def test_720_006(self): dns01cmd = ("%s/dns01.py" % TestEnv.TESTROOT) domain = self.test_domain dwild = "*." + domain domain2 = "www." + domain domains = [domain, dwild, domain2] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_ca_challenges(["dns-01"]) conf.add_dns01_cmd(dns01cmd) conf.add_md(domains) conf.add_vhost(domain2) conf.add_vhost([domain, dwild]) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # await drive completion assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # check: SSL is running OK certA = TestEnv.get_cert(domain) altnames = certA.get_san_list() for domain in [domain, dwild]: assert domain in altnames
def test_702_011(self): domain = self.test_domain domains = [domain, "www." + domain] # # generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf._add_line("MDPortMap https:99") conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert not TestEnv.is_renewing(domain) # # now the same with a 80 mapped to a supported port conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf._add_line("MDPortMap https:%s" % TestEnv.HTTPS_PORT) conf.add_md(domains) conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain])
def test_702_040(self): domain = self.test_domain domains = [domain, "www." + domain] # # generate 1 MD and 1 vhost conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf.add_md(domains) conf.add_vhost(domains) conf.install() # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # check that acme-tls/1 is available for all domains stat = TestEnv.get_md_status(domain) assert stat["proto"]["acme-tls/1"] == domains assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # # check SSL running OK cert = TestEnv.get_cert(domain) assert domain in cert.get_san_list()
def test_700_002(self): domain = "test700-002-" + TestAuto.dns_uniq domainA = "a-" + domain domainB = "b-" + domain # generate config with two MDs dnsListA = [ domainA, "www." + domainA ] dnsListB = [ domainB, "www." + domainB ] conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "*****@*****.**" ) conf.add_drive_mode( "auto" ) conf.add_md( dnsListA ) conf.add_md( dnsListB ) conf.add_vhost( TestEnv.HTTPS_PORT, domainA, aliasList=[ dnsListA[1] ], withSSL=True ) conf.add_vhost( TestEnv.HTTPS_PORT, domainB, aliasList=[ dnsListB[1] ], withSSL=True ) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names( domainA, dnsListA ) self._check_md_names( domainB, dnsListB ) # await drive completion assert TestEnv.await_completion( [ domainA, domainB ] ) self._check_md_cert(dnsListA) self._check_md_cert(dnsListB) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA) assert dnsListA == certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainB) assert dnsListB == certB.get_san_list() # should have a single account now assert 1 == len(TestEnv.list_accounts())
def test_702_005(self): domain = self.test_domain nameA = "test-a." + domain domains = [domain, nameA] # # generate 1 MD and 1 vhost conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(domains) conf.add_vhost(nameA, docRoot="htdocs/a") conf.install() # # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # # check: that request to domains give 503 Service Unavailable cert1 = TestEnv.get_cert(nameA) assert nameA in cert1.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503 # # check temporary cert from server cert2 = CertUtil(TestEnv.path_fallback_cert(domain)) assert cert1.get_serial() == cert2.get_serial(), \ "Unexpected temporary certificate on vhost %s. Expected cn: %s , but found cn: %s" % ( nameA, cert2.get_cn(), cert1.get_cn() )
def test_600_000(self): # test case: generate config with md -> restart -> drive -> generate config # with vhost and ssl -> restart -> check HTTPS access domain = self.test_domain dnsList = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(dnsList) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domain, dnsList) # - drive assert TestEnv.a2md(["-vvvv", "drive", domain])['rv'] == 0 assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domain) # - append vhost to config conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dnsList[1]]) conf.install() assert TestEnv.apache_restart() == 0 # check: SSL is running OK cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert.get_san_list() # check file system permissions: TestEnv.check_file_permissions(domain)
