puppet 6.4.2-universal-darwin → 6.4.3-universal-darwin

data/man/man5/puppet.conf.5

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPETCONF" "5" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPETCONF" "5" "July 2019" "Puppet, Inc." "Puppet manual"
 \fBThis page is autogenerated; any changes will get overwritten\fR
 .
 .SH "Configuration settings"
@@ -876,7 +876,7 @@ The time to wait for data to be read from an HTTP connection\. If nothing is rea
 The HTTP User\-Agent string to send when making network requests\.
 .
 .IP "\(bu" 4
-\fIDefault\fR: Puppet/6\.4\.2 Ruby/2\.4\.1\-p111 (x86_64\-linux)
+\fIDefault\fR: Puppet/6\.4\.3 Ruby/2\.4\.1\-p111 (x86_64\-linux)
 .
 .IP "" 0
 .

data/man/man8/puppet-agent.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-AGENT" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-AGENT" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-agent\fR \- The puppet agent daemon

data/man/man8/puppet-apply.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-APPLY" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-APPLY" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-apply\fR \- Apply Puppet manifests locally

data/man/man8/puppet-catalog.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CATALOG" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CATALOG" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-catalog\fR \- Compile, save, view, and convert catalogs\.

data/man/man8/puppet-config.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-CONFIG" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-CONFIG" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-config\fR \- Interact with Puppet\'s settings\.

data/man/man8/puppet-describe.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DESCRIBE" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DESCRIBE" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-describe\fR \- Display help about resource types

data/man/man8/puppet-device.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DEVICE" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DEVICE" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-device\fR \- Manage remote network devices

data/man/man8/puppet-doc.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-DOC" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-DOC" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-doc\fR \- Generate Puppet references

data/man/man8/puppet-epp.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-EPP" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-EPP" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-epp\fR \- Interact directly with the EPP template parser/renderer\.

data/man/man8/puppet-facts.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FACTS" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FACTS" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-facts\fR \- Retrieve and store facts\.

data/man/man8/puppet-filebucket.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-FILEBUCKET" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-FILEBUCKET" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-filebucket\fR \- Store and retrieve files in a filebucket

data/man/man8/puppet-generate.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-GENERATE" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-GENERATE" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-generate\fR \- Generates Puppet code from Ruby definitions\.

data/man/man8/puppet-help.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-HELP" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-HELP" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-help\fR \- Display Puppet help\.

data/man/man8/puppet-key.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-KEY" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-KEY" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-key\fR \- Create, save, and remove certificate keys\.

data/man/man8/puppet-lookup.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "LOOKUP" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "LOOKUP" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBlookup\fR \- Interactive Hiera lookup

data/man/man8/puppet-man.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MAN" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MAN" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-man\fR \- Display Puppet manual pages\.

data/man/man8/puppet-module.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-MODULE" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-MODULE" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-module\fR \- Creates, installs and searches for modules on the Puppet Forge\.

data/man/man8/puppet-node.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-NODE" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-NODE" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-node\fR \- View and manage node definitions\.

data/man/man8/puppet-parser.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PARSER" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PARSER" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-parser\fR \- Interact directly with the parser\.

data/man/man8/puppet-plugin.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-PLUGIN" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-PLUGIN" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-plugin\fR \- Interact with the Puppet plugin system\.

data/man/man8/puppet-report.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-REPORT" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-REPORT" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-report\fR \- Create, display, and submit reports\.

data/man/man8/puppet-resource.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-RESOURCE" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-RESOURCE" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-resource\fR \- The resource abstraction layer shell

data/man/man8/puppet-script.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SCRIPT" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SCRIPT" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-script\fR \- Run a puppet manifests as a script without compiling a catalog

data/man/man8/puppet-ssl.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-SSL" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-SSL" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-ssl\fR \- Manage SSL keys and certificates for puppet SSL clients

data/man/man8/puppet-status.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET\-STATUS" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET\-STATUS" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\-status\fR \- View puppet server status\.

data/man/man8/puppet.8

@@ -1,7 +1,7 @@
 .\" generated with Ronn/v0.7.3
 .\" http://github.com/rtomayko/ronn/tree/0.7.3
 .
-.TH "PUPPET" "8" "April 2019" "Puppet, Inc." "Puppet manual"
+.TH "PUPPET" "8" "July 2019" "Puppet, Inc." "Puppet manual"
 .
 .SH "NAME"
 \fBpuppet\fR
@@ -25,4 +25,4 @@ Specialized:
 catalog Compile, save, view, and convert catalogs\. describe Display help about resource types device Manage remote network devices doc Generate Puppet references epp Interact directly with the EPP template parser/renderer\. facts Retrieve and store facts\. filebucket Store and retrieve files in a filebucket generate Generates Puppet code from Ruby definitions\. node View and manage node definitions\. parser Interact directly with the parser\. script Run a puppet manifests as a script without compiling a catalog ssl Manage SSL keys and certificates for puppet SSL clients
 .
 .P
-See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.4\.2
+See \'puppet help \fIsubcommand\fR \fIaction\fR\' for help on a specific subcommand action\. See \'puppet help \fIsubcommand\fR\' for help on a specific subcommand\. Puppet v6\.4\.3

