifmod = self.config.parser.get_ifmod(
            parser.get_aug_path(self.config.parser.loc["default"]),
            "!mod_ssl.c", beginning=True)
        self.config.parser.add_dir(rootconf_ifmod[:-1], "LoadModule", sslmod_args)
        self.config.save()
        # Get the example vhost
        self.config.assoc["test.example.com"] = self.vh_truth[0]
        self.config.deploy_cert(
            "random.demo", "example/cert.pem", "example/key.pem",
            "example/cert_chain.pem", "example/fullchain.pem")
        self.config.save()

        root_loadmods = self.config.parser.find_dir(
            "LoadModule", "ssl_module",
            start=parser.get_aug_path(self.config.parser.loc["default"]),
            exclude=False)

        mods = [lm for lm in root_loadmods if self.config.parser.loc["default"] in lm]

        self.assertEqual(len(mods), 1)
        # [:-7] removes "/arg[#]" from the path
        self.assertEqual(
            self.config.parser.get_all_args(mods[0][:-7]),
            sslmod_args)
示例#3
0
 def test_add_comment(self):
     from certbot_apache.parser import get_aug_path
     self.parser.add_comment(get_aug_path(self.parser.loc["name"]),
                             "123456")
     comm = self.parser.find_comments("123456")
     self.assertEqual(len(comm), 1)
     self.assertTrue(self.parser.loc["name"] in comm[0])
示例#4
0
    def test_ocsp_stapling(self, mock_exe, mock_run_script):
        self.config.parser.update_runtime_variables = mock.Mock()
        self.config.parser.modules.add("mod_ssl.c")
        self.config.get_version = mock.Mock(return_value=(2, 4, 7))
        mock_exe.return_value = True

        # This will create an ssl vhost for certbot.demo
        self.config.enhance("certbot.demo", "staple-ocsp")

        self.assertTrue("socache_shmcb_module" in self.config.parser.modules)
        self.assertTrue(mock_run_script.called)

        # Get the ssl vhost for certbot.demo
        ssl_vhost = self.config.assoc["certbot.demo"]

        ssl_use_stapling_aug_path = self.config.parser.find_dir(
            "SSLUseStapling", "on", ssl_vhost.path)

        self.assertEqual(len(ssl_use_stapling_aug_path), 1)

        ssl_vhost_aug_path = parser.get_aug_path(ssl_vhost.filep)
        stapling_cache_aug_path = self.config.parser.find_dir('SSLStaplingCache',
                    "shmcb:/var/run/apache2/stapling_cache(128000)",
                    ssl_vhost_aug_path)

        self.assertEqual(len(stapling_cache_aug_path), 1)
示例#5
0
    def test_ocsp_stapling_twice(self, mock_exe):
        self.config.parser.update_runtime_variables = mock.Mock()
        self.config.parser.modules.add("mod_ssl.c")
        self.config.parser.modules.add("socache_shmcb_module")
        self.config.get_version = mock.Mock(return_value=(2, 4, 7))
        mock_exe.return_value = True

        # Checking the case with already enabled ocsp stapling configuration
        self.config.enhance("ocspvhost.com", "staple-ocsp")

        # Get the ssl vhost for letsencrypt.demo
        ssl_vhost = self.config.assoc["ocspvhost.com"]

        ssl_use_stapling_aug_path = self.config.parser.find_dir(
            "SSLUseStapling", "on", ssl_vhost.path)

        self.assertEqual(len(ssl_use_stapling_aug_path), 1)

        ssl_vhost_aug_path = parser.get_aug_path(ssl_vhost.filep)
        stapling_cache_aug_path = self.config.parser.find_dir(
            'SSLStaplingCache',
            "shmcb:/var/run/apache2/stapling_cache(128000)",
            ssl_vhost_aug_path)

        self.assertEqual(len(stapling_cache_aug_path), 1)
示例#6
0
    def _conf_include_check(self, main_config):
        """Add TLS-SNI-01 challenge conf file into configuration.

        Adds TLS-SNI-01 challenge include file if it does not already exist
        within mainConfig

        :param str main_config: file path to main user apache config file

        """
        if len(
                self.configurator.parser.find_dir(parser.case_i("Include"),
                                                  self.challenge_conf)) == 0:
            # print "Including challenge virtual host(s)"
            logger.debug("Adding Include %s to %s", self.challenge_conf,
                         parser.get_aug_path(main_config))
            self.configurator.parser.add_dir(parser.get_aug_path(main_config),
                                             "Include", self.challenge_conf)
示例#7
0
    def _conf_include_check(self, main_config):
        """Add TLS-SNI-01 challenge conf file into configuration.

