Fixing the HttpPool module to get rid of an infinite loop.

We can't have the HttpPool class use the Indirector to see if it has a cert available, because it might be being used to try to download one, which would cause it to make an http instance, which would cause it to... Well, you get the idea. Adding and fixing a few other tests I ran into on the way.
author: Luke Kanies <luke@madstop.com> 2008-05-06 19:02:45 -0500
committer: Luke Kanies <luke@madstop.com> 2008-05-06 19:02:45 -0500
commit: dd4d8684fc19adcb68c681ba1c446a737498cda0 (patch)
tree: 7dfd898ef167982ea905a542fed6066fb78768b7
parent: 57c753419ac4700ab87689a3e3c3eb7302fff693 (diff)
download: puppet-dd4d8684fc19adcb68c681ba1c446a737498cda0.tar.gz
puppet-dd4d8684fc19adcb68c681ba1c446a737498cda0.tar.xz
puppet-dd4d8684fc19adcb68c681ba1c446a737498cda0.zip
7 files changed, 35 insertions, 9 deletions
diff --git a/lib/puppet/network/client/ca.rb b/lib/puppet/network/client/ca.rb
index a2704e451..5fbdfe9e3 100644
--- a/lib/puppet/network/client/ca.rb
+++ b/lib/puppet/network/client/ca.rb
@@ -45,7 +45,7 @@ class Puppet::Network::Client::CA < Puppet::Network::Client
         end
 
         unless @cert.check_private_key(key)
-            raise InvalidCertificate, "Certificate does not match private key.  Try 'puppetca --clean %s' on the server." % Facter.value(:fqdn)
+            raise InvalidCertificate, "Certificate does not match private key.  Try 'puppetca --clean %s' on the server." % Puppet[:certname]
         end
 
         # Only write the cert out if it passes validating.
diff --git a/lib/puppet/network/http_pool.rb b/lib/puppet/network/http_pool.rb
index 9dd4a576a..24cbee656 100644
--- a/lib/puppet/network/http_pool.rb
+++ b/lib/puppet/network/http_pool.rb
@@ -50,7 +50,7 @@ module Puppet::Network::HttpPool
     # Use cert information from a Puppet client to set up the http object.
     def self.cert_setup(http)
         # Just no-op if we don't have certs.
-        return false unless ssl_host.certificate
+        return false unless FileTest.exist?(Puppet[:hostcert]) # ssl_host.certificate
 
         http.cert_store = ssl_host.ssl_store
         http.ca_file = Puppet[:localcacert]
diff --git a/lib/puppet/network/xmlrpc/client.rb b/lib/puppet/network/xmlrpc/client.rb
index e0fb5a0ab..dfd4a95a7 100644
--- a/lib/puppet/network/xmlrpc/client.rb
+++ b/lib/puppet/network/xmlrpc/client.rb
@@ -51,7 +51,8 @@ module Puppet::Network
                         end
                         ["certificate verify failed", "hostname was not match", "hostname not match"].each do |str|
                             if detail.message.include?(str)
-                                Puppet.warning "Certificate validation failed; considering using the certname configuration option"
+                                Puppet.warning "Certificate validation failed; consider using the certname configuration option"
+                                break
                             end
                         end 
                         raise XMLRPCClientError,
diff --git a/spec/integration/ssl/certificate_request.rb b/spec/integration/ssl/certificate_request.rb
index d3567bcce..01b1f4a29 100755
--- a/spec/integration/ssl/certificate_request.rb
+++ b/spec/integration/ssl/certificate_request.rb
@@ -8,13 +8,17 @@ require File.dirname(__FILE__) + '/../../spec_helper'
 require 'puppet/ssl/certificate_request'
 require 'tempfile'
 
-describe Puppet::SSL::Host do
+describe Puppet::SSL::CertificateRequest do
     before do
         # Get a safe temporary file
         file = Tempfile.new("csr_integration_testing")
         @dir = file.path
         file.delete
 
+        Puppet.settings.clear
+        # This is necessary so the terminus instances don't lie around.
+        Puppet::SSL::CertificateRequest.indirection.clear_cache
+
         Puppet.settings[:confdir] = @dir
         Puppet.settings[:vardir] = @dir
 
@@ -23,13 +27,13 @@ describe Puppet::SSL::Host do
         @key = OpenSSL::PKey::RSA.new(512)
     end
 
-    after {
+    after do
         system("rm -rf %s" % @dir)
         Puppet.settings.clear
 
