Merge "Modify the check of the hostname in SSL certificate"

This commit is contained in:
Jenkins 2016-08-17 14:04:35 +00:00 committed by Gerrit Code Review
commit d354b975cc
2 changed files with 286 additions and 2 deletions

View File

@ -15,7 +15,7 @@
# Otherwise it returns the number of seconds before the certificate expires
#
# Parameter:
# - the file path of the SSL certificate
# - the path to the SSL certificate
# - the expected CN
module Puppet::Parser::Functions
@ -39,8 +39,12 @@ module Puppet::Parser::Functions
certend = Time.parse(dates.gsub(/.*notAfter=(.+? GMT).*/, '\1'))
now = Time.now.utc
if (cn_found.start_with? "*." and not args[1].end_with? cn_found[1..-1]) or
(not cn_found.start_with? "*." and cn_found != args[1])
raise "Found #{cn_found} as CN whereas '#{args[1]}' was expected"
end
raise "The certificate file doesn't contain the private key" unless pk == 'RSA key ok'
raise "Found #{cn_found} as CN whereas '#{args[1]}' was expected" unless cn_found == args[1]
raise "Dates not found in the certificate" unless dates.match(/not(Before|After)=/)
if (now > certend)

View File

@ -0,0 +1,280 @@
# Copyright 2016 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
require 'spec_helper'
require 'tempfile'
describe 'validate_ssl_certificate' do
# This certificate was generated manually by using the openssl
# command:
# openssl x509 -req -days -1 [...]
# Here are the tested parameters of the certificate:
# Validity
# Not Before: Aug 11 15:46:49 2016 GMT
# Not After : Aug 10 15:46:49 2016 GMT
# Subject: [...] CN=mirantis.com/emailAddress=example.com
wrong_dates_cert = Tempfile.new('wrong_dates_cert')
wrong_dates_cert_path = wrong_dates_cert.path
wrong_dates_cert.write('-----BEGIN CERTIFICATE-----
MIICjTCCAfYCCQCaalFPmFXKrDANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G
A1UECgwITWlyYW50aXMxDDAKBgNVBAsMA0RldjEVMBMGA1UEAwwMbWlyYW50aXMu
Y29tMRowGAYJKoZIhvcNAQkBFgtleGFtcGxlLmNvbTAeFw0xNjA4MTExNTQ2NDla
Fw0xNjA4MTAxNTQ2NDlaMIGKMQswCQYDVQQGEwJGUjEUMBIGA1UECAwLUmhvbmUt
QWxwZXMxETAPBgNVBAcMCEdyZW5vYmxlMREwDwYDVQQKDAhNaXJhbnRpczEMMAoG
A1UECwwDRGV2MRUwEwYDVQQDDAxtaXJhbnRpcy5jb20xGjAYBgkqhkiG9w0BCQEW
C2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPJTMOMDLf
o+TVj9jOd97O+SX2F8i/dY5YfnnqTw/J3P7ghKfpVot2TsZe9V5PvWeQMcXumaJb
4xSUG5A0WrLKUZLgSDpLSxcUq4+r95LyLISEzfngPXtRgWX+V+jopm2Zl9CaBFiS
