diff options
| author | Markus Roberts <Markus@reality.com> | 2010-07-09 18:12:17 -0700 |
|---|---|---|
| committer | Markus Roberts <Markus@reality.com> | 2010-07-09 18:12:17 -0700 |
| commit | 3180b9d9b2c844dade1d361326600f7001ec66dd (patch) | |
| tree | 98fe7c5ac7eb942aac9c39f019a17b0b3f5a57f4 /test/certmgr | |
| parent | 543225970225de5697734bfaf0a6eee996802c04 (diff) | |
| download | puppet-3180b9d9b2c844dade1d361326600f7001ec66dd.tar.gz puppet-3180b9d9b2c844dade1d361326600f7001ec66dd.tar.xz puppet-3180b9d9b2c844dade1d361326600f7001ec66dd.zip | |
Code smell: Two space indentation
Replaced 106806 occurances of ^( +)(.*$) with
The ruby community almost universally (i.e. everyone but Luke, Markus, and the other eleven people
who learned ruby in the 1900s) uses two-space indentation.
3 Examples:
The code:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
becomes:
end
# Tell getopt which arguments are valid
def test_get_getopt_args
element = Setting.new :name => "foo", :desc => "anything", :settings => Puppet::Util::Settings.new
assert_equal([["--foo", GetoptLong::REQUIRED_ARGUMENT]], element.getopt_args, "Did not produce appropriate getopt args")
The code:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
becomes:
assert_equal(str, val)
assert_instance_of(Float, result)
end
# Now test it with a passed object
The code:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
becomes:
end
assert_nothing_raised do
klass[:Yay] = "boo"
klass["Cool"] = :yayness
end
Diffstat (limited to 'test/certmgr')
| -rwxr-xr-x | test/certmgr/ca.rb | 122 | ||||
| -rwxr-xr-x | test/certmgr/certmgr.rb | 578 | ||||
| -rwxr-xr-x | test/certmgr/inventory.rb | 88 | ||||
| -rwxr-xr-x | test/certmgr/support.rb | 154 |
4 files changed, 471 insertions, 471 deletions
diff --git a/test/certmgr/ca.rb b/test/certmgr/ca.rb index 4ef6a0d80..7e0498dfb 100755 --- a/test/certmgr/ca.rb +++ b/test/certmgr/ca.rb @@ -9,79 +9,79 @@ require 'puppettest/certificates' require 'mocha' class TestCA < Test::Unit::TestCase - include PuppetTest + include PuppetTest - def setup - super - Puppet::Util::SUIDManager.stubs(:asuser).yields - end + def setup + super + Puppet::Util::SUIDManager.stubs(:asuser).yields + end - def hosts - %w{host.domain.com Other.Testing.Com} - end - def mkca - Puppet::SSLCertificates::CA.new - end + def hosts + %w{host.domain.com Other.Testing.Com} + end + def mkca + Puppet::SSLCertificates::CA.new + end - def test_clean - dirs = [:csrdir, :signeddir, :publickeydir, :privatekeydir, :certdir] - ca = mkca + def test_clean + dirs = [:csrdir, :signeddir, :publickeydir, :privatekeydir, :certdir] + ca = mkca - hosts.each do |host| - files = [] - dirs.each do |dir| - dir = Puppet[dir] - # We handle case insensitivity through downcasing - file = File.join(dir, host.downcase + ".pem") - File.open(file, "w") do |f| - f.puts "testing" - end - files << file - end - assert_nothing_raised do - ca.clean(host) - end - files.each do |f| - assert(! FileTest.exists?(f), "File #{f} was not deleted") - end + hosts.each do |host| + files = [] + dirs.each do |dir| + dir = Puppet[dir] + # We handle case insensitivity through downcasing + file = File.join(dir, host.downcase + ".pem") + File.open(file, "w") do |f| + f.puts "testing" end + files << file + end + assert_nothing_raised do + ca.clean(host) + end + files.each do |f| + assert(! FileTest.exists?