summaryrefslogtreecommitdiffstats
path: root/spec/unit/indirector/certificate_request/ca_spec.rb
blob: 9c74f09d124301c8088d586832c9d720b1945ab9 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

#!/usr/bin/env rspec
require 'spec_helper'

require 'puppet/ssl/host'
require 'puppet/sslcertificates'
require 'puppet/sslcertificates/ca'
require 'puppet/indirector/certificate_request/ca'

describe Puppet::SSL::CertificateRequest::Ca, :unless => Puppet.features.microsoft_windows? do
  include PuppetSpec::Files

  before :each do
    Puppet[:ssldir] = tmpdir('ssl')

    Puppet::SSL::Host.ca_location = :local
    Puppet[:localcacert] = Puppet[:cacert]
    Puppet::SSLCertificates::CA.new.mkrootcert

    @ca = Puppet::SSL::CertificateAuthority.new
  end

  after :all do
    Puppet::SSL::Host.ca_location = :none
  end

  it "should have documentation" do
    Puppet::SSL::CertificateRequest::Ca.doc.should be_instance_of(String)
  end

  it "should use the :csrdir as the collection directory" do
    Puppet.settings.expects(:value).with(:csrdir).returns "/request/dir"
    Puppet::SSL::CertificateRequest::Ca.collection_directory.should == "/request/dir"
  end

  it "should overwrite the previous certificate request if allow_duplicate_certs is true" do
    Puppet[:allow_duplicate_certs] = true
    host = Puppet::SSL::Host.new("foo")
    host.generate_certificate_request
    @ca.sign(host.name)

    Puppet::SSL::Host.indirection.find("foo").generate_certificate_request

    Puppet::SSL::Certificate.indirection.find("foo").name.should == "foo"
    Puppet::SSL::CertificateRequest.indirection.find("foo").name.should == "foo"
    Puppet::SSL::Host.indirection.find("foo").state.should == "requested"
  end

  it "should reject a new certificate request if allow_duplicate_certs is false" do
    Puppet[:allow_duplicate_certs] = false
    host = Puppet::SSL::Host.new("bar")
    host.generate_certificate_request
    @ca.sign(host.name)

    expect { Puppet::SSL::Host.indirection.find("bar").generate_certificate_request }.should raise_error(/ignoring certificate request/)

    Puppet::SSL::Certificate.indirection.find("bar").name.should == "bar"
    Puppet::SSL::CertificateRequest.indirection.find("bar").should be_nil
    Puppet::SSL::Host.indirection.find("bar").state.should == "signed"
  end
end
generated by cgit (git 2.34.1) at 2024-05-02 08:33:30 +0000