diff options
| -rw-r--r-- | lib/puppet/ssl/host.rb | 11 | ||||
| -rwxr-xr-x | spec/unit/ssl/host.rb | 27 |
2 files changed, 32 insertions, 6 deletions
diff --git a/lib/puppet/ssl/host.rb b/lib/puppet/ssl/host.rb index e89f21676..09086e0fa 100644 --- a/lib/puppet/ssl/host.rb +++ b/lib/puppet/ssl/host.rb @@ -146,9 +146,12 @@ class Puppet::SSL::Host generate_key unless key generate_certificate_request unless certificate_request - # Now try to find our actual certificate; this should hopefully get - # the cert from the server and then cache it locally. - certificate() + # If we can get a CA instance, then we're a valid CA, and we + # should use it to sign our request; else, just try to read + # the cert. + if ! certificate() and ca = Puppet::SSL::CertificateAuthority.instance + ca.sign(self.name) + end end def initialize(name = nil) @@ -162,3 +165,5 @@ class Puppet::SSL::Host key.content.public_key end end + +require 'puppet/ssl/certificate_authority' diff --git a/spec/unit/ssl/host.rb b/spec/unit/ssl/host.rb index 66e21cd79..233bede9b 100755 --- a/spec/unit/ssl/host.rb +++ b/spec/unit/ssl/host.rb @@ -353,10 +353,31 @@ describe Puppet::SSL::Host do @host.generate end - it "should seek its certificate" do - @host.expects(:certificate) + describe "and it can create a certificate authority" do + before do + @ca = mock 'ca' + Puppet::SSL::CertificateAuthority.stubs(:instance).returns @ca + end - @host.generate + it "should use the CA to sign its certificate request if it does not have a certificate" do + @host.expects(:certificate).returns nil + + @ca.expects(:sign).with(@host.name) + + @host.generate + end + end + + describe "and it cannot create a certificate authority" do + before do + Puppet::SSL::CertificateAuthority.stubs(:instance).returns nil + end + + it "should seek its certificate" do + @host.expects(:certificate) + + @host.generate + end end end end |