z3h/jQKOeGibE7W/ZJaVNb0M9adfrqxQzwIDAQABMA0GCSqGSIb3DQEBCwUAA4GB
AFgXgERO2kAMFiZGpONCfd2O1R9+TKY2g6SOIn+KuJgHg85b53GmbIVzF5H6CuFh
2Tr11CdZALPVxRVe+lTgWhQdSRcv0cDQ4CJ37uAluAOaMSXaDPZnzadhfchGPSKN
VcllH9ERfoFfuDMfyVRhCte0SFs/Vl/U3ZlvAND4KIUN
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIICXwIBAAKBgQDPJTMOMDLfo+TVj9jOd97O+SX2F8i/dY5YfnnqTw/J3P7ghKfp
Vot2TsZe9V5PvWeQMcXumaJb4xSUG5A0WrLKUZLgSDpLSxcUq4+r95LyLISEzfng
PXtRgWX+V+jopm2Zl9CaBFiSz3h/jQKOeGibE7W/ZJaVNb0M9adfrqxQzwIDAQAB
AoGBAIr1bXaLJtWX4J7TTKHVEAbQZILeGbE2bzM2RRrFxtWoBuMemnWRtSS8W57A
A3CCosK8YQda0OvLPbbNdsNoRJ73QhF84jhKI7o1gZi3dsG7HqXgabB45NQv81TY
yb7WZ/F3+hzVRoKxPuTlQdcvBZdloNv/MNJDQi0p/MMcc3XhAkEA70A4q4P+veWw
BLKRLGDhYUl/7GHhTiIxPkbDpBkYmA+/KPRbTdN/711zeDOKJI0BHBKpMh3qHYD4
m87wQA0GQwJBAN2ll6nTu6a4e8X7jq/+a7bNK1Fxgz2T4ojQVdwjVthEU4ETsq+y
+2YSHS0z2C9DDKkedC3gzCUuryuliU1esIUCQQCywpJVHLeOnXpp2B3+QZjEfw1U
ykF0hrmyZV8yUgn9O+7Bo+pAeSGi8HkhO6kg7DYDCrJentlZGA8pI3KA+PpPAkEA
p9sgYJzZIAnWsrkv9ljXejkm9SbiHWBBzxr36x9YRbB5DOe+CxGhEkvljLYWorRE
gk9t7NCxyfbw8j0LHmz3gQJBAJRfhxYNzafeFeChqvjBVK5NORMtue6stdAROOy2
DFsBCPEBIAZU8quDCGOeXjabUPfiTRpcORNVfbfF3UXhVY0=
-----END RSA PRIVATE KEY-----
')
wrong_dates_cert.close
# The certificate has been generated by using the script
# https://github.com/openstack/stacklight-integration-tests/blob/master/fixtures/https/create_certificate.sh
# Here are the tested parameters of the certificate:
# Validity
# Not Before: Aug 11 15:35:59 2016 GMT
# Not After : Dec 24 15:35:59 2017 GMT
# Subject: [...] CN=site1.fuel.local
site1_cert = Tempfile.new('site1_cert')
site1_cert_path = site1_cert.path
site1_cert.write('-----BEGIN CERTIFICATE-----
MIIEnzCCAocCCQC8qoNz2UdHQzANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMC
RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G
A1UECgwITWlyYW50aXMxEzARBgNVBAsMClN0YWNrTGlnaHQxIjAgBgNVBAMMGVN0
YWNrTGlnaHQgUm9vdCBBdXRob3JpdHkxIzAhBgkqhkiG9w0BCQEWFG1pcmFudGlz
QGV4YW1wbGUuY29tMB4XDTE2MDgxMTE1MzU1OVoXDTE3MTIyNDE1MzU1OVowezEL
MAkGA1UEBhMCRlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVu
b2JsZTERMA8GA1UECgwITWlyYW50aXMxFTATBgNVBAsMDEZ1ZWwgcGx1Z2luczEZ
MBcGA1UEAwwQc2l0ZTEuZnVlbC5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBANxUXnsMs+duQcxhFg1JtNc1/cvxixqwQBakoFg86EFkvBGaotC5
RC1nNOX1z9C5ei+gM8OFcjLIsZY2gO3TFC8sZ4kcjEtMwQUcxt0BtZkl4LQamPzw
zYH0Ludaybmr5sz3By2nkXX5lM8juR9/K3WSKgBEi93cpxRZQSdyqoz1CK84wYUC
