2020-05-12 03:36:46 +00:00
|
|
|
load 'test_helper/common'
|
|
|
|
|
|
|
|
function setup() {
|
|
|
|
run_setup_file_if_necessary
|
|
|
|
}
|
|
|
|
|
|
|
|
function teardown() {
|
|
|
|
run_teardown_file_if_necessary
|
|
|
|
}
|
|
|
|
|
|
|
|
function setup_file() {
|
2020-10-19 11:13:42 +00:00
|
|
|
local PRIVATE_CONFIG
|
|
|
|
|
2020-10-18 13:44:01 +00:00
|
|
|
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_lets_domain)"
|
2020-05-12 03:36:46 +00:00
|
|
|
docker run -d --name mail_lets_domain \
|
2020-10-18 13:44:01 +00:00
|
|
|
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
2020-10-19 11:13:42 +00:00
|
|
|
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
2020-10-18 13:44:01 +00:00
|
|
|
-v "${PRIVATE_CONFIG}/letsencrypt/my-domain.com":/etc/letsencrypt/live/my-domain.com \
|
2020-05-12 03:36:46 +00:00
|
|
|
-e DMS_DEBUG=0 \
|
|
|
|
-e SSL_TYPE=letsencrypt \
|
|
|
|
-h mail.my-domain.com -t ${NAME}
|
|
|
|
wait_for_finished_setup_in_container mail_lets_domain
|
|
|
|
|
2020-10-18 13:44:01 +00:00
|
|
|
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_lets_hostname)"
|
2020-05-12 03:36:46 +00:00
|
|
|
docker run -d --name mail_lets_hostname \
|
2020-10-18 13:44:01 +00:00
|
|
|
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
2020-10-19 11:13:42 +00:00
|
|
|
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
2020-10-18 13:44:01 +00:00
|
|
|
-v "${PRIVATE_CONFIG}/letsencrypt/mail.my-domain.com":/etc/letsencrypt/live/mail.my-domain.com \
|
2020-05-12 03:36:46 +00:00
|
|
|
-e DMS_DEBUG=0 \
|
|
|
|
-e SSL_TYPE=letsencrypt \
|
|
|
|
-h mail.my-domain.com -t ${NAME}
|
|
|
|
wait_for_finished_setup_in_container mail_lets_hostname
|
2020-06-30 20:43:22 +00:00
|
|
|
|
2020-10-18 13:44:01 +00:00
|
|
|
PRIVATE_CONFIG="$(duplicate_config_for_container . mail_lets_acme_json)"
|
2020-09-17 23:37:42 +00:00
|
|
|
cp "$(private_config_path mail_lets_acme_json)/letsencrypt/acme.json" "$(private_config_path mail_lets_acme_json)/acme.json"
|
2020-06-30 20:43:22 +00:00
|
|
|
docker run -d --name mail_lets_acme_json \
|
2020-10-18 13:44:01 +00:00
|
|
|
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
|
|
|
-v "${PRIVATE_CONFIG}/acme.json":/etc/letsencrypt/acme.json:ro \
|
2020-10-19 11:13:42 +00:00
|
|
|
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
2020-06-30 20:43:22 +00:00
|
|
|
-e DMS_DEBUG=0 \
|
|
|
|
-e SSL_TYPE=letsencrypt \
|
2020-07-07 19:30:40 +00:00
|
|
|
-e "SSL_DOMAIN=*.example.com" \
|
2020-06-30 20:43:22 +00:00
|
|
|
-h mail.my-domain.com -t ${NAME}
|
|
|
|
|
|
|
|
wait_for_finished_setup_in_container mail_lets_acme_json
|
2020-05-12 03:36:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function teardown_file() {
|
|
|
|
docker rm -f mail_lets_domain
|
|
|
|
docker rm -f mail_lets_hostname
|
2020-06-30 20:43:22 +00:00
|
|
|
docker rm -f mail_lets_acme_json
|
2020-05-12 03:36:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# this test must come first to reliably identify when to run setup_file
|
|
|
|
@test "first" {
|
|
|
|
skip 'Starting testing of letsencrypt SSL'
|
|
|
|
}
|
|
|
|
|
|
|
|
@test "checking ssl: letsencrypt configuration is correct" {
|
|
|
|
#test domain has certificate files
|
|
|
|
run docker exec mail_lets_domain /bin/sh -c 'postconf | grep "smtpd_tls_cert_file = /etc/letsencrypt/live/my-domain.com/fullchain.pem" | wc -l'
|
|
|
|
assert_success
|
|
|
|
assert_output 1
|
|
|
|
run docker exec mail_lets_domain /bin/sh -c 'postconf | grep "smtpd_tls_key_file = /etc/letsencrypt/live/my-domain.com/key.pem" | wc -l'
|
|
|
|
assert_success
|
|
|
|
assert_output 1
|
|
|
|
run docker exec mail_lets_domain /bin/sh -c 'doveconf | grep "ssl_cert = </etc/letsencrypt/live/my-domain.com/fullchain.pem" | wc -l'
|
|
|
|
assert_success
|
|
|
|
assert_output 1
|
|
|
|
run docker exec mail_lets_domain /bin/sh -c 'doveconf -P | grep "ssl_key = </etc/letsencrypt/live/my-domain.com/key.pem" | wc -l'
|
|
|
|
assert_success
|
|
|
|
assert_output 1
|
|
|
|
#test hostname has certificate files
|
|
|
|
