Modify the check of the hostname in SSL certificate
This patch modifies the check of the hostname within the SSL certificate to support certificate with wildcard. Change-Id: Ib4670f87cd2cc907bfd708692e93dd7cc3181f90 Closes-Bug: #1608665
This commit is contained in:
parent
3d431ed32c
commit
d1a7b16528
@ -15,7 +15,7 @@
|
|||||||
# Otherwise it returns the number of seconds before the certificate expires
|
# Otherwise it returns the number of seconds before the certificate expires
|
||||||
#
|
#
|
||||||
# Parameter:
|
# Parameter:
|
||||||
# - the file path of the SSL certificate
|
# - the path to the SSL certificate
|
||||||
# - the expected CN
|
# - the expected CN
|
||||||
|
|
||||||
module Puppet::Parser::Functions
|
module Puppet::Parser::Functions
|
||||||
@ -39,8 +39,12 @@ module Puppet::Parser::Functions
|
|||||||
certend = Time.parse(dates.gsub(/.*notAfter=(.+? GMT).*/, '\1'))
|
certend = Time.parse(dates.gsub(/.*notAfter=(.+? GMT).*/, '\1'))
|
||||||
now = Time.now.utc
|
now = Time.now.utc
|
||||||
|
|
||||||
|
if (cn_found.start_with? "*." and not args[1].end_with? cn_found[1..-1]) or
|
||||||
|
(not cn_found.start_with? "*." and cn_found != args[1])
|
||||||
|
raise "Found #{cn_found} as CN whereas '#{args[1]}' was expected"
|
||||||
|
end
|
||||||
|
|
||||||
raise "The certificate file doesn't contain the private key" unless pk == 'RSA key ok'
|
raise "The certificate file doesn't contain the private key" unless pk == 'RSA key ok'
|
||||||
raise "Found #{cn_found} as CN whereas '#{args[1]}' was expected" unless cn_found == args[1]
|
|
||||||
raise "Dates not found in the certificate" unless dates.match(/not(Before|After)=/)
|
raise "Dates not found in the certificate" unless dates.match(/not(Before|After)=/)
|
||||||
|
|
||||||
if (now > certend)
|
if (now > certend)
|
||||||
|
@ -0,0 +1,280 @@
|
|||||||
|
# Copyright 2016 Mirantis, Inc.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||||
|
# not use this file except in compliance with the License. You may obtain
|
||||||
|
# a copy of the License at
|
||||||
|
#
|
||||||
|
# http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
#
|
||||||
|
# Unless required by applicable law or agreed to in writing, software
|
||||||
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||||
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||||
|
# License for the specific language governing permissions and limitations
|
||||||
|
# under the License.
|
||||||
|
|
||||||
|
require 'spec_helper'
|
||||||
|
require 'tempfile'
