def test_700_009(self): domain = self.test_domain dns_list = [ domain ] # prepare md conf = HttpdConf() conf.add_admin( "admin@" + domain ) conf.add_drive_mode( "auto" ) conf.add_renew_window( "10d" ) conf.add_md( dns_list ) conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[]) conf.install() # restart (-> drive), check that md+cert is in store, TLS is up assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ] ) TestEnv.check_md_complete(domain) cert1 = CertUtil( TestEnv.store_domain_file(domain, 'pubcert.pem') ) # compare with what md reports as status stat = TestEnv.get_certificate_status(domain); assert stat['serial'] == cert1.get_serial() # create self-signed cert, with critical remaining valid duration -> drive again CertUtil.create_self_signed_cert( [domain], { "notBefore": -120, "notAfter": 2 }, serial=7009) cert3 = CertUtil( TestEnv.store_domain_file(domain, 'pubcert.pem') ) assert cert3.get_serial() == '1B61' assert TestEnv.apache_restart() == 0 stat = TestEnv.get_certificate_status(domain); assert stat['serial'] == cert3.get_serial() # cert should renew and be different afterwards assert TestEnv.await_completion( [ domain ], must_renew=True ) stat = TestEnv.get_certificate_status(domain); assert stat['serial'] != cert3.get_serial()
def test_920_001(self): # simple MD, drive it, check status before activation domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) # we started without a valid certificate, so we expect /.httpd/certificate-status # to not give information about one and - since we waited for the ACME signup # to complete - to give information in 'renewal' about the new cert. status = TestEnv.get_certificate_status(domain) assert not 'sha256-fingerprint' in status assert not 'valid' in status assert 'renewal' in status assert 'valid' in status['renewal'] assert 'sha256-fingerprint' in status['renewal'] # restart and activate # once activated, the staging must be gone and attributes exist for the active cert assert TestEnv.apache_restart() == 0 status = TestEnv.get_certificate_status(domain) assert not 'renewal' in status assert 'sha256-fingerprint' in status assert 'valid' in status assert 'from' in status['valid']
def test_710_001(self): domain = self.test_domain # use ACMEv1 initially TestEnv.set_acme('acmev1') # generate config with one MD, restart, gets cert dns_list = [domain, "www." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) TestEnv.check_md_complete(domain) cert1 = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, domain) assert domain in cert1.get_san_list() # use ACMEv2 now for everything TestEnv.set_acme('acmev2') conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() # restart, gets cert, should still be the same cert as it remains valid assert TestEnv.apache_restart() == 0 status = TestEnv.get_certificate_status(domain) assert status['serial'] == cert1.get_serial() # change the MD so that we need a new cert dns_list = [domain, "www." + domain, "another." + domain] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, domain, aliasList=[dns_list[1]]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain]) # should no longer the same cert status = TestEnv.get_certificate_status(domain) assert status['serial'] != cert1.get_serial() TestEnv.check_md_complete(domain) # should have a 2 accounts now assert 2 == len(TestEnv.list_accounts())
def test_920_002(self): # simple MD, drive it, manipulate staged credentials and check status domain = self.test_domain dnsList = [ domain ] conf = HttpdConf() conf.add_admin( "*****@*****.**" ) conf.add_md( dnsList ) conf.add_vhost( TestEnv.HTTPS_PORT, domain, aliasList=[]) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion( [ domain ], restart=False ) # copy a real certificate from LE over to staging staged_cert = os.path.join(TestEnv.STORE_DIR, 'staging', domain, 'pubcert.pem') real_cert = os.path.join('data', 'test_920', '002.pubcert') assert copyfile(real_cert, staged_cert) == None status = TestEnv.get_certificate_status( domain ) # status shows the copied cert's properties as staged assert 'renewal' in status assert 'Thu, 29 Aug 2019 16:06:35 GMT' == status['renewal']['valid-until'] assert 'Fri, 31 May 2019 16:06:35 GMT' == status['renewal']['valid-from'] assert '03039C464D454EDE79FCD2CAE859F668F269' == status['renewal']['serial'] assert 'sha256-fingerprint' in status['renewal'] assert len(status['renewal']['scts']) == 2 assert status['renewal']['scts'][0]['logid'] == '747eda8331ad331091219cce254f4270c2bffd5e422008c6373579e6107bcc56' assert status['renewal']['scts'][0]['signed'] == 'Fri, 31 May 2019 17:06:35 GMT' assert status['renewal']['scts'][1]['logid'] == '293c519654c83965baaa50fc5807d4b76fbf587a2972dca4c30cf4e54547f478' assert status['renewal']['scts'][1]['signed'] == 'Fri, 31 May 2019 17:06:35 GMT'
def test_702_030(self): domain = self.test_domain nameX = "test-x." + domain nameA = "test-a." + domain nameB = "test-b." + domain dns_list = [nameX, nameA, nameB] # generate 1 MD and 2 vhosts conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(dns_list) conf.add_vhost(TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a") conf.add_vhost(TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b") conf.install() # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(nameX, dns_list) assert TestEnv.await_completion([nameX]) TestEnv.check_md_complete(nameX) # check: SSL is running OK certA = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameA) assert nameA in certA.get_san_list() certB = CertUtil.load_server_cert(TestEnv.HTTPD_HOST, TestEnv.HTTPS_PORT, nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() # change MD by removing 1st name new_list = [nameA, nameB] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(new_list) conf.add_vhost(TestEnv.HTTPS_PORT, nameA, aliasList=[], docRoot="htdocs/a") conf.add_vhost(TestEnv.HTTPS_PORT, nameB, aliasList=[], docRoot="htdocs/b") conf.install() # restart, check that host still works and kept the cert assert TestEnv.apache_restart() == 0 TestEnv.check_md(nameX, new_list) status = TestEnv.get_certificate_status(nameA) assert status['serial'] == certA.get_serial()
def test_920_003(self): # test if switching it off works domain = self.test_domain domains = [domain] conf = HttpdConf() conf.add_admin("*****@*****.**") conf.add_md(domains) conf.add_line("MDCertificateStatus off") conf.add_vhost(domain) conf.install() assert TestEnv.apache_restart() == 0 assert TestEnv.await_completion([domain], restart=False) status = TestEnv.get_certificate_status(domain) assert not status
def test_700_031(self): domain = self.test_domain nameX = "x." + domain nameA = "a." + domain nameB = "b." + domain nameC = "c." + domain domains = [nameX, nameA, nameB] # # generate 1 MD and 2 vhosts conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(domains) conf.add_vhost(nameA) conf.add_vhost(nameB) conf.install() # # restart (-> drive), check that MD was synched and completes assert TestEnv.apache_restart() == 0 TestEnv.check_md(domains) assert TestEnv.await_completion([nameX]) TestEnv.check_md_complete(nameX) # # check: SSL is running OK certA = TestEnv.get_cert(nameA) assert nameA in certA.get_san_list() certB = TestEnv.get_cert(nameB) assert nameB in certB.get_san_list() assert certA.get_serial() == certB.get_serial() # # change MD by removing 1st name new_list = [nameA, nameB, nameC] conf = HttpdConf() conf.add_admin("admin@" + domain) conf.add_md(new_list) conf.add_vhost(nameA) conf.add_vhost(nameB) conf.install() # restart, check that host still works and have same cert assert TestEnv.apache_restart() == 0 TestEnv.check_md(new_list, md=nameX) status = TestEnv.get_certificate_status(nameA) assert status['serial'] == certA.get_serial()