mirror of
https://github.com/certbot/certbot.git
synced 2026-01-27 19:42:53 +03:00
ad76de2502
Currently supports only Apache >=2.3.3.
letsencrypt --staple-ocsp -d dumpbits.com [no problem to set it on for apache => 2.3.3]
To check OCSP Stapling:
[~]$ echo QUIT | openssl s_client -connect dumpbits.com:443 -status 2>/dev/null | grep -A 31 'OCSP Resp'
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
Produced At: Mar 26 17:54:00 2016 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: 7EE66AE7729AB3FCF8A220646C16A12D6071085D
Issuer Key Hash: A84A6A63047DDDBAE6D139B7A64565EFF3A8ECA1
Serial Number: 032A2108AAA650E6EE2E6B041C03C2612A19
Cert Status: good
This Update: Mar 26 17:00:00 2016 GMT
Next Update: Apr 2 17:00:00 2016 GMT
Signature Algorithm: sha256WithRSAEncryption
64:f2:71:02:6a:97:d9:eb:13:c1:5c:7a:f5:eb:26:89:3b:40:
e3:08:82:f7:71:d4:fa:61:4a:8e:4a:7d:e9:53:84:e9:3a:89:
67:66:08:d9:0e:79:65:9a:8d:dc:fb:07:cc:93:4f:eb:4e:3c:
cc:7f:cd:fd:db:8f:c3:25:c3:54:87:a9:9c:35:6f:c1:39:31:
e0:b1:f6:b1:3d:52:5d:db:bb:69:0f:23:05:fe:33:29:1f:ff:
c6:af:17:a5:98:58:50:3a:48:93:5c:09:4b:f3:91:36:48:31:
ed:ee:47:4d:66:c3:25:cf:56:b7:f4:48:80:eb:b8:f0:27:b1:
97:18:b4:88:71:c6:55:5d:bb:25:16:48:98:85:8a:12:8d:64:
bf:51:df:39:b1:44:91:e1:f2:c6:c3:7d:23:2b:d2:0f:4c:7f:
57:b1:c9:ae:ec:32:b5:6a:87:bd:83:43:f1:f7:3c:8c:11:5c:
9d:a5:12:fa:e6:79:87:45:c6:1d:46:c8:14:1e:8d:d1:de:7a:
0d:e4:53:f2:c9:b6:e5:6e:cb:91:14:bb:04:38:36:4f:71:55:
e1:ff:71:c7:a6:31:ed:db:6c:0f:d7:f5:ef:0c:6e:08:6b:e0:
37:cf:ca:a5:67:89:c2:de:8e:36:6d:2f:41:7f:9f:10:c6🇩🇪
4d:b1:2d:09
======================================
168 lines
6.8 KiB
Python
168 lines
6.8 KiB
Python
"""Common utilities for certbot_apache."""
|
|
import os
|
|
import sys
|
|
import unittest
|
|
|
|
import augeas
|
|
import mock
|
|
import zope.component
|
|
|
|
from acme import jose
|
|
|
|
from certbot.display import util as display_util
|
|
|
|
from certbot.plugins import common
|
|
|
|
from certbot.tests import test_util
|
|
|
|
from certbot_apache import configurator
|
|
from certbot_apache import constants
|
|
from certbot_apache import obj
|
|
|
|
|
|
class ApacheTest(unittest.TestCase): # pylint: disable=too-few-public-methods
|
|
|
|
def setUp(self, test_dir="debian_apache_2_4/multiple_vhosts",
|
|
config_root="debian_apache_2_4/multiple_vhosts/apache2",
|
|
vhost_root="debian_apache_2_4/multiple_vhosts/apache2/sites-available"):
|
|
# pylint: disable=arguments-differ
|
|
super(ApacheTest, self).setUp()
|
|
|
|
self.temp_dir, self.config_dir, self.work_dir = common.dir_setup(
|
|
test_dir=test_dir,
|
|
pkg="certbot_apache.tests")
|
|
|
|
self.ssl_options = common.setup_ssl_options(
|
|
self.config_dir, constants.os_constant("MOD_SSL_CONF_SRC"),
|
|
constants.MOD_SSL_CONF_DEST)
|
|
|
|
self.config_path = os.path.join(self.temp_dir, config_root)
|
|
self.vhost_path = os.path.join(self.temp_dir, vhost_root)
|
|
|
|
self.rsa512jwk = jose.JWKRSA.load(test_util.load_vector(
|
|
"rsa512_key.pem"))
|
|
|
|
# Make sure all vhosts in sites-enabled are symlinks (Python packaging
|
|
# does not preserve symlinks)
|
|
sites_enabled = os.path.join(self.config_path, "sites-enabled")
|
|
if not os.path.exists(sites_enabled):
|
|
return
|
|
|
|
for vhost_basename in os.listdir(sites_enabled):
|
|
vhost = os.path.join(sites_enabled, vhost_basename)
|
|
if not os.path.islink(vhost): # pragma: no cover
|
|
os.remove(vhost)
|
|
target = os.path.join(
|
|
os.path.pardir, "sites-available", vhost_basename)
|
|
os.symlink(target, vhost)
|
|
|
|
|
|
class ParserTest(ApacheTest): # pytlint: disable=too-few-public-methods
|
|
|
|
def setUp(self, test_dir="debian_apache_2_4/multiple_vhosts",
|
|
config_root="debian_apache_2_4/multiple_vhosts/apache2",
|
|
vhost_root="debian_apache_2_4/multiple_vhosts/apache2/sites-available"):
|
|
super(ParserTest, self).setUp(test_dir, config_root, vhost_root)
|
|
|
|
zope.component.provideUtility(display_util.FileDisplay(sys.stdout))
|
|
|
|
from certbot_apache.parser import ApacheParser
|
|
self.aug = augeas.Augeas(
|
|
flags=augeas.Augeas.NONE | augeas.Augeas.NO_MODL_AUTOLOAD)
|
|
with mock.patch("certbot_apache.parser.ApacheParser."
