Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
A
acme-dns-tiny
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
1
Issues
1
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Adrien Dorsaz
acme-dns-tiny
Commits
da5845ac
Commit
da5845ac
authored
Oct 28, 2018
by
Adrien Dorsaz
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
config_factory: rewrite to create for each test different config with different keys
parent
1d0d558b
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
88 additions
and
59 deletions
+88
-59
tests/config_factory.py
tests/config_factory.py
+88
-59
No files found.
tests/config_factory.py
View file @
da5845ac
...
...
@@ -46,99 +46,120 @@ def generate_config():
parser
[
"DNS"
][
"Zone"
]
=
DNSZONE
parser
[
"DNS"
][
"TTL"
]
=
DNSTTL
config
=
NamedTemporaryFile
(
delete
=
False
)
with
open
(
config
.
name
,
'w'
)
as
configfile
:
parser
.
write
(
configfile
)
return
account_key
.
name
,
domain_key
.
name
,
domain_csr
.
name
,
config
.
name
return
account_key
.
name
,
domain_key
.
name
,
domain_csr
.
name
,
parser
# generate account and domain keys
def
generate_acme_dns_tiny_config
():
# Simple good configuration
account_key
,
domain_key
,
domain_csr
,
goodCName
=
generate_config
();
# CSR for good configuration with wildcard domain
wilddomain_csr
=
NamedTemporaryFile
(
delete
=
False
)
Popen
([
"openssl"
,
"req"
,
"-newkey"
,
"rsa:2048"
,
"-nodes"
,
"-keyout"
,
domain_key
,
"-subj"
,
"/CN=*.{0}"
.
format
(
DOMAIN
),
"-out"
,
wilddomain_csr
.
name
]).
wait
()
# weak 1024 bit account key
weak_key
=
NamedTemporaryFile
(
delete
=
False
)
Popen
([
"openssl"
,
"genrsa"
,
"-out"
,
weak_key
.
name
,
"1024"
]).
wait
()
# Simple configuration with good options
account_key
,
domain_key
,
domain_csr
,
config
=
generate_config
();
os
.
remove
(
domain_key
)
# CSR using subject alt-name domain instead of CN (common name)
san_csr
=
NamedTemporaryFile
(
delete
=
False
)
san_conf
=
NamedTemporaryFile
(
delete
=
False
)
san_conf
.
write
(
open
(
"/etc/ssl/openssl.cnf"
).
read
().
encode
(
"utf8"
))
san_conf
.
write
(
"
\n
[SAN]
\n
subjectAltName=DNS:{0},DNS:www.{0}
\n
"
.
format
(
DOMAIN
).
encode
(
"utf8"
))
san_conf
.
seek
(
0
)
Popen
([
"openssl"
,
"req"
,
"-new"
,
"-sha256"
,
"-key"
,
domain_key
,
"-subj"
,
"/"
,
"-reqexts"
,
"SAN"
,
"-config"
,
san_conf
.
name
,
"-out"
,
san_csr
.
name
]).
wait
()
# CSR using wildcard in subject alt-name domain
wildsan_csr
=
NamedTemporaryFile
(
delete
=
False
)
wildsan_conf
=
NamedTemporaryFile
(
delete
=
False
)
wildsan_conf
.
write
(
open
(
"/etc/ssl/openssl.cnf"
).
read
().
encode
(
"utf8"
))
wildsan_conf
.
write
(
"
\n
[SAN]
\n
subjectAltName=DNS:{0},DNS:*.{0}
\n
"
.
format
(
DOMAIN
).
encode
(
"utf8"
))
wildsan_conf
.
seek
(
0
)
Popen
([
"openssl"
,
"req"
,
"-new"
,
"-sha256"
,
"-key"
,
domain_key
,
"-subj"
,
"/"
,
"-reqexts"
,
"SAN"
,
"-config"
,
wildsan_conf
.
name
,
"-out"
,
wildsan_csr
.
name
]).
wait
()
goodCName
=
NamedTemporaryFile
(
delete
=
False
)
with
open
(
goodCName
.
name
,
'w'
)
as
configfile
:
config
.
write
(
configfile
)
# CSR signed with the account key
account_csr
=
NamedTemporaryFile
(
delete
=
False
)
Popen
([
"openssl"
,
"req"
,
"-new"
,
"-sha256"
,
"-key"
,
account_key
,
"-subj"
,
"/CN={0}"
.
format
(
DOMAIN
),
"-out"
,
account_csr
.
name
]).
wait
()
# Simple configuration without CSR in configuration (will be passed as argument)
account_key
,
domain_key
,
domain_csr
,
config
=
generate_config
();
os
.
remove
(
domain_key
)
# Create config parser from the good default config to generate custom configs
config
=
configparser
.
