Modify the check of the hostname in SSL certificate
This patch modifies the check of the hostname in the SSL certificate to support certificate with wildcard. Change-Id: Ib2da2fd4bcb103ca9bbe1a892afdb4cf01c59b05 Closes-Bug: #1608665
This commit is contained in:
parent
757550cdf0
commit
c0cf72fccc
|
@ -15,7 +15,7 @@
|
|||
# Otherwise it returns the number of seconds before the certificate expires
|
||||
#
|
||||
# Parameter:
|
||||
# - the content of the SSL certificate
|
||||
# - the path to the SSL certificate
|
||||
# - the expected CN
|
||||
|
||||
module Puppet::Parser::Functions
|
||||
|
@ -39,8 +39,12 @@ module Puppet::Parser::Functions
|
|||
certend = Time.parse(dates.gsub(/.*notAfter=(.+? GMT).*/, '\1'))
|
||||
now = Time.now.utc
|
||||
|
||||
if (cn_found.start_with? "*." and not args[1].end_with? cn_found[1..-1]) or
|
||||
(not cn_found.start_with? "*." and cn_found != args[1])
|
||||
raise "Found #{cn_found} as CN whereas '#{args[1]}' was expected"
|
||||
end
|
||||
|
||||
raise "The certificate file doesn't contain the private key" unless pk == 'RSA key ok'
|
||||
raise "Found #{cn_found} as CN whereas '#{args[1]}' was expected" unless cn_found == args[1]
|
||||
raise "Dates not found in the certificate" unless dates.match(/not(Before|After)=/)
|
||||
|
||||
if (now > certend)
|
||||
|
|
|
@ -0,0 +1,280 @@
|
|||
# Copyright 2016 Mirantis, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
require 'spec_helper'
|
||||
require 'tempfile'
|
||||
|
||||
describe 'validate_ssl_certificate' do
|
||||
|
||||
# This certificate was generated manually by using the openssl
|
||||
# command:
|
||||
# openssl x509 -req -days -1 [...]
|
||||
# Here are the tested parameters of the certificate:
|
||||
# Validity
|
||||
# Not Before: Aug 11 15:46:49 2016 GMT
|
||||
# Not After : Aug 10 15:46:49 2016 GMT
|
||||
# Subject: [...] CN=mirantis.com/emailAddress=example.com
|
||||
wrong_dates_cert = Tempfile.new('wrong_dates_cert')
|
||||
wrong_dates_cert_path = wrong_dates_cert.path
|
||||
wrong_dates_cert.write('-----BEGIN CERTIFICATE-----
|
||||
MIICjTCCAfYCCQCaalFPmFXKrDANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
|
||||
RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G
|
||||
A1UECgwITWlyYW50aXMxDDAKBgNVBAsMA0RldjEVMBMGA1UEAwwMbWlyYW50aXMu
|
||||
