| Quellcodebibliothek Statistik Leitseite products/Sources/formale Sprachen/C/Apache/test/modules/md/ (Apache Software Stiftung Version 2.4.65©) Datei vom 5.1.2025 mit Größe 38 kB |
|
Quelle test_310_conf_store.py Sprache: Python |
|||||||||||||||
|
# test mod_md basic configurations import time import pytest import os from .md_conf import MDConf from .md_env import MDTestEnv SEC_PER_DAY = 24 * 60 * 60 MS_PER_DAY = SEC_PER_DAY * 1000 NS_PER_DAY = MS_PER_DAY * 1000 @pytest.mark.skipif(condition=not MDTestEnv.has_a2md(), reason="no a2md available" @pytest.mark.skipif(condition=not MDTestEnv.has_acme_server(), reason="no ACME test server configured") class TestConf: @pytest.fixture(autouse=True, scope='class') def _class_scope(self, env, acme): acme.start(config='default') env.check_acme() @pytest.fixture(autouse=True, scope='function') def _method_scope(self, env, request): env.clear_store() self.test_domain = env.get_request_domain(request) # test case: no md definitions in config def test_md_310_001(self, env): MDConf(env, text="").install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' r = env.a2md(["list"]) assert 0 == len(r.json["output"]) # test case: add md definitions on empty store @pytest.mark.parametrize("confline,dns_lists,md_count", [ ("MDomain testdomain.org www.testdomain.org mail.testdomain.org", [["testdomain.org", "www.testdomain.org", "mail.testdomain.org"]], 1), ("""MDomain testdomain.org www.testdomain.org mail.testdomain.org MDomain testdomain2.org www.testdomain2.org mail.testdomain2.org""", [["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], ["testdomain2.org", "www.testdomain2.org", "mail.testdomain2.org"]], 2) ]) def test_md_310_100(self, env, confline, dns_lists, md_count): MDConf(env, text=confline).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' for i in range(0, len(dns_lists)): env.check_md(dns_lists[i], state=1) # test case: add managed domains as separate steps def test_md_310_101(self, env): MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDomain testdomain2.org www.testdomain2.org mail.testdomain2.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state env.check_md(["testdomain2.org", "www.testdomain2.org", "mail.testdomain2.org"], st # test case: add dns to existing md def test_md_310_102(self, env): assert env.a2md(["add", "testdomain.org", "www.testdomain.org"]).exit_code == 0 MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state # test case: add new md definition with acme url, acme protocol, acme agreement def test_md_310_103(self, env): MDConf(env, text=""" MDCertificateAuthority http://acme.test.org:4000/directory MDCertificateProtocol ACME MDCertificateAgreement http://acme.test.org:4000/terms/v1 MDomain testdomain.org www.testdomain.org mail.testdomain.org """, local_ca=False).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' name = "testdomain.org" env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, ca="http://acme.test.org:4000/directory", protocol="ACME", agreement="http://acme.test.org:4000/terms/v1") # test case: add to existing md: acme url, acme protocol def test_md_310_104(self, env): name = "testdomain.org" MDConf(env, local_ca=False, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, ca="https://acme-v02.api.letsencrypt.org/directory", protocol="ACME") MDConf(env, local_ca=False, text=""" MDCertificateAuthority http://acme.test.org:4000/directory MDCertificateProtocol ACME MDCertificateAgreement http://acme.test.org:4000/terms/v1 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, ca="http://acme.test.org:4000/directory", protocol="ACME", agreement="http://acme.test.org:4000/terms/v1") # test case: add new md definition with server admin def test_md_310_105(self, env): MDConf(env, admin="admin@testdomain.org", text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' name = "testdomain.org" env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, contacts=["mailto:admin@testdomain.org"]) # test case: add to existing md: server admin def test_md_310_106(self, env): name = "testdomain.org" assert env.a2md(["add", name, "www.testdomain.org", "mail.testdomain.org"]).exit_cod MDConf(env, admin="admin@testdomain.org", text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, contacts=["mailto:admin@testdomain.org"]) # test case: assign separate contact info based on VirtualHost def test_md_310_107(self, env): MDConf(env, admin="", text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDomain testdomain2.org www.testdomain2.org mail.testdomain2.org <VirtualHost *:12346> ServerName testdomain.org ServerAlias www.testdomain.org ServerAdmin mailto:admin@testdomain.org </VirtualHost> <VirtualHost *:12346> ServerName testdomain2.org ServerAlias www.testdomain2.org ServerAdmin mailto:admin@testdomain2.org </VirtualHost> """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' name1 = "testdomain.org" name2 = "testdomain2.org" env.check_md([name1, "www." + name1, "mail." + name1], state=1, contacts=["mailto:admin@ env.check_md([name2, "www." + name2, "mail." + name2], state=1, contacts=["mailto:admin@ # test case: normalize names - lowercase def test_md_310_108(self, env): MDConf(env, text=""" MDomain testdomain.org WWW.testdomain.org MAIL.