MAR-181: Drop support for Debian 9 Stretch from the xmpp_server role:

- Switch to using IPs from VirtualBox default allowed host-only
network subnets.
- Drop Stretch-specific workarounds, code, and tests.
import os

import testinfra.utils.ansible_runner

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(

def test_installed_packages(host):
    Tests if the necessary packages have been installed.

    assert host.package('postfix').is_installed
    assert host.package('procmail').is_installed
    assert host.package('swaks').is_installed

def test_removed_packages(host):
    Tests if certain packages have been removed from the system.

    assert not host.package('exim4').is_installed

def test_smtp_relay_truststore_file(host):
    Tests if SMTP relay truststore has correct permissions and content.

    truststore = host.file('/etc/ssl/certs/smtp_relay_truststore.pem')

    assert truststore.is_file
    assert truststore.user == 'root'
    assert == 'root'
    assert truststore.mode == 0o644
    assert truststore.content_string == open("tests/data/x509/ca/level1.cert.pem", "r").read().rstrip()

def test_smtp_mailname(host):
    Tests if SMTP mailname configuration file has correct permissions.

    mailname = host.file('/etc/mailname')

    assert mailname.is_file
    assert mailname.user == 'root'
    assert == 'root'
    assert mailname.mode == 0o644

def test_postfix_main_cf_file(host):
    Tests Postfix main configuration file permissions.

    config = host.file('/etc/postfix/')
    assert config.is_file
    assert config.user == 'root'
    assert == 'root'
    assert config.mode == 0o644

def test_services(host):
    Tests if all the necessary services are enabled and running.

    service = host.service('postfix')
    assert service.is_running
    assert service.is_enabled

def test_firewall_configuration_file(host):
    Tests if firewall configuration file has correct permissions.

    with host.sudo():
        config = host.file('/etc/ferm/conf.d/20-mail.conf')
        assert config.is_file
        assert config.user == 'root'
        assert == 'root'
        assert config.mode == 0o640

def test_smtp_server_dh_parameter_file(host):
    Tests if the Diffie-Hellman parameter file has been generated

    hostname ='hostname').stdout.strip()
    dhparam_file_path = '/etc/ssl/private/%s_smtp.dh.pem' % hostname

    with host.sudo():
        dhparam_file = host.file(dhparam_file_path)
        assert dhparam_file.is_file
        assert dhparam_file.user == 'root'
        assert == 'root'
        assert dhparam_file.mode == 0o640

        dhparam_info ="openssl dhparam -noout -text -in %s", dhparam_file_path)

        assert "DH Parameters: (2048 bit)" in dhparam_info.stdout

def test_smtp_server_uses_correct_dh_parameters(host):
    Tests if the SMTP server uses the generated Diffie-Hellman parameter.

    hostname ='hostname').stdout.strip()

    with host.sudo():
        expected_dhparam = host.file('/etc/ssl/private/%s_smtp.dh.pem' % hostname).content_string.rstrip()

    connection ="gnutls-cli --no-ca-verification --starttls-proto=smtp --port 25 "
                          "--priority 'NONE:+VERS-TLS1.2:+CTYPE-X509:+COMP-NULL:+SIGN-RSA-SHA384:+DHE-RSA:+SHA384:+AEAD:+AES-256-GCM' --verbose localhost")

    output = connection.stdout
    begin_marker = "-----BEGIN DH PARAMETERS-----"
    end_marker = "-----END DH PARAMETERS-----"
    used_dhparam = output[output.find(begin_marker):output.find(end_marker) + len(end_marker)]

    assert used_dhparam == expected_dhparam