        Adds TLS-SNI-01 challenge include file if it does not already exist
        within mainConfig

        :param str main_config: file path to main user apache config file

        """
        if len(self.configurator.parser.find_dir(
                parser.case_i("Include"), self.challenge_conf)) == 0:
            # print "Including challenge virtual host(s)"
            logger.debug("Adding Include %s to %s",
                         self.challenge_conf, parser.get_aug_path(main_config))
            self.configurator.parser.add_dir(
                parser.get_aug_path(main_config),
                "Include", self.challenge_conf)
 def verify_fnmatch(self, arg, hit=True):
     """Test if Include was correctly parsed."""
     from certbot_apache import parser
     self.parser.add_dir(parser.get_aug_path(self.parser.loc["default"]),
                         "Include", [arg])
     if hit:
         self.assertTrue(self.parser.find_dir("FNMATCH_DIRECTIVE"))
     else:
         self.assertFalse(self.parser.find_dir("FNMATCH_DIRECTIVE"))
 def verify_fnmatch(self, arg, hit=True):
     """Test if Include was correctly parsed."""
     from certbot_apache import parser
     self.parser.add_dir(parser.get_aug_path(self.parser.loc["default"]),
                         "Include", [arg])
     if hit:
         self.assertTrue(self.parser.find_dir("FNMATCH_DIRECTIVE"))
     else:
         self.assertFalse(self.parser.find_dir("FNMATCH_DIRECTIVE"))
示例#10
0
    def test_add_dir_to_ifmodssl_multiple(self):
        from certbot_apache.parser import get_aug_path
        # This makes sure that find_dir will work
        self.parser.modules.add("mod_ssl.c")

        self.parser.add_dir_to_ifmodssl(
            get_aug_path(self.parser.loc["default"]),
            "FakeDirective", ["123", "456", "789"])

        matches = self.parser.find_dir("FakeDirective")

        self.assertEqual(len(matches), 3)
        self.assertTrue("IfModule" in matches[0])
示例#11
0
    def test_add_dir_to_ifmodssl_multiple(self):
        from certbot_apache.parser import get_aug_path
        # This makes sure that find_dir will work
        self.parser.modules.add("mod_ssl.c")

        self.parser.add_dir_to_ifmodssl(
            get_aug_path(self.parser.loc["default"]), "FakeDirective",
            ["123", "456", "789"])

        matches = self.parser.find_dir("FakeDirective")

        self.assertEqual(len(matches), 3)
        self.assertTrue("IfModule" in matches[0])
示例#12
0
 def test_activate_disabled_vhost(self):
     vhosts = [v for v in self.config.vhosts if v.name == "certbot.demo"]
     achalls = [
         achallenges.KeyAuthorizationAnnotatedChallenge(
             challb=acme_util.chall_to_challb(
                 challenges.HTTP01(token=((b'a' * 16))),
                 "pending"),
             domain="certbot.demo", account_key=self.account_key)]
     vhosts[0].enabled = False
     self.common_perform_test(achalls, vhosts)
     matches = self.config.parser.find_dir(
         "Include", vhosts[0].filep,
         get_aug_path(self.config.parser.loc["default"]))
     self.assertEqual(len(matches), 1)
示例#13
0
 def test_activate_disabled_vhost(self):
     vhosts = [v for v in self.config.vhosts if v.name == "certbot.demo"]
     achalls = [
         achallenges.KeyAuthorizationAnnotatedChallenge(
             challb=acme_util.chall_to_challb(
                 challenges.HTTP01(token=((b'a' * 16))),
                 "pending"),
             domain="certbot.demo", account_key=self.account_key)]
     vhosts[0].enabled = False
     self.common_perform_test(achalls, vhosts)
     matches = self.config.parser.find_dir(
         "Include", vhosts[0].filep,
         get_aug_path(self.config.parser.loc["default"]))
     self.assertEqual(len(matches), 1)
示例#14
0
    def test_add_dir_to_ifmodssl(self):
        """test add_dir_to_ifmodssl.

        Path must be valid before attempting to add to augeas

        """
        from certbot_apache.parser import get_aug_path
        # This makes sure that find_dir will work
        self.parser.modules.add("mod_ssl.c")

        self.parser.add_dir_to_ifmodssl(
            get_aug_path(self.parser.loc["default"]), "FakeDirective", ["123"])

        matches = self.parser.find_dir("FakeDirective", "123")

        self.assertEqual(len(matches), 1)
        self.assertTrue("IfModule" in matches[0])
示例#15
0
    def test_add_dir_to_ifmodssl(self):
        """test add_dir_to_ifmodssl.

