Skip to content

Commit

Permalink
no message
Browse files Browse the repository at this point in the history
  • Loading branch information
David Swan committed Jan 10, 2018
1 parent 84d2113 commit c4c4280
Show file tree
Hide file tree
Showing 12 changed files with 394 additions and 266 deletions.
241 changes: 130 additions & 111 deletions spec/acceptance/chain_key_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -1,129 +1,148 @@
require 'spec_helper_acceptance'

hostname = default.node_name

describe 'managing combined java chain keys', unless: UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
include_context 'common variables'

target = "#{@target_dir}chain_combined_key.ks"
it 'creates a private key with chain certs' do
pp = <<-EOS
java_ks { 'broker.example.com:#{target}':
ensure => latest,
certificate => "#{@temp_dir}leafchain.pem",
private_key => "#{@temp_dir}leafkey.pem",
password => 'puppet',
path => #{@resource_path},
}
EOS

apply_manifest(pp, catch_failures: true)
end
describe 'managing combined java chain keys' do
# rubocop:disable RSpec/InstanceVariable : Instance variables are inherited and thus cannot be contained within lets
describe 'managing combined java chain keys', unless: UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
include_context 'common variables'
target = "#{@target_dir}chain_combined_key.ks"

it 'creates a private key with chain certs' do # rubocop:disable RSpec/ExampleLength : Variable assignments must be within 'it do'
pp = <<-MANIFEST
java_ks { 'broker.example.com:#{target}':
ensure => latest,
certificate => "#{@temp_dir}leafchain.pem",
private_key => "#{@temp_dir}leafkey.pem",
password => 'puppet',
path => #{@resource_path},
}
MANIFEST

apply_manifest(pp, catch_failures: true)
end

it 'verifies the private key' do
shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass puppet") do |r|
expect(r.exit_code).to be_zero
expect(r.stdout).to match(%r{Alias name: broker\.example\.com})
expect(r.stdout).to match(%r{Entry type: (keyEntry|PrivateKeyEntry)})
expect(r.stdout).to match(%r{Certificate chain length: 3})
expect(r.stdout).to match(%r{^Serial number: 5$.*^Serial number: 4$.*^Serial number: 3$}m)
expectations = [
%r{Alias name: broker\.example\.com},
%r{Entry type: (keyEntry|PrivateKeyEntry)},
%r{Certificate chain length: 3},
%r{^Serial number: 5$.*^Serial number: 4$.*^Serial number: 3$}m,
]
it 'verifies the private key #zero' do
shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass puppet") do |r|
expect(r.exit_code).to be_zero
end
end
it 'verifies the private key #expected' do
shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass puppet") do |r|
expectations.each do |expect|
expect(r.stdout).to match(expect)
end
end
end
end
end

describe 'managing separate java chain keys', unless: UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
include_context 'common variables'

target = "#{@target_dir}chain_key.ks"
it 'creates a private key with chain certs' do
pp = <<-EOS
java_ks { 'broker.example.com:#{target}':
ensure => latest,
certificate => "#{@temp_dir}leaf.pem",
chain => "#{@temp_dir}chain.pem",
private_key => "#{@temp_dir}leafkey.pem",
password => 'puppet',
path => #{@resource_path},
}
EOS

apply_manifest(pp, catch_failures: true)
end
describe 'managing separate java chain keys', unless: UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
include_context 'common variables'
let(:target) { "#{@target_dir}chain_key.ks" }

it 'creates a private key with chain certs' do # rubocop:disable RSpec/ExampleLength : Variable assignments must be within 'it do'
pp = <<-MANIFEST
java_ks { 'broker.example.com:#{target}':
ensure => latest,
certificate => "#{@temp_dir}leaf.pem",
chain => "#{@temp_dir}chain.pem",
private_key => "#{@temp_dir}leafkey.pem",
password => 'puppet',
path => #{@resource_path},
}
MANIFEST

apply_manifest(pp, catch_failures: true)
end

it 'verifies the private key' do
shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass puppet") do |r|
expect(r.exit_code).to be_zero
expect(r.stdout).to match(%r{Alias name: broker\.example\.com})
expect(r.stdout).to match(%r{Entry type: (keyEntry|PrivateKeyEntry)})
expect(r.stdout).to match(%r{Certificate chain length: 3})
expect(r.stdout).to match(%r{^Serial number: 5$.*^Serial number: 4$.*^Serial number: 3$}m)
expectations = [
%r{Alias name: broker\.example\.com},
%r{Entry type: (keyEntry|PrivateKeyEntry)},
%r{Certificate chain length: 3},
%r{^Serial number: 5$.*^Serial number: 4$.*^Serial number: 3$}m,
]
it 'verifies the private key #zero' do
shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass puppet") do |r|
expect(r.exit_code).to be_zero
end
end
it 'verifies the private key #expected' do
shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass puppet") do |r|
expectations.each do |expect|
expect(r.stdout).to match(expect)
end
end
end
end
end