data/spec/integration/type/package_spec.rb

@@ -100,7 +100,7 @@ describe Puppet::Type.type(:package), "when packages with the same name are sour
       provider_name = Puppet::Type.type(:package).defaultprovider.name
       expect {
         @catalog.add_resource(@alt_package)
-      }.to raise_error ArgumentError, "Cannot alias Package[gem-yay] to [\"yay\", :#{provider_name}]; resource [\"Package\", \"yay\", :#{provider_name}] already declared"
+      }.to raise_error ArgumentError, "Cannot alias Package[gem-yay] to [nil, \"yay\", :#{provider_name}]; resource [\"Package\", nil, \"yay\", :#{provider_name}] already declared"
     end
   end
 

data/spec/integration/util/windows/registry_spec.rb

@@ -242,6 +242,58 @@ describe Puppet::Util::Windows::Registry do
         end
       end
     end
+
+    context 'whean reading null byte' do
+      let(:hklm) { Win32::Registry::HKEY_LOCAL_MACHINE }
+      let(:puppet_key) { 'SOFTWARE\\Puppet Labs' }
+      let(:subkey_name) { "PuppetRegistryTest#{SecureRandom.uuid}" }
+      let(:value_name) { SecureRandom.uuid }
+
+      after(:each) do
+        hklm.open(puppet_key, Win32::Registry::KEY_ALL_ACCESS) do |reg|
+          subject.delete_key(reg, subkey_name)
+        end
+      end
+
+      [
+        {
+          name: 'REG_SZ',
+          type: Win32::Registry::REG_SZ,
+          value: "reg sz\u0000 string",
+          expected_value: "reg sz  string"
+        },
+        {
+          name: 'REG_SZ_2',
+          type: Win32::Registry::REG_SZ,
+          value: "reg sz\x00 string",
+          expected_value: "reg sz  string"
+        },
+        {
+          name: 'REG_EXPAND_SZ',
+          type: Win32::Registry::REG_EXPAND_SZ,
+          value: "\0reg expand string",
+          expected_value: " reg expand string"
+        }
+      ].each do |pair|
+        it 'replaces null bytes with spaces' do
+          hklm.create("#{puppet_key}\\#{subkey_name}", Win32::Registry::KEY_ALL_ACCESS) do |reg|
+            reg.write(value_name, pair[:type], pair[:value])
+          end
+
+          hklm.open("#{puppet_key}\\#{subkey_name}", Win32::Registry::KEY_READ) do |reg|
+            vals = subject.values(reg)
+
+            expect(vals).to have_key(value_name)
+            subject.each_value(reg) do |_subkey, type, _data|
+              expect(type).to eq(pair[:type])
+            end
+
+            written = vals[value_name]
+            expect(written).to eq(pair[:expected_value])
+          end
+        end
+      end
+    end
   end
 
   context "#values_by_name" do

data/spec/integration/util/windows/user_spec.rb

@@ -106,6 +106,12 @@ describe "Puppet::Util::Windows::User", :if => Puppet::Util::Platform.windows? d
     end
 
     describe "logon_user" do
+      let(:fLOGON32_PROVIDER_DEFAULT) {0}
+      let(:fLOGON32_LOGON_INTERACTIVE) {2}
+      let(:fLOGON32_LOGON_NETWORK) {3}
+      let(:token) {'test'}
+      let(:user) {'test'}
+      let(:passwd) {'test'}
       it "should raise an error when provided with an incorrect username and password" do
         expect_logon_failure_error {
           Puppet::Util::Windows::User.logon_user(username, bad_password)
@@ -117,8 +123,21 @@ describe "Puppet::Util::Windows::User", :if => Puppet::Util::Platform.windows? d
           Puppet::Util::Windows::User.logon_user(username, nil)
         }
       end
+
+      it 'should raise error given that logon returns false' do
+
+        allow(Puppet::Util::Windows::User).to receive(:logon_user_by_logon_type).with(
+            user, passwd, fLOGON32_LOGON_NETWORK, fLOGON32_PROVIDER_DEFAULT, anything).and_return (0)
+        allow(Puppet::Util::Windows::User).to receive(:logon_user_by_logon_type).with(
+            user, passwd, fLOGON32_LOGON_INTERACTIVE, fLOGON32_PROVIDER_DEFAULT, anything).and_return(0)
+
+        expect {Puppet::Util::Windows::User.logon_user(user, passwd) {}}
+            .to raise_error(Puppet::Util::Windows::Error, /Failed to logon user/)
+
+      end
     end
 
+
     describe "password_is?" do
       it "should return false given an incorrect username and password" do
         expect(Puppet::Util::Windows::User.password_is?(username, bad_password)).to be_falsey

data/spec/unit/application/agent_spec.rb

@@ -7,6 +7,8 @@ require 'puppet/daemon'
 describe Puppet::Application::Agent do
   include PuppetSpec::Files
 