def test_700_006(self): domain = "test700-006-" + TestAuto.dns_uniq nameA = "test-a." + domain dns_list = [ domain, nameA ] # generate 1 MD, 1 vhost conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_ca_challenges([ "invalid-01", "invalid-02" ]) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.install() # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) time.sleep( 2 ) # assert drive did not start md = TestEnv.a2md([ "-j", "list", domain ])['jout']['output'][0] assert md['state'] == TestEnv.MD_S_INCOMPLETE assert 'account' not in md['ca'] assert TestEnv.apache_err_scan( re.compile('.*\[md:warn\].*the server offers no ACME challenge that is configured for this MD') ) # check: that request to domains give 503 Service Unavailable cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in cert.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503
def test_600_000(self): # test case: generate config with md -> restart -> drive -> generate config # with vhost and ssl -> restart -> check HTTPS access domain = "r000-" + TestRoundtrip.dns_uniq dnsList = [domain, "www." + domain] # - generate config with one md conf = HttpdConf(TestRoundtrip.TMP_CONF, True) conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(dnsList) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dnsList) # - drive assert TestEnv.a2md(["-v", "drive", domain])['rv'] == 0 self._check_md_cert(dnsList) # - append vhost to config conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dnsList[1]], withSSL=True) conf.install() assert TestEnv.apache_restart() == 0 # check: SSL is running OK cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert.get_san_list() # check file system permissions: TestEnv.check_file_permissions(domain)
def test_720_006(self): dns01cmd = ("%s/dns01.py" % TestEnv.TESTROOT) domain = "test720-006-" + TestAuto.dns_uniq dwild = "*." + domain domain2 = "www." + domain dnsList = [domain, dwild, domain2] conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("*****@*****.**") conf.add_ca_challenges(["dns-01"]) conf.add_dns01_cmd(dns01cmd) conf.add_md(dnsList) conf.add_vhost(TestEnv.HTTPS_PORT, domain2, aliasList=[], withSSL=True) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dwild], withSSL=True) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dnsList) # await drive completion assert TestEnv.await_completion([domain]) self._check_md_cert(dnsList) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) altnames = certA.get_san_list() for domain in [domain, dwild]: assert domain in altnames
def test_700_009(self): domain = self.test_domain dns_list = [ domain ] # prepare md conf = HttpdConf() conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "auto" ) conf.add_renew_window( "10d" ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[]) conf.install() # restart (-> drive), check that md+cert is in store, TLS is up assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ] ) TestEnv.check_md_complete(domain) cert1 = CertUtil( TestEnv.store_domain_file(domain, 'pubcert.pem') ) # compare with what md reports as status stat = TestEnv.get_certificate_status(domain); assert stat['serial'] == cert1.get_serial() # create self-signed cert, with critical remaining valid duration -> drive again CertUtil.create_self_signed_cert( [domain], { "notBefore": -120, "notAfter": 2 }, serial=7009) cert3 = CertUtil( TestEnv.store_domain_file(domain, 'pubcert.pem') ) assert cert3.get_serial() == '1B61' assert TestEnv.apache_restart() == 0 stat = TestEnv.get_certificate_status(domain); assert stat['serial'] == cert3.get_serial() # cert should renew and be different afterwards assert TestEnv.await_completion( [ domain ], must_renew=True ) stat = TestEnv.get_certificate_status(domain); assert stat['serial'] != cert3.get_serial()
def test_7021(self): domain = ("%s-" % self.test_n) + TestAuto.dns_uniq # generate config with two MDs dnsList = [domain, "www." + domain] conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("*****@*****.**") conf._add_line("MDNotifyCmd %s/notify.py" % TestEnv.TESTROOT) conf.add_drive_mode("auto") conf.add_md(dnsList) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dnsList[1]], withSSL=True) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dnsList) # await drive completion assert TestEnv.await_completion([domain], 30) self._check_md_cert(dnsList) # this command should have failed and logged an error TestEnv.apachectl_stderr = None assert (0, 0) == TestEnv.apache_err_total()
def test_700_003(self): # generate 1 MD and 2 vhosts domain = self.test_domain nameA = "a." + domain nameB = "b." + domain dns_list = [ domain, nameA, nameB ] conf = HttpdConf() conf.add_admin( "admin@" + domain ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a") conf.add_vhost( TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b") conf.install() # create docRoot folder self._write_res_file( os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA ) self._write_res_file( os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB ) # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md( domain, dns_list ) assert TestEnv.await_completion( [ domain, nameA, nameB ] ) TestEnv.check_md_complete(domain) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() assert TestEnv.get_content( nameA, "/name.txt" ) == nameA assert TestEnv.get_content( nameB, "/name.txt" ) == nameB