describe 'managing non existent java chain keys in noop', unless: UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
include_context 'common variables'

target = "#{@target_dir}noop_chain_key.ks"
it 'does not create a new keystore in noop' do
pp = <<-EOS
$filenames = ["#{@temp_dir}noop_ca.pem",
"#{@temp_dir}noop_chain.pem",
"#{@temp_dir}noop_privkey.pem"]
file { $filenames:
ensure => file,
content => 'content',
} ->
java_ks { 'broker.example.com:#{target}':
ensure => latest,
certificate => "#{@temp_dir}noop_ca.pem",
chain => "#{@temp_dir}noop_chain.pem",
private_key => "#{@temp_dir}noop_privkey.pem",
password => 'puppet',
path => #{@resource_path},
}
EOS

# in noop mode, when the dependent certificate files are not present in the system,
# java_ks will not invoke openssl to validate their status, thus noop will succeed
apply_manifest(pp, catch_failures: true, noop: true)
end
describe 'managing non existent java chain keys in noop', unless: UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
include_context 'common variables'
target = "#{@target_dir}noop_chain_key.ks"

it 'does not create a new keystore in noop' do # rubocop:disable RSpec/ExampleLength : Variable assignments must be within 'it do'
pp = <<-MANIFEST
$filenames = ["#{@temp_dir}noop_ca.pem",
"#{@temp_dir}noop_chain.pem",
"#{@temp_dir}noop_privkey.pem"]
file { $filenames:
ensure => file,
content => 'content',
} ->
java_ks { 'broker.example.com:#{target}':
ensure => latest,
certificate => "#{@temp_dir}noop_ca.pem",
chain => "#{@temp_dir}noop_chain.pem",
private_key => "#{@temp_dir}noop_privkey.pem",
password => 'puppet',
path => #{@resource_path},
}
MANIFEST

# in noop mode, when the dependent certificate files are not present in the system,
# java_ks will not invoke openssl to validate their status, thus noop will succeed
apply_manifest(pp, catch_failures: true, noop: true)
end

# verifies the dependent files are missing
["#{@temp_dir}noop_ca.pem", "#{@temp_dir}noop_chain.pem", "#{@temp_dir}noop_privkey.pem"].each do |filename|
describe file(filename.to_s) do
it { is_expected.not_to be_file }
# verifies the dependent files are missing
["#{@temp_dir}noop_ca.pem", "#{@temp_dir}noop_chain.pem", "#{@temp_dir}noop_privkey.pem"].each do |filename|
describe file(filename.to_s) do
it { is_expected.not_to be_file }
end
end
end

# verifies the keystore is not created
describe file(target.to_s) do
it { is_expected.not_to be_file }
# verifies the keystore is not created
describe file(target.to_s) do
it { is_expected.not_to be_file }
end
end
end

describe 'managing existing java chain keys in noop', unless: UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
include_context 'common variables'

target = "#{@target_dir}noop2_chain_key.ks"
it 'does not create a new keystore in noop' do
pp = <<-EOS
java_ks { 'broker.example.com:#{target}':
ensure => latest,
certificate => "#{@temp_dir}leaf.pem",
chain => "#{@temp_dir}chain.pem",
private_key => "#{@temp_dir}leafkey.pem",
password => 'puppet',
path => #{@resource_path},
}
EOS

apply_manifest(pp, catch_failures: true, noop: true)
end
describe 'managing existing java chain keys in noop', unless: UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
include_context 'common variables'
target = "#{@target_dir}noop2_chain_key.ks"

it 'does not create a new keystore in noop' do # rubocop:disable RSpec/ExampleLength : Variable assignments must be within 'it do'
pp = <<-MANIFEST
java_ks { 'broker.example.com:#{target}':
ensure => latest,
certificate => "#{@temp_dir}leaf.pem",
chain => "#{@temp_dir}chain.pem",
private_key => "#{@temp_dir}leafkey.pem",
password => 'puppet',
path => #{@resource_path},
}
MANIFEST

apply_manifest(pp, catch_failures: true, noop: true)
end

# in noop mode, when the dependent certificate files are present in the system,
# java_ks will invoke openssl to validate their status, but will not create the keystore
describe file(target.to_s) do
it { is_expected.not_to be_file }
# in noop mode, when the dependent certificate files are present in the system,
# java_ks will invoke openssl to validate their status, but will not create the keystore
describe file(target.to_s) do
it { is_expected.not_to be_file }
end
end
end
14 changes: 10 additions & 4 deletions spec/acceptance/destkeypass_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
require 'spec_helper_acceptance'

