From 9576d1dda88bd14490b91f7aee0dbaee28969f79 Mon Sep 17 00:00:00 2001
From: lutter <lutter@980ebf18-57e1-0310-9a29-db15c13687c0>
Date: Wed, 23 Aug 2006 02:23:25 +0000
Subject: Certificate revocation through puppetca. Keep a simple text inventory
 of all certificates ever issued.

git-svn-id: https://reductivelabs.com/svn/puppet/trunk@1485 980ebf18-57e1-0310-9a29-db15c13687c0
---
 test/executables/puppetca.rb | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'test/executables')

diff --git a/test/executables/puppetca.rb b/test/executables/puppetca.rb
index b722c963f..71764ebd2 100755
--- a/test/executables/puppetca.rb
+++ b/test/executables/puppetca.rb
@@ -84,6 +84,29 @@ class TestPuppetCA < Test::Unit::TestCase
         assert_equal($?,0)
         assert_equal(["No certificates to sign"], output)
     end
+    
+    def test_revocation
+        ca = Puppet::SSLCertificates::CA.new()
+        host1 = gen_cert(ca, "host1.example.com")
+        host2 = gen_cert(ca, "host2.example.com")
+        host3 = gen_cert(ca, "host3.example.com")
+        runca("-r host1.example.com")
+        runca("-r #{host2.serial}")
+        runca("-r 0x#{host3.serial.to_s(16)}")
+        runca("-r 0xff")
+
+        # Recreate CA to force reading of CRL
+        ca = Puppet::SSLCertificates::CA.new()
+        crl = ca.crl
+        revoked = crl.revoked.collect { |r| r.serial }
+        exp = [host1.serial, host2.serial, host3.serial, 255]
+        assert_equal(exp, revoked)
+    end
+    
+    def gen_cert(ca, host)
+        runca("-g #{host}")
+        ca.getclientcert(host)[0]
+    end
 end
 
 # $Id$
-- 
cgit