|
|
"update_runtime_variables"):
|
|
self.parser = ApacheParser(
|
|
self.aug, self.config_path, self.vhost_path)
|
|
|
|
|
|
def get_apache_configurator(
|
|
config_path, vhost_path,
|
|
config_dir, work_dir, version=(2, 4, 7), conf=None):
|
|
"""Create an Apache Configurator with the specified options.
|
|
|
|
:param conf: Function that returns binary paths. self.conf in Configurator
|
|
|
|
"""
|
|
backups = os.path.join(work_dir, "backups")
|
|
mock_le_config = mock.MagicMock(
|
|
apache_server_root=config_path,
|
|
apache_vhost_root=vhost_path,
|
|
apache_le_vhost_ext=constants.os_constant("le_vhost_ext"),
|
|
apache_challenge_location=config_path,
|
|
backup_dir=backups,
|
|
config_dir=config_dir,
|
|
temp_checkpoint_dir=os.path.join(work_dir, "temp_checkpoints"),
|
|
in_progress_dir=os.path.join(backups, "IN_PROGRESS"),
|
|
work_dir=work_dir)
|
|
|
|
with mock.patch("certbot_apache.configurator.le_util.run_script"):
|
|
with mock.patch("certbot_apache.configurator.le_util."
|
|
"exe_exists") as mock_exe_exists:
|
|
mock_exe_exists.return_value = True
|
|
with mock.patch("certbot_apache.parser.ApacheParser."
|
|
"update_runtime_variables"):
|
|
config = configurator.ApacheConfigurator(
|
|
config=mock_le_config,
|
|
name="apache",
|
|
version=version)
|
|
# This allows testing scripts to set it a bit more quickly
|
|
if conf is not None:
|
|
config.conf = conf # pragma: no cover
|
|
|
|
config.prepare()
|
|
|
|
return config
|
|
|
|
|
|
def get_vh_truth(temp_dir, config_name):
|
|
"""Return the ground truth for the specified directory."""
|
|
if config_name == "debian_apache_2_4/multiple_vhosts":
|
|
prefix = os.path.join(
|
|
temp_dir, config_name, "apache2/sites-available")
|
|
aug_pre = "/files" + prefix
|
|
vh_truth = [
|
|
obj.VirtualHost(
|
|
os.path.join(prefix, "encryption-example.conf"),
|
|
os.path.join(aug_pre, "encryption-example.conf/VirtualHost"),
|
|
set([obj.Addr.fromstring("*:80")]),
|
|
False, True, "encryption-example.demo"),
|
|
obj.VirtualHost(
|
|
os.path.join(prefix, "default-ssl.conf"),
|
|
os.path.join(aug_pre, "default-ssl.conf/IfModule/VirtualHost"),
|
|
set([obj.Addr.fromstring("_default_:443")]), True, False),
|
|
obj.VirtualHost(
|
|
os.path.join(prefix, "000-default.conf"),
|
|
os.path.join(aug_pre, "000-default.conf/VirtualHost"),
|
|
set([obj.Addr.fromstring("*:80"),
|
|
obj.Addr.fromstring("[::]:80")]),
|
|
False, True, "ip-172-30-0-17"),
|
|
obj.VirtualHost(
|
|
os.path.join(prefix, "certbot.conf"),
|
|
os.path.join(aug_pre, "certbot.conf/VirtualHost"),
|
|
set([obj.Addr.fromstring("*:80")]), False, True,
|
|
"certbot.demo"),
|
|
obj.VirtualHost(
|
|
os.path.join(prefix, "mod_macro-example.conf"),
|
|
os.path.join(aug_pre,
|
|
"mod_macro-example.conf/Macro/VirtualHost"),
|
|
set([obj.Addr.fromstring("*:80")]), False, True,
|
|
modmacro=True),
|
|
obj.VirtualHost(
|
|
os.path.join(prefix, "default-ssl-port-only.conf"),
|
|
os.path.join(aug_pre, ("default-ssl-port-only.conf/"
|
|
"IfModule/VirtualHost")),
|
|
set([obj.Addr.fromstring("_default_:443")]), True, False),
|
|
obj.VirtualHost(
|
|
os.path.join(prefix, "wildcard.conf"),
|
|
os.path.join(aug_pre, "wildcard.conf/VirtualHost"),
|
|
set([obj.Addr.fromstring("*:80")]), False, False,
|
|
"ip-172-30-0-17", aliases=["*.blue.purple.com"]),
|
|
obj.VirtualHost(
|
|
os.path.join(prefix, "ocsp-ssl.conf"),
|
|
os.path.join(aug_pre, "ocsp-ssl.conf/IfModule/VirtualHost"),
|
|
set([obj.Addr.fromstring("10.2.3.4:443")]), True, True,
|
|
"ocspvhost.com")]
|
|
return vh_truth
|
|
|
|
return None # pragma: no cover
|