1 files changed, 132 insertions, 0 deletions

diff --git a/test/modules/md/test_202_acmev2_regs.py b/test/modules/md/test_202_acmev2_regs.py
new file mode 100644
index 0000000..97f093e
--- /dev/null
+++ b/test/modules/md/test_202_acmev2_regs.py
@@ -0,0 +1,132 @@
+# test mod_md ACMEv2 registrations
+
+import re
+import json
+import pytest
+
+from .md_conf import MDConf
+from .md_env import MDTestEnv
+
+
+@pytest.mark.skipif(condition=not MDTestEnv.has_a2md(), reason="no a2md available")
+@pytest.mark.skipif(condition=not MDTestEnv.has_acme_server(),
+                    reason="no ACME test server configured")
+class TestAcmeAcc:
+
+    @pytest.fixture(autouse=True, scope='class')
+    def _class_scope(self, env, acme):
+        acme.start(config='default')
+        env.check_acme()
+        env.APACHE_CONF_SRC = "data/test_drive"
+        MDConf(env).install()
+        assert env.apache_restart() == 0
+
+    @pytest.fixture(autouse=True, scope='function')
+    def _method_scope(self, env):
+        env.check_acme()
+        env.clear_store()
+
+    # test case: register a new account, vary length to check base64 encoding
+    @pytest.mark.parametrize("contact", [
+        "x@not-forbidden.org", "xx@not-forbidden.org", "xxx@not-forbidden.org"
+    ])
+    def test_md_202_000(self, env, contact):
+        r = env.a2md(["-t", "accepted", "acme", "newreg", contact], raw=True)
+        assert r.exit_code == 0, r
+        m = re.match("registered: (.*)$", r.stdout)
+        assert m, "did not match: {0}".format(r.stdout)
+        acct = m.group(1)
+        print("newreg: %s" % m.group(1))
+        self._check_account(env, acct, ["mailto:" + contact])
+
+    # test case: register a new account without accepting ToS, must fail
+    def test_md_202_000b(self, env):
+        r = env.a2md(["acme", "newreg", "x@not-forbidden.org"], raw=True)
+        assert r.exit_code == 1
+        m = re.match(".*must agree to terms of service.*", r.stderr)
+        if m is None:
+            # the pebble variant
+            m = re.match(".*account did not agree to the terms of service.*", r.stderr)
+        assert m, "did not match: {0}".format(r.stderr)
+
+    # test case: respect 'mailto:' prefix in contact url
+    def test_md_202_001(self, env):
+        contact = "mailto:xx@not-forbidden.org"
+        r = env.a2md(["-t", "accepted", "acme", "newreg", contact], raw=True)
+        assert r.exit_code == 0
+        m = re.match("registered: (.*)$", r.stdout)
+        assert m
+        acct = m.group(1)
+        self._check_account(env, acct, [contact])
+
+    # test case: fail on invalid contact url
+    @pytest.mark.parametrize("invalid_contact", [
+        "mehlto:xxx@not-forbidden.org", "no.at.char", "with blank@test.com",
+        "missing.host@", "@missing.localpart.de",
+        "double..dot@test.com", "double@at@test.com"
+    ])
+    def test_md_202_002(self, env, invalid_contact):
+        assert env.a2md(["acme", "newreg", invalid_contact]).exit_code == 1
+
+    # test case: use contact list
+    def test_md_202_003(self, env):
+        contact = ["xx@not-forbidden.org", "aa@not-forbidden.org"]
+        r = env.a2md(["-t", "accepted", "acme", "newreg"] + contact, raw=True)
+        assert r.exit_code == 0
+        m = re.match("registered: (.*)$", r.stdout)
+        assert m
+        acct = m.group(1)
+        self._check_account(env, acct, ["mailto:" + contact[0], "mailto:" + contact[1]])
+
+    # test case: validate new account
+    def test_md_202_100(self, env):
+        acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
+        assert env.a2md(["acme", "validate", acct]).exit_code == 0
+
+    # test case: fail on non-existing account
+    def test_md_202_101(self, env):
+        assert env.a2md(["acme", "validate", "ACME-localhost-1000"]).exit_code == 1
+
+    # test case: report fail on request signing problem
+    def test_md_202_102(self, env):
+        acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
+        with open(env.path_account(acct)) as f:
+            acctj = json.load(f)
+        acctj['url'] = acctj['url'] + "0"
+        open(env.path_account(acct), "w").write(json.dumps(acctj))
+        assert env.a2md(["acme", "validate", acct]).exit_code == 1
+
+    # test case: register and try delete an account, will fail without persistence
+    def test_md_202_200(self, env):
+        acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
+        assert env.a2md(["delreg", acct]).exit_code == 1
+
+    # test case: register and try delete an account with persistence
+    def test_md_202_201(self, env):
+        acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
+        assert env.a2md(["acme", "delreg", acct]).exit_code == 0
+        # check that store is clean
+        r = env.run(["find", env.store_dir])
+        assert re.match(env.store_dir, r.stdout)
+
+    # test case: delete a persisted account without specifying url
+    def test_md_202_202(self, env):
+        acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
+        assert env.run([env.a2md_bin, "-d", env.store_dir, "acme", "delreg", acct]).exit_code == 0
+
+    # test case: delete, then validate an account
+    def test_md_202_203(self, env):
+        acct = self._prepare_account(env, ["test014@not-forbidden.org"])
+        assert env.a2md(["acme", "delreg", acct]).exit_code == 0
+        # validate on deleted account fails
+        assert env.a2md(["acme", "validate", acct]).exit_code == 1
+
+    def _check_account(self, env, acct, contact):
+        with open(env.path_account(acct)) as f:
+            acctj = json.load(f)
+        assert acctj['registration']['contact'] == contact
+
+    def _prepare_account(self, env, contact):
+        r = env.a2md(["-t", "accepted", "acme", "newreg"] + contact, raw=True)
+        assert r.exit_code == 0
+        return re.match("registered: (.*)$", r.stdout).group(1)