Finishing the interface between the CA and the CRL.

Certificate revocation now works, the CA knows how
to generate the CRL, and the SSL::Host class knows
how to configure the CRL class for indirection.

1 files changed, 15 insertions, 1 deletions

diff --git a/spec/integration/ssl/certificate_authority.rb b/spec/integration/ssl/certificate_authority.rb
index 9d331ac91..d70800737 100755
--- a/spec/integration/ssl/certificate_authority.rb
+++ b/spec/integration/ssl/certificate_authority.rb
@@ -18,7 +18,7 @@ describe Puppet::SSL::CertificateAuthority do
         Puppet.settings[:confdir] = @dir
         Puppet.settings[:vardir] = @dir
 
-        Puppet::SSL::Host.ca_location = :only
+        Puppet::SSL::Host.ca_location = :local
         @ca = Puppet::SSL::CertificateAuthority.new
     end
 
@@ -44,6 +44,20 @@ describe Puppet::SSL::CertificateAuthority do
         @ca.host.certificate.should be_instance_of(Puppet::SSL::Certificate)
     end
 
+    it "should be able to generate a new host certificate" do
+        @ca.generate("newhost")
+
+        Puppet::SSL::Certificate.find("newhost").should be_instance_of(Puppet::SSL::Certificate)
+    end
+
+    it "should be able to revoke a host certificate" do
+        @ca.generate("newhost")
+
+        @ca.revoke("newhost")
+
+        lambda { @ca.verify("newhost") }.should raise_error
+    end
+
     describe "when signing certificates" do
         before do
             @host = Puppet::SSL::Host.new("luke.madstop.com")