diff options
| author | Brice Figureau <brice-puppet@daysofwonder.com> | 2009-12-29 15:27:54 +0100 |
|---|---|---|
| committer | James Turnbull <james@lovedthanlost.net> | 2010-01-19 08:37:23 +1100 |
| commit | 3e9677f00a09d0249713ed2fa503e42b07f6d978 (patch) | |
| tree | 0b99bb4cd9039bb220ee75f2520b37920a6b7628 /spec/unit/ssl/base.rb | |
| parent | 91c44b439794a87111ab1a0726a2ad08981c839e (diff) | |
| download | puppet-3e9677f00a09d0249713ed2fa503e42b07f6d978.tar.gz puppet-3e9677f00a09d0249713ed2fa503e42b07f6d978.tar.xz puppet-3e9677f00a09d0249713ed2fa503e42b07f6d978.zip | |
Feature #2839 - fingerprint certificate
This patch adds several things:
* certificate fingerprinting in --list mode
* a puppetca action called "--fingerprint" to display fingerprints
of given certificates (or all including CSR)
* a --fingerprint puppetd option to display client certificates
* each time a CSR is generated, its fingerprint is displayed in the log
It is also possible to use --digest in puppetca and puppetd to specify a specific digest
algorithm.
Signed-off-by: Brice Figureau <brice-puppet@daysofwonder.com>
Diffstat (limited to 'spec/unit/ssl/base.rb')
| -rwxr-xr-x | spec/unit/ssl/base.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/spec/unit/ssl/base.rb b/spec/unit/ssl/base.rb new file mode 100755 index 000000000..dfab3c843 --- /dev/null +++ b/spec/unit/ssl/base.rb @@ -0,0 +1,40 @@ +#!/usr/bin/env ruby + +require File.dirname(__FILE__) + '/../../spec_helper' + +require 'puppet/ssl/certificate' + +class TestCertificate < Puppet::SSL::Base; end + +describe Puppet::SSL::Certificate do + before :each do + @base = TestCertificate.new("name") + end + + describe "when fingerprinting content" do + before :each do + @cert = stub 'cert', :to_der => "DER" + @base.stubs(:content).returns(@cert) + OpenSSL::Digest.stubs(:constants).returns ["MD5", "DIGEST"] + end + + it "should digest the certificate DER value and return a ':' seperated nibblet string" do + @cert.expects(:to_der).returns("DER") + OpenSSL::Digest.expects(:hexdigest).with("MD5", "DER").returns "digest" + + @base.fingerprint.should == "DI:GE:ST" + end + + it "should raise an error if the digest algorithm is not defined" do + OpenSSL::Digest.expects(:constants).returns [] + + lambda { @base.fingerprint }.should raise_error + end + + it "should use the given digest algorithm" do + OpenSSL::Digest.expects(:hexdigest).with("DIGEST", "DER").returns "digest" + + @base.fingerprint(:digest).should == "DI:GE:ST" + end + end +end
\ No newline at end of file |