blob: 253009b5d9bc70faa05764a61ae175d5e930a34a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
|
#!/usr/bin/env ruby
require File.dirname(__FILE__) + '/../../spec_helper'
require 'puppet/ssl/certificate_request'
require 'puppet/ssl/key'
describe Puppet::SSL::CertificateRequest do
before do
@class = Puppet::SSL::CertificateRequest
end
it "should be extended with the Indirector module" do
@class.singleton_class.should be_include(Puppet::Indirector)
end
it "should indirect certificate_request" do
@class.indirection.name.should == :certificate_request
end
it "should use any provided name as its name" do
@class.new("myname").name.should == "myname"
end
it "should only support the text format" do
@class.supported_formats.should == [:s]
end
describe "when converting from a string" do
it "should create a CSR instance with its name set to the CSR subject and its content set to the extracted CSR" do
csr = stub 'csr', :subject => "/CN=Foo.madstop.com"
OpenSSL::X509::Request.expects(:new).with("my csr").returns(csr)
mycsr = stub 'sslcsr'
mycsr.expects(:content=).with(csr)
@class.expects(:new).with("foo.madstop.com").returns mycsr
@class.from_s("my csr")
end
end
describe "when managing instances" do
before do
@request = @class.new("myname")
end
it "should have a name attribute" do
@request.name.should == "myname"
end
it "should downcase its name" do
@class.new("MyName").name.should == "myname"
end
it "should have a content attribute" do
@request.should respond_to(:content)
end
it "should be able to read requests from disk" do
path = "/my/path"
File.expects(:read).with(path).returns("my request")
request = mock 'request'
OpenSSL::X509::Request.expects(:new).with("my request").returns(request)
@request.read(path).should equal(request)
@request.content.should equal(request)
end
it "should return an empty string when converted to a string with no request" do
@request.to_s.should == ""
end
it "should convert the request to pem format when converted to a string" do
request = mock 'request', :to_pem => "pem"
@request.content = request
@request.to_s.should == "pem"
end
it "should have a :to_text method that it delegates to the actual key" do
real_request = mock 'request'
real_request.expects(:to_text).returns "requesttext"
@request.content = real_request
@request.to_text.should == "requesttext"
end
end
describe "when generating" do
before do
@instance = @class.new("myname")
key = Puppet::SSL::Key.new("myname")
@key = key.generate
@request = OpenSSL::X509::Request.new
OpenSSL::X509::Request.expects(:new).returns(@request)
@request.stubs(:verify).returns(true)
end
it "should use the content of the provided key if the key is a Puppet::SSL::Key instance" do
key = Puppet::SSL::Key.new("test")
key.expects(:content).returns @key
@request.expects(:sign).with{ |key, digest| key == @key }
@instance.generate(key)
end
it "should log that it is creating a new certificate request" do
Puppet.expects(:info).twice
@instance.generate(@key)
end
it "should set the subject to [CN, name]" do
subject = mock 'subject'
OpenSSL::X509::Name.expects(:new).with([["CN", @instance.name]]).returns(subject)
@request.expects(:subject=).with(subject)
@instance.generate(@key)
end
it "should set the CN to the CSR name when the CSR is not for a CA" do
subject = mock 'subject'
OpenSSL::X509::Name.expects(:new).with { |subject| subject[0][1] == @instance.name }.returns(subject)
@request.expects(:subject=).with(subject)
@instance.generate(@key)
end
it "should set the CN to the :ca_name setting when the CSR is for a CA" do
subject = mock 'subject'
Puppet.settings.expects(:value).with(:ca_name).returns "mycertname"
OpenSSL::X509::Name.expects(:new).with { |subject| subject[0][1] == "mycertname" }.returns(subject)
@request.expects(:subject=).with(subject)
Puppet::SSL::CertificateRequest.new(Puppet::SSL::CA_NAME).generate(@key)
end
it "should set the version to 0" do
@request.expects(:version=).with(0)
@instance.generate(@key)
end
it "should set the public key to the provided key's public key" do
# Yay, the private key extracts a new key each time.
pubkey = @key.public_key
@key.stubs(:public_key).returns pubkey
@request.expects(:public_key=).with(@key.public_key)
@instance.generate(@key)
end
it "should sign the csr with the provided key and a digest" do
digest = mock 'digest'
OpenSSL::Digest::MD5.expects(:new).returns(digest)
@request.expects(:sign).with(@key, digest)
@instance.generate(@key)
end
it "should verify the generated request using the public key" do
# Stupid keys don't have a competent == method.
@request.expects(:verify).with { |public_key| public_key.to_s == @key.public_key.to_s }.returns true
@instance.generate(@key)
end
it "should fail if verification fails" do
@request.expects(:verify).returns false
lambda { @instance.generate(@key) }.should raise_error(Puppet::Error)
end
it "should fingerprint the request" do
@instance.expects(:fingerprint)
@instance.generate(@key)
end
it "should display the fingerprint" do
Puppet.stubs(:info)
@instance.stubs(:fingerprint).returns("FINGERPRINT")
Puppet.expects(:info).with { |s| s =~ /FINGERPRINT/ }
@instance.generate(@key)
end
it "should return the generated request" do
@instance.generate(@key).should equal(@request)
end
it "should set its content to the generated request" do
@instance.generate(@key)
@instance.content.should equal(@request)
end
end
describe "when a CSR is saved" do
it "should allow arguments" do
csr = Puppet::SSL::CertificateRequest.new("me")
csr.class.indirection.stubs(:save)
lambda { csr.save :ipaddress => "foo" }.should_not raise_error
end
describe "and a CA is available" do
it "should save the CSR and trigger autosigning" do
ca = mock 'ca', :autosign
Puppet::SSL::CertificateAuthority.expects(:instance).returns ca
csr = Puppet::SSL::CertificateRequest.new("me")
Puppet::SSL::CertificateRequest.indirection.expects(:save).with(nil, csr)
csr.save
end
end
describe "and a CA is not available" do
it "should save the CSR" do
Puppet::SSL::CertificateAuthority.expects(:instance).returns nil
csr = Puppet::SSL::CertificateRequest.new("me")
Puppet::SSL::CertificateRequest.indirection.expects(:save).with(nil, csr)
csr.save
end
end
end
end
|