|
||||||
|
|
||||||
|
describe 'validate_ssl_certificate' do
|
||||||
|
|
||||||
|
# This certificate was generated manually by using the openssl
|
||||||
|
# command:
|
||||||
|
# openssl x509 -req -days -1 [...]
|
||||||
|
# Here are the tested parameters of the certificate:
|
||||||
|
# Validity
|
||||||
|
# Not Before: Aug 11 15:46:49 2016 GMT
|
||||||
|
# Not After : Aug 10 15:46:49 2016 GMT
|
||||||
|
# Subject: [...] CN=mirantis.com/emailAddress=example.com
|
||||||
|
wrong_dates_cert = Tempfile.new('wrong_dates_cert')
|
||||||
|
wrong_dates_cert_path = wrong_dates_cert.path
|
||||||
|
wrong_dates_cert.write('-----BEGIN CERTIFICATE-----
|
||||||
|
MIICjTCCAfYCCQCaalFPmFXKrDANBgkqhkiG9w0BAQsFADCBijELMAkGA1UEBhMC
|
||||||
|
RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G
|
||||||
|
A1UECgwITWlyYW50aXMxDDAKBgNVBAsMA0RldjEVMBMGA1UEAwwMbWlyYW50aXMu
|
||||||
|
Y29tMRowGAYJKoZIhvcNAQkBFgtleGFtcGxlLmNvbTAeFw0xNjA4MTExNTQ2NDla
|
||||||
|
Fw0xNjA4MTAxNTQ2NDlaMIGKMQswCQYDVQQGEwJGUjEUMBIGA1UECAwLUmhvbmUt
|
||||||
|
QWxwZXMxETAPBgNVBAcMCEdyZW5vYmxlMREwDwYDVQQKDAhNaXJhbnRpczEMMAoG
|
||||||
|
A1UECwwDRGV2MRUwEwYDVQQDDAxtaXJhbnRpcy5jb20xGjAYBgkqhkiG9w0BCQEW
|
||||||
|
C2V4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPJTMOMDLf
|
||||||
|
o+TVj9jOd97O+SX2F8i/dY5YfnnqTw/J3P7ghKfpVot2TsZe9V5PvWeQMcXumaJb
|
||||||
|
4xSUG5A0WrLKUZLgSDpLSxcUq4+r95LyLISEzfngPXtRgWX+V+jopm2Zl9CaBFiS
|
||||||
|
z3h/jQKOeGibE7W/ZJaVNb0M9adfrqxQzwIDAQABMA0GCSqGSIb3DQEBCwUAA4GB
|
||||||
|
AFgXgERO2kAMFiZGpONCfd2O1R9+TKY2g6SOIn+KuJgHg85b53GmbIVzF5H6CuFh
|
||||||
|
2Tr11CdZALPVxRVe+lTgWhQdSRcv0cDQ4CJ37uAluAOaMSXaDPZnzadhfchGPSKN
|
||||||
|
VcllH9ERfoFfuDMfyVRhCte0SFs/Vl/U3ZlvAND4KIUN
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIICXwIBAAKBgQDPJTMOMDLfo+TVj9jOd97O+SX2F8i/dY5YfnnqTw/J3P7ghKfp
|
||||||
|
Vot2TsZe9V5PvWeQMcXumaJb4xSUG5A0WrLKUZLgSDpLSxcUq4+r95LyLISEzfng
|
||||||
|
PXtRgWX+V+jopm2Zl9CaBFiSz3h/jQKOeGibE7W/ZJaVNb0M9adfrqxQzwIDAQAB
|
||||||
|
AoGBAIr1bXaLJtWX4J7TTKHVEAbQZILeGbE2bzM2RRrFxtWoBuMemnWRtSS8W57A
|
||||||
|
A3CCosK8YQda0OvLPbbNdsNoRJ73QhF84jhKI7o1gZi3dsG7HqXgabB45NQv81TY
|
||||||
|
yb7WZ/F3+hzVRoKxPuTlQdcvBZdloNv/MNJDQi0p/MMcc3XhAkEA70A4q4P+veWw
|
||||||
|
BLKRLGDhYUl/7GHhTiIxPkbDpBkYmA+/KPRbTdN/711zeDOKJI0BHBKpMh3qHYD4