5EN/MEiS9ibZ6kAPTK3IWdjbmDwhhUqAboEen549teZhsM+RVv9j5qM78bUUJbP2
z0Sq/QW9QXtwYFTgsWU6H1rXK+jGMAwoKCPY4UYbJojj80wyMTfoi6FiUND4yZDm
yUNkYkQaVxj3seFlx1BsqSGAieSlp1dffnkCAwEAATANBgkqhkiG9w0BAQsFAAOC
AgEAIlwh/bkRiXut2OB2FIgVB2BsD59XsN5ch+iVQ01Cvnn+/ODnSQtA3Zjk8RhE
0jk0mZ6dGDQ7a0seHpVAZFPRi49b5wHvSLrgpm6Gi28rCqhGLFVYFkM+9bfszPNJ
eUl2CP064WuZ1I8CfKtzSORZ8kcIdyvn2ZVp74ijOd5Xe3KLURJ/iMROmzOlwwwS
vDFbxMrADuFhEFkjopfRFjGKlelz/T+p7LWvoWturYKkwuvBuriQyUw4Z+RNKvCw
dPYFffafAb/A0OM7rEArAhLCiVJxHxGm34btyy+IFr/d4IEG6bA3ZAA+OWNVnzbN
MfP5UBP2MdYsth0NK8IJMjP7Fs2sP9t5c6sp5O4Znsuv0AWwJ0v8SysLCdX/Ibqx
zx54IO0woM46wLWdmA9+O5/IFY8LHSQC8u2RLpWbuCAVpu4xgMMy90+ZCKERt5px
u5PvFJYS8atq0wUJ37aPExz6+g5PbRN2CcyIj1nQuHWbR1e9O9WRcdXPPsiReciy
d4GRM4bAa5nck9Y50eCKHvqSgdUpiqM1YIOXHh7ZfnSrVTOa3Na6SMsu301cTTdF
GKX4TEjnTTt8xi9sFCq5+Qecga36qBjTg1+23dV2jG6YzK+AIjNk9L6QlUZW3oEN
IWBlYQ/txckYzLtSWrAqbgxSkxWa4cZU/LnOdvK1G9n0hQc=
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA3FReewyz525BzGEWDUm01zX9y/GLGrBAFqSgWDzoQWS8EZqi
0LlELWc05fXP0Ll6L6Azw4VyMsixljaA7dMULyxniRyMS0zBBRzG3QG1mSXgtBqY
/PDNgfQu51rJuavmzPcHLaeRdfmUzyO5H38rdZIqAESL3dynFFlBJ3KqjPUIrzjB
hQLkQ38wSJL2JtnqQA9MrchZ2NuYPCGFSoBugR6fnj215mGwz5FW/2PmozvxtRQl
s/bPRKr9Bb1Be3BgVOCxZTofWtcr6MYwDCgoI9jhRhsmiOPzTDIxN+iLoWJQ0PjJ
kObJQ2RiRBpXGPex4WXHUGypIYCJ5KWnV19+eQIDAQABAoIBACof71hzW0oaKHZc
8Yxk1TB4YCfH7KKTpA0wOH/mVTl7ewGaoRpq8YAExXZaAvuTGqtUY9E0CFtxR5LC
pO/TdX53bOwoCyKycAz8LYE/vGqldUq58xoZKBF6kCUnlH3tQdlaOYMfEI6Pw0W/
PLuq4rI92c3nTR6D+2XGktBp+fWs4KPkSHtxPmgQH8kiSwT1ZfBUaGFXD0nlSvv4
zizN6/Z2tslrVc2F/ESpCouREy2J2STj1NVivnRLScreFNf9eLJQxjKlMzJCEr4v
ZInP3BvOR4zC92wStCu3R7RxYh8nvgIM9Xt/WxcWwSAH+HUPYO6tcyaOUGKs2wTW
H2H3QIkCgYEA+p/LWPwkKItvEJJnBjMR2z987+CqgJ76jpQRUcyIrjq17PjWxdI3
3s1vu8vEB5G9iMFWS14DTbKaoi7enOR+jDA+TMgjbsxRgC2vN15E83CAIMrvJecX
GcyFRkQtaA64PMgiFe6YA4OWAm7+5EIyWnyKxa635LzEp5OJqB7WGNsCgYEA4Q45
OFK7zKZmWHvmoeFilIDz7SF3kYjk5tD4ap9uhWKXAnzS3rxa+0QDyxRU/0FIAkBB
jnicWdTg3xsxhE6nSFFjk+caFZ6OEWPYw8d/9C+49DtgOGMoAfGHLFY6Fd+HR+70
DNOHehBZIxh3VkvX+X36T2RNNCvpFWaJ3sZQjDsCgYEAhRS09dttl9nyb+pNqo0T
vkhIH1g9MW85vNwDFlx1d47Va6/227R01mpgGmho/1v0ONnw6LRTLL7aPaSFsOnk
CKzVaBAeQIdd/6JCmDQGiP4EC2W293luWtSvMFCji83FJwFemCbJsZP94+zsjGha
NJJNXgsYuu1Bv3oobo1xQmECgYEAuYpOZj7fERNGYUCUnXUBHslJUIA84UDo5dn2
U4DpTxI+yRA7kOHcaDZkojI6+M3LHf/3jAunau/0DDuRETD+/MIMxEzM1nIHUhLt
DEsXFCub4c5pv1MQEroa5NSZwpqsHwPDNCfYEywTMLnk+MJCZjAUAwwAEjj5Smlk
