2 require 'puppet_x/certregen/crl'
4 RSpec.describe PuppetX::Certregen::CRL do
5 include_context "Initialize CA"
12 let(:stub_time) { normalize_time(Time.now + 60 * 60 * 24 * 365) }
13 let(:oldcrl) { @oldcrl }
16 @oldcrl = Puppet::SSL::CertificateRevocationList.indirection.find("ca")
17 allow(Time).to receive(:now).and_return stub_time
18 described_class.refresh(Puppet::SSL::CertificateAuthority.new)
21 subject { Puppet::SSL::CertificateRevocationList.indirection.find('ca') }
23 it 'updates the lastUpdate field' do
24 last_update = normalize_time(subject.content.last_update.utc)
25 expect(last_update).to eq normalize_time(stub_time - 1)
28 it 'updates the nextUpdate field' do
29 next_update = normalize_time(subject.content.next_update.utc)
30 expect(next_update).to eq normalize_time(stub_time + described_class::FIVE_YEARS)
34 crl.content.extensions.find { |ext| ext.oid == 'crlNumber' }.value
37 it "increments the CRL number" do
38 newcrl = Puppet::SSL::CertificateRevocationList.from_instance(
39 OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl])), 'ca')
41 old_crl_number = crl_number(oldcrl).to_i
42 new_crl_number = crl_number(newcrl).to_i
43 expect(new_crl_number).to eq old_crl_number + 1
46 it 'copies the cacrl to the hostcrl' do
47 cacrl = Puppet::SSL::CertificateRevocationList.from_instance(
48 OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl])), 'ca')
49 hostcrl = Puppet::SSL::CertificateRevocationList.from_instance(
50 OpenSSL::X509::CRL.new(File.read(Puppet[:hostcrl])), 'ca')
51 expect(crl_number(cacrl)).to eq crl_number(hostcrl)