diff options
| author | Luke Kanies <luke@madstop.com> | 2008-04-18 10:49:58 -0500 |
|---|---|---|
| committer | Luke Kanies <luke@madstop.com> | 2008-04-18 10:49:58 -0500 |
| commit | 92a7d76e8a160ba1ddb684d52eab6639cf801cb7 (patch) | |
| tree | 0c82d00456eae10d6208c0cce93a4c2092568913 /spec | |
| parent | fb56deae3488e5d97e10e38cba98393a5a8f8414 (diff) | |
All SSL terminus classes now force the CA information into the right place.
Without this, then you could end up duplicating your CA
key into the normal directory depending on how caching
was set up.
Again, this design aspect isn't the most straightforward,
but at least it's functional now.
Diffstat (limited to 'spec')
| -rwxr-xr-x | spec/integration/ssl/host.rb | 10 | ||||
| -rwxr-xr-x | spec/unit/indirector/certificate/file.rb | 9 | ||||
| -rwxr-xr-x | spec/unit/indirector/key/file.rb | 9 |
3 files changed, 28 insertions, 0 deletions
diff --git a/spec/integration/ssl/host.rb b/spec/integration/ssl/host.rb index 63d7aca5b..e8fd89364 100755 --- a/spec/integration/ssl/host.rb +++ b/spec/integration/ssl/host.rb @@ -67,4 +67,14 @@ describe Puppet::SSL::Host do File.read(File.join(Puppet.settings[:requestdir], "luke.madstop.com.pem")).should == @host.certificate_request.to_s end end + + describe "when the CA host" do + it "should never store its key in the :privatekeydir" do + Puppet.settings.use(:main, :ssl, :ca) + @ca = Puppet::SSL::Host.new(Puppet::SSL::Host.ca_name) + @ca.generate_key + + FileTest.should_not be_exist(File.join(Puppet[:privatekeydir], "ca.pem")) + end + end end diff --git a/spec/unit/indirector/certificate/file.rb b/spec/unit/indirector/certificate/file.rb index 18fe9a1c3..ffaf12047 100755 --- a/spec/unit/indirector/certificate/file.rb +++ b/spec/unit/indirector/certificate/file.rb @@ -16,4 +16,13 @@ describe Puppet::SSL::Certificate::File do Puppet.settings.expects(:value).with(:certdir).returns "/cert/dir" Puppet::SSL::Certificate::File.collection_directory.should == "/cert/dir" end + + it "should store the ca certificate at the :cacert location" do + Puppet.settings.stubs(:use) + Puppet.settings.stubs(:value).returns "whatever" + Puppet.settings.stubs(:value).with(:cacert).returns "/ca/cert" + file = Puppet::SSL::Certificate::File.new + file.stubs(:ca?).returns true + file.path("whatever").should == "/ca/cert" + end end diff --git a/spec/unit/indirector/key/file.rb b/spec/unit/indirector/key/file.rb index bd0c57c36..8a1cb04bd 100755 --- a/spec/unit/indirector/key/file.rb +++ b/spec/unit/indirector/key/file.rb @@ -17,6 +17,15 @@ describe Puppet::SSL::Key::File do Puppet::SSL::Key::File.collection_directory.should == "/key/dir" end + it "should store the ca key at the :cakey location" do + Puppet.settings.stubs(:use) + Puppet.settings.stubs(:value).returns "whatever" + Puppet.settings.stubs(:value).with(:cakey).returns "/ca/key" + file = Puppet::SSL::Key::File.new + file.stubs(:ca?).returns true + file.path("whatever").should == "/ca/key" + end + describe "when choosing the path for the public key" do it "should use the :capub setting location if the key is for the certificate authority" do Puppet.settings.stubs(:value).returns "/fake/dir" |