Y29tMRowGAYJKoZIhvcNAQkBFgtleGFtcGxlLmNvbTAeFw0xNjA4MTExNTQ2NDla
|
||||
Fw0xNjA4MTAxNTQ2NDlaMIGKMQswCQYDVQQGEwJGUjEUMBIGA1UECAwLUmhvbmUt
|
||||
QWxwZXMxETAPBgNVBAcMCEdyZW5vYmxlMREwDwYDVQQKDAhNaXJhbnRpczEMMAoG
|
||||
A1UECwwDRGV2MRUwEwYDVQQDDAxtaXJhbnRpcy5jb20xGjAYBgkqhkiG9w0BCQEW
|
||||
C2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPJTMOMDLf
|
||||
o+TVj9jOd97O+SX2F8i/dY5YfnnqTw/J3P7ghKfpVot2TsZe9V5PvWeQMcXumaJb
|
||||
4xSUG5A0WrLKUZLgSDpLSxcUq4+r95LyLISEzfngPXtRgWX+V+jopm2Zl9CaBFiS
|
||||
z3h/jQKOeGibE7W/ZJaVNb0M9adfrqxQzwIDAQABMA0GCSqGSIb3DQEBCwUAA4GB
|
||||
AFgXgERO2kAMFiZGpONCfd2O1R9+TKY2g6SOIn+KuJgHg85b53GmbIVzF5H6CuFh
|
||||
2Tr11CdZALPVxRVe+lTgWhQdSRcv0cDQ4CJ37uAluAOaMSXaDPZnzadhfchGPSKN
|
||||
VcllH9ERfoFfuDMfyVRhCte0SFs/Vl/U3ZlvAND4KIUN
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXwIBAAKBgQDPJTMOMDLfo+TVj9jOd97O+SX2F8i/dY5YfnnqTw/J3P7ghKfp
|
||||
Vot2TsZe9V5PvWeQMcXumaJb4xSUG5A0WrLKUZLgSDpLSxcUq4+r95LyLISEzfng
|
||||
PXtRgWX+V+jopm2Zl9CaBFiSz3h/jQKOeGibE7W/ZJaVNb0M9adfrqxQzwIDAQAB
|
||||
AoGBAIr1bXaLJtWX4J7TTKHVEAbQZILeGbE2bzM2RRrFxtWoBuMemnWRtSS8W57A
|
||||
A3CCosK8YQda0OvLPbbNdsNoRJ73QhF84jhKI7o1gZi3dsG7HqXgabB45NQv81TY
|
||||
yb7WZ/F3+hzVRoKxPuTlQdcvBZdloNv/MNJDQi0p/MMcc3XhAkEA70A4q4P+veWw
|
||||
BLKRLGDhYUl/7GHhTiIxPkbDpBkYmA+/KPRbTdN/711zeDOKJI0BHBKpMh3qHYD4
|
||||
m87wQA0GQwJBAN2ll6nTu6a4e8X7jq/+a7bNK1Fxgz2T4ojQVdwjVthEU4ETsq+y
|
||||
+2YSHS0z2C9DDKkedC3gzCUuryuliU1esIUCQQCywpJVHLeOnXpp2B3+QZjEfw1U
|
||||
ykF0hrmyZV8yUgn9O+7Bo+pAeSGi8HkhO6kg7DYDCrJentlZGA8pI3KA+PpPAkEA
|
||||
p9sgYJzZIAnWsrkv9ljXejkm9SbiHWBBzxr36x9YRbB5DOe+CxGhEkvljLYWorRE
|
||||
gk9t7NCxyfbw8j0LHmz3gQJBAJRfhxYNzafeFeChqvjBVK5NORMtue6stdAROOy2
|
||||
DFsBCPEBIAZU8quDCGOeXjabUPfiTRpcORNVfbfF3UXhVY0=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
')
|
||||
wrong_dates_cert.close
|
||||
|
||||
# The certificate has been generated by using the script
|
||||
# https://github.com/openstack/stacklight-integration-tests/blob/master/fixtures/https/create_certificate.sh
|
||||
# Here are the tested parameters of the certificate:
|
||||
# Validity
|
||||
# Not Before: Aug 11 15:35:59 2016 GMT
|
||||
# Not After : Dec 24 15:35:59 2017 GMT
|
||||
# Subject: [...] CN=site1.fuel.local
|
||||
site1_cert = Tempfile.new('site1_cert')
|
||||
site1_cert_path = site1_cert.path
|
||||
site1_cert.write('-----BEGIN CERTIFICATE-----
|
