/server.csr
/server.key
/server.pem
-/server.ocsp
/server.p12
+/server-ocsp.chain
+/server-ocsp.csr
+/server-ocsp.key
+/server-ocsp.pem
+/server-ocsp.p12
+/server-tls.chain
+/server-tls.csr
+/server-tls.key
+/server-tls.pem
+/server-tls.p12
+/server.ocsp
/configs
/dnsdist.log
/dnsdist_test.conf
def checkResponseNoEDNS(self, expected, received):
self.checkMessageNoEDNS(expected, received)
- def generateNewCertificateAndKey(self):
+ @staticmethod
+ def generateNewCertificateAndKey(filePrefix):
# generate and sign a new cert
- cmd = ['openssl', 'req', '-new', '-newkey', 'rsa:2048', '-nodes', '-keyout', 'server.key', '-out', 'server.csr', '-config', 'configServer.conf']
+ cmd = ['openssl', 'req', '-new', '-newkey', 'rsa:2048', '-nodes', '-keyout', filePrefix + '.key', '-out', filePrefix + '.csr', '-config', 'configServer.conf']
output = None
try:
process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True)
output = process.communicate(input='')
except subprocess.CalledProcessError as exc:
raise AssertionError('openssl req failed (%d): %s' % (exc.returncode, exc.output))
- cmd = ['openssl', 'x509', '-req', '-days', '1', '-CA', 'ca.pem', '-CAkey', 'ca.key', '-CAcreateserial', '-in', 'server.csr', '-out', 'server.pem', '-extfile', 'configServer.conf', '-extensions', 'v3_req']
+ cmd = ['openssl', 'x509', '-req', '-days', '1', '-CA', 'ca.pem', '-CAkey', 'ca.key', '-CAcreateserial', '-in', filePrefix + '.csr', '-out', filePrefix + '.pem', '-extfile', 'configServer.conf', '-extensions', 'v3_req']
output = None
try:
process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True)
except subprocess.CalledProcessError as exc:
raise AssertionError('openssl x509 failed (%d): %s' % (exc.returncode, exc.output))
- with open('server.chain', 'w') as outFile:
- for inFileName in ['server.pem', 'ca.pem']:
+ with open(filePrefix + '.chain', 'w') as outFile:
+ for inFileName in [filePrefix + '.pem', 'ca.pem']:
with open(inFileName) as inFile:
outFile.write(inFile.read())
- cmd = ['openssl', 'pkcs12', '-export', '-passout', 'pass:passw0rd', '-clcerts', '-in', 'server.pem', '-CAfile', 'ca.pem', '-inkey', 'server.key', '-out', 'server.p12']
+ cmd = ['openssl', 'pkcs12', '-export', '-passout', 'pass:passw0rd', '-clcerts', '-in', filePrefix + '.pem', '-CAfile', 'ca.pem', '-inkey', filePrefix + '.key', '-out', filePrefix + '.p12']
output = None
try:
process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.STDOUT, close_fds=True)
def getTLSProvider(self):
return self.sendConsoleCommand("getBind(0):getEffectiveTLSProvider()").rstrip()
+ @classmethod
+ def setUpClass(cls):
+ cls.generateNewCertificateAndKey('server-ocsp')
+ cls.startResponders()
+ cls.startDNSDist()
+ cls.setUpSockets()
+
@unittest.skipIf('SKIP_DOH_TESTS' in os.environ, 'DNS over HTTPS tests are disabled')
class TestOCSPStaplingDOH(DNSDistOCSPStaplingTest):
_consoleKey = DNSDistTest.generateConsoleKey()
_consoleKeyB64 = base64.b64encode(_consoleKey).decode('ascii')
- _serverKey = 'server.key'
- _serverCert = 'server.chain'
+ _serverKey = 'server-ocsp.key'
+ _serverCert = 'server-ocsp.chain'
_serverName = 'tls.tests.dnsdist.org'
_ocspFile = 'server.ocsp'
_caCert = 'ca.pem'
if 'SKIP_DOH_TESTS' in os.environ:
raise unittest.SkipTest('DNS over HTTPS tests are disabled')
+ cls.generateNewCertificateAndKey('server-ocsp')
cls.startResponders()
cls.startDNSDist()
cls.setUpSockets()
serialNumber = self.getOCSPSerial(output)
self.assertTrue(serialNumber)
- self.generateNewCertificateAndKey()
+ self.generateNewCertificateAndKey('server-ocsp')
self.sendConsoleCommand("generateOCSPResponse('%s', '%s', '%s', '%s', 1, 0)" % (self._serverCert, self._caCert, self._caKey, self._ocspFile))
self.sendConsoleCommand("reloadAllCertificates()")
_consoleKey = DNSDistTest.generateConsoleKey()
_consoleKeyB64 = base64.b64encode(_consoleKey).decode('ascii')
- _serverKey = 'server.key'
- _serverCert = 'server.chain'
+ _serverKey = 'server-ocsp.key'
+ _serverCert = 'server-ocsp.chain'
_serverName = 'tls.tests.dnsdist.org'
_caCert = 'ca.pem'
