diff options
| author | Erica Portnoy <ebportnoy@gmail.com> | 2016-10-21 23:56:53 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-10-21 23:56:53 +0300 |
| commit | ce252bd6c901f1dd1e7848b09c9b3661fcaecf80 (patch) | |
| tree | 199dd182d3a05f51c38e4d2bf7b54cdf3a26e3b1 /certbot-nginx | |
| parent | b9adb7cbaf6c9151f844ce8cc0dd7e043f273a37 (diff) | |
Allow certbot to get a cert for default_servers (#3652)
* Allow certbot to get a cert for default_servers
* Add to_string method for not printing default_server
Diffstat (limited to 'certbot-nginx')
7 files changed, 47 insertions, 20 deletions
diff --git a/certbot-nginx/certbot_nginx/obj.py b/certbot-nginx/certbot_nginx/obj.py index 8c93d0a8b..c58a82450 100644 --- a/certbot-nginx/certbot_nginx/obj.py +++ b/certbot-nginx/certbot_nginx/obj.py @@ -69,7 +69,8 @@ class Addr(common.Addr): return cls(host, port, ssl, default) - def __str__(self): + def to_string(self, include_default=True): + """Return string representation of Addr""" parts = '' if self.tup[0] and self.tup[1]: parts = "%s:%s" % self.tup @@ -78,13 +79,16 @@ class Addr(common.Addr): else: parts = self.tup[1] - if self.default: + if self.default and include_default: parts += ' default_server' if self.ssl: parts += ' ssl' return parts + def __str__(self): + return self.to_string() + def __repr__(self): return "Addr(" + self.__str__() + ")" diff --git a/certbot-nginx/certbot_nginx/tests/configurator_test.py b/certbot-nginx/certbot_nginx/tests/configurator_test.py index 10f5e5514..d871a5720 100644 --- a/certbot-nginx/certbot_nginx/tests/configurator_test.py +++ b/certbot-nginx/certbot_nginx/tests/configurator_test.py @@ -40,7 +40,7 @@ class NginxConfiguratorTest(util.NginxTest): def test_prepare(self): self.assertEqual((1, 6, 2), self.config.version) - self.assertEqual(6, len(self.config.parser.parsed)) + self.assertEqual(7, len(self.config.parser.parsed)) # ensure we successfully parsed a file for ssl_options self.assertTrue(self.config.parser.loc["ssl_options"]) @@ -68,7 +68,7 @@ class NginxConfiguratorTest(util.NginxTest): names = self.config.get_all_names() self.assertEqual(names, set( ["155.225.50.69.nephoscale.net", "www.example.org", "another.alias", - "migration.com", "summer.com", "geese.com"])) + "migration.com", "summer.com", "geese.com", "sslon.com"])) def test_supported_enhancements(self): self.assertEqual(['redirect', 'staple-ocsp'], @@ -242,6 +242,7 @@ class NginxConfiguratorTest(util.NginxTest): nginx_conf = self.config.parser.abs_path('nginx.conf') example_conf = self.config.parser.abs_path('sites-enabled/example.com') migration_conf = self.config.parser.abs_path('sites-enabled/migration.com') + sslon_conf = self.config.parser.abs_path('sites-enabled/sslon.com') # Get the default SSL vhost self.config.deploy_cert( @@ -269,6 +270,7 @@ class NginxConfiguratorTest(util.NginxTest): ('example/fullchain.pem', 'example/key.pem', example_conf), ('/etc/nginx/fullchain.pem', '/etc/nginx/key.pem', nginx_conf), ('migration/fullchain.pem', 'migration/key.pem', migration_conf), + ('snakeoil.cert', 'snakeoil.key', sslon_conf), ]), self.config.get_all_certs_keys()) @mock.patch("certbot_nginx.configurator.tls_sni_01.NginxTlsSni01.perform") diff --git a/certbot-nginx/certbot_nginx/tests/obj_test.py b/certbot-nginx/certbot_nginx/tests/obj_test.py index 200f2acb9..84d0c6bca 100644 --- a/certbot-nginx/certbot_nginx/tests/obj_test.py +++ b/certbot-nginx/certbot_nginx/tests/obj_test.py @@ -55,6 +55,16 @@ class AddrTest(unittest.TestCase): self.assertEqual(str(self.addr5), "myhost") self.assertEqual(str(self.addr6), "80 default_server") + def test_to_string(self): + self.assertEqual(self.addr1.to_string(), "192.168.1.1") + self.assertEqual(self.addr2.to_string(), "192.168.1.1:* ssl") + self.assertEqual(self.addr3.to_string(), "192.168.1.1:80") + self.assertEqual(self.addr4.to_string(), "*:80 default_server ssl") + self.assertEqual(self.addr4.to_string(include_default=False), "*:80 ssl") + self.assertEqual(self.addr5.to_string(), "myhost") + self.assertEqual(self.addr6.to_string(), "80 default_server") + self.assertEqual(self.addr6.to_string(include_default=False), "80") + def test_eq(self): from certbot_nginx.obj import Addr new_addr1 = Addr.fromstring("192.168.1.1 spdy") diff --git a/certbot-nginx/certbot_nginx/tests/parser_test.py b/certbot-nginx/certbot_nginx/tests/parser_test.py index d148e89aa..d5593171a 100644 --- a/certbot-nginx/certbot_nginx/tests/parser_test.py +++ b/certbot-nginx/certbot_nginx/tests/parser_test.py @@ -48,7 +48,8 @@ class NginxParserTest(util.NginxTest): ['foo.conf', 'nginx.conf', 'server.conf', 'sites-enabled/default', 'sites-enabled/example.com', - 'sites-enabled/migration.com']]), + 'sites-enabled/migration.com', + 'sites-enabled/sslon.com']]), set(nparser.parsed.keys())) self.assertEqual([['server_name', 'somename alias another.alias']], nparser.parsed[nparser.abs_path('server.conf')]) @@ -72,7 +73,7 @@ class NginxParserTest(util.NginxTest): parsed = nparser._parse_files(nparser.abs_path( 'sites-enabled/example.com.test')) self.assertEqual(3, len(glob.glob(nparser.abs_path('*.test')))) - self.assertEqual(3, len( + self.assertEqual(4, len( glob.glob(nparser.abs_path('sites-enabled/*.test')))) self.assertEqual([[['server'], [['listen', '69.50.225.155:9000'], ['listen', '127.0.0.1'], @@ -136,7 +137,7 @@ class NginxParserTest(util.NginxTest): '*.www.example.com']), [], [2, 1, 0]) - self.assertEqual(7, len(vhosts)) + self.assertEqual(8, len(vhosts)) example_com = [x for x in vhosts if 'example.com' in x.filep][0] self.assertEqual(vhost3, example_com) default = [x for x in vhosts if 'default' in x.filep][0] @@ -304,8 +305,10 @@ class NginxParserTest(util.NginxTest): replace=False) c_k = nparser.get_all_certs_keys() migration_file = nparser.abs_path('sites-enabled/migration.com') + sslon_file = nparser.abs_path('sites-enabled/sslon.com') self.assertEqual(set([('foo.pem', 'bar.key', filep), - ('cert.pem', 'cert.key', migration_file) + ('cert.pem', 'cert.key', migration_file), + ('snakeoil.cert', 'snakeoil.key', sslon_file) ]), c_k) def test_parse_server_ssl(self): diff --git a/certbot-nginx/certbot_nginx/tests/testdata/etc_nginx/sites-enabled/sslon.com b/certbot-nginx/certbot_nginx/tests/testdata/etc_nginx/sites-enabled/sslon.com new file mode 100644 index 000000000..b93e6ba2d --- /dev/null +++ b/certbot-nginx/certbot_nginx/tests/testdata/etc_nginx/sites-enabled/sslon.com @@ -0,0 +1,6 @@ +server { + server_name sslon.com; + ssl on; + ssl_certificate snakeoil.cert; + ssl_certificate_key snakeoil.key; +} diff --git a/certbot-nginx/certbot_nginx/tests/tls_sni_01_test.py b/certbot-nginx/certbot_nginx/tests/tls_sni_01_test.py index 283e326e9..e7dacb400 100644 --- a/certbot-nginx/certbot_nginx/tests/tls_sni_01_test.py +++ b/certbot-nginx/certbot_nginx/tests/tls_sni_01_test.py @@ -39,6 +39,10 @@ class TlsSniPerformTest(util.NginxTest): "\xeb9\xf1\xf5\xb9\xefVM\xc9w\xa4u\x9c\xe1\x87\xb4" ), "pending"), domain="www.example.org", account_key=account_key), + achallenges.KeyAuthorizationAnnotatedChallenge( + challb=acme_util.chall_to_challb( + challenges.TLSSNI01(token="kNdwjxOeX0I_A8DXt9Msmg"), "pending"), + domain="sslon.com", account_key=account_key), ] def setUp(self): @@ -100,7 +104,7 @@ class TlsSniPerformTest(util.NginxTest): sni_responses = self.sni.perform() - self.assertEqual(mock_setup_cert.call_count, 3) + self.assertEqual(mock_setup_cert.call_count, 4) for index, achall in enumerate(self.achalls): self.assertEqual( @@ -112,8 +116,8 @@ class TlsSniPerformTest(util.NginxTest): self.assertFalse( util.contains_at_depth(http, ['server_name', 'another.alias'], 3)) - self.assertEqual(len(sni_responses), 3) - for i in xrange(3): + self.assertEqual(len(sni_responses), 4) + for i in xrange(4): self.assertEqual(sni_responses[i], acme_responses[i]) def test_mod_config(self): @@ -123,6 +127,7 @@ class TlsSniPerformTest(util.NginxTest): v_addr1 = [obj.Addr("69.50.225.155", "9000", True, False), obj.Addr("127.0.0.1", "", False, False)] v_addr2 = [obj.Addr("myhost", "", False, True)] + v_addr2_print = [obj.Addr("myhost", "", False, False)] ll_addr = [v_addr1, v_addr2] self.sni._mod_config(ll_addr) # pylint: disable=protected-access @@ -142,7 +147,7 @@ class TlsSniPerformTest(util.NginxTest): response = self.achalls[0].response(self.account_key) else: response = self.achalls[2].response(self.account_key) - self.assertEqual(vhost.addrs, set(v_addr2)) + self.assertEqual(vhost.addrs, set(v_addr2_print)) self.assertEqual(vhost.names, set([response.z_domain])) self.assertEqual(len(vhs), 2) diff --git a/certbot-nginx/certbot_nginx/tls_sni_01.py b/certbot-nginx/certbot_nginx/tls_sni_01.py index 0543000ea..dec21e791 100644 --- a/certbot-nginx/certbot_nginx/tls_sni_01.py +++ b/certbot-nginx/certbot_nginx/tls_sni_01.py @@ -47,7 +47,7 @@ class NginxTlsSni01(common.TLSSNI01): return [] addresses = [] - default_addr = "{0} default_server ssl".format( + default_addr = "{0} ssl".format( self.configurator.config.tls_sni_01_port) for achall in self.achalls: @@ -59,12 +59,10 @@ class NginxTlsSni01(common.TLSSNI01): achall.domain) return None - for addr in vhost.addrs: - if addr.default: - addresses.append([obj.Addr.fromstring(default_addr)]) - break - else: + if vhost.addrs: addresses.append(list(vhost.addrs)) + else: + addresses.append([obj.Addr.fromstring(default_addr)]) # Create challenge certs responses = [self._setup_challenge_cert(x) for x in self.achalls] @@ -141,7 +139,7 @@ class NginxTlsSni01(common.TLSSNI01): document_root = os.path.join( self.configurator.config.work_dir, "tls_sni_01_page") - block = [['listen', ' ', str(addr)] for addr in addrs] + block = [['listen', ' ', addr.to_string(include_default=False)] for addr in addrs] block.extend([['server_name', ' ', achall.response(achall.account_key).z_domain], @@ -155,5 +153,4 @@ class NginxTlsSni01(common.TLSSNI01): ['ssl_certificate_key', ' ', self.get_key_path(achall)], [['location', ' ', '/'], [['root', ' ', document_root]]]] + self.configurator.parser.loc["ssl_options"]) - return [['server'], block] |