||||
MIIEnzCCAocCCQC8qoNz2UdHQzANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMC
|
||||
RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G
|
||||
A1UECgwITWlyYW50aXMxEzARBgNVBAsMClN0YWNrTGlnaHQxIjAgBgNVBAMMGVN0
|
||||
YWNrTGlnaHQgUm9vdCBBdXRob3JpdHkxIzAhBgkqhkiG9w0BCQEWFG1pcmFudGlz
|
||||
QGV4YW1wbGUuY29tMB4XDTE2MDgxMTE1MzU1OVoXDTE3MTIyNDE1MzU1OVowezEL
|
||||
MAkGA1UEBhMCRlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVu
|
||||
b2JsZTERMA8GA1UECgwITWlyYW50aXMxFTATBgNVBAsMDEZ1ZWwgcGx1Z2luczEZ
|
||||
MBcGA1UEAwwQc2l0ZTEuZnVlbC5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
ADCCAQoCggEBANxUXnsMs+duQcxhFg1JtNc1/cvxixqwQBakoFg86EFkvBGaotC5
|
||||
RC1nNOX1z9C5ei+gM8OFcjLIsZY2gO3TFC8sZ4kcjEtMwQUcxt0BtZkl4LQamPzw
|
||||
zYH0Ludaybmr5sz3By2nkXX5lM8juR9/K3WSKgBEi93cpxRZQSdyqoz1CK84wYUC
|
||||
5EN/MEiS9ibZ6kAPTK3IWdjbmDwhhUqAboEen549teZhsM+RVv9j5qM78bUUJbP2
|
||||
z0Sq/QW9QXtwYFTgsWU6H1rXK+jGMAwoKCPY4UYbJojj80wyMTfoi6FiUND4yZDm
|
||||
yUNkYkQaVxj3seFlx1BsqSGAieSlp1dffnkCAwEAATANBgkqhkiG9w0BAQsFAAOC
|
||||
AgEAIlwh/bkRiXut2OB2FIgVB2BsD59XsN5ch+iVQ01Cvnn+/ODnSQtA3Zjk8RhE
|
||||
0jk0mZ6dGDQ7a0seHpVAZFPRi49b5wHvSLrgpm6Gi28rCqhGLFVYFkM+9bfszPNJ
|
||||
eUl2CP064WuZ1I8CfKtzSORZ8kcIdyvn2ZVp74ijOd5Xe3KLURJ/iMROmzOlwwwS
|
||||
vDFbxMrADuFhEFkjopfRFjGKlelz/T+p7LWvoWturYKkwuvBuriQyUw4Z+RNKvCw
|
||||
dPYFffafAb/A0OM7rEArAhLCiVJxHxGm34btyy+IFr/d4IEG6bA3ZAA+OWNVnzbN
|
||||
MfP5UBP2MdYsth0NK8IJMjP7Fs2sP9t5c6sp5O4Znsuv0AWwJ0v8SysLCdX/Ibqx
|
||||
zx54IO0woM46wLWdmA9+O5/IFY8LHSQC8u2RLpWbuCAVpu4xgMMy90+ZCKERt5px
|
||||
u5PvFJYS8atq0wUJ37aPExz6+g5PbRN2CcyIj1nQuHWbR1e9O9WRcdXPPsiReciy
|
||||
d4GRM4bAa5nck9Y50eCKHvqSgdUpiqM1YIOXHh7ZfnSrVTOa3Na6SMsu301cTTdF
|
||||
GKX4TEjnTTt8xi9sFCq5+Qecga36qBjTg1+23dV2jG6YzK+AIjNk9L6QlUZW3oEN
|
||||
IWBlYQ/txckYzLtSWrAqbgxSkxWa4cZU/LnOdvK1G9n0hQc=
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEA3FReewyz525BzGEWDUm01zX9y/GLGrBAFqSgWDzoQWS8EZqi
|
||||
0LlELWc05fXP0Ll6L6Azw4VyMsixljaA7dMULyxniRyMS0zBBRzG3QG1mSXgtBqY
|
||||
/PDNgfQu51rJuavmzPcHLaeRdfmUzyO5H38rdZIqAESL3dynFFlBJ3KqjPUIrzjB
|
||||
hQLkQ38wSJL2JtnqQA9MrchZ2NuYPCGFSoBugR6fnj215mGwz5FW/2PmozvxtRQl
|
||||
s/bPRKr9Bb1Be3BgVOCxZTofWtcr6MYwDCgoI9jhRhsmiOPzTDIxN+iLoWJQ0PjJ
|
||||
kObJQ2RiRBpXGPex4WXHUGypIYCJ5KWnV19+eQIDAQABAoIBACof71hzW0oaKHZc
|
||||
8Yxk1TB4YCfH7KKTpA0wOH/mVTl7ewGaoRpq8YAExXZaAvuTGqtUY9E0CFtxR5LC
