def test_310_302(self):
name = "testdomain.org"
HttpdConf(text="""
MDCertificateAuthority http://acme.test.org:4000/directory
MDCertificateProtocol ACME
MDCertificateAgreement http://acme.test.org:4000/terms/v1
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
# setup: sync with changed ca info
HttpdConf(text="""
ServerAdmin mailto:[email protected]
MDCertificateAuthority http://somewhere.com:6666/directory
MDCertificateProtocol ACME
MDCertificateAgreement http://somewhere.com:6666/terms/v1
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
# check: md stays the same with previous ca info
TestEnv.check_md([name, "www.testdomain.org", "mail.testdomain.org"],
state=1,
ca="http://somewhere.com:6666/directory",
protocol="ACME",
agreement="http://somewhere.com:6666/terms/v1")
def test_920_002(self):
# simple MD, drive it, manipulate staged credentials and check status
domain = self.test_domain
dnsList = [ domain ]
conf = HttpdConf()
conf.add_admin( "*****@*****.**" )
conf.add_md( dnsList )
conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion( [ domain ], restart=False )
# copy a real certificate from LE over to staging
staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain, 'pubcert.pem')
real_cert = os.path.join('data', 'test_920', '002.pubcert')
assert copyfile(real_cert, staged_cert) == None
status = TestEnv.get_certificate_status( domain )
# status shows the copied cert's properties as staged
assert 'renewal' in status
assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['valid-until']
assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['valid-from']
assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal']['serial']
assert 'sha256-fingerprint' in status['renewal']
assert len(status['renewal']['scts']) == 2
assert status['renewal']['scts'][0]['logid'] == '747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56'
assert status['renewal']['scts'][0]['signed'] == 'Fri, 31 May 2019 17:06:35 GMT'
assert status['renewal']['scts'][1]['logid'] == '293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478'
assert status['renewal']['scts'][1]['signed'] == 'Fri, 31 May 2019 17:06:35 GMT'
def test_700_003(self):
# generate 1 MD and 2 vhosts
domain = self.test_domain
nameA = "a." + domain
nameB = "b." + domain
dns_list = [ domain, nameA, nameB ]
conf = HttpdConf()
conf.add_admin( "admin@" + domain )
conf.add_md( dns_list )
conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a")
conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b")
conf.install()
# create docRoot folder
self._write_res_file( os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA )
self._write_res_file( os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB )
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md( domain, dns_list )
assert TestEnv.await_completion( [ domain, nameA, nameB ] )
TestEnv.check_md_complete(domain)
# check: SSL is running OK
certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA)
assert nameA in certA.get_san_list()
certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
assert TestEnv.get_content( nameA, "/name.txt" ) == nameA
assert TestEnv.get_content( nameB, "/name.txt" ) == nameB
def test_310_308(self):
# setup: nothing set
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert "require-https" not in TestEnv.a2md(["list"
])['jout']['output'][0]
# test case: temporary redirect
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
MDRequireHttps temporary
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(
["list"])['jout']['output'][0]['require-https'] == "temporary"
# test case: permanent redirect
HttpdConf(text="""
<MDomainSet testdomain.org>
MDMember www.testdomain.org mail.testdomain.org
MDRequireHttps permanent
</MDomainSet>
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(
["list"])['jout']['output'][0]['require-https'] == "permanent"
def test_702_003(self):
domain = self.test_domain
nameA = "test-a." + domain
nameB = "test-b." + domain
domains = [domain, nameA, nameB]
#
# generate 1 MD and 2 vhosts
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(domains)
conf.add_vhost(nameA, docRoot="htdocs/a")
conf.add_vhost(nameB, docRoot="htdocs/b")
conf.install()
#
# create docRoot folder
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"),
"name.txt", nameA)
self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"),
"name.txt", nameB)
#
# restart (-> drive), check that MD was synched and completes
assert TestEnv.apache_restart() == 0
TestEnv.check_md(domains)
assert TestEnv.await_completion([domain])
TestEnv.check_md_complete(domain)
#
# check: SSL is running OK
certA = TestEnv.get_cert(nameA)
assert nameA in certA.get_san_list()
certB = TestEnv.get_cert(nameB)
assert nameB in certB.get_san_list()
assert certA.get_serial() == certB.get_serial()
#
assert TestEnv.get_content(nameA, "/name.txt") == nameA
assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_920_001(self):
# simple MD, drive it, check status before activation
domain = self.test_domain
domains = [domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domain)
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain], restart=False)