(f), "File #{f} was not deleted") + end end + end - def test_host2Xfile - ca = mkca - hosts.each do |host| - {:signeddir => :host2certfile, :csrdir => :host2csrfile}.each do |dir, method| - val = nil - assert_nothing_raised do - val = ca.send(method, host) - end - assert_equal(File.join(Puppet[dir], host.downcase + ".pem"), val, - "incorrect response from #{method}") - end + def test_host2Xfile + ca = mkca + hosts.each do |host| + {:signeddir => :host2certfile, :csrdir => :host2csrfile}.each do |dir, method| + val = nil + assert_nothing_raised do + val = ca.send(method, host) end + assert_equal(File.join(Puppet[dir], host.downcase + ".pem"), val, + "incorrect response from #{method}") + end end + end - def test_list - ca = mkca - # Make a fake csr - dir = Puppet[:csrdir] - list = [] - hosts.each do |host| - file = File.join(dir, host.downcase + ".pem") - File.open(file, "w") { |f| f.puts "yay" } - list << host.downcase - end - - assert_equal(list.sort, ca.list.sort, "list was not correct") + def test_list + ca = mkca + # Make a fake csr + dir = Puppet[:csrdir] + list = [] + hosts.each do |host| + file = File.join(dir, host.downcase + ".pem") + File.open(file, "w") { |f| f.puts "yay" } + list << host.downcase end - # #142 - test storing the public key - def test_store_public_key - ca = mkca - assert_nothing_raised do - ca.mkrootcert - end - assert(FileTest.exists?(Puppet[:capub]), "did not store public key") + assert_equal(list.sort, ca.list.sort, "list was not correct") + end + + # #142 - test storing the public key + def test_store_public_key + ca = mkca + assert_nothing_raised do + ca.mkrootcert end + assert(FileTest.exists?(Puppet[:capub]), "did not store public key") + end end diff --git a/test/certmgr/certmgr.rb b/test/certmgr/certmgr.rb index 3cf743a85..b78a138b7 100755 --- a/test/certmgr/certmgr.rb +++ b/test/certmgr/certmgr.rb @@ -9,300 +9,300 @@ require 'puppettest/certificates' require 'mocha' class TestCertMgr < Test::Unit::TestCase - include PuppetTest::Certificates - def setup - super - #@dir = File.join(Puppet[:certdir], "testing") - @dir = File.join(@configpath, "certest") - system("mkdir -p #{@dir}") - - Puppet::Util::SUIDManager.stubs(:asuser).yields - end - - def testCreateSelfSignedCertificate - cert = nil - name = "testing" - newcert = proc { - - Puppet::SSLCertificates::Certificate.new( + include PuppetTest::Certificates + def setup + super + #@dir = File.join(Puppet[:certdir], "testing") + @dir = File.join(@configpath, "certest") + system("mkdir -p #{@dir}") + + Puppet::Util::SUIDManager.stubs(:asuser).yields + end + + def testCreateSelfSignedCertificate + cert = nil + name = "testing" + newcert = proc { + + Puppet::SSLCertificates::Certificate.new( - :name => name, + :name => name, - :selfsign => true - ) - } - assert_nothing_raised { - cert = newcert.call - } - assert_nothing_raised { - cert.mkselfsigned - } - - assert_raise(Puppet::Error) { - cert.mkselfsigned - } - - assert_nothing_raised { - cert.write - } - - assert(FileTest.exists?(cert.certfile)) - - assert_nothing_raised { - cert.delete - } - - assert_nothing_raised { - cert = newcert.call - } - assert_nothing_raised { - cert.mkselfsigned - } - - assert_nothing_raised { - cert.delete - } - - end - - def disabled_testCreateEncryptedSelfSignedCertificate - cert = nil - name = "testing" - keyfile = mkPassFile - assert_nothing_raised { - - cert = Puppet::SSLCertificates::Certificate.new( + :selfsign => true + ) + } + assert_nothing_raised { + cert = newcert.call + } + assert_nothing_raised { + cert.mkselfsigned + } + + assert_raise(Puppet::Error) { + cert.mkselfsigned + } + + assert_nothing_raised { + cert.write + } + + assert(FileTest.exists?(cert.certfile)) + + assert_nothing_raised { + cert.delete + } + + assert_nothing_raised { + cert = newcert.call + } + assert_nothing_raised { + cert.mkselfsigned + } + + assert_nothing_raised { + cert.delete + } + + end + + def disabled_testCreateEncryptedSelfSignedCertificate + cert = nil + name = "testing" + keyfile = mkPassFile + assert_nothing_raised { + + cert = Puppet::SSLCertificates::Certificate.new( - :name => name, - :selfsign => true, + :name => name, + :selfsign => true, - :capass => keyfile - ) - } - assert_nothing_raised { - cert.mkselfsigned - } - assert_nothing_raised { - cert.mkhash - } - - assert_raise(Puppet::Error) { - cert.mkselfsigned - } - - assert(FileTest.exists?