|
||||||
|
m87wQA0GQwJBAN2ll6nTu6a4e8X7jq/+a7bNK1Fxgz2T4ojQVdwjVthEU4ETsq+y
|
||||||
|
+2YSHS0z2C9DDKkedC3gzCUuryuliU1esIUCQQCywpJVHLeOnXpp2B3+QZjEfw1U
|
||||||
|
ykF0hrmyZV8yUgn9O+7Bo+pAeSGi8HkhO6kg7DYDCrJentlZGA8pI3KA+PpPAkEA
|
||||||
|
p9sgYJzZIAnWsrkv9ljXejkm9SbiHWBBzxr36x9YRbB5DOe+CxGhEkvljLYWorRE
|
||||||
|
gk9t7NCxyfbw8j0LHmz3gQJBAJRfhxYNzafeFeChqvjBVK5NORMtue6stdAROOy2
|
||||||
|
DFsBCPEBIAZU8quDCGOeXjabUPfiTRpcORNVfbfF3UXhVY0=
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
')
|
||||||
|
wrong_dates_cert.close
|
||||||
|
|
||||||
|
# The certificate has been generated by using the script
|
||||||
|
# https://github.com/openstack/stacklight-integration-tests/blob/master/fixtures/https/create_certificate.sh
|
||||||
|
# Here are the tested parameters of the certificate:
|
||||||
|
# Validity
|
||||||
|
# Not Before: Aug 11 15:35:59 2016 GMT
|
||||||
|
# Not After : Dec 24 15:35:59 2017 GMT
|
||||||
|
# Subject: [...] CN=site1.fuel.local
|
||||||
|
site1_cert = Tempfile.new('site1_cert')
|
||||||
|
site1_cert_path = site1_cert.path
|
||||||
|
site1_cert.write('-----BEGIN CERTIFICATE-----
|
||||||
|
MIIEnzCCAocCCQC8qoNz2UdHQzANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMC
|
||||||
|
RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G
|
||||||
|
A1UECgwITWlyYW50aXMxEzARBgNVBAsMClN0YWNrTGlnaHQxIjAgBgNVBAMMGVN0
|
||||||
|
YWNrTGlnaHQgUm9vdCBBdXRob3JpdHkxIzAhBgkqhkiG9w0BCQEWFG1pcmFudGlz
|
||||||
|
QGV4YW1wbGUuY29tMB4XDTE2MDgxMTE1MzU1OVoXDTE3MTIyNDE1MzU1OVowezEL
|
||||||
|
MAkGA1UEBhMCRlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVu
|
||||||
|
b2JsZTERMA8GA1UECgwITWlyYW50aXMxFTATBgNVBAsMDEZ1ZWwgcGx1Z2luczEZ
|
||||||
|
MBcGA1UEAwwQc2l0ZTEuZnVlbC5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||||
|
ADCCAQoCggEBANxUXnsMs+duQcxhFg1JtNc1/cvxixqwQBakoFg86EFkvBGaotC5
|
||||||
|
RC1nNOX1z9C5ei+gM8OFcjLIsZY2gO3TFC8sZ4kcjEtMwQUcxt0BtZkl4LQamPzw
|
||||||
|
zYH0Ludaybmr5sz3By2nkXX5lM8juR9/K3WSKgBEi93cpxRZQSdyqoz1CK84wYUC
|
||||||
|
5EN/MEiS9ibZ6kAPTK3IWdjbmDwhhUqAboEen549teZhsM+RVv9j5qM78bUUJbP2
|
||||||
|
z0Sq/QW9QXtwYFTgsWU6H1rXK+jGMAwoKCPY4UYbJojj80wyMTfoi6FiUND4yZDm
|
||||||
|
yUNkYkQaVxj3seFlx1BsqSGAieSlp1dffnkCAwEAATANBgkqhkiG9w0BAQsFAAOC
|
||||||
|
AgEAIlwh/bkRiXut2OB2FIgVB2BsD59XsN5ch+iVQ01Cvnn+/ODnSQtA3Zjk8RhE
