The SSL::Host class now uses the CA to generate its certificate when appropriate.

It uses the CA singleton method to determine whether it's on valid CA host, and if so, uses the CA instance to sign its generated CSR.
author: Luke Kanies <luke@madstop.com> 2008-05-05 17:16:03 -0500
committer: Luke Kanies <luke@madstop.com> 2008-05-05 17:16:03 -0500
commit: ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c (patch)
tree: 5bc654caf5c6da1127fb93e081b1dcf99929695a
parent: 67dc268fae0489de93f247b08fdaf7b1eec0e15d (diff)
download: puppet-ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c.tar.gz
puppet-ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c.tar.xz
puppet-ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c.zip
2 files changed, 32 insertions, 6 deletions
diff --git a/lib/puppet/ssl/host.rb b/lib/puppet/ssl/host.rb
index e89f21676..09086e0fa 100644
--- a/lib/puppet/ssl/host.rb
+++ b/lib/puppet/ssl/host.rb
@@ -146,9 +146,12 @@ class Puppet::SSL::Host
         generate_key unless key
         generate_certificate_request unless certificate_request
 
-        # Now try to find our actual certificate; this should hopefully get
-        # the cert from the server and then cache it locally.
-        certificate()
+        # If we can get a CA instance, then we're a valid CA, and we
+        # should use it to sign our request; else, just try to read
+        # the cert.
+        if ! certificate() and ca = Puppet::SSL::CertificateAuthority.instance
+            ca.sign(self.name)
+        end
     end
 
     def initialize(name = nil)
@@ -162,3 +165,5 @@ class Puppet::SSL::Host
         key.content.public_key
     end
 end
+
+require 'puppet/ssl/certificate_authority'
diff --git a/spec/unit/ssl/host.rb b/spec/unit/ssl/host.rb
index 66e21cd79..233bede9b 100755
--- a/spec/unit/ssl/host.rb
+++ b/spec/unit/ssl/host.rb
@@ -353,10 +353,31 @@ describe Puppet::SSL::Host do
             @host.generate
         end
 
-        it "should seek its certificate" do
-            @host.expects(:certificate)
+        describe "and it can create a certificate authority" do
+            before do
+                @ca = mock 'ca'
+                Puppet::SSL::CertificateAuthority.stubs(:instance).returns @ca
+            end
 
-            @host.generate
+            it "should use the CA to sign its certificate request if it does not have a certificate" do
+                @host.expects(:certificate).returns nil
+
+                @ca.expects(:sign).with(@host.name)
+
+                @host.generate
+            end
+        end
+
+        describe "and it cannot create a certificate authority" do
+            before do
+                Puppet::SSL::CertificateAuthority.stubs(:instance).returns nil
+            end
+
+            it "should seek its certificate" do
+                @host.expects(:certificate)
+
+                @host.generate
+            end
         end
     end
 end
author	Luke Kanies <luke@madstop.com>	2008-05-05 17:16:03 -0500
committer	Luke Kanies <luke@madstop.com>	2008-05-05 17:16:03 -0500
commit	ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c (patch)
tree	5bc654caf5c6da1127fb93e081b1dcf99929695a
parent	67dc268fae0489de93f247b08fdaf7b1eec0e15d (diff)
download	puppet-ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c.tar.gz puppet-ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c.tar.xz puppet-ce6d5787aaefc4c980e51c394328c2ddc2f7cb9c.zip