assert tls_file.content_string == open("tests/data/x509/server/%s_https.cert.pem" % hostname, "r").read().rstrip()

def test_certificate_validity_check_configuration(host):

    """

    Tests if certificate validity check configuration file has been deployed

    correctly.

    """

    hostname = host.run('hostname').stdout.strip()

    config = host.file('/etc/check_certificate/%s_https.conf' % hostname)

    assert config.is_file

    assert config.user == 'root'

    assert config.group == 'root'

    assert config.mode == 0o644

    assert config.content_string == "/etc/ssl/certs/%s_https.pem" % hostname

def test_tls_enabled(host):

    """

    Tests if TLS has been enabled.

    """

    tls = host.run('curl https://%s/', hostname)

    assert tls.rc == 0

def test_https_enforcement(host):

    """

    Tests if HTTPS is being enforced.

    """

    https_enforcement = host.run('curl -I http://%s/', hostname)

    assert https_enforcement.rc == 0

    assert 'HTTP/1.1 301 Moved Permanently' in https_enforcement.stdout

    assert 'Location: https://%s/' % hostname in https_enforcement.stdout

    https_enforcement = host.run('curl -I https://%s/', hostname)

    assert https_enforcement.rc == 0

    assert 'Strict-Transport-Security: max-age=31536000; includeSubDomains' in https_enforcement.stdout

    report_root = ElementTree.fromstring(report_content)

    tls_versions = []

    tls_ciphers = set()

    for child in report_root.findall("./host/ports/port/script/table"):

        tls_versions.append(child.attrib['key'])

    for child in report_root.findall(".//table[@key='ciphers']/table/elem[@key='name']"):

        tls_ciphers.add(child.text)

    tls_versions.sort()

    tls_ciphers = sorted(list(tls_ciphers))

    assert tls_versions == expected_tls_versions

    assert tls_ciphers == expected_tls_ciphers

def test_default_vhost_index_page(host):

    """

    Tests content of default vhost index page.

    """

    page = host.run('curl https://%s/', hostname)

    assert page.rc == 0

    assert "<title>Welcome</title>" in page.stdout

    assert "<h1>Welcome</h1>" in page.stdout

    assert "<p>You are attempting to access the web server using a wrong name or an IP address. Please check your URL.</p>" in page.stdout

    report_root = ElementTree.fromstring(report_content)

    tls_versions = []

    tls_ciphers = set()

    for child in report_root.findall("./host/ports/port/script/table"):

        tls_versions.append(child.attrib['key'])

    for child in report_root.findall(".//table[@key='ciphers']/table/elem[@key='name']"):

        tls_ciphers.add(child.text)

    tls_versions.sort()

    tls_ciphers = sorted(list(tls_ciphers))

    assert tls_versions == expected_tls_versions

    assert tls_ciphers == expected_tls_ciphers

def test_default_vhost_index_page(host):

    """

    Tests content of default vhost index page.

    """

    page = host.run('curl https://%s/', hostname)

    assert page.rc == 0

    assert "<title>Optional Welcome</title>" in page.stdout

    assert "<h1>Optional Welcome</h1>" in page.stdout

    assert "<p>Welcome to default virtual host.</p>" in page.stdout

def test_environment_indicator(host):

    """

    Tests if environment indicator is applied correctly.

    """

    page = host.run('curl https://%s/' % hostname)

    expected_content = """

    <details open='true' style='position: fixed; left: 0; width: 100%; line-height: 1.5em; font-weight: bold; color: #00ff00;'>

        <summary style='background-color: #ff0000; list-style-type: none; position: fixed; bottom: 5px; z-index: 999999;'>&#128896;&#128898;</summary>

        <div style='background-color: #ff0000; width: 100%; text-align: center; position: fixed; bottom: 5px; z-index: 999998;'>parameters-optional</div>

    </details>

"""

    assert page.rc == 0

    assert expected_content in page.stdout