blob: aabc92c6dc54941ac3f02363a3e9e06a71783aec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
|
#!/usr/bin/env ruby
require 'spec_helper'
require 'puppet/ssl/key'
describe Puppet::SSL::Key do
before do
@class = Puppet::SSL::Key
end
it "should be extended with the Indirector module" do
@class.singleton_class.should be_include(Puppet::Indirector)
end
it "should indirect key" do
@class.indirection.name.should == :key
end
it "should default to the :file terminus" do
@class.indirection.terminus_class.should == :file
end
it "should only support the text format" do
@class.supported_formats.should == [:s]
end
it "should have a method for determining whether it's a CA key" do
@class.new("test").should respond_to(:ca?)
end
it "should consider itself a ca key if its name matches the CA_NAME" do
@class.new(Puppet::SSL::Host.ca_name).should be_ca
end
describe "when initializing" do
it "should set its password file to the :capass if it's a CA key" do
Puppet.settings.stubs(:value).returns "whatever"
Puppet.settings.stubs(:value).with(:capass).returns "/ca/pass"
key = Puppet::SSL::Key.new(Puppet::SSL::Host.ca_name)
key.password_file.should == "/ca/pass"
end
it "should downcase its name" do
@class.new("MyName").name.should == "myname"
end
it "should set its password file to the default password file if it is not the CA key" do
Puppet.settings.stubs(:value).returns "whatever"
Puppet.settings.stubs(:value).with(:passfile).returns "/normal/pass"
key = Puppet::SSL::Key.new("notca")
key.password_file.should == "/normal/pass"
end
end
describe "when managing instances" do
before do
@key = @class.new("myname")
end
it "should have a name attribute" do
@key.name.should == "myname"
end
it "should have a content attribute" do
@key.should respond_to(:content)
end
it "should be able to read keys from disk" do
path = "/my/path"
File.expects(:read).with(path).returns("my key")
key = mock 'key'
OpenSSL::PKey::RSA.expects(:new).returns(key)
@key.read(path).should equal(key)
@key.content.should equal(key)
end
it "should not try to use the provided password file if the file does not exist" do
FileTest.stubs(:exist?).returns false
@key.password_file = "/path/to/password"
path = "/my/path"
File.stubs(:read).with(path).returns("my key")
OpenSSL::PKey::RSA.expects(:new).with("my key", nil).returns(mock('key'))
File.expects(:read).with("/path/to/password").never
@key.read(path)
end
it "should read the key with the password retrieved from the password file if one is provided" do
FileTest.stubs(:exist?).returns true
@key.password_file = "/path/to/password"
path = "/my/path"
File.expects(:read).with(path).returns("my key")
File.expects(:read).with("/path/to/password").returns("my password")
key = mock 'key'
OpenSSL::PKey::RSA.expects(:new).with("my key", "my password").returns(key)
@key.read(path).should equal(key)
@key.content.should equal(key)
end
it "should return an empty string when converted to a string with no key" do
@key.to_s.should == ""
end
it "should convert the key to pem format when converted to a string" do
key = mock 'key', :to_pem => "pem"
@key.content = key
@key.to_s.should == "pem"
end
it "should have a :to_text method that it delegates to the actual key" do
real_key = mock 'key'
real_key.expects(:to_text).returns "keytext"
@key.content = real_key
@key.to_text.should == "keytext"
end
end
describe "when generating the private key" do
before do
@instance = @class.new("test")
@key = mock 'key'
end
it "should create an instance of OpenSSL::PKey::RSA" do
OpenSSL::PKey::RSA.expects(:new).returns(@key)
@instance.generate
end
it "should create the private key with the keylength specified in the settings" do
Puppet.settings.expects(:value).with(:keylength).returns("50")
OpenSSL::PKey::RSA.expects(:new).with(50).returns(@key)
@instance.generate
end
it "should set the content to the generated key" do
OpenSSL::PKey::RSA.stubs(:new).returns(@key)
@instance.generate
@instance.content.should equal(@key)
end
it "should return the generated key" do
OpenSSL::PKey::RSA.stubs(:new).returns(@key)
@instance.generate.should equal(@key)
end
it "should return the key in pem format" do
@instance.generate
@instance.content.expects(:to_pem).returns "my normal key"
@instance.to_s.should == "my normal key"
end
describe "with a password file set" do
it "should return a nil password if the password file does not exist" do
FileTest.expects(:exist?).with("/path/to/pass").returns false
File.expects(:read).with("/path/to/pass").never
@instance.password_file = "/path/to/pass"
@instance.password.should be_nil
end
it "should return the contents of the password file as its password" do
FileTest.expects(:exist?).with("/path/to/pass").returns true
File.expects(:read).with("/path/to/pass").returns "my password"
@instance.password_file = "/path/to/pass"
@instance.password.should == "my password"
end
it "should export the private key to text using the password" do
Puppet.settings.stubs(:value).with(:keylength).returns("50")
@instance.password_file = "/path/to/pass"
@instance.stubs(:password).returns "my password"
OpenSSL::PKey::RSA.expects(:new).returns(@key)
@instance.generate
cipher = mock 'cipher'
OpenSSL::Cipher::DES.expects(:new).with(:EDE3, :CBC).returns cipher
@key.expects(:export).with(cipher, "my password").returns "my encrypted key"
@instance.to_s.should == "my encrypted key"
end
end
end
end
|