diff options
| -rw-r--r-- | lib/puppet/ssl/certificate_authority.rb | 1 | ||||
| -rwxr-xr-x | spec/unit/ssl/certificate_authority.rb | 40 |
2 files changed, 40 insertions, 1 deletions
diff --git a/lib/puppet/ssl/certificate_authority.rb b/lib/puppet/ssl/certificate_authority.rb index aa997aaf6..3192c2844 100644 --- a/lib/puppet/ssl/certificate_authority.rb +++ b/lib/puppet/ssl/certificate_authority.rb @@ -79,6 +79,7 @@ class Puppet::SSL::CertificateAuthority < Puppet::SSL::Host cert = Puppet::SSL::Certificate.new(host) cert.content = Puppet::SSL::CertificateFactory.new(cert_type, csr.content, issuer, next_serial).result + cert.content.sign(key, OpenSSL::Digest::SHA1.new) Puppet.notice "Signed certificate request for %s" % host diff --git a/spec/unit/ssl/certificate_authority.rb b/spec/unit/ssl/certificate_authority.rb index 3271acb91..e9624f218 100755 --- a/spec/unit/ssl/certificate_authority.rb +++ b/spec/unit/ssl/certificate_authority.rb @@ -141,7 +141,8 @@ describe Puppet::SSL::CertificateAuthority do # Stub out the factory @name = "myhost" - @cert = stub 'certificate', :content => "mycert" + @real_cert = stub 'realcert', :sign => nil + @cert = stub 'certificate', :content => @real_cert Puppet::SSL::Certificate.stubs(:new).returns @cert @cert.stubs(:content=) @@ -281,6 +282,17 @@ describe Puppet::SSL::CertificateAuthority do @ca.sign(@name) end + it "should sign the resulting certificate using its key and a digest" do + digest = mock 'digest' + OpenSSL::Digest::SHA1.expects(:new).returns digest + + key = mock 'key' + @ca.stubs(:key).returns key + + @cert.content.expects(:sign).with(key, digest) + @ca.sign(@name) + end + it "should save the resulting certificate in the :ca_file terminus" do @cert.expects(:save).with(:in => :ca_file) @ca.sign(@name) @@ -307,4 +319,30 @@ describe Puppet::SSL::CertificateAuthority do @ca.sign(@name).should equal(@cert) end end + + describe "when managing certificate clients" do + before do + Puppet.settings.stubs(:value).with(:certname).returns "whatever" + Puppet.settings.stubs(:use) + + Puppet::SSL::CertificateAuthority.any_instance.stubs(:password?).returns true + + # Set up the CA + @key = mock 'key' + @key.stubs(:content).returns "cakey" + Puppet::SSL::CertificateAuthority.any_instance.stubs(:key).returns @key + @cacert = mock 'certificate' + @cacert.stubs(:content).returns "cacertificate" + Puppet::SSL::CertificateAuthority.any_instance.stubs(:certificate).returns @cacert + @ca = Puppet::SSL::CertificateAuthority.new + end + + describe "when revoking certificates" do + it "should fail if the certificate revocation list is disabled" + + it "should default to OpenSSL::OCSP::REVOKED_STATUS_KEYCOMPROMISE as the reason" + + it "should require a serial number" + end + end end |