+1 On Thu, Sep 17, 2009 at 5:30 PM, Luke Kanies <[email protected]> wrote:
> > Signed-off-by: Luke Kanies <[email protected]> > --- > lib/puppet/network/http/webrick.rb | 2 +- > lib/puppet/ssl.rb | 1 + > lib/puppet/ssl/certificate_authority.rb | 4 ++-- > lib/puppet/ssl/host.rb | 6 +++--- > .../indirector/certificate_revocation_list/rest.rb | 2 +- > spec/integration/ssl/host.rb | 2 +- > spec/unit/ssl/host.rb | 10 +++++----- > 7 files changed, 14 insertions(+), 13 deletions(-) > > diff --git a/lib/puppet/network/http/webrick.rb > b/lib/puppet/network/http/webrick.rb > index bf4bf88..e0fe8b6 100644 > --- a/lib/puppet/network/http/webrick.rb > +++ b/lib/puppet/network/http/webrick.rb > @@ -104,7 +104,7 @@ class Puppet::Network::HTTP::WEBrick > results[:SSLStartImmediately] = true > results[:SSLEnable] = true > > - unless Puppet::SSL::Certificate.find("ca") > + unless Puppet::SSL::Certificate.find(Puppet::SSL::CA_NAME) > raise Puppet::Error, "Could not find CA certificate" > end > > diff --git a/lib/puppet/ssl.rb b/lib/puppet/ssl.rb > index 1a3e8d1..9cb67a6 100644 > --- a/lib/puppet/ssl.rb > +++ b/lib/puppet/ssl.rb > @@ -3,5 +3,6 @@ require 'puppet' > require 'openssl' > > module Puppet::SSL # :nodoc: > + CA_NAME = "ca" > require 'puppet/ssl/host' > end > diff --git a/lib/puppet/ssl/certificate_authority.rb > b/lib/puppet/ssl/certificate_authority.rb > index 10d13c2..8e4fd7a 100644 > --- a/lib/puppet/ssl/certificate_authority.rb > +++ b/lib/puppet/ssl/certificate_authority.rb > @@ -101,8 +101,8 @@ class Puppet::SSL::CertificateAuthority > # Retrieve (or create, if necessary) the certificate revocation list. > def crl > unless defined?(@crl) > - unless @crl = > Puppet::SSL::CertificateRevocationList.find("ca") > - @crl = Puppet::SSL::CertificateRevocationList.new("ca") > + unless @crl = > Puppet::SSL::CertificateRevocationList.find(Puppet::SSL::CA_NAME) > + @crl = > Puppet::SSL::CertificateRevocationList.new(Puppet::SSL::CA_NAME) > @crl.generate(host.certificate.content, host.key.content) > @crl.save > end > diff --git a/lib/puppet/ssl/host.rb b/lib/puppet/ssl/host.rb > index 29b947e..d7993e7 100644 > --- a/lib/puppet/ssl/host.rb > +++ b/lib/puppet/ssl/host.rb > @@ -10,6 +10,7 @@ require 'puppet/util/cacher' > class Puppet::SSL::Host > # Yay, ruby's strange constant lookups. > Key = Puppet::SSL::Key > + CA_NAME = Puppet::SSL::CA_NAME > Certificate = Puppet::SSL::Certificate > CertificateRequest = Puppet::SSL::CertificateRequest > CertificateRevocationList = Puppet::SSL::CertificateRevocationList > @@ -30,7 +31,6 @@ class Puppet::SSL::Host > end > end > > - CA_NAME = "ca" > # This is the constant that people will use to mark that a given host > is > # a certificate authority. > def self.ca_name > @@ -171,7 +171,7 @@ class Puppet::SSL::Host > > # get the CA cert first, since it's required for the normal > cert > # to be of any use. > - return nil unless Certificate.find("ca") unless ca? > + return nil unless Certificate.find(CA_NAME) unless ca? > return nil unless @certificate = Certificate.find(name) > > unless certificate_matches_key? > @@ -224,7 +224,7 @@ class Puppet::SSL::Host > @ssl_store.add_file(Puppet[:localcacert]) > > # If there's a CRL, add it to our store. > - if crl = Puppet::SSL::CertificateRevocationList.find("ca") > + if crl = Puppet::SSL::CertificateRevocationList.find(CA_NAME) > @ssl_store.flags = > OpenSSL::X509::V_FLAG_CRL_CHECK_ALL|OpenSSL::X509::V_FLAG_CRL_CHECK > @ssl_store.add_crl(crl.content) > end > diff --git > a/spec/integration/indirector/certificate_revocation_list/rest.rb > b/spec/integration/indirector/certificate_revocation_list/rest.rb > index f308543..1295dd2 100755 > --- a/spec/integration/indirector/certificate_revocation_list/rest.rb > +++ b/spec/integration/indirector/certificate_revocation_list/rest.rb > @@ -41,7 +41,7 @@ describe "Certificate REST Terminus" do > > # Now remove the cached crl > Puppet::SSL::Host.ca_location = :none > - Puppet::SSL::CertificateRevocationList.destroy("ca") > + > Puppet::SSL::CertificateRevocationList.destroy(Puppet::SSL::CA_NAME) > > # This is necessary so that we create the SSL store before we start > # using REST. This is necessary to prevent an infinite loop, > diff --git a/spec/integration/ssl/host.rb b/spec/integration/ssl/host.rb > index 5b01e9f..d5e1396 100755 > --- a/spec/integration/ssl/host.rb > +++ b/spec/integration/ssl/host.rb > @@ -33,7 +33,7 @@ describe Puppet::SSL::Host do > } > > it "should be considered a CA host if its name is equal to 'ca'" do > - Puppet::SSL::Host.new("ca").should be_ca > + Puppet::SSL::Host.new(Puppet::SSL::CA_NAME).should be_ca > end > > describe "when managing its key" do > diff --git a/spec/unit/ssl/host.rb b/spec/unit/ssl/host.rb > index 38a1f3e..51223e6 100755 > --- a/spec/unit/ssl/host.rb > +++ b/spec/unit/ssl/host.rb > @@ -415,7 +415,7 @@ describe Puppet::SSL::Host do > end > > it "should find the CA certificate if it does not have a > certificate" do > - Puppet::SSL::Certificate.expects(:find).with("ca").returns > mock("cacert") > + > Puppet::SSL::Certificate.expects(:find).with(Puppet::SSL::CA_NAME).returns > mock("cacert") > Puppet::SSL::Certificate.stubs(:find).with("myname").returns > @cert > > @host.certificate > @@ -424,13 +424,13 @@ describe Puppet::SSL::Host do > it "should not find the CA certificate if it is the CA host" do > @host.expects(:ca?).returns true > Puppet::SSL::Certificate.stubs(:find) > - Puppet::SSL::Certificate.expects(:find).with("ca").never > + > Puppet::SSL::Certificate.expects(:find).with(Puppet::SSL::CA_NAME).never > > @host.certificate > end > > it "should return nil if it cannot find a CA certificate" do > - Puppet::SSL::Certificate.expects(:find).with("ca").returns nil > + > Puppet::SSL::Certificate.expects(:find).with(Puppet::SSL::CA_NAME).returns > nil > Puppet::SSL::Certificate.expects(:find).with("myname").never > > @host.certificate.should be_nil > @@ -453,7 +453,7 @@ describe Puppet::SSL::Host do > end > > it "should find the certificate in the Certificate class and return > the Puppet certificate instance" do > - Puppet::SSL::Certificate.expects(:find).with("ca").returns > mock("cacert") > + > Puppet::SSL::Certificate.expects(:find).with(Puppet::SSL::CA_NAME).returns > mock("cacert") > Puppet::SSL::Certificate.expects(:find).with("myname").returns > @cert > > @host.certificate.should equal(@cert) > @@ -468,7 +468,7 @@ describe Puppet::SSL::Host do > end > > it "should return any previously found certificate" do > - Puppet::SSL::Certificate.expects(:find).with("ca").returns > mock("cacert") > + > Puppet::SSL::Certificate.expects(:find).with(Puppet::SSL::CA_NAME).returns > mock("cacert") > > Puppet::SSL::Certificate.expects(:find).with("myname").returns(@cert).once > > @host.certificate.should equal(@cert) > -- > 1.6.1 > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en -~----------~----~----~----~------~----~------~--~---
