test/modules/md/test_202_acmev2_regs.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132

# test mod_md ACMEv2 registrations

import re
import json
import pytest

from .md_conf import MDConf
from .md_env import MDTestEnv


@pytest.mark.skipif(condition=not MDTestEnv.has_a2md(), reason="no a2md available")
@pytest.mark.skipif(condition=not MDTestEnv.has_acme_server(),
                    reason="no ACME test server configured")
class TestAcmeAcc:

    @pytest.fixture(autouse=True, scope='class')
    def _class_scope(self, env, acme):
        acme.start(config='default')
        env.check_acme()
        env.APACHE_CONF_SRC = "data/test_drive"
        MDConf(env).install()
        assert env.apache_restart() == 0

    @pytest.fixture(autouse=True, scope='function')
    def _method_scope(self, env):
        env.check_acme()
        env.clear_store()

    # test case: register a new account, vary length to check base64 encoding
    @pytest.mark.parametrize("contact", [
        "x@not-forbidden.org", "xx@not-forbidden.org", "xxx@not-forbidden.org"
    ])
    def test_md_202_000(self, env, contact):
        r = env.a2md(["-t", "accepted", "acme", "newreg", contact], raw=True)
        assert r.exit_code == 0, r
        m = re.match("registered: (.*)$", r.stdout)
        assert m, "did not match: {0}".format(r.stdout)
        acct = m.group(1)
        print("newreg: %s" % m.group(1))
        self._check_account(env, acct, ["mailto:" + contact])

    # test case: register a new account without accepting ToS, must fail
    def test_md_202_000b(self, env):
        r = env.a2md(["acme", "newreg", "x@not-forbidden.org"], raw=True)
        assert r.exit_code == 1
        m = re.match(".*must agree to terms of service.*", r.stderr)
        if m is None:
            # the pebble variant
            m = re.match(".*account did not agree to the terms of service.*", r.stderr)
        assert m, "did not match: {0}".format(r.stderr)

    # test case: respect 'mailto:' prefix in contact url
    def test_md_202_001(self, env):
        contact = "mailto:xx@not-forbidden.org"
        r = env.a2md(["-t", "accepted", "acme", "newreg", contact], raw=True)
        assert r.exit_code == 0
        m = re.match("registered: (.*)$", r.stdout)
        assert m
        acct = m.group(1)
        self._check_account(env, acct, [contact])

    # test case: fail on invalid contact url
    @pytest.mark.parametrize("invalid_contact", [
        "mehlto:xxx@not-forbidden.org", "no.at.char", "with blank@test.com",
        "missing.host@", "@missing.localpart.de",
        "double..dot@test.com", "double@at@test.com"
    ])
    def test_md_202_002(self, env, invalid_contact):
        assert env.a2md(["acme", "newreg", invalid_contact]).exit_code == 1

    # test case: use contact list
    def test_md_202_003(self, env):
        contact = ["xx@not-forbidden.org", "aa@not-forbidden.org"]
        r = env.a2md(["-t", "accepted", "acme", "newreg"] + contact, raw=True)
        assert r.exit_code == 0
        m = re.match("registered: (.*)$", r.stdout)
        assert m
        acct = m.group(1)
        self._check_account(env, acct, ["mailto:" + contact[0], "mailto:" + contact[1]])

    # test case: validate new account
    def test_md_202_100(self, env):
        acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
        assert env.a2md(["acme", "validate", acct]).exit_code == 0

    # test case: fail on non-existing account
    def test_md_202_101(self, env):
        assert env.a2md(["acme", "validate", "ACME-localhost-1000"]).exit_code == 1

    # test case: report fail on request signing problem
    def test_md_202_102(self, env):
        acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
        with open(env.path_account(acct)) as f:
            acctj = json.load(f)
        acctj['url'] = acctj['url'] + "0"
        open(env.path_account(acct), "w").write(json.dumps(acctj))
        assert env.a2md(["acme", "validate", acct]).exit_code == 1

    # test case: register and try delete an account, will fail without persistence
    def test_md_202_200(self, env):
        acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
        assert env.a2md(["delreg", acct]).exit_code == 1

    # test case: register and try delete an account with persistence
    def test_md_202_201(self, env):
        acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
        assert env.a2md(["acme", "delreg", acct]).exit_code == 0
        # check that store is clean
        r = env.run(["find", env.store_dir])
        assert re.match(env.store_dir, r.stdout)

    # test case: delete a persisted account without specifying url
    def test_md_202_202(self, env):
        acct = self._prepare_account(env, ["tmp@not-forbidden.org"])
        assert env.run([env.a2md_bin, "-d", env.store_dir, "acme", "delreg", acct]).exit_code == 0

    # test case: delete, then validate an account
    def test_md_202_203(self, env):
        acct = self._prepare_account(env, ["test014@not-forbidden.org"])
        assert env.a2md(["acme", "delreg", acct]).exit_code == 0
        # validate on deleted account fails
        assert env.a2md(["acme", "validate", acct]).exit_code == 1

    def _check_account(self, env, acct, contact):
        with open(env.path_account(acct)) as f:
            acctj = json.load(f)
        assert acctj['registration']['contact'] == contact

    def _prepare_account(self, env, contact):
        r = env.a2md(["-t", "accepted", "acme", "newreg"] + contact, raw=True)
        assert r.exit_code == 0
        return re.match("registered: (.*)$", r.stdout).group(1)