|
||||
pO/TdX53bOwoCyKycAz8LYE/vGqldUq58xoZKBF6kCUnlH3tQdlaOYMfEI6Pw0W/
|
||||
PLuq4rI92c3nTR6D+2XGktBp+fWs4KPkSHtxPmgQH8kiSwT1ZfBUaGFXD0nlSvv4
|
||||
zizN6/Z2tslrVc2F/ESpCouREy2J2STj1NVivnRLScreFNf9eLJQxjKlMzJCEr4v
|
||||
ZInP3BvOR4zC92wStCu3R7RxYh8nvgIM9Xt/WxcWwSAH+HUPYO6tcyaOUGKs2wTW
|
||||
H2H3QIkCgYEA+p/LWPwkKItvEJJnBjMR2z987+CqgJ76jpQRUcyIrjq17PjWxdI3
|
||||
3s1vu8vEB5G9iMFWS14DTbKaoi7enOR+jDA+TMgjbsxRgC2vN15E83CAIMrvJecX
|
||||
GcyFRkQtaA64PMgiFe6YA4OWAm7+5EIyWnyKxa635LzEp5OJqB7WGNsCgYEA4Q45
|
||||
OFK7zKZmWHvmoeFilIDz7SF3kYjk5tD4ap9uhWKXAnzS3rxa+0QDyxRU/0FIAkBB
|
||||
jnicWdTg3xsxhE6nSFFjk+caFZ6OEWPYw8d/9C+49DtgOGMoAfGHLFY6Fd+HR+70
|
||||
DNOHehBZIxh3VkvX+X36T2RNNCvpFWaJ3sZQjDsCgYEAhRS09dttl9nyb+pNqo0T
|
||||
vkhIH1g9MW85vNwDFlx1d47Va6/227R01mpgGmho/1v0ONnw6LRTLL7aPaSFsOnk
|
||||
CKzVaBAeQIdd/6JCmDQGiP4EC2W293luWtSvMFCji83FJwFemCbJsZP94+zsjGha
|
||||
NJJNXgsYuu1Bv3oobo1xQmECgYEAuYpOZj7fERNGYUCUnXUBHslJUIA84UDo5dn2
|
||||
U4DpTxI+yRA7kOHcaDZkojI6+M3LHf/3jAunau/0DDuRETD+/MIMxEzM1nIHUhLt
|
||||
DEsXFCub4c5pv1MQEroa5NSZwpqsHwPDNCfYEywTMLnk+MJCZjAUAwwAEjj5Smlk
|
||||
1MLOeS0CgYEAi4Oa173JPr+x2rEx9kFzS7mFG5LhKjDO90Pi4meBK6LmFZTFAZ43
|
||||
RwKTtqxWLTa95akrbtExe4wH87YYps86PHWESZmAMrvpop5kowlGRE34Jm5OFm7k
|
||||
C+NI7IhZ5VywJ189A51QVoAa0HmpAEXP9vk2Ez4UTFVI9sBtrrqMpgs=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
')
|
||||
site1_cert.close
|
||||
|
||||
# The certificate has been generated by using the script
|
||||
# https://github.com/openstack/stacklight-integration-tests/blob/master/fixtures/https/create_certificate.sh
|
||||
# Here are the tested parameters of the certificate:
|
||||
# Validity
|
||||
# Not Before: Aug 9 09:09:05 2016 GMT
|
||||
# Not After : Dec 22 09:09:05 2017 GMT
|
||||
# Subject: [...] CN=*.fuel.local
|
||||
wildcard_cert = Tempfile.new('cert')
|
||||
wildcard_cert_path = wildcard_cert.path
|
||||
wildcard_cert.write('-----BEGIN CERTIFICATE-----
|
||||
MIIEmzCCAoMCCQC8XTGfnWQssjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMC
|
||||
RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G
|
||||
A1UECgwITWlyYW50aXMxEzARBgNVBAsMClN0YWNrTGlnaHQxIjAgBgNVBAMMGVN0
|
||||
YWNrTGlnaHQgUm9vdCBBdXRob3JpdHkxIzAhBgkqhkiG9w0BCQEWFG1pcmFudGlz
|
||||
QGV4YW1wbGUuY29tMB4XDTE2MDgwOTA5MDkwNVoXDTE3MTIyMjA5MDkwNVowdzEL
|
||||