def test_901_010(self): # MD with static cert files, lifetime in renewal window, no message about renewal domain = self.test_domain domains = [domain, 'www.%s' % domain] testpath = os.path.join(TestEnv.GEN_DIR, 'test_901_010') # cert that is only 10 more days valid CertUtil.create_self_signed_cert(domains, { "notBefore": -70, "notAfter": 20 }, serial=901010, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_message_cmd("%s %s" % (self.mcmd, self.mlog)) conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert not os.path.isfile(self.mlog)
def test_7002(self): domainA = ("%sa-" % self.test_n) + TestAuto.dns_uniq domainB = ("%sb-" % self.test_n) + TestAuto.dns_uniq # generate config with two MDs dnsListA = [ domainA, "www." + domainA ] dnsListB = [ domainB, "www." + domainB ] conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "*****@*****.**" ) conf.add_drive_mode( "auto" ) conf.add_md( dnsListA ) conf.add_md( dnsListB ) conf.add_vhost( TestEnv.HTTPS_PORT, domainA, aliasList=[ dnsListA[1] ], withSSL=True ) conf.add_vhost( TestEnv.HTTPS_PORT, domainB, aliasList=[ dnsListB[1] ], withSSL=True ) conf.install() # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names( domainA, dnsListA ) self._check_md_names( domainB, dnsListB ) # await drive completion assert TestEnv.await_completion( [ domainA, domainB ], 30 ) self._check_md_cert(dnsListA) self._check_md_cert(dnsListB) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainA) assert dnsListA == certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domainB) assert dnsListB == certB.get_san_list()
def test_702_041(self): domain = "test702-041-" + TestAuto.dns_uniq dns_list = [domain, "www." + domain] # generate 1 MD and 1 vhost conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]], withSSL=True) conf.install() # restart (-> drive), check that MD job shows errors # and that missing proto is detected assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_error([domain]) == True md = self._get_md(domain) assert False == md["proto"]["acme-tls/1"]
def test_730_003(self): # just configuring one file will not work domain = self.test_domain domains = [domain, 'www.%s' % domain] testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001') # cert that is only 10 more days valid CertUtil.create_self_signed_cert(domains, { "notBefore": -80, "notAfter": 10 }, serial=730001, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_fail() == 0 conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_fail() == 0
def test_700_004(self, challengeType): domain = "test700-004-" + TestAuto.dns_uniq dns_list = [domain, "www." + domain] # generate 1 MD and 1 vhost conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_ca_challenges([challengeType]) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]], withSSL=True) conf.install() # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_completion([domain]) self._check_md_cert(dns_list) # check SSL running OK cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert.get_san_list()
def test_730_002(self): # MD with static cert files, force driving domain = self.test_domain domains = [domain, 'www.%s' % domain] testpath = os.path.join(TestEnv.GEN_DIR, 'test_920_001') # cert that is only 10 more days valid CertUtil.create_self_signed_cert(domains, { "notBefore": -80, "notAfter": 10 }, serial=730001, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.add_line("MDRenewMode always") conf.end_md() conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 # check if the domain uses it, it appears in our stats and renewal is off cert = TestEnv.get_cert(domain) assert ('%X' % 730001) == cert.get_serial() stat = TestEnv.get_md_status(domain) assert stat assert 'cert' in stat assert stat['renew'] == True assert TestEnv.await_renewal(domains)
def test_700_005(self): domain = "test700-005-" + TestAuto.dns_uniq nameA = "test-a." + domain dns_list = [ domain, nameA ] # generate 1 MD and 1 vhost conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "manual" ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a", withSSL=True, certPath=TestEnv.path_domain_pubcert( domain ), keyPath=TestEnv.path_domain_privkey( domain ) ) conf.install() # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # restart, check that md is in store assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_renew_state( [ domain ] ) # check: that request to domains give 503 Service Unavailable cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in cert1.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503 # check temporary cert from server cert2 = CertUtil( TestEnv.path_fallback_cert( domain ) ) assert cert1.get_serial() == cert2.get_serial(), \ "Unexpected temporary certificate on vhost %s. Expected cn: %s , but found cn: %s" % ( nameA, cert2.get_cn(), cert1.get_cn() )