|
||||||
|
0jk0mZ6dGDQ7a0seHpVAZFPRi49b5wHvSLrgpm6Gi28rCqhGLFVYFkM+9bfszPNJ
|
||||||
|
eUl2CP064WuZ1I8CfKtzSORZ8kcIdyvn2ZVp74ijOd5Xe3KLURJ/iMROmzOlwwwS
|
||||||
|
vDFbxMrADuFhEFkjopfRFjGKlelz/T+p7LWvoWturYKkwuvBuriQyUw4Z+RNKvCw
|
||||||
|
dPYFffafAb/A0OM7rEArAhLCiVJxHxGm34btyy+IFr/d4IEG6bA3ZAA+OWNVnzbN
|
||||||
|
MfP5UBP2MdYsth0NK8IJMjP7Fs2sP9t5c6sp5O4Znsuv0AWwJ0v8SysLCdX/Ibqx
|
||||||
|
zx54IO0woM46wLWdmA9+O5/IFY8LHSQC8u2RLpWbuCAVpu4xgMMy90+ZCKERt5px
|
||||||
|
u5PvFJYS8atq0wUJ37aPExz6+g5PbRN2CcyIj1nQuHWbR1e9O9WRcdXPPsiReciy
|
||||||
|
d4GRM4bAa5nck9Y50eCKHvqSgdUpiqM1YIOXHh7ZfnSrVTOa3Na6SMsu301cTTdF
|
||||||
|
GKX4TEjnTTt8xi9sFCq5+Qecga36qBjTg1+23dV2jG6YzK+AIjNk9L6QlUZW3oEN
|
||||||
|
IWBlYQ/txckYzLtSWrAqbgxSkxWa4cZU/LnOdvK1G9n0hQc=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEpQIBAAKCAQEA3FReewyz525BzGEWDUm01zX9y/GLGrBAFqSgWDzoQWS8EZqi
|
||||||
|
0LlELWc05fXP0Ll6L6Azw4VyMsixljaA7dMULyxniRyMS0zBBRzG3QG1mSXgtBqY
|
||||||
|
/PDNgfQu51rJuavmzPcHLaeRdfmUzyO5H38rdZIqAESL3dynFFlBJ3KqjPUIrzjB
|
||||||
|
hQLkQ38wSJL2JtnqQA9MrchZ2NuYPCGFSoBugR6fnj215mGwz5FW/2PmozvxtRQl
|
||||||
|
s/bPRKr9Bb1Be3BgVOCxZTofWtcr6MYwDCgoI9jhRhsmiOPzTDIxN+iLoWJQ0PjJ
|
||||||
|
kObJQ2RiRBpXGPex4WXHUGypIYCJ5KWnV19+eQIDAQABAoIBACof71hzW0oaKHZc
|
||||||
|
8Yxk1TB4YCfH7KKTpA0wOH/mVTl7ewGaoRpq8YAExXZaAvuTGqtUY9E0CFtxR5LC
|
||||||
|
pO/TdX53bOwoCyKycAz8LYE/vGqldUq58xoZKBF6kCUnlH3tQdlaOYMfEI6Pw0W/
|
||||||
|
PLuq4rI92c3nTR6D+2XGktBp+fWs4KPkSHtxPmgQH8kiSwT1ZfBUaGFXD0nlSvv4
|
||||||
|
zizN6/Z2tslrVc2F/ESpCouREy2J2STj1NVivnRLScreFNf9eLJQxjKlMzJCEr4v
|
||||||
|
ZInP3BvOR4zC92wStCu3R7RxYh8nvgIM9Xt/WxcWwSAH+HUPYO6tcyaOUGKs2wTW
|
||||||
|
H2H3QIkCgYEA+p/LWPwkKItvEJJnBjMR2z987+CqgJ76jpQRUcyIrjq17PjWxdI3
|
||||||
|
3s1vu8vEB5G9iMFWS14DTbKaoi7enOR+jDA+TMgjbsxRgC2vN15E83CAIMrvJecX
|
||||||
|
GcyFRkQtaA64PMgiFe6YA4OWAm7+5EIyWnyKxa635LzEp5OJqB7WGNsCgYEA4Q45
|
||||||
|
OFK7zKZmWHvmoeFilIDz7SF3kYjk5tD4ap9uhWKXAnzS3rxa+0QDyxRU/0FIAkBB
|
||||||
|
jnicWdTg3xsxhE6nSFFjk+caFZ6OEWPYw8d/9C+49DtgOGMoAfGHLFY6Fd+HR+70
|
||||||
|
DNOHehBZIxh3VkvX+X36T2RNNCvpFWaJ3sZQjDsCgYEAhRS09dttl9nyb+pNqo0T
|
||||||
|
vkhIH1g9MW85vNwDFlx1d47Va6/227R01mpgGmho/1v0ONnw6LRTLL7aPaSFsOnk
|
||||||
|
CKzVaBAeQIdd/6JCmDQGiP4EC2W293luWtSvMFCji83FJwFemCbJsZP94+zsjGha
|
||||||
