diff options
| -rw-r--r-- | lib/puppet/indirector/certificate/file.rb | 1 | ||||
| -rw-r--r-- | lib/puppet/indirector/key/file.rb | 1 | ||||
| -rwxr-xr-x | spec/integration/ssl/host.rb | 10 | ||||
| -rwxr-xr-x | spec/unit/indirector/certificate/file.rb | 9 | ||||
| -rwxr-xr-x | spec/unit/indirector/key/file.rb | 9 |
5 files changed, 30 insertions, 0 deletions
diff --git a/lib/puppet/indirector/certificate/file.rb b/lib/puppet/indirector/certificate/file.rb index 9e2e8ed99..5f4ade051 100644 --- a/lib/puppet/indirector/certificate/file.rb +++ b/lib/puppet/indirector/certificate/file.rb @@ -5,4 +5,5 @@ class Puppet::SSL::Certificate::File < Puppet::Indirector::SslFile desc "Manage SSL certificates on disk." store_in :certdir + store_ca_at :cacert end diff --git a/lib/puppet/indirector/key/file.rb b/lib/puppet/indirector/key/file.rb index 7103c2903..4536f8aa7 100644 --- a/lib/puppet/indirector/key/file.rb +++ b/lib/puppet/indirector/key/file.rb @@ -5,6 +5,7 @@ class Puppet::SSL::Key::File < Puppet::Indirector::SslFile desc "Manage SSL private and public keys on disk." store_in :privatekeydir + store_ca_at :cakey # Where should we store the public key? def public_key_path(name) diff --git a/spec/integration/ssl/host.rb b/spec/integration/ssl/host.rb index 63d7aca5b..e8fd89364 100755 --- a/spec/integration/ssl/host.rb +++ b/spec/integration/ssl/host.rb @@ -67,4 +67,14 @@ describe Puppet::SSL::Host do File.read(File.join(Puppet.settings[:requestdir], "luke.madstop.com.pem")).should == @host.certificate_request.to_s end end + + describe "when the CA host" do + it "should never store its key in the :privatekeydir" do + Puppet.settings.use(:main, :ssl, :ca) + @ca = Puppet::SSL::Host.new(Puppet::SSL::Host.ca_name) + @ca.generate_key + + FileTest.should_not be_exist(File.join(Puppet[:privatekeydir], "ca.pem")) + end + end end diff --git a/spec/unit/indirector/certificate/file.rb b/spec/unit/indirector/certificate/file.rb index 18fe9a1c3..ffaf12047 100755 --- a/spec/unit/indirector/certificate/file.rb +++ b/spec/unit/indirector/certificate/file.rb @@ -16,4 +16,13 @@ describe Puppet::SSL::Certificate::File do Puppet.settings.expects(:value).with(:certdir).returns "/cert/dir" Puppet::SSL::Certificate::File.collection_directory.should == "/cert/dir" end + + it "should store the ca certificate at the :cacert location" do + Puppet.settings.stubs(:use) + Puppet.settings.stubs(:value).returns "whatever" + Puppet.settings.stubs(:value).with(:cacert).returns "/ca/cert" + file = Puppet::SSL::Certificate::File.new + file.stubs(:ca?).returns true + file.path("whatever").should == "/ca/cert" + end end diff --git a/spec/unit/indirector/key/file.rb b/spec/unit/indirector/key/file.rb index bd0c57c36..8a1cb04bd 100755 --- a/spec/unit/indirector/key/file.rb +++ b/spec/unit/indirector/key/file.rb @@ -17,6 +17,15 @@ describe Puppet::SSL::Key::File do Puppet::SSL::Key::File.collection_directory.should == "/key/dir" end + it "should store the ca key at the :cakey location" do + Puppet.settings.stubs(:use) + Puppet.settings.stubs(:value).returns "whatever" + Puppet.settings.stubs(:value).with(:cakey).returns "/ca/key" + file = Puppet::SSL::Key::File.new + file.stubs(:ca?).returns true + file.path("whatever").should == "/ca/key" + end + describe "when choosing the path for the public key" do it "should use the :capub setting location if the key is for the certificate authority" do Puppet.settings.stubs(:value).returns "/fake/dir" |