run docker exec mail_lets_hostname /bin/sh -c 'postconf | grep "smtpd_tls_cert_file = /etc/letsencrypt/live/mail.my-domain.com/fullchain.pem" | wc -l'
|
|
|
|
assert_success
|
|
|
|
assert_output 1
|
|
|
|
run docker exec mail_lets_hostname /bin/sh -c 'postconf | grep "smtpd_tls_key_file = /etc/letsencrypt/live/mail.my-domain.com/privkey.pem" | wc -l'
|
|
|
|
assert_success
|
|
|
|
assert_output 1
|
|
|
|
run docker exec mail_lets_hostname /bin/sh -c 'doveconf | grep "ssl_cert = </etc/letsencrypt/live/mail.my-domain.com/fullchain.pem" | wc -l'
|
|
|
|
assert_success
|
|
|
|
assert_output 1
|
|
|
|
run docker exec mail_lets_hostname /bin/sh -c 'doveconf -P | grep "ssl_key = </etc/letsencrypt/live/mail.my-domain.com/privkey.pem" | wc -l'
|
|
|
|
assert_success
|
|
|
|
assert_output 1
|
|
|
|
}
|
|
|
|
|
|
|
|
@test "checking ssl: letsencrypt cert works correctly" {
|
|
|
|
run docker exec mail_lets_domain /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'"
|
|
|
|
assert_success
|
|
|
|
run docker exec mail_lets_domain /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:465 -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'"
|
|
|
|
assert_success
|
|
|
|
run docker exec mail_lets_hostname /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:587 -starttls smtp -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'"
|
|
|
|
assert_success
|
|
|
|
run docker exec mail_lets_hostname /bin/sh -c "timeout 1 openssl s_client -connect 0.0.0.0:465 -CApath /etc/ssl/certs/ | grep 'Verify return code: 10 (certificate has expired)'"
|
|
|
|
assert_success
|
|
|
|
}
|
|
|
|
|
2020-06-30 20:43:22 +00:00
|
|
|
#
|
|
|
|
# acme.json updates
|
|
|
|
#
|
|
|
|
|
|
|
|
@test "checking changedetector: server is ready" {
|
|
|
|
run docker exec mail_lets_acme_json /bin/bash -c "ps aux | grep '/bin/bash /usr/local/bin/check-for-changes.sh'"
|
|
|
|
assert_success
|
|
|
|
}
|
|
|
|
|
|
|
|
@test "can extract certs from acme.json" {
|
|
|
|
run docker exec mail_lets_acme_json /bin/bash -c "cat /etc/letsencrypt/live/mail.my-domain.com/key.pem"
|
2020-09-17 23:37:42 +00:00
|
|
|
assert_output "$(cat "$(private_config_path mail_lets_acme_json)/letsencrypt/mail.my-domain.com/privkey.pem")"
|
2020-06-30 20:43:22 +00:00
|
|
|
assert_success
|
|
|
|
|
|
|
|
run docker exec mail_lets_acme_json /bin/bash -c "cat /etc/letsencrypt/live/mail.my-domain.com/fullchain.pem"
|
2020-09-17 23:37:42 +00:00
|
|
|
assert_output "$(cat "$(private_config_path mail_lets_acme_json)/letsencrypt/mail.my-domain.com/fullchain.pem")"
|
2020-06-30 20:43:22 +00:00
|
|
|
assert_success
|
|
|
|
}
|
|
|
|
|
|
|
|
@test "can detect changes" {
|
2020-09-17 23:37:42 +00:00
|
|
|
cp "$(private_config_path mail_lets_acme_json)/letsencrypt/acme-changed.json" "$(private_config_path mail_lets_acme_json)/acme.json"
|
2020-06-30 20:43:22 +00:00
|
|
|
sleep 11
|
|
|
|
run docker exec mail_lets_acme_json /bin/bash -c "supervisorctl tail changedetector"
|
2020-07-07 19:30:40 +00:00
|
|
|
assert_output --partial "Cert found in /etc/letsencrypt/acme.json for *.example.com"
|
2020-06-30 20:43:22 +00:00
|
|
|
assert_output --partial "postfix: stopped"
|
|
|
|
assert_output --partial "postfix: started"
|
2020-08-24 18:46:50 +00:00
|
|
|
assert_output --partial "Change detected"
|
2020-06-30 20:43:22 +00:00
|
|
|
|
|
|
|
run docker exec mail_lets_acme_json /bin/bash -c "cat /etc/letsencrypt/live/mail.my-domain.com/key.pem"
|
2020-09-17 23:37:42 +00:00
|
|
|
assert_output "$(cat "$(private_config_path mail_lets_acme_json)/letsencrypt/changed/key.pem")"
|
2020-06-30 20:43:22 +00:00
|
|
|
assert_success
|
|
|
|
|
|
|
|
run docker exec mail_lets_acme_json /bin/bash -c "cat /etc/letsencrypt/live/mail.my-domain.com/fullchain.pem"
|
2020-09-17 23:37:42 +00:00
|
|
|
assert_output "$(cat "$(private_config_path mail_lets_acme_json)/letsencrypt/changed/fullchain.pem")"
|
2020-06-30 20:43:22 +00:00
|
|
|
assert_success
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-05-12 03:36:46 +00:00
|
|
|
# this test is only there to reliably mark the end for the teardown_file
|
|
|
|
@test "last" {
|
|
|
|
skip 'Finished testing of letsencrypt SSL'
|
|
|
|
}
|