|
NJJNXgsYuu1Bv3oobo1xQmECgYEAuYpOZj7fERNGYUCUnXUBHslJUIA84UDo5dn2
|
||||||
|
U4DpTxI+yRA7kOHcaDZkojI6+M3LHf/3jAunau/0DDuRETD+/MIMxEzM1nIHUhLt
|
||||||
|
DEsXFCub4c5pv1MQEroa5NSZwpqsHwPDNCfYEywTMLnk+MJCZjAUAwwAEjj5Smlk
|
||||||
|
1MLOeS0CgYEAi4Oa173JPr+x2rEx9kFzS7mFG5LhKjDO90Pi4meBK6LmFZTFAZ43
|
||||||
|
RwKTtqxWLTa95akrbtExe4wH87YYps86PHWESZmAMrvpop5kowlGRE34Jm5OFm7k
|
||||||
|
C+NI7IhZ5VywJ189A51QVoAa0HmpAEXP9vk2Ez4UTFVI9sBtrrqMpgs=
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
')
|
||||||
|
site1_cert.close
|
||||||
|
|
||||||
|
# The certificate has been generated by using the script
|
||||||
|
# https://github.com/openstack/stacklight-integration-tests/blob/master/fixtures/https/create_certificate.sh
|
||||||
|
# Here are the tested parameters of the certificate:
|
||||||
|
# Validity
|
||||||
|
# Not Before: Aug 9 09:09:05 2016 GMT
|
||||||
|
# Not After : Dec 22 09:09:05 2017 GMT
|
||||||
|
# Subject: [...] CN=*.fuel.local
|
||||||
|
wildcard_cert = Tempfile.new('cert')
|
||||||
|
wildcard_cert_path = wildcard_cert.path
|
||||||
|
wildcard_cert.write('-----BEGIN CERTIFICATE-----
|
||||||
|
MIIEmzCCAoMCCQC8XTGfnWQssjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMC
|
||||||
|
RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G
|
||||||
|
A1UECgwITWlyYW50aXMxEzARBgNVBAsMClN0YWNrTGlnaHQxIjAgBgNVBAMMGVN0
|
||||||
|
YWNrTGlnaHQgUm9vdCBBdXRob3JpdHkxIzAhBgkqhkiG9w0BCQEWFG1pcmFudGlz
|
||||||
|
QGV4YW1wbGUuY29tMB4XDTE2MDgwOTA5MDkwNVoXDTE3MTIyMjA5MDkwNVowdzEL
|
||||||
|
MAkGA1UEBhMCRlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVu
|
||||||
|
b2JsZTERMA8GA1UECgwITWlyYW50aXMxFTATBgNVBAsMDEZ1ZWwgcGx1Z2luczEV
|
||||||
|
MBMGA1UEAwwMKi5mdWVsLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||||
|
CgKCAQEAwf3t6eG8KV/7SSVz/bRi0/gQkp73K+0oRpaLmtHPsohL6FXI+YRB3m30
|
||||||
|
sE0u6drf0rGC4QMNrb/y1z1jM2iFP6rTM97r6E2AzxScuF0MZQlF0XqUCYV7AvqT
|
||||||
|
4GoKAqBAMEXLEmnsKX6F8ZGMfIFnAC0W1AHOPu7PYCg6symo6wrNOoclPbjOZytC
|
||||||
|
pz9AB82SBeU2D+s8mUYjfurqd/Kh1xxR5kUiB4Uiud/1sEe+YFnWWjILCvpzH0up
|
||||||
|
/otY4jxB1nXbAM+bWp1SszDwjAon2DKkRoqfFUT0uI6NaljTnFdn4PPwSg3gcfwZ
|
||||||
|
QOiJLyhwdjCvmyoxTUbGzIaaiFiCJQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCJ
|
||||||
|