         # This is necessary so the terminus instances don't lie around.
         Puppet::SSL::CertificateRequest.indirection.clear_cache
-    }
+    end
 
     it "should be able to generate CSRs" do
         @csr.generate(@key)
diff --git a/spec/integration/ssl/host.rb b/spec/integration/ssl/host.rb
index e8fd89364..5e457bded 100755
--- a/spec/integration/ssl/host.rb
+++ b/spec/integration/ssl/host.rb
@@ -18,10 +18,15 @@ describe Puppet::SSL::Host do
         Puppet.settings[:confdir] = @dir
         Puppet.settings[:vardir] = @dir
 
+        Puppet::SSL::Host.ca_location = :local
+
         @host = Puppet::SSL::Host.new("luke.madstop.com")
+        @ca = Puppet::SSL::CertificateAuthority.new
     end
 
     after {
+        Puppet::SSL::Host.ca_location = :none
+
         system("rm -rf %s" % @dir)
         Puppet.settings.clear
 
@@ -77,4 +82,12 @@ describe Puppet::SSL::Host do
             FileTest.should_not be_exist(File.join(Puppet[:privatekeydir], "ca.pem"))
         end
     end
+
+    it "should pass the verification of its own SSL store" do
+        @host.generate
+        @ca = Puppet::SSL::CertificateAuthority.new
+        @ca.sign(@host.name)
+
+        @host.ssl_store.verify(@host.certificate.content).should be_true
+    end
 end
diff --git a/spec/unit/network/http/webrick.rb b/spec/unit/network/http/webrick.rb
index 58b0d9a3d..11b74ec3a 100644
--- a/spec/unit/network/http/webrick.rb
+++ b/spec/unit/network/http/webrick.rb
@@ -61,7 +61,6 @@ describe Puppet::Network::HTTP::WEBrick, "when turning on listening" do
         @server.expects(:setup_logger).returns(:Logger => :mylogger)
 
         WEBrick::HTTPServer.expects(:new).with {|args|
-            p args
             args[:Logger] == :mylogger
         }.returns(@mock_webrick)
 
diff --git a/spec/unit/network/http_pool.rb b/spec/unit/network/http_pool.rb
index b8f087650..1f519637b 100755
--- a/spec/unit/network/http_pool.rb
+++ b/spec/unit/network/http_pool.rb
@@ -170,11 +170,17 @@ describe Puppet::Network::HttpPool do
             @key = stub 'key', :content => "real_key"
             @host = stub 'host', :certificate => @cert, :key => @key, :ssl_store => @store
 
+            Puppet[:confdir] = "/sometthing/else"
+            Puppet.settings.stubs(:value).returns "/some/file"
+            Puppet.settings.stubs(:value).with(:hostcert).returns "/host/cert"
+
+            FileTest.stubs(:exist?).with("/host/cert").returns true
+
             Puppet::Network::HttpPool.stubs(:ssl_host).returns @host
         end
 
-        it "should do nothing if no certificate is available" do
-            @host.expects(:certificate).returns nil
+        it "should do nothing if no certificate is on disk" do
+            FileTest.expects(:exist?).with("/host/cert").returns false
             @http.expects(:cert=).never
             Puppet::Network::HttpPool.cert_setup(@http)
         end
@@ -204,6 +210,9 @@ describe Puppet::Network::HttpPool do
         end
 
         it "should set the ca file" do
+            Puppet.settings.stubs(:value).returns "/some/file"
+            FileTest.stubs(:exist?).with(Puppet[:hostcert]).returns true
+
             Puppet.settings.stubs(:value).with(:localcacert).returns "/ca/cert/file"
             @http.expects(:ca_file=).with("/ca/cert/file")
author	Luke Kanies <luke@madstop.com>	2008-05-06 19:02:45 -0500
committer	Luke Kanies <luke@madstop.com>	2008-05-06 19:02:45 -0500
commit	dd4d8684fc19adcb68c681ba1c446a737498cda0 (patch)
tree	7dfd898ef167982ea905a542fed6066fb78768b7
parent	57c753419ac4700ab87689a3e3c3eb7302fff693 (diff)
download	puppet-dd4d8684fc19adcb68c681ba1c446a737498cda0.tar.gz puppet-dd4d8684fc19adcb68c681ba1c446a737498cda0.tar.xz puppet-dd4d8684fc19adcb68c681ba1c446a737498cda0.zip