# we started without a valid certificate, so we expect /.httpd/certificate-status
# to not give information about one and - since we waited for the ACME signup
# to complete - to give information in 'renewal' about the new cert.
status = TestEnv.get_certificate_status(domain)
assert not 'sha256-fingerprint' in status
assert not 'valid' in status
assert 'renewal' in status
assert 'valid' in status['renewal']
assert 'sha256-fingerprint' in status['renewal']
# restart and activate
# once activated, the staging must be gone and attributes exist for the active cert
assert TestEnv.apache_restart() == 0
status = TestEnv.get_certificate_status(domain)
assert not 'renewal' in status
assert 'sha256-fingerprint' in status
assert 'valid' in status
assert 'from' in status['valid']
def test_310_307(self):
HttpdConf(text="""
MDPrivateKeys RSA 4096
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"])['jout']['output'][0]['privkey'] == {
"type": "RSA",
"bits": 4096
}
HttpdConf(text="""
MDPrivateKeys RSA 2048
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"])['jout']['output'][0]['privkey'] == {
"type": "RSA",
"bits": 2048
}
HttpdConf(text="""
MDPrivateKeys RSA 4096
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"])['jout']['output'][0]['privkey'] == {
"type": "RSA",
"bits": 4096
}
def test_310_306(self):
HttpdConf(text="""
MDCAChallenges http-01
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(
["list"])['jout']['output'][0]['ca']['challenges'] == ['http-01']
# test case: drive mode auto
HttpdConf(text="""
MDCAChallenges tls-alpn-01
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md([
"list"
])['jout']['output'][0]['ca']['challenges'] == ['tls-alpn-01']
# test case: drive mode always
HttpdConf(text="""
MDCAChallenges http-01 tls-alpn-01
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"
])['jout']['output'][0]['ca']['challenges'] == [
'http-01', 'tls-alpn-01'
]
def test_310_200(self):
dnsList = [
"testdomain.org", "www.testdomain.org", "mail.testdomain.org"
]
TestEnv.a2md(["add"] + dnsList)
TestEnv.check_md(dnsList, state=1)
conf = HttpdConf()
conf.install()
assert TestEnv.apache_restart() == 0
# check: md stays in store
TestEnv.check_md(dnsList, state=1)
def test_310_118(self):
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
HttpdConf(text="""
MDRenewWindow 14d
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
stat = TestEnv.get_md_status("testdomain.org")
assert stat['renew-window'] == '14d'
def test_310_209(self, keySize):
HttpdConf(text="""
MDPrivateKeys RSA %s
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""" % (keySize)).install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(
["list"])['jout']['output'][0]['privkey']['type'] == "RSA"
#
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert "privkey" not in TestEnv.a2md(["list"])['jout']['output'][0]
def test_310_207(self, renewMode, expCode):
HttpdConf(text="""
MDRenewMode %s
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""" % (renewMode)).install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"
])['jout']['output'][0]['renew-mode'] == expCode
#
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"])['jout']['output'][0]['renew-mode'] == 1
def test_310_211(self):
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
MDMustStaple on
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"
])['jout']['output'][0]['must-staple'] == True
#
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"
])['jout']['output'][0]['must-staple'] == False
def test_310_208(self):
HttpdConf(text="""
MDCAChallenges http-01
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(
["list"])['jout']['output'][0]['ca']['challenges'] == ['http-01']
#
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert 'challenges' not in TestEnv.a2md(["list"
])['jout']['output'][0]['ca']
def test_310_206(self):
HttpdConf(text="""
MDRenewWindow 14d
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"
])['jout']['output'][0]['renew-window'] == '14d'
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
# check: renew window not set
assert TestEnv.a2md(["list"
])['jout']['output'][0]['renew-window'] == '33%'
def test_310_205(self):
name = "testdomain.org"
HttpdConf(text="""
ServerAdmin mailto:[email protected]
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
# setup: sync with admin info removed
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
# check: md stays the same with previous admin info
TestEnv.check_md([name, "www.testdomain.org", "mail.testdomain.org"],
state=1,
contacts=["mailto:[email protected]"])
def test_310_112(self):
HttpdConf(text="""
MDRenewMode always