K0rUqVj2CeKwMof9SADYdFdGtI8qigiQgieDd+XU9YA9R52UEa2K7A7ABM3ts+1f
|
||||||
|
TRCtOOei+6TQ0KHCt1WV0XGc00eER44N9Kw8nu0OPXBpYTZ1mKhL8IyapGK4e/ur
|
||||||
|
nVJCZtDDWKikLhlHXwuQgvQ+3OveU+cQI5x1035XZbuGY2xFAcNx/wwaFMwpabw1
|
||||||
|
X4b325+B2KRHKkKjWJsPyE1q7iqLs3RsQDH031wWVS0hHkR2NL1anOToeDHMgcO8
|
||||||
|
sWTth0OLf3dVC9mjG7SxCm2mHV0fPCBUB4Xzago6GNJC+GPs5w0moTivNcpHWILJ
|
||||||
|
r+h6FmZhPrejzQXTFbzXirWMcD7LphSJ23hS1GmCyKQsRyTpOCn/NXmQbrBpns/V
|
||||||
|
3YJGeIlcGfnVzMMtxRqcDiPO49NBcNxcjAAvwzttYWuPRHMULOIviGNrqFSjHCFg
|
||||||
|
JQ2jZM2xKorRt8ItFD0rjy+T/SZF3B5AxB2y6FTCKnTmcwchoyJdThfb0FBU01pZ
|
||||||
|
ROtYaW0WaqgN48Buxn8Cqjhr8JxK2Vmbz6cwRiyIzi+exXGpdfU9ZxcksVmQFd1I
|
||||||
|
0NX4YTxEOA2hwGUowTVqPoAFH5hvk+nkULgvrkBVBXLWx1oCK9nDrz9ubUyUgdje
|
||||||
|
vaiOtmDJknNFKC1st2JQwZCVmYZura4GB2FBo/6YCA==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIEpQIBAAKCAQEAwf3t6eG8KV/7SSVz/bRi0/gQkp73K+0oRpaLmtHPsohL6FXI
|
||||||
|
+YRB3m30sE0u6drf0rGC4QMNrb/y1z1jM2iFP6rTM97r6E2AzxScuF0MZQlF0XqU
|
||||||
|
CYV7AvqT4GoKAqBAMEXLEmnsKX6F8ZGMfIFnAC0W1AHOPu7PYCg6symo6wrNOocl
|
||||||
|
PbjOZytCpz9AB82SBeU2D+s8mUYjfurqd/Kh1xxR5kUiB4Uiud/1sEe+YFnWWjIL
|
||||||
|
CvpzH0up/otY4jxB1nXbAM+bWp1SszDwjAon2DKkRoqfFUT0uI6NaljTnFdn4PPw
|
||||||
|
Sg3gcfwZQOiJLyhwdjCvmyoxTUbGzIaaiFiCJQIDAQABAoIBAG7pngMgmxIU3Hkf
|
||||||
|
vseJQQ/sPp114d/tgh+Jp1vnJZbvsmat1XBDm91uhH3gQzhVea7e6vN3aXSz0EYb
|
||||||
|
xQH5emXCZ2q6w6pX1ZOQN2J5YMLLoG16ZfVjqcc0OSQPvJVvxgNThB2NDgdTXYWW
|
||||||
|
L/pnidph7TFdruvwYgSaO6V/5iIrVCX9lZc4oQF80VTDDDvvHe/jQFlshrNIuGBh
|
||||||
|
Va19AYUWEek+QiZ849ShG6Y2N/JoR65pu4AMrjLRCo0RMwAJtOTE9vU+QxXblElm
|
||||||
|
TeaYrsnvmCXVCBHraffEgyvBNFJ9CPpvfVtymcQ7uyF+iCZ9mDQhoOBajHeQE4Fe
|
||||||
|
O5B77AECgYEA+3/K7TLph7lzwkPdbBvpd8cD8LtqUcRP9XvvLF1ZIfMjZQjeUZGe
|
||||||
|
/oSTqICouF7SQiT2nIUPuiv8QYhL1K4AE7ZH3Umictf0RPaCA9LYbZhRcFgqzevF
|
||||||
|
whNp2zbXG7UnYwPS0cFnJe7k1WztaeHkzEC1I/pZCG4ertMkgqqvYaUCgYEAxXas
|
||||||
|
4/XjX+pqJ/u48cHrOPS+Qugq1ONsIcnM5q5fu9zCq9rfYNUCQqRM1R9uEDV6xmDd
|
||||||
|
vIitA1CWcHDrtojk33GQoqDMtq+t+Mh1Ni0lLJ19r3lDc2C0OsfqZd7sHxkDCjXL
|
||||||
|
KKcRdys7q8AFDwHMWQCvXfnbeHcc+jCaLbzJtoECgYEAkqp84gU90SviiRjgqOpC
|
||||||
|
JdrGvn3dS9/rLWLgIQQzNaxAKOyaEgGVMiKIpcyaGCMcBPzfYHnsqQp7qo/cgSQT
|
||||||
|
4Wr8z9zgQo8T4Z/MRISSOJ+KZrTUCZCEnGCL7A44Ne1YEdMp/68FA0ck5h4G+ieF
|