MAkGA1UEBhMCRlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVu
|
||||
b2JsZTERMA8GA1UECgwITWlyYW50aXMxFTATBgNVBAsMDEZ1ZWwgcGx1Z2luczEV
|
||||
MBMGA1UEAwwMKi5mdWVsLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||
CgKCAQEAwf3t6eG8KV/7SSVz/bRi0/gQkp73K+0oRpaLmtHPsohL6FXI+YRB3m30
|
||||
sE0u6drf0rGC4QMNrb/y1z1jM2iFP6rTM97r6E2AzxScuF0MZQlF0XqUCYV7AvqT
|
||||
4GoKAqBAMEXLEmnsKX6F8ZGMfIFnAC0W1AHOPu7PYCg6symo6wrNOoclPbjOZytC
|
||||
pz9AB82SBeU2D+s8mUYjfurqd/Kh1xxR5kUiB4Uiud/1sEe+YFnWWjILCvpzH0up
|
||||
/otY4jxB1nXbAM+bWp1SszDwjAon2DKkRoqfFUT0uI6NaljTnFdn4PPwSg3gcfwZ
|
||||
QOiJLyhwdjCvmyoxTUbGzIaaiFiCJQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCJ
|
||||
K0rUqVj2CeKwMof9SADYdFdGtI8qigiQgieDd+XU9YA9R52UEa2K7A7ABM3ts+1f
|
||||
TRCtOOei+6TQ0KHCt1WV0XGc00eER44N9Kw8nu0OPXBpYTZ1mKhL8IyapGK4e/ur
|
||||
nVJCZtDDWKikLhlHXwuQgvQ+3OveU+cQI5x1035XZbuGY2xFAcNx/wwaFMwpabw1
|
||||
X4b325+B2KRHKkKjWJsPyE1q7iqLs3RsQDH031wWVS0hHkR2NL1anOToeDHMgcO8
|
||||
sWTth0OLf3dVC9mjG7SxCm2mHV0fPCBUB4Xzago6GNJC+GPs5w0moTivNcpHWILJ
|
||||
r+h6FmZhPrejzQXTFbzXirWMcD7LphSJ23hS1GmCyKQsRyTpOCn/NXmQbrBpns/V
|
||||
3YJGeIlcGfnVzMMtxRqcDiPO49NBcNxcjAAvwzttYWuPRHMULOIviGNrqFSjHCFg
|
||||
JQ2jZM2xKorRt8ItFD0rjy+T/SZF3B5AxB2y6FTCKnTmcwchoyJdThfb0FBU01pZ
|
||||
ROtYaW0WaqgN48Buxn8Cqjhr8JxK2Vmbz6cwRiyIzi+exXGpdfU9ZxcksVmQFd1I
|
||||
0NX4YTxEOA2hwGUowTVqPoAFH5hvk+nkULgvrkBVBXLWx1oCK9nDrz9ubUyUgdje
|
||||
vaiOtmDJknNFKC1st2JQwZCVmYZura4GB2FBo/6YCA==
|
||||
-----END CERTIFICATE-----
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpQIBAAKCAQEAwf3t6eG8KV/7SSVz/bRi0/gQkp73K+0oRpaLmtHPsohL6FXI
|
||||
+YRB3m30sE0u6drf0rGC4QMNrb/y1z1jM2iFP6rTM97r6E2AzxScuF0MZQlF0XqU
|
||||
CYV7AvqT4GoKAqBAMEXLEmnsKX6F8ZGMfIFnAC0W1AHOPu7PYCg6symo6wrNOocl
|
||||
PbjOZytCpz9AB82SBeU2D+s8mUYjfurqd/Kh1xxR5kUiB4Uiud/1sEe+YFnWWjIL
|
||||
CvpzH0up/otY4jxB1nXbAM+bWp1SszDwjAon2DKkRoqfFUT0uI6NaljTnFdn4PPw
|
||||
Sg3gcfwZQOiJLyhwdjCvmyoxTUbGzIaaiFiCJQIDAQABAoIBAG7pngMgmxIU3Hkf
|
||||
vseJQQ/sPp114d/tgh+Jp1vnJZbvsmat1XBDm91uhH3gQzhVea7e6vN3aXSz0EYb
|
||||
xQH5emXCZ2q6w6pX1ZOQN2J5YMLLoG16ZfVjqcc0OSQPvJVvxgNThB2NDgdTXYWW
|
||||
L/pnidph7TFdruvwYgSaO6V/5iIrVCX9lZc4oQF80VTDDDvvHe/jQFlshrNIuGBh
|
||||
Va19AYUWEek+QiZ849ShG6Y2N/JoR65pu4AMrjLRCo0RMwAJtOTE9vU+QxXblElm
|
||||
TeaYrsnvmCXVCBHraffEgyvBNFJ9CPpvfVtymcQ7uyF+iCZ9mDQhoOBajHeQE4Fe
|
||||
O5B77AECgYEA+3/K7TLph7lzwkPdbBvpd8cD8LtqUcRP9XvvLF1ZIfMjZQjeUZGe
