@@ -276,3 +276,27 @@ def test_https_server_uses_correct_dh_parameters(host):
used_dhparam = output[output.find(begin_marker):output.find(end_marker) + len(end_marker)]
assert used_dhparam == expected_dhparam
def test_nginx_tls_files(host):
"""
Tests if TLS private key and certificate have been deployed correctly.
hostname = host.run('hostname').stdout.strip()
with host.sudo():
tls_file = host.file('/etc/ssl/private/%s_https.key' % hostname)
assert tls_file.is_file
assert tls_file.user == 'root'
assert tls_file.group == 'root'
assert tls_file.mode == 0o640
assert tls_file.content_string == open("tests/data/x509/%s_https.key.pem" % hostname, "r").read().rstrip()
tls_file = host.file('/etc/ssl/certs/%s_https.pem' % hostname)
assert tls_file.mode == 0o644
assert tls_file.content_string == open("tests/data/x509/%s_https.cert.pem" % hostname, "r").read().rstrip()