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state # test case: default drive mode - auto def test_md_310_109(self, env): MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['renew-mode'] == 1 # test case: drive mode manual def test_md_310_110(self, env): MDConf(env, text=""" MDRenewMode manual MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['renew-mode'] == 0 # test case: drive mode auto def test_md_310_111(self, env): MDConf(env, text=""" MDRenewMode auto MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['renew-mode'] == 1 # test case: drive mode always def test_md_310_112(self, env): MDConf(env, text=""" MDRenewMode always MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['renew-mode'] == 2 # test case: renew window - 14 days def test_md_310_113a(self, env): MDConf(env, text=""" MDRenewWindow 14d MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['renew-window'] == '14d' # test case: renew window - 10 percent def test_md_310_113b(self, env): MDConf(env, text=""" MDRenewWindow 10% MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['renew-window'] == '10%' # test case: ca challenge type - http-01 def test_md_310_114(self, env): MDConf(env, text=""" MDCAChallenges http-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['ca']['challenges'] == ['http-01'] # test case: ca challenge type - http-01 def test_md_310_115(self, env): MDConf(env, text=""" MDCAChallenges tls-alpn-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['ca']['challenges'] == ['tls-alpn-01'] # test case: ca challenge type - all def test_md_310_116(self, env): MDConf(env, text=""" MDCAChallenges http-01 tls-alpn-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['ca']['challenges'] == ['http-01', 'tls- # test case: automatically collect md names from vhost config def test_md_310_117(self, env): conf = MDConf(env, text=""" MDMember auto MDomain testdomain.org """) conf.add_vhost(port=12346, domains=[ "testdomain.org", "test.testdomain.org", "mail.testdomain.org", ], with_ssl=True) conf.install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['domains'] == \ ['testdomain.org', 'test.testdomain.org', 'mail.testdomain.org'] # add renew window to existing md def test_md_310_118(self, env): MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' MDConf(env, text=""" MDRenewWindow 14d MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' stat = env.get_md_status("testdomain.org") assert stat['renew-window'] == '14d' # test case: set RSA key length 2048 def test_md_310_119(self, env): MDConf(env, text=""" MDPrivateKeys RSA 2048 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['privkey'] == { "type": "RSA", "bits": 2048 } # test case: set RSA key length 4096 def test_md_310_120(self, env): MDConf(env, text=""" MDPrivateKeys RSA 4096 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['privkey'] == { "type": "RSA", "bits": 4096 } # test case: require HTTPS def test_md_310_121(self, env): MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDRequireHttps temporary """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['require-https'] == "temporary" # test case: require OCSP stapling def test_md_310_122(self, env): MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDMustStaple on """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['must-staple'] is True # test case: remove managed domain from config def test_md_310_200(self, env): dns_list = ["testdomain.org", "www.testdomain.org", "mail.testdomain.org"] env.a2md(["add"] + dns_list) env.check_md(dns_list, state=1) conf = MDConf(env,) conf.install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # check: md stays in store env.check_md(dns_list, state=1) # test case: remove alias DNS from managed domain def test_md_310_201(self, env): dns_list = ["testdomain.org", "test.testdomain.org", "www.testdomain.org", "mail.test env.a2md(["add"] + dns_list) env.check_md(dns_list, state=1) MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # check: DNS has been removed from md in store env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state # test case: remove primary name from managed domain def test_md_310_202(self, env): dns_list = ["name.testdomain.org", "testdomain.org", "www.testdomain.org", "mail.test env.a2md(["add"] + dns_list) env.check_md(dns_list, state=1) MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # check: md overwrite previous name and changes name env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], md="testdomain.org", state=1) # test case: remove one md, keep another def