diff options
Diffstat (limited to 'spec/unit/ssl')
| -rwxr-xr-x | spec/unit/ssl/host.rb | 72 |
1 files changed, 55 insertions, 17 deletions
diff --git a/spec/unit/ssl/host.rb b/spec/unit/ssl/host.rb index f6f06a993..36d2ed2e6 100755 --- a/spec/unit/ssl/host.rb +++ b/spec/unit/ssl/host.rb @@ -90,6 +90,55 @@ describe Puppet::SSL::Host do Puppet::SSL::Host.localhost.should equal(two) end + it "should be able to verify its certificate matches its key" do + Puppet::SSL::Host.new("foo").should respond_to(:certificate_matches_key?) + end + + it "should consider the certificate invalid if it cannot find a key" do + host = Puppet::SSL::Host.new("foo") + host.expects(:key).returns nil + + host.should_not be_certificate_matches_key + end + + it "should consider the certificate invalid if it cannot find a certificate" do + host = Puppet::SSL::Host.new("foo") + host.expects(:key).returns mock("key") + host.expects(:certificate).returns nil + + host.should_not be_certificate_matches_key + end + + it "should consider the certificate invalid if the SSL certificate's key verification fails" do + host = Puppet::SSL::Host.new("foo") + + key = mock 'key', :content => "private_key" + sslcert = mock 'sslcert' + certificate = mock 'cert', :content => sslcert + + host.stubs(:key).returns key + host.stubs(:certificate).returns certificate + + sslcert.expects(:check_private_key).with("private_key").returns false + + host.should_not be_certificate_matches_key + end + + it "should consider the certificate valid if the SSL certificate's key verification succeeds" do + host = Puppet::SSL::Host.new("foo") + + key = mock 'key', :content => "private_key" + sslcert = mock 'sslcert' + certificate = mock 'cert', :content => sslcert + + host.stubs(:key).returns key + host.stubs(:certificate).returns certificate + + sslcert.expects(:check_private_key).with("private_key").returns true + + host.should be_certificate_matches_key + end + describe "when specifying the CA location" do before do [Puppet::SSL::Key, Puppet::SSL::Certificate, Puppet::SSL::CertificateRequest, Puppet::SSL::CertificateRevocationList].each do |klass| @@ -359,11 +408,10 @@ describe Puppet::SSL::Host do describe "when managing its certificate" do before do @realcert = mock 'certificate' - @realcert.stubs(:check_private_key).with('private key').returns true - - @cert = stub 'cert', :content => @realcert, :expired? => false + @cert = stub 'cert', :content => @realcert - @host.stubs(:key).returns stub("key",:content => 'private key' ) + @host.stubs(:key).returns mock("key") + @host.stubs(:certificate_matches_key?).returns true end it "should find the CA certificate if it does not have a certificate" do @@ -411,22 +459,12 @@ describe Puppet::SSL::Host do @host.certificate.should equal(@cert) end - it "should immediately expire the cached copy if the found certificate does not match the private key" do - @realcert.expects(:check_private_key).with('private key').returns false - - Puppet::SSL::Certificate.stubs(:find).returns @cert - Puppet::SSL::Certificate.expects(:expire).with("myname") - - @host.certificate - end - - it "should not return a certificate if it does not match the private key" do - @realcert.expects(:check_private_key).with('private key').returns false + it "should fail if the found certificate does not match the private key" do + @host.expects(:certificate_matches_key?).returns false Puppet::SSL::Certificate.stubs(:find).returns @cert - Puppet::SSL::Certificate.stubs(:expire).with("myname") - @host.certificate.should == nil + lambda { @host.certificate }.should raise_error(Puppet::Error) end it "should return any previously found certificate" do |