|
||||
/oSTqICouF7SQiT2nIUPuiv8QYhL1K4AE7ZH3Umictf0RPaCA9LYbZhRcFgqzevF
|
||||
whNp2zbXG7UnYwPS0cFnJe7k1WztaeHkzEC1I/pZCG4ertMkgqqvYaUCgYEAxXas
|
||||
4/XjX+pqJ/u48cHrOPS+Qugq1ONsIcnM5q5fu9zCq9rfYNUCQqRM1R9uEDV6xmDd
|
||||
vIitA1CWcHDrtojk33GQoqDMtq+t+Mh1Ni0lLJ19r3lDc2C0OsfqZd7sHxkDCjXL
|
||||
KKcRdys7q8AFDwHMWQCvXfnbeHcc+jCaLbzJtoECgYEAkqp84gU90SviiRjgqOpC
|
||||
JdrGvn3dS9/rLWLgIQQzNaxAKOyaEgGVMiKIpcyaGCMcBPzfYHnsqQp7qo/cgSQT
|
||||
4Wr8z9zgQo8T4Z/MRISSOJ+KZrTUCZCEnGCL7A44Ne1YEdMp/68FA0ck5h4G+ieF
|
||||
MWRO/rNBdrwZYqS5dwYpDw0CgYEAsypi5NQOYtEHURANVw5kp2Ep4PtXIaLYUjAQ
|
||||
Qp6lLoe3+sa1N98OFfmN3TKPYxWjOKxbhN1eXkuYtJ1AwnajdDpOycCs/nWYnMsF
|
||||
zwpXWIvtpnGYye9MmKkb/SKvi+fd4j29AD3WkxIfKk8oR92R1I/SjqpOgJdTK489
|
||||
1ZIeVAECgYEAsG0giXYTbURl2TVPgYbBXkqdhxXlhTo2Bw2WpxDzFN3La4xlx7C0
|
||||
TsjVnOcAWmCfhgJYX/3M6lV5uqWFr/wXODLmdp94/edigyFn/OTO5VJ1/UMniVCv
|
||||
MewMZCz4qkB7640zuATjJQXUsX54VdCsaVoYWxHGaBjYoQuW2+XPi1w=
|
||||
-----END RSA PRIVATE KEY-----
|
||||
')
|
||||
wildcard_cert.close
|
||||
|
||||
# It is the wildcard certificate but without the private key
|
||||
noprivkey_cert = Tempfile.new('noprivkey_cert')
|
||||
noprivkey_cert_path = noprivkey_cert.path
|
||||
noprivkey_cert.write('-----BEGIN CERTIFICATE-----
|
||||
MIIEmzCCAoMCCQC8XTGfnWQssjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMC
|
||||
RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G
|
||||
A1UECgwITWlyYW50aXMxEzARBgNVBAsMClN0YWNrTGlnaHQxIjAgBgNVBAMMGVN0
|
||||
YWNrTGlnaHQgUm9vdCBBdXRob3JpdHkxIzAhBgkqhkiG9w0BCQEWFG1pcmFudGlz
|
||||
QGV4YW1wbGUuY29tMB4XDTE2MDgwOTA5MDkwNVoXDTE3MTIyMjA5MDkwNVowdzEL
|
||||
MAkGA1UEBhMCRlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVu
|
||||
b2JsZTERMA8GA1UECgwITWlyYW50aXMxFTATBgNVBAsMDEZ1ZWwgcGx1Z2luczEV
|
||||
MBMGA1UEAwwMKi5mdWVsLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||
CgKCAQEAwf3t6eG8KV/7SSVz/bRi0/gQkp73K+0oRpaLmtHPsohL6FXI+YRB3m30
|
||||
sE0u6drf0rGC4QMNrb/y1z1jM2iFP6rTM97r6E2AzxScuF0MZQlF0XqUCYV7AvqT
|
||||
4GoKAqBAMEXLEmnsKX6F8ZGMfIFnAC0W1AHOPu7PYCg6symo6wrNOoclPbjOZytC
|
||||
pz9AB82SBeU2D+s8mUYjfurqd/Kh1xxR5kUiB4Uiud/1sEe+YFnWWjILCvpzH0up
|
||||
/otY4jxB1nXbAM+bWp1SszDwjAon2DKkRoqfFUT0uI6NaljTnFdn4PPwSg3gcfwZ
|
||||
QOiJLyhwdjCvmyoxTUbGzIaaiFiCJQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCJ
|
||||