ConfigParser
()
config
.
read
(
goodCName
)
cnameCSR
=
domain_csr
config
.
remove_option
(
"acmednstiny"
,
"CSRFile"
)
goodCNameWithoutCSR
=
NamedTemporaryFile
(
delete
=
False
)
config
.
remove_option
(
"acmednstiny"
,
"CSRFile"
)
with
open
(
goodCNameWithoutCSR
.
name
,
'w'
)
as
configfile
:
config
.
write
(
configfile
)
# Configuration with CSR containing a wildcard domain
account_key
,
domain_key
,
domain_csr
,
config
=
generate_config
();
Popen
([
"openssl"
,
"req"
,
"-newkey"
,
"rsa:2048"
,
"-nodes"
,
"-keyout"
,
domain_key
,
"-subj"
,
"/CN=*.{0}"
.
format
(
DOMAIN
),
"-out"
,
domain_csr
]).
wait
()
os
.
remove
(
domain_key
)
wildCName
=
NamedTemporaryFile
(
delete
=
False
)
config
[
"acmednstiny"
][
"CSRFile"
]
=
wilddomain_csr
.
name
with
open
(
wildCName
.
name
,
'w'
)
as
configfile
:
config
.
write
(
configfile
)
dnsHostIP
=
NamedTemporaryFile
(
delete
=
False
)
# Configuration with IP as DNS Host
account_key
,
domain_key
,
domain_csr
,
config
=
generate_config
();
os
.
remove
(
domain_key
)
config
[
"DNS"
][
"Host"
]
=
DNSHOSTIP
dnsHostIP
=
NamedTemporaryFile
(
delete
=
False
)
with
open
(
dnsHostIP
.
name
,
'w'
)
as
configfile
:
config
.
write
(
configfile
)
config
[
"DNS"
][
"Host"
]
=
DNSHOST
# Configuration with CSR using subject alt-name domain instead of CN (common name)
account_key
,
domain_key
,
domain_csr
,
config
=
generate_config
();
san_conf
=
NamedTemporaryFile
(
delete
=
False
)
san_conf
.
write
(
open
(
"/etc/ssl/openssl.cnf"
).
read
().
encode
(
"utf8"
))
san_conf
.
write
(
"
\n
[SAN]
\n
subjectAltName=DNS:{0},DNS:www.{0}
\n
"
.
format
(
DOMAIN
).
encode
(
"utf8"
))
san_conf
.
seek
(
0
)
Popen
([
"openssl"
,
"req"
,
"-new"
,
"-sha256"
,
"-key"
,
domain_key
,
"-subj"
,
"/"
,
"-reqexts"
,
"SAN"
,
"-config"
,
san_conf
.
name
,
"-out"
,
domain_csr
]).
wait
()
os
.
remove
(
san_conf
.
name
)
os
.
remove
(
domain_key
)
goodSAN
=
NamedTemporaryFile
(
delete
=
False
)
config
[
"acmednstiny"
][
"CSRFile"
]
=
san_csr
.
name
with
open
(
goodSAN
.
name
,
'w'
)
as
configfile
:
config
.
write
(
configfile
)
# Configuration with CSR containing a wildcard domain inside subjetcAltName
account_key
,
domain_key
,
domain_csr
,
config
=
generate_config
();
wildsan_conf
=
NamedTemporaryFile
(
delete
=
False
)
wildsan_conf
.
write
(
open
(
"/etc/ssl/openssl.cnf"
).
read
().
encode
(
"utf8"
))
wildsan_conf
.
write
(
"
\n
[SAN]
\n
subjectAltName=DNS:{0},DNS:*.{0}
\n
"
.
format
(
DOMAIN
).
encode
(
"utf8"
))
wildsan_conf
.
seek
(
0
)
Popen
([
"openssl"
,
"req"
,
"-new"
,
"-sha256"
,
"-key"
,
domain_key
,
"-subj"
,
"/"
,
"-reqexts"
,
"SAN"
,
"-config"
,
wildsan_conf
.
name
,
"-out"
,
domain_csr
]).
wait
()
os
.
remove
(
wildsan_conf
.
name
)
os
.
remove
(
domain_key
)
wildSAN
=
NamedTemporaryFile
(
delete
=
False
)
config
[
"acmednstiny"
][
"CSRFile"
]
=
wildsan_csr
.
name
with
open
(
wildSAN
.
name
,
'w'
)
as
configfile
:
config
.
write
(
configfile
)
# Bad configuration with weak 1024 bit account key
account_key
,
domain_key
,
domain_csr
,
config
=
generate_config
();
os
.
remove
(
domain_key
)
Popen
([
"openssl"
,
"genrsa"
,
"-out"
,
account_key
,
"1024"
]).