        Path must be valid before attempting to add to augeas

        """
        from certbot_apache.parser import get_aug_path
        # This makes sure that find_dir will work
        self.parser.modules.add("mod_ssl.c")

        self.parser.add_dir_to_ifmodssl(
            get_aug_path(self.parser.loc["default"]),
            "FakeDirective", ["123"])

        matches = self.parser.find_dir("FakeDirective", "123")

        self.assertEqual(len(matches), 1)
        self.assertTrue("IfModule" in matches[0])
示例#16
0
    def _set_up_include_directives(self, vhost):
        """Includes override configuration to the beginning and to the end of
        VirtualHost. Note that this include isn't added to Augeas search tree"""

        if vhost not in self.moded_vhosts:
            logger.debug(
                "Adding a temporary challenge validation Include for name: %s " +
                "in: %s", vhost.name, vhost.filep)
            self.configurator.parser.add_dir_beginning(
                vhost.path, "Include", self.challenge_conf_pre)
            self.configurator.parser.add_dir(
                vhost.path, "Include", self.challenge_conf_post)

            if not vhost.enabled:
                self.configurator.parser.add_dir(
                    get_aug_path(self.configurator.parser.loc["default"]),
                    "Include", vhost.filep)

            self.moded_vhosts.add(vhost)
示例#17
0
    def _set_up_include_directives(self, vhost):
        """Includes override configuration to the beginning and to the end of
        VirtualHost. Note that this include isn't added to Augeas search tree"""

        if vhost not in self.moded_vhosts:
            logger.debug(
                "Adding a temporary challenge validation Include for name: %s "
                + "in: %s", vhost.name, vhost.filep)
            self.configurator.parser.add_dir_beginning(vhost.path, "Include",
                                                       self.challenge_conf_pre)
            self.configurator.parser.add_dir(vhost.path, "Include",
                                             self.challenge_conf_post)

            if not vhost.enabled:
                self.configurator.parser.add_dir(
                    get_aug_path(self.configurator.parser.loc["default"]),
                    "Include", vhost.filep)

            self.moded_vhosts.add(vhost)
示例#18
0
    def test_loadmod_non_duplicate(self):
        # the modules/mod_ssl.so exists in ssl.conf
        sslmod_args = ["ssl_module", "modules/mod_somethingelse.so"]
        rootconf_ifmod = self.config.parser.get_ifmod(
            parser.get_aug_path(self.config.parser.loc["default"]),
            "!mod_ssl.c", beginning=True)
        self.config.parser.add_dir(rootconf_ifmod[:-1], "LoadModule", sslmod_args)
        self.config.save()
        self.config.assoc["test.example.com"] = self.vh_truth[0]
        pre_matches = self.config.parser.find_dir("LoadModule",
                                                  "ssl_module", exclude=False)

        self.assertRaises(MisconfigurationError, self.config.deploy_cert,
                "random.demo", "example/cert.pem", "example/key.pem",
                "example/cert_chain.pem", "example/fullchain.pem")

        post_matches = self.config.parser.find_dir("LoadModule",
                                                   "ssl_module", exclude=False)
        # Make sure that none was changed
        self.assertEqual(pre_matches, post_matches)
示例#19
0
    def test_ocsp_stapling_twice(self, mock_exe):
        self.config.parser.update_runtime_variables = mock.Mock()
        self.config.parser.modules.add("mod_ssl.c")
        self.config.parser.modules.add("socache_shmcb_module")
        self.config.get_version = mock.Mock(return_value=(2, 4, 7))
        mock_exe.return_value = True

        # Checking the case with already enabled ocsp stapling configuration
        self.config.enhance("ocspvhost.com", "staple-ocsp")

        # Get the ssl vhost for letsencrypt.demo
        ssl_vhost = self.config.assoc["ocspvhost.com"]

        ssl_use_stapling_aug_path = self.config.parser.find_dir(
            "SSLUseStapling", "on", ssl_vhost.path)

        self.assertEqual(len(ssl_use_stapling_aug_path), 1)

        ssl_vhost_aug_path = parser.get_aug_path(ssl_vhost.filep)
        stapling_cache_aug_path = self.config.parser.find_dir('SSLStaplingCache',
                    "shmcb:/var/run/apache2/stapling_cache(128000)",
                    ssl_vhost_aug_path)