test_md_310_203(self, env): dns_list1 = ["greenbytes2.de", "www.greenbytes2.de", "mail.greenbytes2.de"] dns_list2 = ["testdomain.org", "www.testdomain.org", "mail.testdomain.org"] env.a2md(["add"] + dns_list1) env.a2md(["add"] + dns_list2) env.check_md(dns_list1, state=1) env.check_md(dns_list2, state=1) MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # all mds stay in store env.check_md(dns_list1, state=1) env.check_md(dns_list2, state=1) # test case: remove ca info from md, should switch over to new defaults def test_md_310_204(self, env): name = "testdomain.org" MDConf(env, local_ca=False, text=""" MDCertificateAuthority http://acme.test.org:4000/directory MDCertificateProtocol ACME MDCertificateAgreement http://acme.test.org:4000/terms/v1 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # setup: sync with ca info removed MDConf(env, local_ca=False, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, ca="https://acme-v02.api.letsencrypt.org/directory", protocol="ACME") # test case: remove server admin from md def test_md_310_205(self, env): name = "testdomain.org" MDConf(env, admin="admin@testdomain.org", text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # setup: sync with admin info removed MDConf(env, admin="", text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # check: md stays the same with previous admin info env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, contacts=["mailto:admin@testdomain.org"]) # test case: remove renew window from conf -> fallback to default def test_md_310_206(self, env): MDConf(env, text=""" MDRenewWindow 14d MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['renew-window'] == '14d' MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # check: renew window not set assert env.a2md(["list"]).json['output'][0]['renew-window'] == '33%' # test case: remove drive mode from conf -> fallback to default (auto) @pytest.mark.parametrize("renew_mode,exp_code", [ ("manual", 0), ("auto", 1), ("always", 2) ]) def test_md_310_207(self, env, renew_mode, exp_code): MDConf(env, text=""" MDRenewMode %s MDomain testdomain.org www.testdomain.org mail.testdomain.org """ % renew_mode).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['renew-mode'] == exp_code # MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['renew-mode'] == 1 # test case: remove challenges from conf -> fallback to default (not set) def test_md_310_208(self, env): MDConf(env, text=""" MDCAChallenges http-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['ca']['challenges'] == ['http-01'] # MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert 'challenges' not in env.a2md(["list"]).json['output'][0]['ca'] # test case: specify RSA key @pytest.mark.parametrize("key_size", ["2048", "4096"]) def test_md_310_209(self, env, key_size): MDConf(env, text=""" MDPrivateKeys RSA %s MDomain testdomain.org www.testdomain.org mail.testdomain.org """ % key_size).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['privkey']['type'] == "RSA" # MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert "privkey" not in env.a2md(["list"]).json['output'][0] # test case: require HTTPS @pytest.mark.parametrize("mode", ["temporary", "permanent"]) def test_md_310_210(self, env, mode): MDConf(env, text=""" <MDomainSet testdomain.org> MDMember www.testdomain.org mail.testdomain.org MDRequireHttps %s </MDomainSet> """ % mode).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['require-https'] == mode, \ "Unexpected HTTPS require mode in store. config: {}".format(mode) # MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert "require-https" not in env.a2md(["list"]).json['output'][0], \ "HTTPS require still persisted in store. config: {}".format(mode) # test case: require OCSP stapling def test_md_310_211(self, env): MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDMustStaple on """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['must-staple'] is True # MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['must-staple'] is False # test case: reorder DNS names in md definition def test_md_310_300(self, env): dns_list = ["testdomain.org", "mail.testdomain.org", "www.testdomain.org"] env.a2md(["add"] + dns_list) env.check_md(dns_list, state=1) MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # check: dns list changes env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state # test case: move DNS from one md to another def test_md_310_301(self, env): env.a2md(["add", "testdomain.org", "www.testdomain.org", "mail.testdomain.org", "mai env.a2md(["add", "testdomain2.org", "www.testdomain2.org"]) env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org", "mail.testdomain2.org"], state=1) env.check_md(["testdomain2.org", "www.testdomain2.org"], state=1) MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDomain testdomain2.org www.testdomain2.org mail.testdomain2.