(cert.certfile)) - assert(FileTest.exists?(cert.hash)) - - assert_nothing_raised { - cert.delete - } - - assert_nothing_raised { - cert.mkselfsigned - } - - assert_nothing_raised { - cert.delete - } - - end - - def testCreateCA - ca = nil - assert_nothing_raised { - ca = Puppet::SSLCertificates::CA.new - } - - # make the CA again and verify it doesn't fail because everything - # still exists - assert_nothing_raised { - ca = Puppet::SSLCertificates::CA.new - } - - end - - def testSignCert - ca = mkCA() - - cert = nil - assert_nothing_raised { - - cert = Puppet::SSLCertificates::Certificate.new( + :capass => keyfile + ) + } + assert_nothing_raised { + cert.mkselfsigned + } + assert_nothing_raised { + cert.mkhash + } + + assert_raise(Puppet::Error) { + cert.mkselfsigned + } + + assert(FileTest.exists?(cert.certfile)) + assert(FileTest.exists?(cert.hash)) + + assert_nothing_raised { + cert.delete + } + + assert_nothing_raised { + cert.mkselfsigned + } + + assert_nothing_raised { + cert.delete + } + + end + + def testCreateCA + ca = nil + assert_nothing_raised { + ca = Puppet::SSLCertificates::CA.new + } + + # make the CA again and verify it doesn't fail because everything + # still exists + assert_nothing_raised { + ca = Puppet::SSLCertificates::CA.new + } + + end + + def testSignCert + ca = mkCA() + + cert = nil + assert_nothing_raised { + + cert = Puppet::SSLCertificates::Certificate.new( - :name => "signedcertest", - :property => "TN", - :city => "Nashville", - :country => "US", - :email => "luke@madstop.com", - :org => "Puppet", - :ou => "Development", + :name => "signedcertest", + :property => "TN", + :city => "Nashville", + :country => "US", + :email => "luke@madstop.com", + :org => "Puppet", + :ou => "Development", - :encrypt => mkPassFile() - ) - - } - - assert_nothing_raised { - cert.mkcsr - } - - signedcert = nil - cacert = nil - - assert_nothing_raised { - signedcert, cacert = ca.sign(cert.csr) - } - - assert_instance_of(OpenSSL::X509::Certificate, signedcert) - assert_instance_of(OpenSSL::X509::Certificate, cacert) - - assert_nothing_raised { - cert.cert = signedcert - cert.cacert = cacert - cert.write - } - #system("find #{Puppet[:ssldir]}") - #system("cp -R #{Puppet[:ssldir]} /tmp/ssltesting") - - output = nil - assert_nothing_raised { - output = %x{openssl verify -CAfile #{Puppet[:cacert]} -purpose sslserver #{cert.certfile}} - #output = %x{openssl verify -CApath #{Puppet[:certdir]} -purpose sslserver #{cert.certfile}} - } - - assert_equal($CHILD_STATUS,0) - assert_equal(File.join(Puppet[:certdir], "signedcertest.pem: OK\n"), output) - end - - - def test_interactiveca - ca = nil - - assert_nothing_raised { - ca = Puppet::SSLCertificates::CA.new - } - - # basic initialization - hostname = "test.hostname.com" - cert = mkcert(hostname) - - # create the csr - csr = nil - assert_nothing_raised { - csr = cert.mkcsr - } - - assert_nothing_raised { - ca.storeclientcsr(csr) - } - - # store it - pulledcsr = nil - assert_nothing_raised { - pulledcsr = ca.getclientcsr(hostname) - } - - assert_equal(csr.to_pem, pulledcsr.to_pem) - - signedcert = nil - assert_nothing_raised { - signedcert, cacert = ca.sign(csr) - } - - assert_instance_of(OpenSSL::X509::Certificate, signedcert) - newsignedcert = nil - assert_nothing_raised { - newsignedcert, cacert = ca.getclientcert(hostname) - } - - assert(newsignedcert) - - assert_equal(signedcert.to_pem, newsignedcert.to_pem) - end - - def test_cafailures - ca = mkCA() - cert = cacert = nil - assert_nothing_raised { - cert, cacert = ca.getclientcert("nohost") - } - assert_nil(cert) - end - - def test_crl - ca = mkCA() - h1 = mksignedcert(ca, "host1.example.com") - h2 = mksignedcert(ca, "host2.example.com") - - assert(ca.cert.verify(ca.cert.public_key)) - assert(h1.verify(ca.cert.public_key)) - assert(h2.verify(ca.cert.public_key)) - - crl = ca.crl - assert_not_nil(crl) - - store = mkStore(ca) - assert( store.verify(ca.cert)) - assert( store.verify(h1, [ca.cert])) - assert( store.verify(h2, [ca.cert])) - - ca.revoke(h1.serial) - - oldcert = File.read(Puppet.settings[:cacert]) - oldserial = File.read(Puppet.settings[:serial]) - - # Recreate the CA from disk - ca = mkCA() - newcert = File.read(Puppet.settings[:cacert]) - newserial = File.read(Puppet.settings[:serial]) - assert_equal(oldcert, newcert, "The certs are not equal after making a new CA.") - assert_equal(oldserial, newserial, "The serials are not equal after making a new CA.") - store = mkStore(ca) - assert( store.verify(ca.cert), "Could not verify CA certs after reloading certs.") - assert(!store.verify(h1, [ca.cert]), "Incorrectly verified revoked cert.") - assert( store.verify(h2, [ca.cert]), "Could not verify certs with reloaded CA.") - - ca.revoke(h2.serial) - assert_equal(1, ca.crl.extensions.size) - - # Recreate the CA from disk - ca = mkCA() - store = mkStore(ca) - assert( store.verify(ca.cert)) - assert(!store.verify(h1, [ca.cert]), "first revoked cert passed") - assert(!store.verify(h2, [ca.cert]), "second revoked cert passed") - end - - def test_ttl - cert = mksignedcert - assert_equal(5 * 365 * 24 * 60 * 60, cert.not_after - cert.not_before) - - Puppet[:ca_ttl] = 7 * 24 * 60 * 60 - cert = mksignedcert - assert_equal(7 * 24 * 60 * 60, cert.not_after - cert.not_before) - - Puppet[:ca_ttl] = "2y" - cert = mksignedcert - assert_equal(2 * 365 * 24 * 60 * 60, cert.not_after - cert.not_before) - - Puppet[:ca_ttl] = "2y" - cert = mksignedcert - assert_equal(2 * 365 * 24 * 60 * 60, cert.not_after - cert.not_before) - - Puppet[:ca_ttl] = "1h" - cert = mksignedcert - assert_equal(60 * 60, cert.not_after - cert.not_before) - - Puppet[:ca_ttl] = "900s" - cert = mksignedcert - assert_equal(900, cert.not_after - cert.not_before) - - # This needs to be last, to make sure that setting ca_days - # overrides setting ca_ttl - Puppet[:ca_days] = 3 - cert = mksignedcert - assert_equal(3 * 24 * 60 * 60, cert.not_after - cert.not_before) - - end + :encrypt => mkPassFile() + ) + + } + + assert_nothing_raised { + cert.mkcsr + } + + signedcert = nil + cacert = nil + + assert_nothing_raised { + signedcert, cacert = ca.sign(cert.csr) + } + + assert_instance_of(OpenSSL::X509::Certificate, signedcert) + assert_instance_of(OpenSSL::X509::Certificate, cacert) + + assert_nothing_raised { + cert.cert = signedcert + cert.cacert = cacert + cert.write + } + #system("find #{Puppet[:ssldir]}") + #system("cp -R #{Puppet[:ssldir]} /tmp/ssltesting") + + output = nil + assert_nothing_raised { + output = %x{openssl verify -CAfile #{Puppet[:cacert]} -purpose sslserver #{cert.certfile}} + #output = %x{openssl verify -CApath #{Puppet[:certdir]} -purpose sslserver #{cert.certfile}} + } + + assert_equal($CHILD_STATUS,0) + assert_equal(File.join(Puppet[:certdir], "signedcertest.pem: OK\n"), output) + end + + + def test_interactiveca + ca = nil + + assert_nothing_raised { + ca = Puppet::SSLCertificates::CA.new + } + + # basic initialization + hostname = "test.hostname.com" + cert = mkcert(hostname) + + # create the csr + csr = nil + assert_nothing_raised { + csr = cert.mkcsr + } + + assert_nothing_raised { + ca.storeclientcsr(csr) + } + + # store it + pulledcsr = nil + assert_nothing_raised { + pulledcsr = ca.getclientcsr(hostname) + } + + assert_equal(csr.to_pem, pulledcsr.to_pem) + + signedcert = nil + assert_nothing_raised { + signedcert, cacert = ca.sign(csr) + } + + assert_instance_of(OpenSSL::X509::Certificate, signedcert) + newsignedcert = nil + assert_nothing_raised { + newsignedcert, cacert = ca.getclientcert(hostname) + } + + assert(newsignedcert) + + assert_equal(signedcert.to_pem, newsignedcert.to_pem) + end + + def test_cafailures + ca = mkCA() + cert = cacert = nil + assert_nothing_raised { + cert, cacert = ca.getclientcert("nohost") + } + assert_nil(cert) + end + + def test_crl + ca = mkCA() + h1 = mksignedcert(ca, "host1.example.com") + h2 = mksignedcert(ca, "host2.example.com") + + assert(ca.cert.verify(ca.cert.public_key)) + assert(h1.verify(ca.cert.public_key)) + assert(h2.verify(ca.cert.public_key)) + + crl = ca.crl + assert_not_nil(crl) + + store = mkStore(ca) + assert( store.verify(ca.cert)) + assert( store.verify(h1, [ca.cert])) + assert( store.verify(h2, [ca.cert])) + + ca.revoke(h1.serial) + + oldcert = File.read(Puppet.settings[:cacert]) + oldserial = File.read(Puppet.settings[:serial]) + + # Recreate the CA from disk + ca = mkCA() + newcert = File.read(Puppet.settings[:cacert]) + newserial = File.read(Puppet.settings[:serial]) + assert_equal(oldcert, newcert, "The certs are not equal after making a new CA.") + assert_equal(oldserial, newserial, "The serials are not equal after making a new CA.") + store = mkStore(ca) + assert( store.verify(ca.cert), "Could not verify CA certs after reloading certs.") + assert(!store.verify(h1, [ca.cert]), "Incorrectly verified revoked cert.") + assert( store.verify(h2, [ca.cert]), "Could not verify certs with reloaded CA.") + + ca.revoke(h2.serial) + assert_equal(1, ca.crl.extensions.size) + + # Recreate the CA from disk + ca = mkCA() + store = mkStore(ca) + assert( store.verify(ca.cert)) + assert(!store.verify(h1, [ca.cert]), "first revoked cert passed") + assert(!store.verify(h2, [ca.cert]), "second revoked cert passed") + end + + def test_ttl + cert = mksignedcert + assert_equal(5 * 365 * 24 * 60 * 60, cert.not_after - cert.not_before) + + Puppet[:ca_ttl] = 7 * 24 * 60 * 60 + cert = mksignedcert + assert_equal(7 * 24 * 60 * 60, cert.not_after - cert.not_before) + + Puppet[:ca_ttl] = "2y" + cert = mksignedcert + assert_equal(2 * 365 * 24 * 60 * 60, cert.not_after - cert.not_before) + + Puppet[:ca_ttl] = "2y" + cert = mksignedcert + assert_equal(2 * 365 * 24 * 60 * 60, cert.not_after - cert.not_before) + + Puppet[:ca_ttl] = "1h" + cert = mksignedcert + assert_equal(60 * 60, cert.not_after - cert.not_before) + + Puppet[:ca_ttl] = "900s" + cert = mksignedcert + assert_equal(900, cert.not_after - cert.not_before) + + # This needs to be last, to make sure that setting ca_days + # overrides setting ca_ttl + Puppet[:ca_days] = 3 + cert = mksignedcert + assert_equal(3 * 24 * 60 * 60, cert.not_after - cert.not_before) + + end end diff --git a/test/certmgr/inventory.rb b/test/certmgr/inventory.rb index 1b2caf2c7..d1ba4c879 100755 --- a/test/certmgr/inventory.rb +++ b/test/certmgr/inventory.rb @@ -8,62 +8,62 @@ require 'puppet/sslcertificates/inventory.rb' require 'mocha' class TestCertInventory < Test::Unit::TestCase - include PuppetTest::Certificates + include PuppetTest::Certificates - Inventory = Puppet::SSLCertificates::Inventory + Inventory = Puppet::SSLCertificates::Inventory - def setup - super - Puppet::Util::SUIDManager.stubs(:asuser).yields - end - - def test_format - cert = mksignedcert + def setup + super + Puppet::Util::SUIDManager.stubs(:asuser).yields + end - format = nil - assert_nothing_raised do - format = Inventory.format(cert) - end + def test_format + cert = mksignedcert + format = nil + assert_nothing_raised do + format = Inventory.format(cert) + end - assert( - format =~ /^0x0001 \S+ \S+ #{cert.subject}/, - "Did not create correct format") - end + assert( + format =~ /^0x0001 \S+ \S+ #{cert.subject}/, - def test_init - # First create a couple of certificates - ca = mkCA + "Did not create correct format") + end - cert1 = mksignedcert(ca, "host1.madstop.com") - cert2 = mksignedcert(ca, "host2.madstop.com") + def test_init + # First create a couple of certificates + ca = mkCA - init = nil - assert_nothing_raised do - init = Inventory.init - end + cert1 = mksignedcert(ca, "host1.madstop.com") + cert2 = mksignedcert(ca, "host2.madstop.com") - [cert1, cert2].each do |cert| - assert(init.include?(cert.subject.to_s), "Did not catch #{cert.subject}") - end + init = nil + assert_nothing_raised do + init = Inventory.init end - def test_add - ca = mkCA - cert = mksignedcert(ca, "host.domain.com") - - assert_nothing_raised do - file = mock - file.expects(:puts).with do |written| - written.include? cert.subject.to_s - end - Puppet::Util::Settings.any_instance.stubs(:write) - Puppet::Util::Settings.any_instance.expects(:write). - with(:cert_inventory, 'a').yields(file) - - Puppet::SSLCertificates::Inventory.add(cert) - end + [cert1, cert2].each do |cert| + assert(init.include?(cert.subject.to_s), "Did not catch #{cert.subject}") + end + end + + def test_add + ca = mkCA + cert = mksignedcert(ca, "host.domain.com") + + assert_nothing_raised do + file = mock + file.expects(:puts).with do |written| + written.include? cert.subject.to_s + end + Puppet::Util::Settings.any_instance.stubs(:write) + Puppet::Util::Settings.any_instance.expects(:write). + with(:cert_inventory, 'a').yields(file) + + Puppet::SSLCertificates::Inventory.add(cert) end + end end diff --git a/test/certmgr/support.rb b/test/certmgr/support.rb index c241fabf3..3138c94d7 100755 --- a/test/certmgr/support.rb +++ b/test/certmgr/support.rb @@ -7,98 +7,98 @@ require 'puppet/sslcertificates/support' require 'mocha' class TestCertSupport < Test::Unit::TestCase - include PuppetTest - MissingCertificate = Puppet::SSLCertificates::Support::MissingCertificate - - class CertUser - include Puppet::SSLCertificates::Support + include PuppetTest + MissingCertificate = Puppet::SSLCertificates::Support::MissingCertificate + + class CertUser + include Puppet::SSLCertificates::Support + end + + def setup + super + Puppet::Util::SUIDManager.stubs(:asuser).yields + @user = CertUser.new + @ca = Puppet::SSLCertificates::CA.new + @client = Puppet::Network::Client.ca.new(:CA => @ca) + end + + # Yay, metaprogramming + def test_keytype + [:key, :csr, :cert, :ca_cert].each do |name| + assert(Puppet::SSLCertificates::Support.method_defined?(name), "No retrieval method for #{name}") + maker = "mk_#{name}" + assert(Puppet::SSLCertificates::Support.method_defined?(maker), "No maker method for #{name}") end + end - def setup - super - Puppet::Util::SUIDManager.stubs(:asuser).yields - @user = CertUser.new - @ca = Puppet::SSLCertificates::CA.new - @client = Puppet::Network::Client.ca.new(:CA => @ca) - end + def test_keys + keys = [:hostprivkey, :hostpubkey].each { |n| Puppet[n] = tempfile } - # Yay, metaprogramming - def test_keytype - [:key, :csr, :cert, :ca_cert].each do |name| - assert(Puppet::SSLCertificates::Support.method_defined?(name), "No retrieval method for #{name}") - maker = "mk_#{name}" - assert(Puppet::SSLCertificates::Support.method_defined?