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"])['jout']['output'][0]['renew-mode'] == 2
def test_310_107(self):
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
MDomain testdomain2.org www.testdomain2.org mail.testdomain2.org
<VirtualHost *:12346>
ServerName testdomain.org
ServerAlias www.testdomain.org
ServerAdmin mailto:[email protected]
</VirtualHost>
<VirtualHost *:12346>
ServerName testdomain2.org
ServerAlias www.testdomain2.org
ServerAdmin mailto:[email protected]
</VirtualHost>
""").install()
assert TestEnv.apache_restart() == 0
name1 = "testdomain.org"
name2 = "testdomain2.org"
TestEnv.check_md([name1, "www." + name1, "mail." + name1],
state=1,
contacts=["mailto:admin@" + name1])
TestEnv.check_md([name2, "www." + name2, "mail." + name2],
state=1,
contacts=["mailto:admin@" + name2])
def test_300_004(self):
assert TestEnv.apache_stop() == 0
HttpdConf(text="""
MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org
MDomain example2.org test3.not-forbidden.org www.example2.org mail.example2.org
""").install()
assert TestEnv.apache_fail() == 0
def test_300_005(self):
HttpdConf(text="""
MDomain not-forbidden.org www.not-forbidden.org mail.not-forbidden.org test3.not-forbidden.org
<VirtualHost *:12346>
MDomain example2.org www.example2.org www.example3.org
</VirtualHost>
""").install()
assert TestEnv.apache_restart() == 0
def test_310_121(self):
HttpdConf(text="""
MDomain testdomain.org www.testdomain.org mail.testdomain.org
MDRequireHttps temporary
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(
["list"])['jout']['output'][0]['require-https'] == "temporary"
def test_310_113b(self):
HttpdConf(text="""
MDRenewWindow 10%
MDomain testdomain.org www.testdomain.org mail.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
assert TestEnv.a2md(["list"
])['jout']['output'][0]['renew-window'] == '10%'
def test_8001(self):
domain = self.test_domain
dns_list = [domain]
conf = HttpdConf(TestAuto.TMP_CONF)
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[], withSSL=True)
conf.install()
# - restart (-> drive), check that md is in store
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
assert TestEnv.apache_restart() == 0
self._check_md_cert(dns_list)
cert1 = CertUtil(TestEnv.path_domain_pubcert(domain))
assert not cert1.get_must_staple()
def test_740_000(self):
domain = self.test_domain
domains = [domain, "invalid!." + domain]
conf = HttpdConf()
conf.add_admin("*****@*****.**")
conf.add_md(domains)
conf.add_vhost(domains)
conf.install()
assert TestEnv.apache_restart() == 0
md = TestEnv.await_error(domain)
assert md
assert md['renewal']['errors'] > 0
assert md['renewal']['last'][
'problem'] == 'urn:ietf:params:acme:error:rejectedIdentifier'
assert md['renewal']['last']['detail'] == (
"Error creating new order :: Cannot issue for \"%s\": Invalid character in DNS name"
% (domains[1]))
def test_8001(self):
domain = self.test_domain
dns_list = [domain]
conf = HttpdConf()
conf.add_admin("admin@" + domain)
conf.add_md(dns_list)
conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[])
conf.install()
# - restart (-> drive), check that md is in store
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
assert TestEnv.apache_restart() == 0
TestEnv.check_md_complete(domain)
cert1 = CertUtil(TestEnv.store_domain_file(domain, 'pubcert.pem'))
assert not cert1.get_must_staple()
def test_310_108(self):
HttpdConf(text="""
MDomain testdomain.org WWW.testdomain.org MAIL.testdomain.org
""").install()
assert TestEnv.apache_restart() == 0
TestEnv.check_md(
["testdomain.org", "www.testdomain.org", "mail.testdomain.org"],
state=1)
def test_300_015(self):
HttpdConf(text="""
MDPrivateKeys Default
MDPrivateKeys RSA
MDPrivateKeys RSA 2048
MDPrivateKeys RSA 3072
MDPrivateKeys RSA 4096
""").install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.httpd_error_log_count()
def test_300_014(self):
HttpdConf(text="""
MDomain %s www.example2.org
<VirtualHost *:12346>
ServerName www.example2.org
</VirtualHost>
""" % (TestEnv.HOSTNAME)).install()
assert TestEnv.apache_restart() == 0
assert (0, 0) == TestEnv.httpd_error_log_count()
def test_300_012(self):
HttpdConf(text="""
MDomain example3.org www.example3.org
<VirtualHost *:12346>
ServerName not-forbidden.org
ServerAlias test3.not-forbidden.org
</VirtualHost>
""").install()
assert TestEnv.apache_restart() == 0
assert (0, 1) == TestEnv.httpd_error_log_count()
def test_702_050(self):
domain = self.test_domain
conf = HttpdConf()
conf.add_line("""
MDBaseServer on
ServerAdmin admin@%s
ServerName %s
""" % (domain, domain))
conf.add_md([domain])
conf.install()
assert TestEnv.apache_restart() == 0
assert TestEnv.await_completion([domain])