describe 'password protected java private keys', unless: UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
# rubocop:disable RSpec/InstanceVariable : Instance variables are inherited and thus cannot be contained within lets
include_context 'common variables'
target = "#{@target_dir}destkeypass.ks"

it 'creates a password protected private key' do
pp = <<-EOS
it 'creates a password protected private key' do # rubocop:disable RSpec/ExampleLength : Variable assignments must be within 'it do'
pp = <<-MANIFEST
java_ks { 'broker.example.com:#{target}':
ensure => latest,
certificate => "#{@temp_dir}ca.pem",
Expand All @@ -14,15 +15,20 @@
destkeypass => 'testkeypass',
path => #{@resource_path},
}
EOS
MANIFEST

apply_manifest(pp, catch_failures: true)
end

it 'can make a cert req with the right password' do
it 'can make a cert req with the right password #zero' do
shell("\"#{@keytool_path}keytool\" -certreq -alias broker.example.com -v "\
"-keystore #{target} -storepass testpass -keypass testkeypass") do |r|
expect(r.exit_code).to be_zero
end
end
it 'can make a cert req with the right password #regex' do
shell("\"#{@keytool_path}keytool\" -certreq -alias broker.example.com -v "\
"-keystore #{target} -storepass testpass -keypass testkeypass") do |r|
expect(r.stdout).to match(%r{-BEGIN NEW CERTIFICATE REQUEST-})
end
end
Expand Down
49 changes: 33 additions & 16 deletions spec/acceptance/keystore_failed_password_spec.rb
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
require 'spec_helper_acceptance'

describe 'managing java keystores without a correct password', unless: UNSUPPORTED_PLATFORMS.include?(fact('operatingsystem')) do
# rubocop:disable RSpec/InstanceVariable : Instance variables are inherited and thus cannot be contained within lets
include_context 'common variables'
target = "#{@target_dir}keystore_failed_password.ts"

it 'creates a keystore' do
pp = <<-EOS
it 'creates a keystore' do # rubocop:disable RSpec/ExampleLength : Variable assignments must be within 'it do'
pp_one = <<-MANIFEST
java_ks { 'puppetca:keystore':
ensure => #{@ensure_ks},
certificate => "#{@temp_dir}ca.pem",
Expand All @@ -14,21 +15,32 @@
trustcacerts => true,
path => #{@resource_path},
}
EOS
apply_manifest(pp, catch_failures: true)
MANIFEST

apply_manifest(pp_one, catch_failures: true)
end

it 'verifies the keystore' do
expectations = [
%r{Your keystore contains 1 entry},
%r{Alias name: puppetca},
%r{CN=Test CA},
]
it 'verifies the keystore #zero' do
shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass coraline") do |r|
expect(r.exit_code).to be_zero
expect(r.stdout).to match(%r{Your keystore contains 1 entry})
expect(r.stdout).to match(%r{Alias name: puppetca})
expect(r.stdout).to match(%r{CN=Test CA})
end
end
it 'verifies the keytore #expected' do
shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass coraline") do |r|
expectations.each do |expect|
expect(r.stdout).to match(expect)
end
end
end

it 'recreates a keystore if password fails' do # rubocop:disable RSpec/ExampleLength : Variable assignments must be within 'it do'
pp_two = <<-MANIFEST
it 'recreates a keystore if password fails' do
pp = <<-EOS
java_ks { 'puppetca:keystore':
ensure => #{@ensure_ks},
certificate => "#{@temp_dir}ca.pem",
Expand All @@ -38,16 +50,21 @@
trustcacerts => true,
path => #{@resource_path},
}
EOS
apply_manifest(pp, catch_failures: true)
MANIFEST

apply_manifest(pp_two, catch_failures: true)
end

it 'verifies the keystore' do
it 'verifies the keystore again #zero' do
shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass bobinsky") do |r|
expect(r.exit_code).to be_zero
expect(r.stdout).to match(%r{Your keystore contains 1 entry})
expect(r.stdout).to match(%r{Alias name: puppetca})
expect(r.stdout).to match(%r{CN=Test CA})
end
end
it 'verifies the keytore again #expected' do
shell("\"#{@keytool_path}keytool\" -list -v -keystore #{target} -storepass bobinsky") do |r|
expectations.each do |expect|
expect(r.stdout).to match(expect)
end
end
end
end

0 comments on commit c4c4280

Please sign in to comment.