diff options
Diffstat (limited to 'spec')
| -rwxr-xr-x | spec/unit/indirector/certificate_request/file.rb | 6 | ||||
| -rwxr-xr-x | spec/unit/ssl/certificate.rb | 82 | ||||
| -rwxr-xr-x | spec/unit/ssl/certificate_request.rb | 40 | ||||
| -rwxr-xr-x | spec/unit/ssl/host.rb | 154 | ||||
| -rwxr-xr-x | spec/unit/ssl/key.rb | 3 |
5 files changed, 230 insertions, 55 deletions
diff --git a/spec/unit/indirector/certificate_request/file.rb b/spec/unit/indirector/certificate_request/file.rb index c4595b932..e1f442e2a 100755 --- a/spec/unit/indirector/certificate_request/file.rb +++ b/spec/unit/indirector/certificate_request/file.rb @@ -7,13 +7,13 @@ require File.dirname(__FILE__) + '/../../../spec_helper' require 'puppet/indirector/certificate_request/file' -describe Puppet::SSL::CertificateRequest::CaFile do +describe Puppet::SSL::CertificateRequest::File do it "should have documentation" do - Puppet::SSL::CertificateRequest::CaFile.doc.should be_instance_of(String) + Puppet::SSL::CertificateRequest::File.doc.should be_instance_of(String) end it "should use the :requestdir as the collection directory" do Puppet.settings.expects(:value).with(:requestdir).returns "/request/dir" - Puppet::SSL::CertificateRequest::CaFile.collection_directory.should == "/request/dir" + Puppet::SSL::CertificateRequest::File.collection_directory.should == "/request/dir" end end diff --git a/spec/unit/ssl/certificate.rb b/spec/unit/ssl/certificate.rb index 1df9c42e1..1f847e16e 100755 --- a/spec/unit/ssl/certificate.rb +++ b/spec/unit/ssl/certificate.rb @@ -9,6 +9,10 @@ describe Puppet::SSL::Certificate do @class = Puppet::SSL::Certificate end + after do + @class.instance_variable_set("@ca_location", nil) + end + it "should be extended with the Indirector module" do @class.metaclass.should be_include(Puppet::Indirector) end @@ -18,7 +22,22 @@ describe Puppet::SSL::Certificate do end it "should default to the :file terminus class" do - @class.indirection.terminus_class.should == :file + @class.indirection.terminus(:file).expects(:find).with "myname" + @class.find("myname") + end + + it "should allow specification of a different terminus class" do + @class.indirection.terminus(:ca_file).expects(:find).with { |*args| args[0] == "myname" } + @class.find("myname", :in => :ca_file) + end + + it "should default to a local certificate authority" do + @class.ca_location.should == :local + end + + it "should allow overriding the ca location" do + @class.ca_is :remote + @class.ca_location.should == :remote end describe "when managing instances" do @@ -55,9 +74,64 @@ describe Puppet::SSL::Certificate do end describe "when generating the certificate" do - it "should fail because certificates must be created by a certificate authority" do - @instance = @class.new("test") - lambda { @instance.generate }.should raise_error(Puppet::DevError) + before do + @cert = @class.new("test") + @request = mock 'request' + end + + describe "from a local ca" do + before do + @class.stubs(:ca_location).returns :local + end + + it "should save the certificate request to and try to find the cert in the :ca_file terminus" do + @request.expects(:save).with(:in => :ca_file) + @cert.class.expects(:find).with("test", :in => :ca_file) + + @cert.generate(@request) + end + end + + describe "from a remote ca" do + before do + @class.stubs(:ca_location).returns :remote + end + + it "should save the certificate request to and try to find the cert in the :rest terminus" do + @request.expects(:save).with(:in => :rest) + @cert.class.expects(:find).with("test", :in => :rest) + + @cert.generate(@request) + end + end + + describe "successfully" do + it "should set its content to the content of the retrieved certificate" do + @request.stubs(:save) + newcert = mock 'newcert', :content => "realcert" + @cert.class.expects(:find).returns(newcert) + + @cert.generate(@request) + + @cert.content.should == "realcert" + end + + it "should return true" do + @request.stubs(:save) + newcert = mock 'newcert', :content => "realcert" + @cert.class.expects(:find).returns(newcert) + + @cert.generate(@request).should be_true + end + end + + describe "unsuccessfully" do + it "should return false" do + @request.stubs(:save) + @cert.class.expects(:find).returns(nil) + + @cert.generate(@request).should be_false + end end end end diff --git a/spec/unit/ssl/certificate_request.rb b/spec/unit/ssl/certificate_request.rb index 48755a614..9b2823bf9 100755 --- a/spec/unit/ssl/certificate_request.rb +++ b/spec/unit/ssl/certificate_request.rb @@ -22,6 +22,16 @@ describe Puppet::SSL::CertificateRequest do @class.new("myname").name.should == "myname" end + it "should default to the :file terminus class" do + @class.indirection.terminus(:file).expects(:find).with "myname" + @class.find("myname") + end + + it "should allow specification of a different terminus class" do + @class.indirection.terminus(:ca_file).expects(:find).with { |*args| args[0] == "myname" } + @class.find("myname", :in => :ca_file) + end + describe "when managing instances" do before do @request = @class.new("myname") @@ -86,9 +96,39 @@ describe Puppet::SSL::CertificateRequest do # Again, this is weirdly failing, even though it's painfully simple. @request.expects(:sign) + @request.stubs(:verify).returns(true) + + @instance.generate(@key).should == @request + end + + it "should verify the generated request using the public key" do + @request = mock 'request' + OpenSSL::X509::Request.expects(:new).returns(@request) + + subject = mock 'subject' + OpenSSL::X509::Name.stubs(:new) + + @request.stubs(:version=) + @request.stubs(:public_key=) + @request.stubs(:subject=) + @request.stubs(:sign) + + # Grr, mocha is broken in this class for some reason; I can't get + # the 'with' arguments to register correctly. + @request.expects(:verify).returns true + @instance.generate(@key).should == @request end + it "should fail if verification fails" do + @request = OpenSSL::X509::Request.new + OpenSSL::X509::Request.expects(:new).returns(@request) + + @request.expects(:verify).returns false + + lambda { @instance.generate(@key) }.should raise_error(Puppet::Error) + end + it "should return the generated request" do @instance.generate(@key).should be_instance_of(OpenSSL::X509::Request) end diff --git a/spec/unit/ssl/host.rb b/spec/unit/ssl/host.rb index 90729454b..f3ead362a 100755 --- a/spec/unit/ssl/host.rb +++ b/spec/unit/ssl/host.rb @@ -15,96 +15,156 @@ describe Puppet::SSL::Host do end it "should retrieve its public key from its private key" do - key = mock 'key' + realkey = mock 'realkey' + key = stub 'key', :content => realkey Puppet::SSL::Key.stubs(:find).returns(key) pubkey = mock 'public_key' - key.expects(:public_key).returns pubkey + realkey.expects(:public_key).returns pubkey @host.public_key.should equal(pubkey) end + it "should default to being a non-ca host" do + @host.ca?.should be_false + end + + it "should be able to be a ca host" do + @host.ca = true + @host.ca.should be_true + end + describe "when managing its private key" do - it "should find the key in the Key class and return it" do - key = mock 'key' - Puppet::SSL::Key.expects(:find).with("myname").returns(key) - @host.key.should equal(key) + before do + @realkey = "mykey" + @key = stub 'key', :content => @realkey + end + + it "should return nil if the key is not set and cannot be found" do + Puppet::SSL::Key.expects(:find).with("myname").returns(nil) + @host.key.should be_nil end - it "should generate and save a new key if none is found" do - key = mock 'key' - Puppet::SSL::Key.stubs(:find).with("myname").returns(nil) + it "should find the key in the Key class and return the SSL key, not the wrapper" do + Puppet::SSL::Key.expects(:find).with("myname").returns(@key) + @host.key.should equal(@realkey) + end - Puppet::SSL::Key.expects(:new).with("myname").returns(key) + it "should be able to generate and save a new key" do + Puppet::SSL::Key.expects(:new).with("myname").returns(@key) - key.expects(:generate) - key.expects(:save) + @key.expects(:generate) + @key.expects(:save) - @host.key.should equal(key) + @host.generate_key.should be_true + @host.key.should equal(@realkey) end it "should return any previously found key without requerying" do - key = mock 'key' - Puppet::SSL::Key.expects(:find).with("myname").returns(key).once - @host.key.should equal(key) - @host.key.should equal(key) + Puppet::SSL::Key.expects(:find).with("myname").returns(@key).once + @host.key.should equal(@realkey) + @host.key.should equal(@realkey) end end describe "when managing its certificate request" do - it "should find the request in the Key class and return it" do - request = mock 'request' - Puppet::SSL::CertificateRequest.expects(:find).with("myname").returns request + before do + @realrequest = "real request" + @request = stub 'request', :content => @realrequest + end + + it "should return nil if the key is not set and cannot be found" do + Puppet::SSL::CertificateRequest.expects(:find).with("myname").returns(nil) + @host.certificate_request.should be_nil + end + + it "should find the request in the Key class and return it and return the SSL request, not the wrapper" do + Puppet::SSL::CertificateRequest.expects(:find).with("myname").returns @request + + @host.certificate_request.should equal(@realrequest) + end - @host.certificate_request.should equal(request) + it "should generate a new key when generating the cert request if no key exists" do + Puppet::SSL::CertificateRequest.expects(:new).with("myname").returns @request + + key = stub 'key', :public_key => mock("public_key") + @host.expects(:generate_key).returns(key) + + @request.stubs(:generate) + @request.stubs(:save) + + @host.generate_certificate_request end - it "should generate a new request using the private key if none is found" do - request = mock 'request' - Puppet::SSL::CertificateRequest.expects(:find).with("myname").returns nil - Puppet::SSL::CertificateRequest.expects(:new).with("myname").returns request + it "should be able to generate and save a new request using the private key" do + Puppet::SSL::CertificateRequest.expects(:new).with("myname").returns @request key = stub 'key', :public_key => mock("public_key") @host.stubs(:key).returns(key) - request.expects(:generate).with(key) - request.expects(:save) + @request.expects(:generate).with(key) + @request.expects(:save) - @host.certificate_request.should equal(request) + @host.generate_certificate_request.should be_true + @host.certificate_request.should equal(@realrequest) end it "should return any previously found request without requerying" do - request = mock 'request' - Puppet::SSL::CertificateRequest.expects(:find).with("myname").returns(request).once + Puppet::SSL::CertificateRequest.expects(:find).with("myname").returns(@request).once - @host.certificate_request.should equal(request) - @host.certificate_request.should equal(request) + @host.certificate_request.should equal(@realrequest) + @host.certificate_request.should equal(@realrequest) end end describe "when managing its certificate" do - it "should find the certificate in the Certificate class" do - cert = mock 'cert' - Puppet::SSL::Certificate.expects(:find).with("myname").returns cert + before do + @realcert = mock 'certificate' + @cert = stub 'cert', :content => @realcert + end + it "should find the certificate in the Certificate class and return the SSL certificate, not the wrapper" do + Puppet::SSL::Certificate.expects(:find).with("myname").returns @cert + + @host.certificate.should equal(@realcert) + end + + it "should generate a new certificate request when generating the cert if no request exists" do + Puppet::SSL::Certificate.expects(:new).with("myname").returns @cert + + request = stub 'request' + @host.expects(:generate_certificate_request) + + @cert.stubs(:generate) + @cert.stubs(:save) + + @host.generate_certificate + end + + it "should be able to generate and save a new certificate using the certificate request" do + Puppet::SSL::Certificate.expects(:new).with("myname").returns @cert + + request = stub 'request' + @host.stubs(:certificate_request).returns(request) + @cert.expects(:generate).with(request).returns(true) + @cert.expects(:save) - @host.certificate.should equal(cert) + @host.generate_certificate.should be_true + @host.certificate.should equal(@realcert) end - it "should generate a new certificate if none is found" do - cert = mock 'cert' - Puppet::SSL::Certificate.expects(:find).with("myname").returns nil - Puppet::SSL::Certificate.expects(:new).with("myname").returns cert + it "should return false if no certificate could be generated" do + Puppet::SSL::Certificate.expects(:new).with("myname").returns @cert - # This will normally fail. - cert.expects(:generate) + request = stub 'request' + @host.stubs(:certificate_request).returns(request) + @cert.expects(:generate).with(request).returns(false) - @host.certificate + @host.generate_certificate.should be_false end it "should return any previously found certificate" do - cert = mock 'cert' - Puppet::SSL::Certificate.expects(:find).with("myname").returns(cert).once + Puppet::SSL::Certificate.expects(:find).with("myname").returns(@cert).once - @host.certificate.should equal(cert) - @host.certificate.should equal(cert) + @host.certificate.should equal(@realcert) + @host.certificate.should equal(@realcert) end end diff --git a/spec/unit/ssl/key.rb b/spec/unit/ssl/key.rb index d6cdc8266..4dec78a0d 100755 --- a/spec/unit/ssl/key.rb +++ b/spec/unit/ssl/key.rb @@ -18,7 +18,8 @@ describe Puppet::SSL::Key do end it "should default to the :file terminus class" do - @class.indirection.terminus_class.should == :file + @class.indirection.terminus(:file).expects(:find).with "myname" + @class.find("myname") end describe "when managing instances" do |