diff options
| author | Luke Kanies <luke@madstop.com> | 2008-11-03 22:05:20 -0600 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-11-03 22:06:27 -0600 |
| commit | 7fdf2bb23fbc5a3cb2468fb6b980eaf556d29c64 (patch) | |
| tree | 136e8f20db596e22832d687c65998fa0585ef451 /spec/unit/ssl | |
| parent | a00c1f2bb508d711c5fa0dd4bda98b7a747140aa (diff) | |
| download | puppet-7fdf2bb23fbc5a3cb2468fb6b980eaf556d29c64.tar.gz puppet-7fdf2bb23fbc5a3cb2468fb6b980eaf556d29c64.tar.xz puppet-7fdf2bb23fbc5a3cb2468fb6b980eaf556d29c64.zip | |
Retrieving the CA certificate before the client certificate.
We have to have a CA cert first, because the host will
start using the client cert as soon as it's available,
but it's not functional without a CA cert.
Also removing extra stupid stuff from wait_for_cert --
the connection is now always recycled, which is much simpler.
Signed-off-by: Luke Kanies <luke@madstop.com>
Diffstat (limited to 'spec/unit/ssl')
| -rwxr-xr-x | spec/unit/ssl/host.rb | 35 |
1 files changed, 27 insertions, 8 deletions
diff --git a/spec/unit/ssl/host.rb b/spec/unit/ssl/host.rb index c234585f7..8315689c8 100755 --- a/spec/unit/ssl/host.rb +++ b/spec/unit/ssl/host.rb @@ -267,13 +267,37 @@ describe Puppet::SSL::Host do @cert = stub 'cert', :content => @realcert end + it "should find the CA certificate if it does not have a certificate" do + Puppet::SSL::Certificate.expects(:find).with("ca").returns mock("cacert") + Puppet::SSL::Certificate.stubs(:find).with("myname").returns @cert + + @host.certificate + end + + it "should not find the CA certificate if it is the CA host" do + @host.expects(:ca?).returns true + Puppet::SSL::Certificate.stubs(:find) + Puppet::SSL::Certificate.expects(:find).with("ca").never + + @host.certificate + end + + it "should return nil if it cannot find a CA certificate" do + Puppet::SSL::Certificate.expects(:find).with("ca").returns nil + Puppet::SSL::Certificate.expects(:find).with("myname").never + + @host.certificate.should be_nil + end + it "should find the certificate in the Certificate class and return the Puppet certificate instance" do + Puppet::SSL::Certificate.expects(:find).with("ca").returns mock("cacert") Puppet::SSL::Certificate.expects(:find).with("myname").returns @cert @host.certificate.should equal(@cert) end it "should return any previously found certificate" do + Puppet::SSL::Certificate.expects(:find).with("ca").returns mock("cacert") Puppet::SSL::Certificate.expects(:find).with("myname").returns(@cert).once @host.certificate.should equal(@cert) @@ -451,22 +475,17 @@ describe Puppet::SSL::Host do @host = Puppet::SSL::Host.new("me") end - it "should return :existing if it already has a certificate" do - @host.expects(:certificate).returns "foo" - @host.wait_for_cert(0).should == :existing - end - it "should generate its certificate request and attempt to read the certificate again if no certificate is found" do @host.expects(:certificate).times(2).returns(nil).then.returns "foo" @host.expects(:generate) - @host.wait_for_cert(1).should == :new + @host.wait_for_cert(1) end it "should catch and log errors during CSR saving" do @host.expects(:certificate).times(2).returns(nil).then.returns "foo" @host.expects(:generate).times(2).raises(RuntimeError).then.returns nil @host.stubs(:sleep) - @host.wait_for_cert(1).should == :new + @host.wait_for_cert(1) end it "should sleep and retry after failures saving the CSR if waitforcert is enabled" do @@ -498,7 +517,7 @@ describe Puppet::SSL::Host do @host.expects(:sleep).with(1) - @host.wait_for_cert(1).should == :new + @host.wait_for_cert(1) end it "should catch and log exceptions during certificate retrieval" do |