K0rUqVj2CeKwMof9SADYdFdGtI8qigiQgieDd+XU9YA9R52UEa2K7A7ABM3ts+1f
|
||||
TRCtOOei+6TQ0KHCt1WV0XGc00eER44N9Kw8nu0OPXBpYTZ1mKhL8IyapGK4e/ur
|
||||
nVJCZtDDWKikLhlHXwuQgvQ+3OveU+cQI5x1035XZbuGY2xFAcNx/wwaFMwpabw1
|
||||
X4b325+B2KRHKkKjWJsPyE1q7iqLs3RsQDH031wWVS0hHkR2NL1anOToeDHMgcO8
|
||||
sWTth0OLf3dVC9mjG7SxCm2mHV0fPCBUB4Xzago6GNJC+GPs5w0moTivNcpHWILJ
|
||||
r+h6FmZhPrejzQXTFbzXirWMcD7LphSJ23hS1GmCyKQsRyTpOCn/NXmQbrBpns/V
|
||||
3YJGeIlcGfnVzMMtxRqcDiPO49NBcNxcjAAvwzttYWuPRHMULOIviGNrqFSjHCFg
|
||||
JQ2jZM2xKorRt8ItFD0rjy+T/SZF3B5AxB2y6FTCKnTmcwchoyJdThfb0FBU01pZ
|
||||
ROtYaW0WaqgN48Buxn8Cqjhr8JxK2Vmbz6cwRiyIzi+exXGpdfU9ZxcksVmQFd1I
|
||||
0NX4YTxEOA2hwGUowTVqPoAFH5hvk+nkULgvrkBVBXLWx1oCK9nDrz9ubUyUgdje
|
||||
vaiOtmDJknNFKC1st2JQwZCVmYZura4GB2FBo/6YCA==
|
||||
-----END CERTIFICATE-----
|
||||
')
|
||||
noprivkey_cert.close
|
||||
|
||||
describe 'site1 with valid CN' do
|
||||
it {
|
||||
should run.with_params(site1_cert_path,
|
||||
'site1.fuel.local')
|
||||
}
|
||||
end
|
||||
|
||||
describe 'site1 with an unvalid CN' do
|
||||
it {
|
||||
should run.with_params(site1_cert_path,
|
||||
'site2.fuel.local').and_raise_error(/Found site1.fuel.local as CN whereas 'site2.fuel.local' was expected/)
|
||||
}
|
||||
end
|
||||
|
||||
describe 'wildcard with valid CN' do
|
||||
it {
|
||||
should run.with_params(wildcard_cert_path,
|
||||
'site1.fuel.local')
|
||||
}
|
||||
end
|
||||
|
||||
describe 'wildcard with another valid CN' do
|
||||
it {
|
||||
should run.with_params(wildcard_cert_path,
|
||||
'site2.fuel.local')
|
||||
}
|
||||
end
|
||||
|
||||
describe 'wildcard with a wrong CN' do
|
||||
it {
|
||||
should run.with_params(wildcard_cert_path,
|
||||
'test1.wrong.cn').and_raise_error(/Found \*.fuel.local as CN whereas 'test1.wrong.cn' was expected/)
|
||||
}
|
||||
end
|
||||
|
||||
describe 'with no private key' do
|
||||
it {
|
||||
should run.with_params(noprivkey_cert_path,
|
||||
'site1.fuel.local').and_raise_error(/private key/)
|
||||
}
|
||||
end
|
||||
|
||||
# The wrong_dates certificate is valid from the point of view of the puppet
|
||||
# function that will simply emits a warning.
|
||||
describe 'with a wrong date' do
|
||||
it {
|
||||
should run.with_params(wrong_dates_cert_path,
|
||||
'mirantis.com')
|
||||
}
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in New Issue