(maker), "No maker method for #{name}") - end + key = nil + assert_nothing_raised do + key = @user.key end - def test_keys - keys = [:hostprivkey, :hostpubkey].each { |n| Puppet[n] = tempfile } - - key = nil - assert_nothing_raised do - key = @user.key - end + assert_logged(:info, /Creating a new SSL/, "Did not log about new key") + keys.each do |file| - assert_logged(:info, /Creating a new SSL/, "Did not log about new key") - keys.each do |file| - - assert( - FileTest.exists?(Puppet[file]), + assert( + FileTest.exists?(Puppet[file]), - "Did not create #{file} key file") - end - - # Make sure it's a valid key - assert_nothing_raised("Created key is invalid") do - OpenSSL::PKey::RSA.new(File.read(Puppet[:hostprivkey])) - end + "Did not create #{file} key file") + end - # now make sure we can read it in - other = CertUser.new - assert_nothing_raised("Could not read key in") do - other.key - end + # Make sure it's a valid key + assert_nothing_raised("Created key is invalid") do + OpenSSL::PKey::RSA.new(File.read(Puppet[:hostprivkey])) + end - assert_equal(@user.key.to_s, other.key.to_s, "Keys are not equal") + # now make sure we can read it in + other = CertUser.new + assert_nothing_raised("Could not read key in") do + other.key end - def test_csr - csr = nil - assert_nothing_raised("Could not create csr") do - csr = @user.csr - end + assert_equal(@user.key.to_s, other.key.to_s, "Keys are not equal") + end - assert(FileTest.exists?(Puppet[:hostcsr]), "did not create csr file") - assert_instance_of(OpenSSL::X509::Request, csr) + def test_csr + csr = nil + assert_nothing_raised("Could not create csr") do + csr = @user.csr end - def test_cacert - @user = CertUser.new + assert(FileTest.exists?(Puppet[:hostcsr]), "did not create csr file") + assert_instance_of(OpenSSL::X509::Request, csr) + end - assert_raise(MissingCertificate, "Did not fail when missing cacert") do - @user.ca_cert - end - end + def test_cacert + @user = CertUser.new - # Fixing #1382. This test will always fail on Darwin, because its - # FS is case-insensitive. - unless Facter.value(:operatingsystem) == "Darwin" - def test_uppercase_files_are_renamed_and_read - # Write a key out to disk in a file containing upper-case. - key = OpenSSL::PKey::RSA.new(32) - should_path = Puppet[:hostprivkey] - - dir, file = File.split(should_path) - newfile = file.sub(/^([a-z.]+)\./) { $1.upcase + "."} - upper_path = File.join(dir, newfile) - File.open(upper_path, "w") { |f| f.print key.to_s } - - user = CertUser.new - - assert_equal(key.to_s, user.read_key.to_s, "Did not read key in from disk") - assert(! FileTest.exist?(upper_path), "Upper case file was not removed") - assert(FileTest.exist?(should_path), "File was not renamed to lower-case file") - assert_equal(key.to_s, user.read_key.to_s, "Did not read key in from disk") - end + assert_raise(MissingCertificate, "Did not fail when missing cacert") do + @user.ca_cert + end + end + + # Fixing #1382. This test will always fail on Darwin, because its + # FS is case-insensitive. + unless Facter.value(:operatingsystem) == "Darwin" + def test_uppercase_files_are_renamed_and_read + # Write a key out to disk in a file containing upper-case. + key = OpenSSL::PKey::RSA.new(32) + should_path = Puppet[:hostprivkey] + + dir, file = File.split(should_path) + newfile = file.sub(/^([a-z.]+)\./) { $1.upcase + "."} + upper_path = File.join(dir, newfile) + File.open(upper_path, "w") { |f| f.print key.to_s } + + user = CertUser.new + + assert_equal(key.to_s, user.read_key.to_s, "Did not read key in from disk") + assert(! FileTest.exist?(upper_path), "Upper case file was not removed") + assert(FileTest.exist?(should_path), "File was not renamed to lower-case file") + assert_equal(key.to_s, user.read_key.to_s, "Did not read key in from disk") end + end end |