config_factory: rewrite to create for each test different config with different keys

da5845ac · Adrien Dorsaz · 1d0d558b · da5845ac
Commit da5845ac authored Oct 28, 2018 by Adrien Dorsaz
Hide whitespace changes
Inline Side-by-side

Showing with 88 additions and 59 deletions

tests/config_factory.py tests/config_factory.py +88 -59

No files found.
--- a/tests/config_factory.py
+++ b/tests/config_factory.py
@@ -46,99 +46,120 @@ def generate_config():
    parser["DNS"]["Zone"] = DNSZONE
    parser["DNS"]["TTL"] = DNSTTL

-    config = NamedTemporaryFile(delete=False)
-    with open(config.name, 'w') as configfile:
-        parser.write(configfile)
-
-    return account_key.name, domain_key.name, domain_csr.name, config.name
+    return account_key.name, domain_key.name, domain_csr.name, parser

 # generate account and domain keys
 def generate_acme_dns_tiny_config():
-    # Simple good configuration
-    account_key, domain_key, domain_csr, goodCName = generate_config();
-
-    # CSR for good configuration with wildcard domain
-    wilddomain_csr = NamedTemporaryFile(delete=False)
-    Popen(["openssl", "req", "-newkey", "rsa:2048", "-nodes", "-keyout", domain_key,
-           "-subj", "/CN=*.{0}".format(DOMAIN), "-out", wilddomain_csr.name]).wait()
-
-    # weak 1024 bit account key
-    weak_key = NamedTemporaryFile(delete=False)
-    Popen(["openssl", "genrsa", "-out", weak_key.name, "1024"]).wait()
+    # Simple configuration with good options
+    account_key, domain_key, domain_csr, config = generate_config();
+    os.remove(domain_key)

-    # CSR using subject alt-name domain instead of CN (common name)
-    san_csr = NamedTemporaryFile(delete=False)
-    san_conf = NamedTemporaryFile(delete=False)
-    san_conf.write(open("/etc/ssl/openssl.cnf").read().encode("utf8"))
-    san_conf.write("\n[SAN]\nsubjectAltName=DNS:{0},DNS:www.{0}\n".format(DOMAIN).encode("utf8"))
-    san_conf.seek(0)
-    Popen(["openssl", "req", "-new", "-sha256", "-key", domain_key,
-        "-subj", "/", "-reqexts", "SAN", "-config", san_conf.name,
-        "-out", san_csr.name]).wait()
-
-    # CSR using wildcard in subject alt-name domain
-    wildsan_csr = NamedTemporaryFile(delete=False)
-    wildsan_conf = NamedTemporaryFile(delete=False)
-    wildsan_conf.write(open("/etc/ssl/openssl.cnf").read().encode("utf8"))
-    wildsan_conf.write("\n[SAN]\nsubjectAltName=DNS:{0},DNS:*.{0}\n".format(DOMAIN).encode("utf8"))
-    wildsan_conf.seek(0)
-    Popen(["openssl", "req", "-new", "-sha256", "-key", domain_key,
-           "-subj", "/", "-reqexts", "SAN", "-config", wildsan_conf.name,
-           "-out", wildsan_csr.name]).wait()
+    goodCName = NamedTemporaryFile(delete=False)
+    with open(goodCName.name, 'w') as configfile:
+        config.write(configfile)

-    # CSR signed with the account key
-    account_csr = NamedTemporaryFile(delete=False)
-    Popen(["openssl", "req", "-new", "-sha256", "-key", account_key,
-        "-subj", "/CN={0}".format(DOMAIN), "-out", account_csr.name]).wait()
+    # Simple configuration without CSR in configuration (will be passed as argument)
+    account_key, domain_key, domain_csr, config = generate_config();
+    os.remove(domain_key)

-    # Create config parser from the good default config to generate custom configs
-    config = configparser.ConfigParser()
-    config.read(goodCName)
+    cnameCSR = domain_csr
+    config.remove_option("acmednstiny", "CSRFile")

    goodCNameWithoutCSR = NamedTemporaryFile(delete=False)
-    config.remove_option("acmednstiny", "CSRFile")
    with open(goodCNameWithoutCSR.name, 'w') as configfile:
        config.write(configfile)

+    # Configuration with CSR containing a wildcard domain
+    account_key, domain_key, domain_csr, config = generate_config();
+
+    Popen(["openssl", "req", "-newkey", "rsa:2048", "-nodes", "-keyout", domain_key,
+           "-subj", "/CN=*.{0}".format(DOMAIN), "-out", domain_csr]).wait()
+    os.remove(domain_key)
+
    wildCName = NamedTemporaryFile(delete=False)
-    config["acmednstiny"]["CSRFile"] = wilddomain_csr.name
    with open(wildCName.name, 'w') as configfile:
        config.write(configfile)

-    dnsHostIP = NamedTemporaryFile(delete=False)
+    # Configuration with IP as DNS Host
+    account_key, domain_key, domain_csr, config = generate_config();
+    os.remove(domain_key)
+
    config["DNS"]["Host"] = DNSHOSTIP
+
+    dnsHostIP = NamedTemporaryFile(delete=False)
    with open(dnsHostIP.name, 'w') as configfile:
        config.write(configfile)
-    config["DNS"]["Host"] = DNSHOST
+
+    # Configuration with CSR using subject alt-name domain instead of CN (common name)
+    account_key, domain_key, domain_csr, config = generate_config();
+
+    san_conf = NamedTemporaryFile(delete=False)
+    san_conf.write(open("/etc/ssl/openssl.cnf").read().encode("utf8"))
+    san_conf.write("\n[SAN]\nsubjectAltName=DNS:{0},DNS:www.{0}\n".format(DOMAIN).encode("utf8"))
+    san_conf.seek(0)
+    Popen(["openssl", "req", "-new", "-sha256", "-key", domain_key,
+        "-subj", "/", "-reqexts", "SAN", "-config", san_conf.name,
+        "-out", domain_csr]).wait()
+    os.remove(san_conf.name)
+    os.remove(domain_key)

    goodSAN = NamedTemporaryFile(delete=False)
-    config["acmednstiny"]["CSRFile"] = san_csr.name
    with open(goodSAN.name, 'w') as configfile:
        config.write(configfile)