1MLOeS0CgYEAi4Oa173JPr+x2rEx9kFzS7mFG5LhKjDO90Pi4meBK6LmFZTFAZ43
RwKTtqxWLTa95akrbtExe4wH87YYps86PHWESZmAMrvpop5kowlGRE34Jm5OFm7k
C+NI7IhZ5VywJ189A51QVoAa0HmpAEXP9vk2Ez4UTFVI9sBtrrqMpgs=
-----END RSA PRIVATE KEY-----
')
site1_cert.close
# The certificate has been generated by using the script
# https://github.com/openstack/stacklight-integration-tests/blob/master/fixtures/https/create_certificate.sh
# Here are the tested parameters of the certificate:
# Validity
# Not Before: Aug 9 09:09:05 2016 GMT
# Not After : Dec 22 09:09:05 2017 GMT
# Subject: [...] CN=*.fuel.local
wildcard_cert = Tempfile.new('cert')
wildcard_cert_path = wildcard_cert.path
wildcard_cert.write('-----BEGIN CERTIFICATE-----
MIIEmzCCAoMCCQC8XTGfnWQssjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMC
RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G
A1UECgwITWlyYW50aXMxEzARBgNVBAsMClN0YWNrTGlnaHQxIjAgBgNVBAMMGVN0
YWNrTGlnaHQgUm9vdCBBdXRob3JpdHkxIzAhBgkqhkiG9w0BCQEWFG1pcmFudGlz
QGV4YW1wbGUuY29tMB4XDTE2MDgwOTA5MDkwNVoXDTE3MTIyMjA5MDkwNVowdzEL
MAkGA1UEBhMCRlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVu
b2JsZTERMA8GA1UECgwITWlyYW50aXMxFTATBgNVBAsMDEZ1ZWwgcGx1Z2luczEV
MBMGA1UEAwwMKi5mdWVsLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwf3t6eG8KV/7SSVz/bRi0/gQkp73K+0oRpaLmtHPsohL6FXI+YRB3m30
sE0u6drf0rGC4QMNrb/y1z1jM2iFP6rTM97r6E2AzxScuF0MZQlF0XqUCYV7AvqT
4GoKAqBAMEXLEmnsKX6F8ZGMfIFnAC0W1AHOPu7PYCg6symo6wrNOoclPbjOZytC
pz9AB82SBeU2D+s8mUYjfurqd/Kh1xxR5kUiB4Uiud/1sEe+YFnWWjILCvpzH0up
/otY4jxB1nXbAM+bWp1SszDwjAon2DKkRoqfFUT0uI6NaljTnFdn4PPwSg3gcfwZ
QOiJLyhwdjCvmyoxTUbGzIaaiFiCJQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCJ
K0rUqVj2CeKwMof9SADYdFdGtI8qigiQgieDd+XU9YA9R52UEa2K7A7ABM3ts+1f
TRCtOOei+6TQ0KHCt1WV0XGc00eER44N9Kw8nu0OPXBpYTZ1mKhL8IyapGK4e/ur
nVJCZtDDWKikLhlHXwuQgvQ+3OveU+cQI5x1035XZbuGY2xFAcNx/wwaFMwpabw1
X4b325+B2KRHKkKjWJsPyE1q7iqLs3RsQDH031wWVS0hHkR2NL1anOToeDHMgcO8
sWTth0OLf3dVC9mjG7SxCm2mHV0fPCBUB4Xzago6GNJC+GPs5w0moTivNcpHWILJ
r+h6FmZhPrejzQXTFbzXirWMcD7LphSJ23hS1GmCyKQsRyTpOCn/NXmQbrBpns/V
3YJGeIlcGfnVzMMtxRqcDiPO49NBcNxcjAAvwzttYWuPRHMULOIviGNrqFSjHCFg
JQ2jZM2xKorRt8ItFD0rjy+T/SZF3B5AxB2y6FTCKnTmcwchoyJdThfb0FBU01pZ
ROtYaW0WaqgN48Buxn8Cqjhr8JxK2Vmbz6cwRiyIzi+exXGpdfU9ZxcksVmQFd1I
0NX4YTxEOA2hwGUowTVqPoAFH5hvk+nkULgvrkBVBXLWx1oCK9nDrz9ubUyUgdje
vaiOtmDJknNFKC1st2JQwZCVmYZura4GB2FBo/6YCA==
