X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=3rdparty%2Fmodules%2Fcertregen%2Fspec%2Fintegration%2Fpuppet_x%2Fcrl_spec.rb;fp=3rdparty%2Fmodules%2Fcertregen%2Fspec%2Fintegration%2Fpuppet_x%2Fcrl_spec.rb;h=3d50cfcd35a54dfe52f6dd28d9df02f0d4884490;hb=8c20cc97eaf30a0aaf9abfba2f33d5b5f9f06ae2;hp=0000000000000000000000000000000000000000;hpb=1f80b78f88d98160faf661374fc8e760252d131b;p=mirror%2Fdsa-puppet.git

diff --git a/3rdparty/modules/certregen/spec/integration/puppet_x/crl_spec.rb b/3rdparty/modules/certregen/spec/integration/puppet_x/crl_spec.rb
new file mode 100644
index 000000000..3d50cfcd3
--- /dev/null
+++ b/3rdparty/modules/certregen/spec/integration/puppet_x/crl_spec.rb
@@ -0,0 +1,54 @@
+require 'spec_helper'
+require 'puppet_x/certregen/crl'
+
+RSpec.describe PuppetX::Certregen::CRL do
+  include_context "Initialize CA"
+
+  describe '.refresh' do
+    def normalize_time(t)
+      t.utc.round
+    end
+
+    let(:stub_time) { normalize_time(Time.now + 60 * 60 * 24 * 365) }
+    let(:oldcrl) { @oldcrl }
+
+    before do
+      @oldcrl = Puppet::SSL::CertificateRevocationList.indirection.find("ca")
+      allow(Time).to receive(:now).and_return stub_time
+      described_class.refresh(Puppet::SSL::CertificateAuthority.new)
+    end
+
+    subject { Puppet::SSL::CertificateRevocationList.indirection.find('ca') }
+
+    it 'updates the lastUpdate field' do
+      last_update = normalize_time(subject.content.last_update.utc)
+      expect(last_update).to eq normalize_time(stub_time - 1)
+    end
+
+    it 'updates the nextUpdate field' do
+      next_update = normalize_time(subject.content.next_update.utc)
+      expect(next_update).to eq normalize_time(stub_time + described_class::FIVE_YEARS)
+    end
+
+    def crl_number(crl)
+      crl.content.extensions.find { |ext| ext.oid == 'crlNumber' }.value
+    end
+
+    it "increments the CRL number" do
+      newcrl = Puppet::SSL::CertificateRevocationList.from_instance(
+        OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl])), 'ca')
+
+      old_crl_number = crl_number(oldcrl).to_i
+      new_crl_number = crl_number(newcrl).to_i
+      expect(new_crl_number).to eq old_crl_number + 1
+    end
+
+    it 'copies the cacrl to the hostcrl' do
+      cacrl = Puppet::SSL::CertificateRevocationList.from_instance(
+                               OpenSSL::X509::CRL.new(File.read(Puppet[:cacrl])), 'ca')
+      hostcrl = Puppet::SSL::CertificateRevocationList.from_instance(
+                               OpenSSL::X509::CRL.new(File.read(Puppet[:hostcrl])), 'ca')
+      expect(crl_number(cacrl)).to eq crl_number(hostcrl)
+    end
+  end
+end