        self.assertEqual(len(stapling_cache_aug_path), 1)
示例#20
0
    def test_loadmod_non_duplicate(self):
        # the modules/mod_ssl.so exists in ssl.conf
        sslmod_args = ["ssl_module", "modules/mod_somethingelse.so"]
        rootconf_ifmod = self.config.parser.get_ifmod(parser.get_aug_path(
            self.config.parser.loc["default"]),
                                                      "!mod_ssl.c",
                                                      beginning=True)
        self.config.parser.add_dir(rootconf_ifmod[:-1], "LoadModule",
                                   sslmod_args)
        self.config.save()
        self.config.assoc["test.example.com"] = self.vh_truth[0]
        pre_matches = self.config.parser.find_dir("LoadModule",
                                                  "ssl_module",
                                                  exclude=False)

        self.assertRaises(MisconfigurationError, self.config.deploy_cert,
                          "random.demo", "example/cert.pem", "example/key.pem",
                          "example/cert_chain.pem", "example/fullchain.pem")

        post_matches = self.config.parser.find_dir("LoadModule",
                                                   "ssl_module",
                                                   exclude=False)
        # Make sure that none was changed
        self.assertEqual(pre_matches, post_matches)
示例#21
0
    def _deploy_loadmodule_ssl_if_needed(self):
        """
        Add "LoadModule ssl_module <pre-existing path>" to main httpd.conf if
        it doesn't exist there already.
        """

        loadmods = self.parser.find_dir("LoadModule",
                                        "ssl_module",
                                        exclude=False)

        correct_ifmods = []  # type: List[str]
        loadmod_args = []  # type: List[str]
        loadmod_paths = []  # type: List[str]
        for m in loadmods:
            noarg_path = m.rpartition("/")[0]
            path_args = self.parser.get_all_args(noarg_path)
            if loadmod_args:
                if loadmod_args != path_args:
                    msg = (
                        "Certbot encountered multiple LoadModule directives "
                        "for LoadModule ssl_module with differing library paths. "
                        "Please remove or comment out the one(s) that are not in "
                        "use, and run Certbot again.")
                    raise MisconfigurationError(msg)
            else:
                loadmod_args = path_args

            if self.parser.not_modssl_ifmodule(noarg_path):  # pylint: disable=no-member
                if self.parser.loc["default"] in noarg_path:
                    # LoadModule already in the main configuration file
                    if ("ifmodule/" in noarg_path.lower()
                            or "ifmodule[1]" in noarg_path.lower()):
                        # It's the first or only IfModule in the file
                        return
                # Populate the list of known !mod_ssl.c IfModules
                nodir_path = noarg_path.rpartition("/directive")[0]
                correct_ifmods.append(nodir_path)
            else:
                loadmod_paths.append(noarg_path)

        if not loadmod_args:
            # Do not try to enable mod_ssl
            return

        # Force creation as the directive wasn't found from the beginning of
        # httpd.conf
        rootconf_ifmod = self.parser.create_ifmod(parser.get_aug_path(
            self.parser.loc["default"]),
                                                  "!mod_ssl.c",
                                                  beginning=True)
        # parser.get_ifmod returns a path postfixed with "/", remove that
        self.parser.add_dir(rootconf_ifmod[:-1], "LoadModule", loadmod_args)
        correct_ifmods.append(rootconf_ifmod[:-1])
        self.save_notes += "Added LoadModule ssl_module to main configuration.\n"

        # Wrap LoadModule mod_ssl inside of <IfModule !mod_ssl.c> if it's not
        # configured like this already.
        for loadmod_path in loadmod_paths:
            nodir_path = loadmod_path.split("/directive")[0]
            # Remove the old LoadModule directive
            self.aug.remove(loadmod_path)

            # Create a new IfModule !mod_ssl.c if not already found on path
            ssl_ifmod = self.parser.get_ifmod(nodir_path,
                                              "!mod_ssl.c",
                                              beginning=True)[:-1]
            if ssl_ifmod not in correct_ifmods:
                self.parser.add_dir(ssl_ifmod, "LoadModule", loadmod_args)
                correct_ifmods.append(ssl_ifmod)
                self.save_notes += (
                    "Wrapped pre-existing LoadModule ssl_module "
                    "inside of <IfModule !mod_ssl> block.\n")
示例#22
0
 def test_add_comment(self):
     from certbot_apache.parser import get_aug_path
     self.parser.add_comment(get_aug_path(self.parser.loc["name"]), "123456")
     comm = self.parser.find_comments("123456")
     self.assertEquals(len(comm), 1)
     self.assertTrue(self.parser.loc["name"] in comm[0])
示例#23
0
 def test_get_aug_path(self):
     from certbot_apache.parser import get_aug_path
     self.assertEqual("/files/etc/apache", get_aug_path("/etc/apache"))
示例#24
0
 def test_get_aug_path(self):
     from certbot_apache.parser import get_aug_path
     self.assertEqual("/files/etc/apache", get_aug_path("/etc/apache"))