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAwf3t6eG8KV/7SSVz/bRi0/gQkp73K+0oRpaLmtHPsohL6FXI
+YRB3m30sE0u6drf0rGC4QMNrb/y1z1jM2iFP6rTM97r6E2AzxScuF0MZQlF0XqU
CYV7AvqT4GoKAqBAMEXLEmnsKX6F8ZGMfIFnAC0W1AHOPu7PYCg6symo6wrNOocl
PbjOZytCpz9AB82SBeU2D+s8mUYjfurqd/Kh1xxR5kUiB4Uiud/1sEe+YFnWWjIL
CvpzH0up/otY4jxB1nXbAM+bWp1SszDwjAon2DKkRoqfFUT0uI6NaljTnFdn4PPw
Sg3gcfwZQOiJLyhwdjCvmyoxTUbGzIaaiFiCJQIDAQABAoIBAG7pngMgmxIU3Hkf
vseJQQ/sPp114d/tgh+Jp1vnJZbvsmat1XBDm91uhH3gQzhVea7e6vN3aXSz0EYb
xQH5emXCZ2q6w6pX1ZOQN2J5YMLLoG16ZfVjqcc0OSQPvJVvxgNThB2NDgdTXYWW
L/pnidph7TFdruvwYgSaO6V/5iIrVCX9lZc4oQF80VTDDDvvHe/jQFlshrNIuGBh
Va19AYUWEek+QiZ849ShG6Y2N/JoR65pu4AMrjLRCo0RMwAJtOTE9vU+QxXblElm
TeaYrsnvmCXVCBHraffEgyvBNFJ9CPpvfVtymcQ7uyF+iCZ9mDQhoOBajHeQE4Fe
O5B77AECgYEA+3/K7TLph7lzwkPdbBvpd8cD8LtqUcRP9XvvLF1ZIfMjZQjeUZGe
/oSTqICouF7SQiT2nIUPuiv8QYhL1K4AE7ZH3Umictf0RPaCA9LYbZhRcFgqzevF
whNp2zbXG7UnYwPS0cFnJe7k1WztaeHkzEC1I/pZCG4ertMkgqqvYaUCgYEAxXas
4/XjX+pqJ/u48cHrOPS+Qugq1ONsIcnM5q5fu9zCq9rfYNUCQqRM1R9uEDV6xmDd
vIitA1CWcHDrtojk33GQoqDMtq+t+Mh1Ni0lLJ19r3lDc2C0OsfqZd7sHxkDCjXL
KKcRdys7q8AFDwHMWQCvXfnbeHcc+jCaLbzJtoECgYEAkqp84gU90SviiRjgqOpC
JdrGvn3dS9/rLWLgIQQzNaxAKOyaEgGVMiKIpcyaGCMcBPzfYHnsqQp7qo/cgSQT
4Wr8z9zgQo8T4Z/MRISSOJ+KZrTUCZCEnGCL7A44Ne1YEdMp/68FA0ck5h4G+ieF
MWRO/rNBdrwZYqS5dwYpDw0CgYEAsypi5NQOYtEHURANVw5kp2Ep4PtXIaLYUjAQ
Qp6lLoe3+sa1N98OFfmN3TKPYxWjOKxbhN1eXkuYtJ1AwnajdDpOycCs/nWYnMsF
zwpXWIvtpnGYye9MmKkb/SKvi+fd4j29AD3WkxIfKk8oR92R1I/SjqpOgJdTK489
1ZIeVAECgYEAsG0giXYTbURl2TVPgYbBXkqdhxXlhTo2Bw2WpxDzFN3La4xlx7C0
TsjVnOcAWmCfhgJYX/3M6lV5uqWFr/wXODLmdp94/edigyFn/OTO5VJ1/UMniVCv
MewMZCz4qkB7640zuATjJQXUsX54VdCsaVoYWxHGaBjYoQuW2+XPi1w=
-----END RSA PRIVATE KEY-----
')
wildcard_cert.close
# It is the wildcard certificate but without the private key
noprivkey_cert = Tempfile.new('noprivkey_cert')
noprivkey_cert_path = noprivkey_cert.path
noprivkey_cert.write('-----BEGIN CERTIFICATE-----
MIIEmzCCAoMCCQC8XTGfnWQssjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMC
RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G
A1UECgwITWlyYW50aXMxEzARBgNVBAsMClN0YWNrTGlnaHQxIjAgBgNVBAMMGVN0
YWNrTGlnaHQgUm9vdCBBdXRob3JpdHkxIzAhBgkqhkiG9w0BCQEWFG1pcmFudGlz
QGV4YW1wbGUuY29tMB4XDTE2MDgwOTA5MDkwNVoXDTE3MTIyMjA5MDkwNVowdzEL
MAkGA1UEBhMCRlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVu
