blob: fcb95017445ee2f85fcbd8f09e6ee1a2771ca56d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
#!/usr/bin/env ruby
require File.expand_path(File.dirname(__FILE__) + '/../../lib/puppettest')
require 'mocha'
require 'puppettest'
require 'puppet/network/client/ca'
require 'puppet/sslcertificates/support'
class TestClientCA < Test::Unit::TestCase
include PuppetTest::ServerTest
def setup
Puppet::Util::SUIDManager.stubs(:asuser).yields
super
@ca = Puppet::Network::Handler.ca.new
@client = Puppet::Network::Client.ca.new :CA => @ca
end
def test_request_cert
assert_nothing_raised("Could not request cert") do
@client.request_cert
end
[:hostprivkey, :hostcert, :localcacert].each do |name|
assert(FileTest.exists?(Puppet.settings[name]), "Did not create cert #{name}")
end
end
# Make sure the ca defaults to specific ports and names
def test_ca_server
Puppet.settings.stubs(:value).returns "eh"
Puppet.settings.expects(:value).with(:ca_server).returns("myca")
Puppet.settings.expects(:value).with(:ca_port).returns(321)
Puppet.settings.stubs(:value).with(:http_proxy_host).returns(nil)
Puppet.settings.stubs(:value).with(:http_proxy_port).returns(nil)
Puppet.settings.stubs(:value).with(:http_keepalive).returns(false)
Puppet.settings.stubs(:value).with(:configtimeout).returns(180)
# Just throw an error; the important thing is the values, not what happens next.
Net::HTTP.stubs(:new).with("myca", 321, nil, nil).raises(ArgumentError)
assert_raise(ArgumentError) { Puppet::Network::Client.ca.new }
end
# #578
def test_invalid_certs_are_not_written
# Run the get once, which should be valid
assert_nothing_raised("Could not get a certificate") do
@client.request_cert
end
# Now remove the cert and keys, so we get a broken cert
File.unlink(Puppet[:hostcert])
File.unlink(Puppet[:localcacert])
File.unlink(Puppet[:hostprivkey])
@client = Puppet::Network::Client.ca.new :CA => @ca
@ca.expects(:getcert).returns("yay") # not a valid cert
# Now make sure it fails, since we'll get the old cert but have new keys
assert_raise(Puppet::Network::Client::CA::InvalidCertificate, "Did not fail on invalid cert") do
@client.request_cert
end
# And then make sure the cert isn't written to disk
assert(! FileTest.exists?(Puppet[:hostcert]), "Invalid cert got written to disk")
end
end
|
