133 lines
5.4 KiB
Python
133 lines
5.4 KiB
Python
# test mod_md ACMEv2 registrations
|
|
|
|
import re
|
|
import json
|
|
import pytest
|
|
|
|
from .md_conf import MDConf
|
|
from .md_env import MDTestEnv
|
|
|
|
|
|
@pytest.mark.skipif(condition=not MDTestEnv.has_a2md(), reason="no a2md available")
|
|
@pytest.mark.skipif(condition=not MDTestEnv.has_acme_server(),
|
|
reason="no ACME test server configured")
|
|
class TestAcmeAcc:
|
|
|
|
@pytest.fixture(autouse=True, scope='class')
|
|
def _class_scope(self, env, acme):
|
|
acme.start(config='default')
|
|
env.check_acme()
|
|
env.APACHE_CONF_SRC = "data/test_drive"
|
|
MDConf(env).install()
|
|
assert env.apache_restart() == 0
|
|
|
|
@pytest.fixture(autouse=True, scope='function')
|
|
def _method_scope(self, env):
|
|
env.check_acme()
|
|
env.clear_store()
|
|
|
|
# test case: register a new account, vary length to check base64 encoding
|
|
@pytest.mark.parametrize("contact", [
|
|
"x@not-forbidden.org", "xx@not-forbidden.org", "xxx@not-forbidden.org"
|
|
])
|
|
def test_md_202_000(self, env, contact):
|
|
r = env.a2md(["-t", "accepted", "acme", "newreg", contact], raw=True)
|
|
assert r.exit_code == 0, r
|
|
m = re.match("registered: (.*)$", r.stdout)
|
|
assert m, "did not match: {0}".format(r.stdout)
|
|
acct = m.group(1)
|
|
print("newreg: %s" % m.group(1))
|
|
self._check_account(env, acct, ["mailto:" + contact])
|
|
|
|
# test case: register a new account without accepting ToS, must fail
|
|
def test_md_202_000b(self, env):
|
|
r = env.a2md(["acme", "newreg", "x@not-forbidden.org"], raw=True)
|
|
assert r.exit_code == 1
|
|
m = re.match(".*must agree to terms of service.*", r.stderr)
|
|
if m is None:
|
|
# the pebble variant
|
|
m = re.match(".*account did not agree to the terms of service.*", r.stderr)
|
|
assert m, "did not match: {0}".format(r.stderr)
|
|
|
|
# test case: respect 'mailto:' prefix in contact url
|
|
def test_md_202_001(self, env):
|
|
contact = "mailto:xx@not-forbidden.org"
|
|
r = env.a2md(["-t", "accepted", "acme", "newreg", contact], raw=True)
|
|
assert r.exit_code == 0
|
|
m = re.match("registered: (.*)$", r.stdout)
|
|
assert m
|
|
acct = m.group(1)
|
|
self._check_account(env, acct, [contact])
|
|
|
|
# test case: fail on invalid contact url
|
|
@pytest.mark.parametrize("invalid_contact", [
|
|
"mehlto:xxx@not-forbidden.org", "no.at.char", "with blank@test.com",
|
|
"missing.host@", "@missing.localpart.de",
|
|
"double..dot@test.com", "double@at@test.com"
|
|
])
|
|
def test_md_202_002(self, env, invalid_contact):
|
|
assert env.a2md(["acme", "newreg", invalid_contact]).exit_code == 1
|
|
|
|
# test case: use contact list
|
|
def test_md_202_003(self, env):
|
|
contact = ["xx@not-forbidden.org", "aa@not-forbidden.org"]
|
|
r = env.a2md(["-t", "accepted", "acme", "newreg"] + contact, raw=True)
|
|
assert r.exit_code == 0
|
|
m = re.match("registered: (.*)$", r.stdout)
|
|
assert m
|
|
acct = m.group(1)
|
|
self._check_account(env, acct, ["mailto:" + contact[0], "mailto:" + contact[1]])
|
|
|
|
# test case: validate new account
|
|
def test_md_202_100(self, env):
|
|
acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
|
|
assert env.a2md(["acme", "validate", acct]).exit_code == 0
|
|
|
|
# test case: fail on non-existing account
|
|
def test_md_202_101(self, env):
|
|
assert env.a2md(["acme", "validate", "ACME-localhost-1000"]).exit_code == 1
|
|
|
|
# test case: report fail on request signing problem
|
|
def test_md_202_102(self, env):
|
|
acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
|
|
with open(env.path_account(acct)) as f:
|
|
acctj = json.load(f)
|
|
acctj['url'] = acctj['url'] + "0"
|
|
open(env.path_account(acct), "w").write(json.dumps(acctj))
|
|
assert env.a2md(["acme", "validate", acct]).exit_code == 1
|
|
|
|
# test case: register and try delete an account, will fail without persistence
|
|
def test_md_202_200(self, env):
|
|
acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
|
|
assert env.a2md(["delreg", acct]).exit_code == 1
|
|
|
|
# test case: register and try delete an account with persistence
|
|
def test_md_202_201(self, env):
|
|
acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
|
|
assert env.a2md(["acme", "delreg", acct]).exit_code == 0
|
|
# check that store is clean
|
|
r = env.run(["find", env.store_dir])
|
|
assert re.match(env.store_dir, r.stdout)
|
|
|
|
# test case: delete a persisted account without specifying url
|
|
def test_md_202_202(self, env):
|
|
acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
|
|
assert env.run([env.a2md_bin, "-d", env.store_dir, "acme", "delreg", acct]).exit_code == 0
|
|
|
|
# test case: delete, then validate an account
|
|
def test_md_202_203(self, env):
|
|
acct = self._prepare_account(env, ["test014@not-forbidden.org"])
|
|
assert env.a2md(["acme", "delreg", acct]).exit_code == 0
|
|
# validate on deleted account fails
|
|
assert env.a2md(["acme", "validate", acct]).exit_code == 1
|
|
|
|
def _check_account(self, env, acct, contact):
|
|
with open(env.path_account(acct)) as f:
|
|
acctj = json.load(f)
|
|
assert acctj['registration']['contact'] == contact
|
|
|
|
def _prepare_account(self, env, contact):
|
|
r = env.a2md(["-t", "accepted", "acme", "newreg"] + contact, raw=True)
|
|
assert r.exit_code == 0
|
|
return re.match("registered: (.*)$", r.stdout).group(1)
|