# invalid OCSP file!
_consoleKey = DNSDistTest.generateConsoleKey()
_consoleKeyB64 = base64.b64encode(_consoleKey).decode('ascii')
- _serverKey = 'server.key'
- _serverCert = 'server.chain'
+ _serverKey = 'server-ocsp.key'
+ _serverCert = 'server-ocsp.chain'
_serverName = 'tls.tests.dnsdist.org'
_ocspFile = 'server.ocsp'
_caCert = 'ca.pem'
serialNumber = self.getOCSPSerial(output)
self.assertTrue(serialNumber)
- self.generateNewCertificateAndKey()
+ self.generateNewCertificateAndKey('server-ocsp')
self.sendConsoleCommand("generateOCSPResponse('%s', '%s', '%s', '%s', 1, 0)" % (self._serverCert, self._caCert, self._caKey, self._ocspFile))
self.sendConsoleCommand("reloadAllCertificates()")
_consoleKey = DNSDistTest.generateConsoleKey()
_consoleKeyB64 = base64.b64encode(_consoleKey).decode('ascii')
- _serverKey = 'server.key'
- _serverCert = 'server.chain'
+ _serverKey = 'server-ocsp.key'
+ _serverCert = 'server-ocsp.chain'
_serverName = 'tls.tests.dnsdist.org'
_caCert = 'ca.pem'
# invalid OCSP file!
_consoleKey = DNSDistTest.generateConsoleKey()
_consoleKeyB64 = base64.b64encode(_consoleKey).decode('ascii')
- _serverKey = 'server.key'
- _serverCert = 'server.chain'
+ _serverKey = 'server-ocsp.key'
+ _serverCert = 'server-ocsp.chain'
_serverName = 'tls.tests.dnsdist.org'
_ocspFile = 'server.ocsp'
_caCert = 'ca.pem'
serialNumber = self.getOCSPSerial(output)
self.assertTrue(serialNumber)
- self.generateNewCertificateAndKey()
+ self.generateNewCertificateAndKey('server-ocsp')
self.sendConsoleCommand("generateOCSPResponse('%s', '%s', '%s', '%s', 1, 0)" % (self._serverCert, self._caCert, self._caKey, self._ocspFile))
self.sendConsoleCommand("reloadAllCertificates()")
_consoleKey = DNSDistTest.generateConsoleKey()
_consoleKeyB64 = base64.b64encode(_consoleKey).decode('ascii')
- _serverKey = 'server.key'
- _serverCert = 'server.chain'
+ _serverKey = 'server-ocsp.key'
+ _serverCert = 'server-ocsp.chain'
_serverName = 'tls.tests.dnsdist.org'
_caCert = 'ca.pem'
# invalid OCSP file!
self.assertEqual(names, ['tls.tests.dnsdist.org', 'powerdns.com', '127.0.0.1'])
serialNumber = cert['serialNumber']
- self.generateNewCertificateAndKey()
+ self.generateNewCertificateAndKey('server-tls')
self.sendConsoleCommand("reloadAllCertificates()")
conn.close()
_extraStartupSleep = 1
_consoleKey = DNSDistTest.generateConsoleKey()
_consoleKeyB64 = base64.b64encode(_consoleKey).decode('ascii')
- _serverKey = 'server.key'
- _serverCert = 'server.chain'
+ _serverKey = 'server-tls.key'
+ _serverCert = 'server-tls.chain'
_serverName = 'tls.tests.dnsdist.org'
_caCert = 'ca.pem'
_tlsServerPort = pickAvailablePort()
"""
_config_params = ['_consoleKeyB64', '_consolePort', '_testServerPort', '_tlsServerPort', '_serverCert', '_serverKey']
+ @classmethod
+ def setUpClass(cls):
+ cls.generateNewCertificateAndKey('server-tls')
+ cls.startResponders()
+ cls.startDNSDist()
+ cls.setUpSockets()
+
def testProvider(self):
self.assertEqual(self.getTLSProvider(), "openssl")
_consoleKey = DNSDistTest.generateConsoleKey()
_consoleKeyB64 = base64.b64encode(_consoleKey).decode('ascii')
- _serverKey = 'server.key'
- _serverCert = 'server.chain'
+ _serverKey = 'server-tls.key'
+ _serverCert = 'server-tls.chain'
_serverName = 'tls.tests.dnsdist.org'
_caCert = 'ca.pem'
_tlsServerPort = pickAvailablePort()
"""
_config_params = ['_consoleKeyB64', '_consolePort', '_testServerPort', '_tlsServerPort', '_serverCert', '_serverKey']
+ @classmethod
+ def setUpClass(cls):
+ cls.generateNewCertificateAndKey('server-tls')
+ cls.startResponders()
+ cls.startDNSDist()
+ cls.setUpSockets()
+
def testProvider(self):
self.assertEqual(self.getTLSProvider(), "gnutls")
class TestPKCSTLSCertificate(DNSDistTest, TLSTests):
_consoleKey = DNSDistTest.generateConsoleKey()
_consoleKeyB64 = base64.b64encode(_consoleKey).decode('ascii')
- _serverCert = 'server.p12'
+ _serverCert = 'server-tls.p12'
_pkcsPassphrase = 'passw0rd'
_serverName = 'tls.tests.dnsdist.org'
_caCert = 'ca.pem'
addAction(SNIRule("powerdns.com"), SpoofAction("1.2.3.4"))
"""
_config_params = ['_consoleKeyB64', '_consolePort', '_testServerPort', '_serverCert', '_pkcsPassphrase', '_tlsServerPort']
+
+ @classmethod
+ def setUpClass(cls):
+ cls.generateNewCertificateAndKey('server-tls')
+ cls.startResponders()
+ cls.startDNSDist()
+ cls.setUpSockets()
projects / thirdparty / pdns.git / commitdiff