b2JsZTERMA8GA1UECgwITWlyYW50aXMxFTATBgNVBAsMDEZ1ZWwgcGx1Z2luczEV
MBMGA1UEAwwMKi5mdWVsLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwf3t6eG8KV/7SSVz/bRi0/gQkp73K+0oRpaLmtHPsohL6FXI+YRB3m30
sE0u6drf0rGC4QMNrb/y1z1jM2iFP6rTM97r6E2AzxScuF0MZQlF0XqUCYV7AvqT
4GoKAqBAMEXLEmnsKX6F8ZGMfIFnAC0W1AHOPu7PYCg6symo6wrNOoclPbjOZytC
pz9AB82SBeU2D+s8mUYjfurqd/Kh1xxR5kUiB4Uiud/1sEe+YFnWWjILCvpzH0up
/otY4jxB1nXbAM+bWp1SszDwjAon2DKkRoqfFUT0uI6NaljTnFdn4PPwSg3gcfwZ
QOiJLyhwdjCvmyoxTUbGzIaaiFiCJQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCJ
K0rUqVj2CeKwMof9SADYdFdGtI8qigiQgieDd+XU9YA9R52UEa2K7A7ABM3ts+1f
TRCtOOei+6TQ0KHCt1WV0XGc00eER44N9Kw8nu0OPXBpYTZ1mKhL8IyapGK4e/ur
nVJCZtDDWKikLhlHXwuQgvQ+3OveU+cQI5x1035XZbuGY2xFAcNx/wwaFMwpabw1
X4b325+B2KRHKkKjWJsPyE1q7iqLs3RsQDH031wWVS0hHkR2NL1anOToeDHMgcO8
sWTth0OLf3dVC9mjG7SxCm2mHV0fPCBUB4Xzago6GNJC+GPs5w0moTivNcpHWILJ
r+h6FmZhPrejzQXTFbzXirWMcD7LphSJ23hS1GmCyKQsRyTpOCn/NXmQbrBpns/V
3YJGeIlcGfnVzMMtxRqcDiPO49NBcNxcjAAvwzttYWuPRHMULOIviGNrqFSjHCFg
JQ2jZM2xKorRt8ItFD0rjy+T/SZF3B5AxB2y6FTCKnTmcwchoyJdThfb0FBU01pZ
ROtYaW0WaqgN48Buxn8Cqjhr8JxK2Vmbz6cwRiyIzi+exXGpdfU9ZxcksVmQFd1I
0NX4YTxEOA2hwGUowTVqPoAFH5hvk+nkULgvrkBVBXLWx1oCK9nDrz9ubUyUgdje
vaiOtmDJknNFKC1st2JQwZCVmYZura4GB2FBo/6YCA==
-----END CERTIFICATE-----
')
noprivkey_cert.close
describe 'site1 with valid CN' do
it {
should run.with_params(site1_cert_path,
'site1.fuel.local')
}
end
describe 'site1 with an unvalid CN' do
it {
should run.with_params(site1_cert_path,
'site2.fuel.local').and_raise_error(/Found site1.fuel.local as CN whereas 'site2.fuel.local' was expected/)
}
end
describe 'wildcard with valid CN' do
it {
should run.with_params(wildcard_cert_path,
'site1.fuel.local')
}
end
describe 'wildcard with another valid CN' do
it {
should run.with_params(wildcard_cert_path,
'site2.fuel.local')
}
end
describe 'wildcard with a wrong CN' do
it {
should run.with_params(wildcard_cert_path,
'test1.wrong.cn').and_raise_error(/Found \*.fuel.local as CN whereas 'test1.wrong.cn' was expected/)
}
end
describe 'with no private key' do
it {
should run.with_params(noprivkey_cert_path,
'site1.fuel.local').and_raise_error(/private key/)
}
end
# The wrong_dates certificate is valid from the point of view of the puppet
# function that will simply emits a warning.
describe 'with a wrong date' do
it {
should run.with_params(wrong_dates_cert_path,
'mirantis.com')
}
end
end