Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

import unittest, sys, os, subprocess, time, configparser 

from io import StringIO 

import dns.version 

import acme_dns_tiny 

from tests.config_factory import generate_acme_dns_tiny_config 

from tools.acme_account_deactivate import account_deactivate 

 

ACMEDirectory = os.getenv("GITLABCI_ACMEDIRECTORY_V2", "https://acme-staging-v02.api.letsencrypt.org/directory") 

 

class TestACMEDNSTiny(unittest.TestCase): 

"Tests for acme_dns_tiny.get_crt()" 

 

@classmethod 

def setUpClass(self): 

print("Init acme_dns_tiny with python modules:") 

print(" - python: {0}".format(sys.version)) 

print(" - dns python: {0}".format(dns.version.version)) 

self.configs = generate_acme_dns_tiny_config() 

sys.stdout.flush() 

super(TestACMEDNSTiny, self).setUpClass() 

 

# To clean ACME staging server and close correctly temporary files 

@classmethod 

def tearDownClass(self): 

# close temp files correctly 

for conffile in self.configs: 

parser = configparser.ConfigParser() 

parser.read(conffile) 

try: 

os.remove(parser["acmednstiny"]["AccountKeyFile"]) 

os.remove(parser["acmednstiny"]["CSRFile"]) 

# for each configuraiton, deactivate the account key 

if conffile != "cnameCSR": 

account_deactivate(parser["acmednstiny"]["AccountKeyFile"], ACMEDirectory) 

os.remove(conffile) 

except: 

pass 

super(TestACMEDNSTiny, self).tearDownClass() 

 

# helper function to run openssl command 

def openssl(self, command, options, communicate=None): 

openssl = subprocess.Popen(["openssl", command] + options, 

stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) 

out, err = openssl.communicate(communicate) 

if openssl.returncode != 0: 

raise IOError("OpenSSL Error: {0}".format(err)) 

return out.decode("utf8") 

 

# helper function to valid success by making assertion on returned certificate chain 

def assertCertificateChain(self, certificateChain): 

# Output have to contains two certiicates 

certlist = certificateChain.split("-----BEGIN CERTIFICATE-----") 

self.assertEqual(3, len(certlist)) 

self.assertEqual('', certlist[0]) 

self.assertIn("-----END CERTIFICATE-----{0}".format(os.linesep), certlist[1]) 

self.assertIn("-----END CERTIFICATE-----{0}".format(os.linesep), certlist[2]) 

# Use openssl to check validity of chain and simple test of readability 

readablecertchain = self.openssl("x509", ["-text", "-noout"], certificateChain.encode("utf8")) 

self.assertIn("Issuer", readablecertchain) 

 

def test_success_cn(self): 

""" Successfully issue a certificate via common name """ 

old_stdout = sys.stdout 

sys.stdout = StringIO() 

 

acme_dns_tiny.main([self.configs['goodCName'], "--verbose"]) 

certchain = sys.stdout.getvalue() 

 

sys.stdout.close() 

sys.stdout = old_stdout 

 

self.assertCertificateChain(certchain) 

 

def test_success_cn_with_csr_option(self): 

""" Successfully issue a certificate using CSR option outside from the config file""" 

old_stdout = sys.stdout 

sys.stdout = StringIO() 

 

acme_dns_tiny.main(["--csr", self.configs['cnameCSR'], self.configs['goodCNameWithoutCSR'], "--verbose"]) 

certchain = sys.stdout.getvalue() 

 

sys.stdout.close() 

sys.stdout = old_stdout 

 

self.assertCertificateChain(certchain) 

 

def test_success_wild_cn(self): 

""" Successfully issue a certificate via a wildcard common name """ 

old_stdout = sys.stdout 

sys.stdout = StringIO() 

 

acme_dns_tiny.main([self.configs['wildCName'], "--verbose"]) 

certchain = sys.stdout.getvalue() 

 

sys.stdout.close() 

sys.stdout = old_stdout 

 

self.assertCertificateChain(certchain) 

 

def test_success_dnshost_ip(self): 

""" When DNS Host is an IP, DNS resolution have to fail without error """ 

old_stdout = sys.stdout 

sys.stdout = StringIO() 

 

with self.assertLogs(level='INFO') as adnslog: 

acme_dns_tiny.main([self.configs['dnsHostIP'], "--verbose"]) 

self.assertIn("INFO:acme_dns_tiny:A and/or AAAA DNS resources not found for configured dns host: we will use either resource found if one exists or directly the DNS Host configuration.", 

adnslog.output) 

certchain = sys.stdout.getvalue() 

 

sys.stdout.close() 

sys.stdout = old_stdout 

 

self.assertCertificateChain(certchain) 

 

def test_success_san(self): 

""" Successfully issue a certificate via subject alt name """ 

old_stdout = sys.stdout 

sys.stdout = StringIO() 

 

acme_dns_tiny.main([self.configs['goodSAN'], "--verbose"]) 

certchain = sys.stdout.getvalue() 

 

sys.stdout.close() 

sys.stdout = old_stdout 

 

self.assertCertificateChain(certchain) 

 

def test_success_wildsan(self): 

""" Successfully issue a certificate via wildcard in subject alt name """ 

old_stdout = sys.stdout 

sys.stdout = StringIO() 

 

acme_dns_tiny.main([self.configs['wildSAN']]) 

certchain = sys.stdout.getvalue() 

 

sys.stdout.close() 

sys.stdout = old_stdout 

 

self.assertCertificateChain(certchain) 

 

def test_success_cli(self): 

""" Successfully issue a certificate via command line interface """ 

certout, err = subprocess.Popen([ 

"python3", "acme_dns_tiny.py", self.configs['goodCName'], "--verbose" 

], stdout=subprocess.PIPE, stderr=subprocess.PIPE).communicate() 

 

certchain = certout.decode("utf8") 

 

self.assertCertificateChain(certchain) 

 

def test_success_cli_with_csr_option(self): 

""" Successfully issue a certificate via command line interface using CSR option""" 

certout, err = subprocess.Popen([ 

"python3", "acme_dns_tiny.py", "--csr", self.configs['cnameCSR'], self.configs['goodCNameWithoutCSR'], "--verbose" 

], stdout=subprocess.PIPE, stderr=subprocess.PIPE).communicate() 

 

certchain = certout.decode("utf8") 

 

self.assertCertificateChain(certchain) 

 

def test_weak_key(self): 

""" Let's Encrypt rejects weak keys """ 

self.assertRaisesRegex(ValueError, 

"key too small", 

acme_dns_tiny.main, [self.configs['weakKey'], "--verbose"]) 

 

def test_account_key_domain(self): 

""" Can't use the account key for the CSR """ 

self.assertRaisesRegex(ValueError, 

"certificate public key must be different than account key", 

acme_dns_tiny.main, [self.configs['accountAsDomain'], "--verbose"]) 

 

def test_failure_dns_update_tsigkeyname(self): 

""" Fail to update DNS records by invalid TSIG Key name """ 

self.assertRaisesRegex(ValueError, 

"Error updating DNS", 

acme_dns_tiny.main, [self.configs['invalidTSIGName'], "--verbose"]) 

 

def test_failure_notcompleted_configuration(self): 

""" Configuration file have to be completed """ 

self.assertRaisesRegex(ValueError, 

"Some required settings are missing\.", 

acme_dns_tiny.main, [self.configs['missingDNS'], "--verbose"]) 

 

if __name__ == "__main__": 

unittest.main()