+
+    # Configuration with CSR containing a wildcard domain inside subjetcAltName
+    account_key, domain_key, domain_csr, config = generate_config();
+
+    wildsan_conf = NamedTemporaryFile(delete=False)
+    wildsan_conf.write(open("/etc/ssl/openssl.cnf").read().encode("utf8"))
+    wildsan_conf.write("\n[SAN]\nsubjectAltName=DNS:{0},DNS:*.{0}\n".format(DOMAIN).encode("utf8"))
+    wildsan_conf.seek(0)
+    Popen(["openssl", "req", "-new", "-sha256", "-key", domain_key,
+           "-subj", "/", "-reqexts", "SAN", "-config", wildsan_conf.name,
+           "-out", domain_csr]).wait()
+    os.remove(wildsan_conf.name)
+    os.remove(domain_key)
+
    wildSAN = NamedTemporaryFile(delete=False)
-    config["acmednstiny"]["CSRFile"] = wildsan_csr.name
    with open(wildSAN.name, 'w') as configfile:
        config.write(configfile)

+    # Bad configuration with weak 1024 bit account key
+    account_key, domain_key, domain_csr, config = generate_config();
+    os.remove(domain_key)
+
+    Popen(["openssl", "genrsa", "-out", account_key, "1024"]).wait()
+
    weakKey = NamedTemporaryFile(delete=False)
-    config["acmednstiny"]["AccountKeyFile"] = weak_key.name
-    config["acmednstiny"]["CSRFile"] = domain_csr
    with open(weakKey.name, 'w') as configfile:
        config.write(configfile)

+    # Bad configuration with account key as domain key
+    account_key, domain_key, domain_csr, config = generate_config();
+    os.remove(domain_key)
+
+    # Create a new CSR signed with the account key instead of domain key
+    Popen(["openssl", "req", "-new", "-sha256", "-key", account_key,
+        "-subj", "/CN={0}".format(DOMAIN), "-out", domain_csr]).wait()
+
    accountAsDomain = NamedTemporaryFile(delete=False)
-    config["acmednstiny"]["AccountKeyFile"] = account_key
-    config["acmednstiny"]["CSRFile"] = account_csr.name
    with open(accountAsDomain.name, 'w') as configfile:
        config.write(configfile)

+    # Create config parser from the good default config to generate custom configs
+    account_key, domain_key, domain_csr, config = generate_config();
+    os.remove(domain_key)
+
    invalidTSIGName = NamedTemporaryFile(delete=False)
    config["TSIGKeyring"]["KeyName"] = "{0}.invalid".format(TSIGKEYNAME)
-    config["acmednstiny"]["CSRFile"] = domain_csr
    with open(invalidTSIGName.name, 'w') as configfile:
        config.write(configfile)

+    # Create config parser from the good default config to generate custom configs
+    account_key, domain_key, domain_csr, config = generate_config();
+    os.remove(domain_key)
+
    missingDNS = NamedTemporaryFile(delete=False)
    config["DNS"] = {}
    with open(missingDNS.name, 'w') as configfile:
@@ -146,7 +167,7 @@ def generate_acme_dns_tiny_config():

    return {
        # configs
-        "goodCName": goodCName,
+        "goodCName": goodCName.name,
        "goodCNameWithoutCSR": goodCNameWithoutCSR.name,
        "wildCName": wildCName.name,
        "dnsHostIP": dnsHostIP.name,
@@ -156,9 +177,7 @@ def generate_acme_dns_tiny_config():
        "accountAsDomain": accountAsDomain.name,
        "invalidTSIGName": invalidTSIGName.name,
        "missingDNS": missingDNS.name,
-        # key (just to simply remove the account from staging server)
-        "accountkey": account_key,
-        # CName CSR file to use with goodCNameWithoutCSR
+        # CName CSR file to use with goodCNameWithoutCSR as argument
        "cnameCSR": domain_csr,
    }

@@ -166,14 +185,19 @@ def generate_acme_dns_tiny_config():
 def generate_acme_account_rollover_config():
    # Old account is directly created by the config generator
    old_account_key, domain_key, domain_csr, config = generate_config()
+    os.remove(domain_key)

    # New account key
    new_account_key = NamedTemporaryFile(delete=False)
    Popen(["openssl", "genrsa", "-out", new_account_key.name, "2048"]).wait()

+    rolloverAccount = NamedTemporaryFile(delete=False)
+    with open(rolloverAccount.name, 'w') as configfile:
+        config.write(configfile)
+
    return {
        # config and keys (returned to keep files on system)
-        "config": config,
+        "config": rolloverAccount.name,
        "oldaccountkey": old_account_key,
        "newaccountkey": new_account_key.name
    }
@@ -182,8 +206,13 @@ def generate_acme_account_rollover_config():
 def generate_acme_account_deactivate_config():
    # Account key is created by the by the config generator
    account_key, domain_key, domain_csr, config = generate_config()
+    os.remove(domain_key)
+
+    deactivateAccount = NamedTemporaryFile(delete=False)
+    with open(deactivateAccount.name, 'w') as configfile:
+        config.write(configfile)

    return {
-        "config": config,
+        "config": deactivateAccount.name,
        "key": account_key
    }