def test_700_002(self): # generate config with two MDs domain = self.test_domain domainA = "a-" + domain domainB = "b-" + domain domainsA = [domainA, "www." + domainA] domainsB = [domainB, "www." + domainB] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_drive_mode("auto") conf.add_md(domainsA) conf.add_md(domainsB) conf.add_vhost(domainsA) conf.add_vhost(domainsB) conf.install() # # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domainsA) TestEnv.check_md(domainsB) # await drive completion assert TestEnv.await_completion([domainA, domainB]) TestEnv.check_md_complete(domainA) TestEnv.check_md_complete(domainB) # # check: SSL is running OK certA = TestEnv.get_cert(domainA) assert domainsA == certA.get_san_list() certB = TestEnv.get_cert(domainB) assert domainsB == certB.get_san_list() # # should have a single account now assert 1 == len(TestEnv.list_accounts())
def test_700_011(self): domain = "test700-011-" + TestAuto.dns_uniq dns_list = [ domain, "www." + domain ] # generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "auto" ) conf.add_ca_challenges( [ "tls-sni-01" ] ) conf._add_line("MDPortMap 443:99") conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True ) conf.install() assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_error( [ domain ] ) # now the same with a 80 mapped to a supported port conf = HttpdConf( TestAuto.TMP_CONF ) conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "auto" ) conf.add_ca_challenges( [ "tls-sni-01" ] ) conf._add_line("MDPortMap 443:%s" % TestEnv.HTTPS_PORT) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[ dns_list[1] ], withSSL=True ) conf.install() assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_completion( [ domain ] )
def test_702_010(self): domain = self.test_domain dns_list = [domain, "www." + domain] # generate 1 MD and 1 vhost, map port 80 onto itself where the server does not listen conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_ca_challenges(["http-01"]) conf._add_line("MDPortMap 80:99") conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domain, dns_list) assert not TestEnv.is_renewing(domain) # now the same with a 80 mapped to a supported port conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_ca_challenges(["http-01"]) conf._add_line("MDPortMap 80:%s" % TestEnv.HTTP_PORT) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() assert TestEnv.apache_restart() == 0 TestEnv.check_md(domain, dns_list) assert TestEnv.await_completion([domain])
def test_702_003(self): domain = self.test_domain nameA = "test-a." + domain nameB = "test-b." + domain domains = [domain, nameA, nameB] # # generate 1 MD and 2 vhosts conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(nameA, docRoot="htdocs/a") conf.add_vhost(nameB, docRoot="htdocs/b") conf.install() # # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "b"), "name.txt", nameB) # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) # # check: SSL is running OK certA = TestEnv.get_cert(nameA) assert nameA in certA.get_san_list() certB = TestEnv.get_cert(nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() # assert TestEnv.get_content(nameA, "/name.txt") == nameA assert TestEnv.get_content(nameB, "/name.txt") == nameB
def test_702_001(self): domain = self.test_domain # generate config with one MD dns_list = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_md(dns_list) conf.install() # restart, check that MD is synched to store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domain, dns_list) time.sleep(2) # assert drive did not start TestEnv.check_md(domain, dns_list, TestEnv.MD_S_INCOMPLETE) assert TestEnv.apache_err_scan( re.compile('.*\[md:debug\].*no mds to drive')) # add vhost for MD, restart should drive it conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert.get_san_list() # challenges should have been removed TestEnv.check_dir_empty(TestEnv.store_challenges()) # file system needs to have correct permissions TestEnv.check_file_permissions(domain)
