We have a basically functional CA -- it can sign

requests and return certificates.  There's still plenty
more work to do, but I'm probably not much more than a
day away from redoing puppetca to use this code.

3 files changed, 132 insertions, 33 deletions

diff --git a/spec/unit/ssl/certificate_authority.rb b/spec/unit/ssl/certificate_authority.rb
index 8fb23d883..3271acb91 100755
--- a/spec/unit/ssl/certificate_authority.rb
+++ b/spec/unit/ssl/certificate_authority.rb
@@ -7,6 +7,7 @@ require 'puppet/ssl/certificate_authority'
 describe Puppet::SSL::CertificateAuthority do
     describe "when initializing" do
         it "should always set its name to the value of :certname" do
+            Puppet.settings.stubs(:use)
             Puppet.settings.expects(:value).with(:certname).returns "whatever"
 
             Puppet::SSL::CertificateAuthority.any_instance.stubs(:setup_ca)
@@ -14,8 +15,15 @@ describe Puppet::SSL::CertificateAuthority do
             Puppet::SSL::CertificateAuthority.new.name.should == "whatever"
         end
 
+        it "should use the :main, :ca, and :ssl settings sections" do
+            Puppet.settings.expects(:use).with(:main, :ssl, :ca)
+            Puppet::SSL::CertificateAuthority.any_instance.stubs(:setup_ca)
+            Puppet::SSL::CertificateAuthority.new
+        end
+
         describe "a new certificate authority" do
             before do
+                Puppet.settings.stubs(:use)
                 Puppet.settings.stubs(:value).with(:certname).returns "whatever"
             end
 
@@ -73,7 +81,7 @@ describe Puppet::SSL::CertificateAuthority do
 
                 cert = mock 'cert'
                 cert.expects(:to_s).returns "my cert"
-                Puppet::SSL::CertificateAuthority.any_instance.expects(:sign).with(request, :ca, true).returns cert
+                Puppet::SSL::CertificateAuthority.any_instance.expects(:sign).with("whatever", :ca, request).returns cert
 
                 fh = mock 'filehandle'
                 Puppet.settings.expects(:write).with(:cacert).yields fh
@@ -90,6 +98,7 @@ describe Puppet::SSL::CertificateAuthority do
         describe "an existing certificate authority" do
             it "should read and decrypt the key at :cakey using the password at :capass and it should read the cert at :cacert" do
                 Puppet.settings.stubs(:value).with(:certname).returns "whatever"
+                Puppet.settings.stubs(:use)
 
                 paths = {}
                 [:capass, :cakey, :cacert].each do |value|
@@ -117,6 +126,7 @@ describe Puppet::SSL::CertificateAuthority do
     describe "when signing" do
         before do
             Puppet.settings.stubs(:value).with(:certname).returns "whatever"
+            Puppet.settings.stubs(:use)
 
             Puppet::SSL::CertificateAuthority.any_instance.stubs(:password?).returns true
 
@@ -259,7 +269,7 @@ describe Puppet::SSL::CertificateAuthority do
 
             it "should use the CA certificate as the issuer" do
                 Puppet::SSL::CertificateFactory.expects(:new).with do |*args|
-                    args[2] == @cacert.content
+                    args[2] == @cacert
                 end.returns @factory
                 @ca.sign(@name)
             end
diff --git a/spec/unit/ssl/host.rb b/spec/unit/ssl/host.rb
index f3ead362a..a4972de9d 100755
--- a/spec/unit/ssl/host.rb
+++ b/spec/unit/ssl/host.rb
@@ -53,7 +53,7 @@ describe Puppet::SSL::Host do
             Puppet::SSL::Key.expects(:new).with("myname").returns(@key)
 
             @key.expects(:generate)
-            @key.expects(:save)
+            @key.expects(:save).with(:in => :file)
 
             @host.generate_key.should be_true
             @host.key.should equal(@realkey)
@@ -90,7 +90,7 @@ describe Puppet::SSL::Host do
             @host.expects(:generate_key).returns(key)
 
             @request.stubs(:generate)
-            @request.stubs(:save)
+            @request.stubs(:save).with(:in => :file)
 
             @host.generate_certificate_request
         end
@@ -101,7 +101,7 @@ describe Puppet::SSL::Host do
             key = stub 'key', :public_key => mock("public_key")
             @host.stubs(:key).returns(key)
             @request.expects(:generate).with(key)
-            @request.expects(:save)
+            @request.expects(:save).with(:in => :file)
 
             @host.generate_certificate_request.should be_true
             @host.certificate_request.should equal(@realrequest)
@@ -133,7 +133,7 @@ describe Puppet::SSL::Host do
             @host.expects(:generate_certificate_request)
 
             @cert.stubs(:generate)
-            @cert.stubs(:save)
+            @cert.stubs(:save).with(:in => :file)
 
             @host.generate_certificate
         end
@@ -144,7 +144,7 @@ describe Puppet::SSL::Host do
             request = stub 'request'
             @host.stubs(:certificate_request).returns(request)
             @cert.expects(:generate).with(request).returns(true)
-            @cert.expects(:save)
+            @cert.expects(:save).with(:in => :file)
 