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state env.check_md(["testdomain2.org", "www.testdomain2.org", "mail.testdomain2.org"], st # test case: change ca info def test_md_310_302(self, env): name = "testdomain.org" MDConf(env, local_ca=False, text=""" MDCertificateAuthority http://acme.test.org:4000/directory MDCertificateProtocol ACME MDCertificateAgreement http://acme.test.org:4000/terms/v1 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # setup: sync with changed ca info MDConf(env, local_ca=False, admin="webmaster@testdomain.org", text=""" MDCertificateAuthority http://somewhere.com:6666/directory MDCertificateProtocol ACME MDCertificateAgreement http://somewhere.com:6666/terms/v1 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # check: md stays the same with previous ca info env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, ca="http://somewhere.com:6666/directory", protocol="ACME", agreement="http://somewhere.com:6666/terms/v1") # test case: change server admin def test_md_310_303(self, env): name = "testdomain.org" MDConf(env, admin="admin@testdomain.org", text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # setup: sync with changed admin info MDConf(env, local_ca=False, admin="webmaster@testdomain.org", text=""" MDCertificateAuthority http://somewhere.com:6666/directory MDCertificateProtocol ACME MDCertificateAgreement http://somewhere.com:6666/terms/v1 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # check: md stays the same with previous admin info env.check_md([name, "www.testdomain.org", "mail.testdomain.org"], state=1, contacts=["mailto:webmaster@testdomain.org"]) # test case: change drive mode - manual -> auto -> always def test_md_310_304(self, env): MDConf(env, text=""" MDRenewMode manual MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['renew-mode'] == 0 # test case: drive mode auto MDConf(env, text=""" MDRenewMode auto MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['renew-mode'] == 1 # test case: drive mode always MDConf(env, text=""" MDRenewMode always MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['renew-mode'] == 2 # test case: change config value for renew window, use various syntax alternatives def test_md_310_305(self, env): MDConf(env, text=""" MDRenewWindow 14d MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' md = env.a2md(["list"]).json['output'][0] assert md['renew-window'] == '14d' MDConf(env, text=""" MDRenewWindow 10 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' md = env.a2md(["list"]).json['output'][0] assert md['renew-window'] == '10d' MDConf(env, text=""" MDRenewWindow 10% MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' md = env.a2md(["list"]).json['output'][0] assert md['renew-window'] == '10%' # test case: change challenge types - http -> tls-sni -> all def test_md_310_306(self, env): MDConf(env, text=""" MDCAChallenges http-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['ca']['challenges'] == ['http-01'] # test case: drive mode auto MDConf(env, text=""" MDCAChallenges tls-alpn-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['ca']['challenges'] == ['tls-alpn-01'] # test case: drive mode always MDConf(env, text=""" MDCAChallenges http-01 tls-alpn-01 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['ca']['challenges'] == ['http-01', 'tls- # test case: RSA key length: 4096 -> 2048 -> 4096 def test_md_310_307(self, env): MDConf(env, text=""" MDPrivateKeys RSA 4096 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['privkey'] == { "type": "RSA", "bits": 4096 } MDConf(env, text=""" MDPrivateKeys RSA 2048 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['privkey'] == { "type": "RSA", "bits": 2048 } MDConf(env, text=""" MDPrivateKeys RSA 4096 MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['privkey'] == { "type": "RSA", "bits": 4096 } # test case: change HTTPS require settings on existing md def test_md_310_308(self, env): # setup: nothing set MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert "require-https" not in env.a2md(["list"]).json['output'][0] # test case: temporary redirect MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDRequireHttps temporary """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['require-https'] == "temporary" # test case: permanent redirect MDConf(env, text=""" <MDomainSet testdomain.org> MDMember www.testdomain.org mail.testdomain.org MDRequireHttps permanent </MDomainSet> """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['require-https'] == "permanent" # test case: change OCSP stapling settings on existing md def test_md_310_309(self, env): # setup: nothing set MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['must-staple'] is False # test case: OCSP stapling on MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDMustStaple on """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['must-staple'] is True # test case: OCSP stapling off MDConf(env, text=""" MDomain testdomain.org www.testdomain.org mail.testdomain.org MDMustStaple off """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'][0]['must-staple'] is False # test case: change renew window parameter @pytest.mark.parametrize("window", [ "0%", "33d", "40%" ]) def test_md_310_310(self, env, window): # non-default renewal setting domain = self.test_domain conf = MDConf(env, admin="admin@" + domain) conf.start_md([domain]) conf.add_drive_mode("manual") conf.add_renew_window(window) conf.end_md() conf.add_vhost(domains=domain) conf.install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' stat = env.get_md_status(domain) assert stat["renew-window"] == window # test case: add dns name on existing valid md def test_md_310_400(self, env): # setup: create complete md in store domain = self.test_domain name = "www." + domain assert env.a2md(["add", name, "test1." + domain]).exit_code == 0 assert env.a2md(["update", name, "contacts", "admin@" + name]).exit_code == 0 assert env.a2md(["update", name, "agreement", env.acme_tos]).exit_code == 0 MDConf(env).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # setup: drive it r = env.a2md(["-v", "drive", name]) assert r.exit_code == 0, "drive not successful: {0}".format(r.stderr) assert env.a2md(["list", name]).json['output'][0]['state'] == env.MD_S_COMPLETE # remove one domain -> status stays COMPLETE assert env.a2md(["update", name, "domains", name]).exit_code == 0 assert env.a2md(["list", name]).json['output'][0]['state'] == env.MD_S_COMPLETE # add other domain -> status INCOMPLETE assert env.a2md(["update", name, "domains", name, "test2." + domain]).exit_code == 0 assert env.a2md(["list", name]).json['output'][0]['state'] == env.MD_S_INCOMPLETE # test case: change ca info def test_md_310_401(self, env): # setup: create complete md in store domain = self.test_domain name = "www." + domain assert env.a2md(["add", name]).exit_code == 0 assert env.a2md(["update", name, "contacts", "admin@" + name]).exit_code == 0 assert env.a2md(["update", name, "agreement", env.acme_tos]).exit_code == 0 assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # setup: drive it assert env.a2md(["drive", name]).exit_code == 0 assert env.a2md(["list", name]).json['output'][0]['state'] == env.MD_S_COMPLETE # setup: change CA URL assert env.a2md(["update", name, "ca", env.acme_url]).exit_code == 0 # check: state stays COMPLETE assert env.a2md(["list", name]).json['output'][0]['state'] == env.MD_S_COMPLETE # test case: change the store dir def test_md_310_500(self, env): MDConf(env, text=""" MDStoreDir md-other MDomain testdomain.org www.testdomain.org mail.testdomain.org """).install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' assert env.a2md(["list"]).json['output'] == [] env.set_store_dir("md-other") env.check_md(["testdomain.org", "www.testdomain.org", "mail.testdomain.org"], state env.clear_store() env.set_store_dir_default() # test case: place an unexpected file into the store, check startup survival, see #218 def test_md_310_501(self, env): # setup: create complete md in store domain = self.test_domain conf = MDConf(env, admin="admin@" + domain) conf.start_md([domain]) conf.end_md() conf.add_vhost(domains=[domain]) conf.install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # add a file at top level assert env.await_completion([domain]) fpath = os.path.join(env.store_domains(), "wrong.com") with open(fpath, 'w') as fd: fd.write("this does not belong here\n") assert env.apache_restart() == 0, f'{env.apachectl_stderr}' # test case: add external account binding def test_md_310_601(self, env): domain = self.test_domain # directly set conf = MDConf(env, admin="admin@" + domain) conf.start_md([domain]) conf.add_drive_mode("manual") conf.add("MDExternalAccountBinding k123 hash123") conf.end_md() conf.add_vhost(domains=domain) conf.install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' stat = env.get_md_status(domain) assert stat["eab"] == {'kid': 'k123', 'hmac': '***'} # eab inherited conf = MDConf(env, admin="admin@" + domain) conf.add("MDExternalAccountBinding k456 hash456") conf.start_md([domain]) conf.add_drive_mode("manual") conf.end_md() conf.add_vhost(domains=domain) conf.install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' stat = env.get_md_status(domain) assert stat["eab"] == {'kid': 'k456', 'hmac': '***'} # override eab inherited conf = MDConf(env, admin="admin@" + domain) conf.add("MDExternalAccountBinding k456 hash456") conf.start_md([domain]) conf.add_drive_mode("manual") conf.add("MDExternalAccountBinding none") conf.end_md() conf.add_vhost(domains=domain) conf.install() assert env.apache_restart() == 0, f'{env.apachectl_stderr}' stat = env.get_md_status(domain) assert "eab" not in stat
¤ Dauer der Verarbeitung: 0.14 Sekunden (vorverarbeitet) ¤*© Formatika GbR, Deutschland |
|
||||||||||||||
2026-04-02