diff options
| author | Luke Kanies <luke@madstop.com> | 2008-04-02 10:53:14 -0500 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-04-15 21:34:06 -0500 |
| commit | 174b9c99f7eb904ec7d415d3884f3620b6b65d40 (patch) | |
| tree | 137b8578dc3f3ea22da199ef81db7c67faa8078f | |
| parent | 546ac97398caa1e9defb34df9567d798e4959020 (diff) | |
| download | puppet-174b9c99f7eb904ec7d415d3884f3620b6b65d40.tar.gz puppet-174b9c99f7eb904ec7d415d3884f3620b6b65d40.tar.xz puppet-174b9c99f7eb904ec7d415d3884f3620b6b65d40.zip | |
Actually signing the certificates in the CA.
| -rw-r--r-- | lib/puppet/ssl/certificate_authority.rb | 1 | ||||
| -rwxr-xr-x | spec/unit/ssl/certificate_authority.rb | 40 |
2 files changed, 40 insertions, 1 deletions
diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb index aa997aaf6..3192c2844 100644 --- a/lib/puppet/ssl/certificate_authority.rb +++ b/lib/puppet/ssl/certificate_authority.rb @@ -79,6 +79,7 @@ class Puppet::SSL::CertificateAuthority < Puppet::SSL::Host cert = Puppet::SSL::Certificate.new(host) cert.content = Puppet::SSL::CertificateFactory.new(cert_type, csr.content, issuer, next_serial).result + cert.content.sign(key, OpenSSL::Digest::SHA1.new) Puppet.notice "Signed certificate request for %s" % host diff --git a/spec/unit/ssl/certificate_authority.rb b/spec/unit/ssl/certificate_authority.rb index 3271acb91..e9624f218 100755 --- a/spec/unit/ssl/certificate_authority.rb +++ b/spec/unit/ssl/certificate_authority.rb @@ -141,7 +141,8 @@ describe Puppet::SSL::CertificateAuthority do # Stub out the factory @name = "myhost" - @cert = stub 'certificate', :content => "mycert" + @real_cert = stub 'realcert', :sign => nil + @cert = stub 'certificate', :content => @real_cert Puppet::SSL::Certificate.stubs(:new).returns @cert @cert.stubs(:content=) @@ -281,6 +282,17 @@ describe Puppet::SSL::CertificateAuthority do @ca.sign(@name) end + it "should sign the resulting certificate using its key and a digest" do + digest = mock 'digest' + OpenSSL::Digest::SHA1.expects(:new).returns digest + + key = mock 'key' + @ca.stubs(:key).returns key + + @cert.content.expects(:sign).with(key, digest) + @ca.sign(@name) + end + it "should save the resulting certificate in the :ca_file terminus" do @cert.expects(:save).with(:in => :ca_file) @ca.sign(@name) @@ -307,4 +319,30 @@ describe Puppet::SSL::CertificateAuthority do @ca.sign(@name).should equal(@cert) end end + + describe "when managing certificate clients" do + before do + Puppet.settings.stubs(:value).with(:certname).returns "whatever" + Puppet.settings.stubs(:use) + + Puppet::SSL::CertificateAuthority.any_instance.stubs(:password?).returns true + + # Set up the CA + @key = mock 'key' + @key.stubs(:content).returns "cakey" + Puppet::SSL::CertificateAuthority.any_instance.stubs(:key).returns @key + @cacert = mock 'certificate' + @cacert.stubs(:content).returns "cacertificate" + Puppet::SSL::CertificateAuthority.any_instance.stubs(:certificate).returns @cacert + @ca = Puppet::SSL::CertificateAuthority.new + end + + describe "when revoking certificates" do + it "should fail if the certificate revocation list is disabled" + + it "should default to OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE as the reason" + + it "should require a serial number" + end + end end |