def test_702_006(self): domain = self.test_domain nameA = "test-a." + domain domains = [domain, nameA] # # generate 1 MD, 1 vhost conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_ca_challenges(["invalid-01", "invalid-02"]) conf.add_md(domains) conf.add_vhost(nameA, docRoot="htdocs/a") conf.install() # # create docRoot folder self._write_res_file(os.path.join(TestEnv.APACHE_HTDOCS_DIR, "a"), "name.txt", nameA) # # restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # await drive completion md = TestEnv.await_error(domain) assert md assert md['renewal']['errors'] > 0 assert md['renewal']['last']['problem'] == 'challenge-mismatch' assert 'account' not in md['ca'] # # check: that request to domains give 503 Service Unavailable cert = TestEnv.get_cert(nameA) assert nameA in cert.get_san_list() assert TestEnv.getStatus(nameA, "/name.txt") == 503
def test_602_000(self): # test case: generate config with md -> restart -> drive -> generate config # with vhost and ssl -> restart -> check HTTPS access domain = self.test_domain domains = [domain, "www." + domain] # - generate config with one md conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("manual") conf.add_md(domains) conf.install() # - restart, check that md is in store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) # - drive assert TestEnv.a2md(["-v", "drive", domain])['rv'] == 0 assert TestEnv.apache_restart() == 0 TestEnv.check_md_complete(domain) # - append vhost to config conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 # check: SSL is running OK cert = TestEnv.get_cert(domain) assert domain in cert.get_san_list() # check file system permissions: TestEnv.check_file_permissions(domain)
def test_702_001(self): domain = self.test_domain # generate config with one MD domains = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_drive_mode("auto") conf.add_md(domains) conf.install() # # restart, check that MD is synched to store assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) stat = TestEnv.get_md_status(domain) assert stat["watched"] == 0 # # add vhost for MD, restart should drive it conf.add_vhost(domains) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) stat = TestEnv.get_md_status(domain) assert stat["watched"] == 1 cert = TestEnv.get_cert(domain) assert domain in cert.get_san_list() # # challenges should have been removed # file system needs to have correct permissions TestEnv.check_dir_empty(TestEnv.store_challenges()) TestEnv.check_file_permissions(domain)
def test_702_040(self): domain = "test702-040-" + TestAuto.dns_uniq dns_list = [domain, "www." + domain] # generate 1 MD and 1 vhost conf = HttpdConf(TestAuto.TMP_CONF) conf.add_admin("admin@" + domain) conf.add_line("LogLevel core:debug") conf.add_line("LogLevel ssl:debug") conf.add_line("Protocols http/1.1 acme-tls/1") conf.add_drive_mode("auto") conf.add_ca_challenges(["tls-alpn-01"]) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]], withSSL=True) conf.install() # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 self._check_md_names(domain, dns_list) assert TestEnv.await_completion([domain]) self._check_md_cert(dns_list) # check SSL running OK cert = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert.get_san_list()
def test_920_001(self): # simple MD, drive it, check status before activation domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) # we started without a valid certificate, so we expect /.httpd/certificate-status # to not give information about one and - since we waited for the ACME signup # to complete - to give information in 'renewal' about the new cert. status = TestEnv.get_certificate_status(domain) assert not 'sha256-fingerprint' in status assert not 'valid' in status assert 'renewal' in status assert 'valid' in status['renewal'] assert 'sha256-fingerprint' in status['renewal'] # restart and activate # once activated, the staging must be gone and attributes exist for the active cert assert TestEnv.apache_restart() == 0 status = TestEnv.get_certificate_status(domain) assert not 'renewal' in status assert 'sha256-fingerprint' in status assert 'valid' in status assert 'from' in status['valid']
def test_801_009(self): assert TestEnv.apache_stop() == 0 md = TestStapling.mdA domains = [md] testpath = os.path.join(TestEnv.GEN_DIR, 'test_801_009') # cert that is 30 more days valid CertUtil.create_self_signed_cert(domains, { "notBefore": -60, "notAfter": 30 }, serial=801009, path=testpath) cert_file = os.path.join(testpath, 'pubcert.pem') pkey_file = os.path.join(testpath, 'privkey.pem') assert os.path.exists(cert_file) assert os.path.exists(pkey_file) conf = HttpdConf() conf.add_admin("*****@*****.**") conf.start_md(domains) conf.add_line("MDCertificateFile %s" % (cert_file)) conf.add_line("MDCertificateKeyFile %s" % (pkey_file)) conf.add_line("MDStapling on") conf.end_md() conf.add_vhost(md) conf.install() assert TestEnv.apache_restart() == 0 time.sleep(1) stat = TestEnv.get_ocsp_status(md) assert stat['ocsp'] == "no response sent"