             @host.generate_certificate.should be_true
             @host.certificate.should equal(@realcert)
@@ -183,4 +183,81 @@ describe Puppet::SSL::Host do
             @host.destroy
         end
     end
+
+    describe "when sending its CSR to the CA" do
+        before do
+            @realrequest = "real request"
+            @request = stub 'request', :content => @realrequest
+
+            @host.instance_variable_set("@certificate_request", @request)
+        end
+
+        it "should be able to send its CSR" do
+            @request.expects(:save)
+
+            @host.send_certificate_request
+        end
+
+        it "should default to sending its CSR to the :ca_file" do
+            @request.expects(:save).with(:in => :ca_file)
+
+            @host.send_certificate_request
+        end
+
+        it "should allow specification of another CA terminus" do
+            @request.expects(:save).with(:in => :rest)
+
+            @host.send_certificate_request :rest
+        end
+    end
+
+    describe "when retrieving its signed certificate from the CA" do
+        before do
+            @realcert = "real cert"
+            @cert = stub 'cert', :content => @realcert
+        end
+
+        it "should be able to send its CSR" do
+            Puppet::SSL::Certificate.expects(:find).with { |*args| args[0] == @host.name }
+
+            @host.retrieve_signed_certificate
+        end
+
+        it "should default to searching for its certificate in the :ca_file" do
+            Puppet::SSL::Certificate.expects(:find).with { |*args| args[1] == {:in => :ca_file} }
+
+            @host.retrieve_signed_certificate
+        end
+
+        it "should allow specification of another CA terminus" do
+            Puppet::SSL::Certificate.expects(:find).with { |*args| args[1] == {:in => :rest} }
+
+            @host.retrieve_signed_certificate :rest
+        end
+
+        it "should return true and set its certificate if retrieval was successful" do
+            cert = stub 'cert', :content => "mycert"
+            Puppet::SSL::Certificate.stubs(:find).returns cert
+
+            @host.retrieve_signed_certificate.should be_true
+            @host.certificate.should == "mycert"
+        end
+
+        it "should save the retrieved certificate to the local disk" do
+            cert = stub 'cert', :content => "mycert"
+            Puppet::SSL::Certificate.stubs(:find).returns cert
+
+            cert.expects(:save).with :in => :file
+
+            @host.retrieve_signed_certificate
+            @host.certificate
+        end
+
+        it "should return false and not set its certificate if retrieval was unsuccessful" do
+            Puppet::SSL::Certificate.stubs(:find).returns nil
+
+            @host.retrieve_signed_certificate.should be_false
+            @host.certificate.should be_nil
+        end
+    end
 end
diff --git a/spec/unit/ssl/key.rb b/spec/unit/ssl/key.rb
index 4978a591b..57ad943c2 100755
--- a/spec/unit/ssl/key.rb
+++ b/spec/unit/ssl/key.rb
@@ -83,49 +83,61 @@ describe Puppet::SSL::Key do
         end
 
         it "should create the private key with the keylength specified in the settings" do
-            Puppet.settings.expects(:value).with(:keylength).returns(50)
+            Puppet.settings.expects(:value).with(:keylength).returns("50")
             OpenSSL::PKey::RSA.expects(:new).with(50).returns(@key)
 
             @instance.generate
         end
 
-        it "should fail if a provided password file does not exist" do
-            FileTest.expects(:exist?).with("/path/to/pass").returns false
+        it "should set the content to the generated key" do
+            OpenSSL::PKey::RSA.stubs(:new).returns(@key)
+            @instance.generate
+            @instance.content.should equal(@key)
+        end
 
-            lambda { @instance.password_file = "/path/to/pass" }.should raise_error(ArgumentError)
+        it "should return the generated key" do
+            OpenSSL::PKey::RSA.stubs(:new).returns(@key)
+            @instance.generate.should equal(@key)
         end
 
-        it "should return the contents of the password file as its password" do
-            FileTest.expects(:exist?).with("/path/to/pass").returns true
-            File.expects(:read).with("/path/to/pass").returns "my password"
+        it "should return the key in pem format" do
+            @instance.generate
+            @instance.content.expects(:to_pem).returns "my normal key"
+            @instance.to_s.should == "my normal key"
+        end
 
-            @instance.password_file = "/path/to/pass"
+        describe "with a password file set" do
+            it "should fail if the password file does not exist" do
+                FileTest.expects(:exist?).with("/path/to/pass").returns false
 
-            @instance.password.should == "my password"
-        end
+                lambda { @instance.password_file = "/path/to/pass" }.should raise_error(ArgumentError)
+            end
 
-        it "should create the private key with any provided password" do
-            Puppet.settings.stubs(:value).with(:keylength).returns(50)
+            it "should return the contents of the password file as its password" do
+                FileTest.expects(:exist?).with("/path/to/pass").returns true
+                File.expects(:read).with("/path/to/pass").returns "my password"
 
-            FileTest.expects(:exist?).with("/path/to/pass").returns true
-            File.expects(:read).with("/path/to/pass").returns "my password"
+                @instance.password_file = "/path/to/pass"
 
-            @instance.password_file = "/path/to/pass"
+                @instance.password.should == "my password"
+            end
 
-            OpenSSL::PKey::RSA.expects(:new).with(50, "my password").returns(@key)
+            it "should export the private key to text using the password" do
+                Puppet.settings.stubs(:value).with(:keylength).returns("50")
 
-            @instance.generate
-        end
+                FileTest.expects(:exist?).with("/path/to/pass").returns true
+                @instance.password_file = "/path/to/pass"
+                @instance.stubs(:password).returns "my password"
 
-        it "should set the content to the generated key" do
-            OpenSSL::PKey::RSA.stubs(:new).returns(@key)
-            @instance.generate
-            @instance.content.should equal(@key)
-        end
+                OpenSSL::PKey::RSA.expects(:new).returns(@key)
+                @instance.generate
 
-        it "should return the generated key" do
-            OpenSSL::PKey::RSA.stubs(:new).returns(@key)
-            @instance.generate.should equal(@key)
+                cipher = mock 'cipher'
+                OpenSSL::Cipher::DES.expects(:new).with(:EDE3, :CBC).returns cipher
+                @key.expects(:export).with(cipher, "my password").returns "my encrypted key"
+
+                @instance.to_s.should == "my encrypted key"
+            end
         end
     end
 end