test/lib/puppettest/certificates.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

# Certificate-related helper methods.

require 'puppettest'

module PuppetTest::Certificates
    include PuppetTest

    def mkPassFile()
        keyfile = File.join(@dir, "tmpkeyfile")
        @@tmpfiles << keyfile
        system("mkdir -p #{@dir}") unless FileTest.exists?(@dir)
        File.open(keyfile, "w", 0600) { |f|
            f.print "as;dklj23rlkjzdflij23wr"
        }

        keyfile
    end

    def mkCA
        ca = nil
        assert_nothing_raised {
            ca = Puppet::SSLCertificates::CA.new()
        }

        ca
    end

    def mkStore(ca)
        store = OpenSSL::X509::Store.new
        store.purpose = OpenSSL::X509::PURPOSE_SSL_CLIENT
        store.flags = OpenSSL::X509::V_FLAG_CRL_CHECK
        store.add_cert(ca.cert)
        store.add_crl(ca.crl)
        store
    end

    def mkcert(hostname)
        cert = nil
        assert_nothing_raised {
            cert = Puppet::SSLCertificates::Certificate.new(:name => hostname)
            cert.mkcsr
        }

        cert
    end

    def mksignedcert(ca = nil, hostname = nil)
        ca ||= mkCA()
        hostname ||= "ttltest.example.com"

        cert = nil
        assert_nothing_raised {
            cert, cacert = ca.sign(mkcert(hostname).mkcsr)
        }
        cert
    end
end