wait
()
weakKey
=
NamedTemporaryFile
(
delete
=
False
)
config
[
"acmednstiny"
][
"AccountKeyFile"
]
=
weak_key
.
name
config
[
"acmednstiny"
][
"CSRFile"
]
=
domain_csr
with
open
(
weakKey
.
name
,
'w'
)
as
configfile
:
config
.
write
(
configfile
)
# Bad configuration with account key as domain key
account_key
,
domain_key
,
domain_csr
,
config
=
generate_config
();
os
.
remove
(
domain_key
)
# Create a new CSR signed with the account key instead of domain key
Popen
([
"openssl"
,
"req"
,
"-new"
,
"-sha256"
,
"-key"
,
account_key
,
"-subj"
,
"/CN={0}"
.
format
(
DOMAIN
),
"-out"
,
domain_csr
]).
wait
()
accountAsDomain
=
NamedTemporaryFile
(
delete
=
False
)
config
[
"acmednstiny"
][
"AccountKeyFile"
]
=
account_key
config
[
"acmednstiny"
][
"CSRFile"
]
=
account_csr
.
name
with
open
(
accountAsDomain
.
name
,
'w'
)
as
configfile
:
config
.
write
(
configfile
)
# Create config parser from the good default config to generate custom configs
account_key
,
domain_key
,
domain_csr
,
config
=
generate_config
();
os
.
remove
(
domain_key
)
invalidTSIGName
=
NamedTemporaryFile
(
delete
=
False
)
config
[
"TSIGKeyring"
][
"KeyName"
]
=
"{0}.invalid"
.
format
(
TSIGKEYNAME
)
config
[
"acmednstiny"
][
"CSRFile"
]
=
domain_csr
with
open
(
invalidTSIGName
.
name
,
'w'
)
as
configfile
:
config
.
write
(
configfile
)
# Create config parser from the good default config to generate custom configs
account_key
,
domain_key
,
domain_csr
,
config
=
generate_config
();
os
.
remove
(
domain_key
)
missingDNS
=
NamedTemporaryFile
(
delete
=
False
)
config
[
"DNS"
]
=
{}
with
open
(
missingDNS
.
name
,
'w'
)
as
configfile
:
...
...
@@ -146,7 +167,7 @@ def generate_acme_dns_tiny_config():
return
{
# configs
"goodCName"
:
goodCName
,
"goodCName"
:
goodCName
.
name
,
"goodCNameWithoutCSR"
:
goodCNameWithoutCSR
.
name
,
"wildCName"
:
wildCName
.
name
,
"dnsHostIP"
:
dnsHostIP
.
name
,
...
...
@@ -156,9 +177,7 @@ def generate_acme_dns_tiny_config():
"accountAsDomain"
:
accountAsDomain
.
name
,
"invalidTSIGName"
:
invalidTSIGName
.
name
,
"missingDNS"
:
missingDNS
.
name
,
# key (just to simply remove the account from staging server)
"accountkey"
:
account_key
,
# CName CSR file to use with goodCNameWithoutCSR
# CName CSR file to use with goodCNameWithoutCSR as argument
"cnameCSR"
:
domain_csr
,
}
...
...
@@ -166,14 +185,19 @@ def generate_acme_dns_tiny_config():
def
generate_acme_account_rollover_config
():
# Old account is directly created by the config generator
old_account_key
,
domain_key
,
domain_csr
,
config
=
generate_config
()
os
.
remove
(
domain_key
)
# New account key
new_account_key
=
NamedTemporaryFile
(
delete
=
False
)
Popen
([
"openssl"
,
"genrsa"
,
"-out"
,
new_account_key
.
name
,
"2048"
]).
wait
()
rolloverAccount
=
NamedTemporaryFile
(
delete
=
False
)
with
open
(
rolloverAccount
.
name
,
'w'
)
as
configfile
:
config
.
write
(
configfile
)
return
{
# config and keys (returned to keep files on system)
"config"
:
config
,
"config"
:
rolloverAccount
.
name
,
"oldaccountkey"
:
old_account_key
,
"newaccountkey"
:
new_account_key
.
name
}
...
...
@@ -182,8 +206,13 @@ def generate_acme_account_rollover_config():
def
generate_acme_account_deactivate_config
():
# Account key is created by the by the config generator
account_key
,
domain_key
,
domain_csr
,
config
=
generate_config
()
os
.
remove
(
domain_key
)
deactivateAccount
=
NamedTemporaryFile
(
delete
=
False
)
with
open
(
deactivateAccount
.
name
,
'w'
)
as
configfile
:
config
.
write
(
configfile
)
return
{
"config"
:
config
,
"config"
:
deactivateAccount
.
name
,
"key"
:
account_key
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment