Moving all of the ca-specific settings to the ca_file

terminus classes, rather than the normal :file classes.

This is unfortunately complicated, and it means that the Key
:ca_file is only ever actually used for retrieving the CA key
itself.

8 files changed, 64 insertions, 20 deletions

diff --git a/lib/puppet/indirector/certificate/ca_file.rb b/lib/puppet/indirector/certificate/ca_file.rb
index 99941c49e..a7d901535 100644
--- a/lib/puppet/indirector/certificate/ca_file.rb
+++ b/lib/puppet/indirector/certificate/ca_file.rb
@@ -5,4 +5,5 @@ class Puppet::SSL::Certificate::CaFile < Puppet::Indirector::SslFile
     desc "Manage the CA collection of signed SSL certificates on disk."
 
     store_in :signeddir
+    store_ca_at :cacert
 end
diff --git a/lib/puppet/indirector/certificate/file.rb b/lib/puppet/indirector/certificate/file.rb
index 5f4ade051..9e2e8ed99 100644
--- a/lib/puppet/indirector/certificate/file.rb
+++ b/lib/puppet/indirector/certificate/file.rb
@@ -5,5 +5,4 @@ class Puppet::SSL::Certificate::File < Puppet::Indirector::SslFile
     desc "Manage SSL certificates on disk."
 
     store_in :certdir
-    store_ca_at :cacert
 end
diff --git a/lib/puppet/indirector/key/ca_file.rb b/lib/puppet/indirector/key/ca_file.rb
new file mode 100644
index 000000000..0193dea90
--- /dev/null
+++ b/lib/puppet/indirector/key/ca_file.rb
@@ -0,0 +1,20 @@
+require 'puppet/indirector/ssl_file'
+require 'puppet/ssl/key'
+
+class Puppet::SSL::Key::CaFile < Puppet::Indirector::SslFile
+    desc "Manage the CA's private on disk.  This terminus *only* works
+        with the CA key, because that's the only key that the CA ever interacts
+        with."
+
+    # This is just to pass the validation in the base class.  Eh.
+    store_at :cakey
+
+    store_ca_at :cakey
+
+    def path(name)
+        unless ca?(name)
+            raise ArgumentError, "The :ca_file terminus can only handle the CA private key"
+        end
+        super
+    end
+end
diff --git a/lib/puppet/indirector/key/file.rb b/lib/puppet/indirector/key/file.rb
index 4536f8aa7..7103c2903 100644
--- a/lib/puppet/indirector/key/file.rb
+++ b/lib/puppet/indirector/key/file.rb
@@ -5,7 +5,6 @@ class Puppet::SSL::Key::File < Puppet::Indirector::SslFile
     desc "Manage SSL private and public keys on disk."
 
     store_in :privatekeydir
-    store_ca_at :cakey
 
     # Where should we store the public key?
     def public_key_path(name)
diff --git a/spec/unit/indirector/certificate/ca_file.rb b/spec/unit/indirector/certificate/ca_file.rb
index 98075170d..864bc87bd 100755
--- a/spec/unit/indirector/certificate/ca_file.rb
+++ b/spec/unit/indirector/certificate/ca_file.rb
@@ -16,4 +16,13 @@ describe Puppet::SSL::Certificate::CaFile do
         Puppet.settings.expects(:value).with(:signeddir).returns "/cert/dir"
         Puppet::SSL::Certificate::CaFile.collection_directory.should == "/cert/dir"
     end
+
+    it "should store the ca certificate at the :cacert location" do
+        Puppet.settings.stubs(:use)
+        Puppet.settings.stubs(:value).returns "whatever"
+        Puppet.settings.stubs(:value).with(:cacert).returns "/ca/cert"
+        file = Puppet::SSL::Certificate::CaFile.new
+        file.stubs(:ca?).returns true
+        file.path("whatever").should == "/ca/cert"
+    end
 end
diff --git a/spec/unit/indirector/certificate/file.rb b/spec/unit/indirector/certificate/file.rb
index ffaf12047..18fe9a1c3 100755
--- a/spec/unit/indirector/certificate/file.rb
+++ b/spec/unit/indirector/certificate/file.rb
@@ -16,13 +16,4 @@ describe Puppet::SSL::Certificate::File do
         Puppet.settings.expects(:value).with(:certdir).returns "/cert/dir"
         Puppet::SSL::Certificate::File.collection_directory.should == "/cert/dir"
     end
-
-    it "should store the ca certificate at the :cacert location" do
-        Puppet.settings.stubs(:use)
-        Puppet.settings.stubs(:value).returns "whatever"
-        Puppet.settings.stubs(:value).with(:cacert).returns "/ca/cert"
-        file = Puppet::SSL::Certificate::File.new
-        file.stubs(:ca?).returns true
-        file.path("whatever").should == "/ca/cert"
-    end
 end
diff --git a/spec/unit/indirector/key/ca_file.rb b/spec/unit/indirector/key/ca_file.rb
new file mode 100755
index 000000000..256c3b44a
--- /dev/null
+++ b/spec/unit/indirector/key/ca_file.rb
@@ -0,0 +1,34 @@
+#!/usr/bin/env ruby
+#
+#  Created by Luke Kanies on 2008-3-7.
+#  Copyright (c) 2007. All rights reserved.
+
+require File.dirname(__FILE__) + '/../../../spec_helper'
+
+require 'puppet/indirector/key/ca_file'
+
+describe Puppet::SSL::Key::CaFile do
+    it "should have documentation" do
+        Puppet::SSL::Key::CaFile.doc.should be_instance_of(String)
+    end
+
+    it "should store the ca key at the :cakey location" do
+        Puppet.settings.stubs(:use)
+        Puppet.settings.stubs(:value).returns "whatever"
+        Puppet.settings.stubs(:value).with(:cakey).returns "/ca/key"
+        file = Puppet::SSL::Key::CaFile.new
+        file.stubs(:ca?).returns true
+        file.path("whatever").should == "/ca/key"
+    end
+
+    describe "when choosing the path for the public key" do
+        it "should fail if the key is not for the CA" do
+            Puppet.settings.stubs(:use)
+            Puppet.settings.stubs(:value).returns "whatever"
+            Puppet.settings.stubs(:value).with(:cakey).returns "/ca/key"
+            file = Puppet::SSL::Key::CaFile.new
+            file.stubs(:ca?).returns false
+            lambda { file.path("whatever") }.should raise_error(ArgumentError)
+        end
+    end
+end
diff --git a/spec/unit/indirector/key/file.rb b/spec/unit/indirector/key/file.rb
index 8a1cb04bd..bd0c57c36 100755
--- a/spec/unit/indirector/key/file.rb
+++ b/spec/unit/indirector/key/file.rb
@@ -17,15 +17,6 @@ describe Puppet::SSL::Key::File do
         Puppet::SSL::Key::File.collection_directory.should == "/key/dir"
     end
 
-    it "should store the ca key at the :cakey location" do
-        Puppet.settings.stubs(:use)
-        Puppet.settings.stubs(:value).returns "whatever"
-        Puppet.settings.stubs(:value).with(:cakey).returns "/ca/key"
-        file = Puppet::SSL::Key::File.new
-        file.stubs(:ca?).returns true
-        file.path("whatever").should == "/ca/key"
-    end
-
     describe "when choosing the path for the public key" do
         it "should use the :capub setting location if the key is for the certificate authority" do
             Puppet.settings.stubs(:value).returns "/fake/dir"