||||||
|
MWRO/rNBdrwZYqS5dwYpDw0CgYEAsypi5NQOYtEHURANVw5kp2Ep4PtXIaLYUjAQ
|
||||||
|
Qp6lLoe3+sa1N98OFfmN3TKPYxWjOKxbhN1eXkuYtJ1AwnajdDpOycCs/nWYnMsF
|
||||||
|
zwpXWIvtpnGYye9MmKkb/SKvi+fd4j29AD3WkxIfKk8oR92R1I/SjqpOgJdTK489
|
||||||
|
1ZIeVAECgYEAsG0giXYTbURl2TVPgYbBXkqdhxXlhTo2Bw2WpxDzFN3La4xlx7C0
|
||||||
|
TsjVnOcAWmCfhgJYX/3M6lV5uqWFr/wXODLmdp94/edigyFn/OTO5VJ1/UMniVCv
|
||||||
|
MewMZCz4qkB7640zuATjJQXUsX54VdCsaVoYWxHGaBjYoQuW2+XPi1w=
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
|
')
|
||||||
|
wildcard_cert.close
|
||||||
|
|
||||||
|
# It is the wildcard certificate but without the private key
|
||||||
|
noprivkey_cert = Tempfile.new('noprivkey_cert')
|
||||||
|
noprivkey_cert_path = noprivkey_cert.path
|
||||||
|
noprivkey_cert.write('-----BEGIN CERTIFICATE-----
|
||||||
|
MIIEmzCCAoMCCQC8XTGfnWQssjANBgkqhkiG9w0BAQsFADCBpzELMAkGA1UEBhMC
|
||||||
|
RlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVub2JsZTERMA8G
|
||||||
|
A1UECgwITWlyYW50aXMxEzARBgNVBAsMClN0YWNrTGlnaHQxIjAgBgNVBAMMGVN0
|
||||||
|
YWNrTGlnaHQgUm9vdCBBdXRob3JpdHkxIzAhBgkqhkiG9w0BCQEWFG1pcmFudGlz
|
||||||
|
QGV4YW1wbGUuY29tMB4XDTE2MDgwOTA5MDkwNVoXDTE3MTIyMjA5MDkwNVowdzEL
|
||||||
|
MAkGA1UEBhMCRlIxFDASBgNVBAgMC1Job25lLUFscGVzMREwDwYDVQQHDAhHcmVu
|
||||||
|
b2JsZTERMA8GA1UECgwITWlyYW50aXMxFTATBgNVBAsMDEZ1ZWwgcGx1Z2luczEV
|
||||||
|
MBMGA1UEAwwMKi5mdWVsLmxvY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||||
|
CgKCAQEAwf3t6eG8KV/7SSVz/bRi0/gQkp73K+0oRpaLmtHPsohL6FXI+YRB3m30
|
||||||
|
sE0u6drf0rGC4QMNrb/y1z1jM2iFP6rTM97r6E2AzxScuF0MZQlF0XqUCYV7AvqT
|
||||||
|
4GoKAqBAMEXLEmnsKX6F8ZGMfIFnAC0W1AHOPu7PYCg6symo6wrNOoclPbjOZytC
|
||||||
|
pz9AB82SBeU2D+s8mUYjfurqd/Kh1xxR5kUiB4Uiud/1sEe+YFnWWjILCvpzH0up
|
||||||
|
/otY4jxB1nXbAM+bWp1SszDwjAon2DKkRoqfFUT0uI6NaljTnFdn4PPwSg3gcfwZ
|
||||||
|
QOiJLyhwdjCvmyoxTUbGzIaaiFiCJQIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCJ
|
||||||
|
K0rUqVj2CeKwMof9SADYdFdGtI8qigiQgieDd+XU9YA9R52UEa2K7A7ABM3ts+1f
|
||||||
|
TRCtOOei+6TQ0KHCt1WV0XGc00eER44N9Kw8nu0OPXBpYTZ1mKhL8IyapGK4e/ur
|
||||||
|
nVJCZtDDWKikLhlHXwuQgvQ+3OveU+cQI5x1035XZbuGY2xFAcNx/wwaFMwpabw1
|
||||||
|
X4b325+B2KRHKkKjWJsPyE1q7iqLs3RsQDH031wWVS0hHkR2NL1anOToeDHMgcO8
|
||||||
|
sWTth0OLf3dVC9mjG7SxCm2mHV0fPCBUB4Xzago6GNJC+GPs5w0moTivNcpHWILJ
|
||||||
|
r+h6FmZhPrejzQXTFbzXirWMcD7LphSJ23hS1GmCyKQsRyTpOCn/NXmQbrBpns/V
|
||||||
|
3YJGeIlcGfnVzMMtxRqcDiPO49NBcNxcjAAvwzttYWuPRHMULOIviGNrqFSjHCFg
|
||||||
|
JQ2jZM2xKorRt8ItFD0rjy+T/SZF3B5AxB2y6FTCKnTmcwchoyJdThfb0FBU01pZ
|
||||||
|
ROtYaW0WaqgN48Buxn8Cqjhr8JxK2Vmbz6cwRiyIzi+exXGpdfU9ZxcksVmQFd1I
|
||||||
|
0NX4YTxEOA2hwGUowTVqPoAFH5hvk+nkULgvrkBVBXLWx1oCK9nDrz9ubUyUgdje
|
||||||
|
vaiOtmDJknNFKC1st2JQwZCVmYZura4GB2FBo/6YCA==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
')
|
||||||
|
noprivkey_cert.close
|
||||||
|
|
||||||
|
describe 'site1 with valid CN' do
|
||||||
|
it {
|
||||||
|
should run.with_params(site1_cert_path,
|
||||||
|
'site1.fuel.local')
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'site1 with an unvalid CN' do
|
||||||
|
it {
|
||||||
|
should run.with_params(site1_cert_path,
|
||||||
|
'site2.fuel.local').and_raise_error(/Found site1.fuel.local as CN whereas 'site2.fuel.local' was expected/)
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'wildcard with valid CN' do
|
||||||
|
it {
|
||||||
|
should run.with_params(wildcard_cert_path,
|
||||||
|
'site1.fuel.local')
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'wildcard with another valid CN' do
|
||||||
|
it {
|
||||||
|
should run.with_params(wildcard_cert_path,
|
||||||
|
'site2.fuel.local')
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'wildcard with a wrong CN' do
|
||||||
|
it {
|
||||||
|
should run.with_params(wildcard_cert_path,
|
||||||
|
'test1.wrong.cn').and_raise_error(/Found \*.fuel.local as CN whereas 'test1.wrong.cn' was expected/)
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
describe 'with no private key' do
|
||||||
|
it {
|
||||||
|
should run.with_params(noprivkey_cert_path,
|
||||||
|
'site1.fuel.local').and_raise_error(/private key/)
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
# The wrong_dates certificate is valid from the point of view of the puppet
|
||||||
|
# function that will simply emits a warning.
|
||||||
|
describe 'with a wrong date' do
|
||||||
|
it {
|
||||||
|
should run.with_params(wrong_dates_cert_path,
|
||||||
|
'mirantis.com')
|
||||||
|
}
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
Loading…
Reference in New Issue
Block a user