+  let(:machine) { double(ensure_client_certificate: nil) }
+
   before :each do
     @puppetd = Puppet::Application[:agent]
 
@@ -27,8 +29,6 @@ describe Puppet::Application::Agent do
     allow(Puppet::Node.indirection).to receive(:cache_class=)
     allow(Puppet::Node::Facts.indirection).to receive(:terminus_class=)
 
-    expect($stderr).not_to receive(:puts)
-
     allow(Puppet.settings).to receive(:use)
   end
 
@@ -125,7 +125,7 @@ describe Puppet::Application::Agent do
       allow(@agent).to receive(:run).and_return(2)
       Puppet[:onetime] = true
 
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 0).and_return(double(ensure_client_certificate: nil))
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 0).and_return(machine)
 
       expect { execute_agent }.to exit_with 0
     end
@@ -135,13 +135,20 @@ describe Puppet::Application::Agent do
       Puppet[:onetime] = true
       @puppetd.handle_waitforcert(60)
 
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 60).and_return(double(ensure_client_certificate: nil))
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 60).and_return(machine)
 
       expect { execute_agent }.to exit_with 0
     end
 
     it "should use a default value for waitforcert when --onetime and --waitforcert are not specified" do
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 120).and_return(machine)
+
+      execute_agent
+    end
+
+    it "should register ssl OIDs" do
       expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 120).and_return(double(ensure_client_certificate: nil))
+      expect(Puppet::SSL::Oids).to receive(:register_puppet_oids)
 
       execute_agent
     end
@@ -149,7 +156,7 @@ describe Puppet::Application::Agent do
     it "should use the waitforcert setting when checking for a signed certificate" do
       Puppet[:waitforcert] = 10
 
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 10).and_return(double(ensure_client_certificate: nil))
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 10).and_return(machine)
 
       execute_agent
     end
@@ -386,7 +393,7 @@ describe Puppet::Application::Agent do
     it "should inform the daemon about our agent if :client is set to 'true'" do
       @puppetd.options[:client] = true
 
-      allow(Puppet::SSL::StateMachine).to receive(:new).and_return(double(ensure_client_certificate: nil))
+      allow(Puppet::SSL::StateMachine).to receive(:new).and_return(machine)
 
       execute_agent
 
@@ -398,7 +405,7 @@ describe Puppet::Application::Agent do
       Puppet[:daemonize] = true
       allow(Signal).to receive(:trap)
 
-      allow(Puppet::SSL::StateMachine).to receive(:new).and_return(double(ensure_client_certificate: nil))
+      allow(Puppet::SSL::StateMachine).to receive(:new).and_return(machine)
 
       expect(@daemon).to receive(:daemonize)
 
@@ -408,22 +415,7 @@ describe Puppet::Application::Agent do
     it "should wait for a certificate" do
       @puppetd.options[:waitforcert] = 123
 
-      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 123).and_return(double(ensure_client_certificate: nil))
-
-      execute_agent
-    end
-
-    it "should not wait for a certificate in fingerprint mode" do
-      @puppetd.options[:fingerprint] = true
-      @puppetd.options[:waitforcert] = 123
-      @puppetd.options[:digest] = 'MD5'
-
-      certificate = double('certificate')
-      allow(certificate).to receive(:to_der).and_return('ABCDE')
-      ssl_context = double('ssl_context', client_cert: certificate)
-      allow(Puppet::SSL::StateMachine).to receive(:new).with(onetime: true).and_return(double(ensure_client_certificate: ssl_context))
-
-      expect(@puppetd).to receive(:puts).with('(MD5) 2E:CD:DE:39:59:05:1D:91:3F:61:B1:45:79:EA:13:6D')
+      expect(Puppet::SSL::StateMachine).to receive(:new).with(waitforcert: 123).and_return(machine)
 
       execute_agent
     end
@@ -478,7 +470,7 @@ describe Puppet::Application::Agent do
 
     it "should dispatch to onetime if --onetime is used" do
       Puppet[:onetime] = true
-      allow(Puppet::SSL::StateMachine).to receive(:new).and_return(double(ensure_client_certificate: nil))
+      allow(Puppet::SSL::StateMachine).to receive(:new).and_return(machine)
 
       expect(@puppetd).to receive(:onetime)
 
@@ -487,7 +479,7 @@ describe Puppet::Application::Agent do
 
     it "should dispatch to main if --onetime and --fingerprint are not used" do
       Puppet[:onetime] = false
-      allow(Puppet::SSL::StateMachine).to receive(:new).and_return(double(ensure_client_certificate: nil))
+      allow(Puppet::SSL::StateMachine).to receive(:new).and_return(machine)
 
       expect(@puppetd).to receive(:main)
 
@@ -501,7 +493,7 @@ describe Puppet::Application::Agent do
         @puppetd.options[:client] = :client
         @puppetd.options[:detailed_exitcodes] = false
 
-        allow(Puppet::SSL::StateMachine).to receive(:new).and_return(double(ensure_client_certificate: nil))
+        allow(Puppet::SSL::StateMachine).to receive(:new).and_return(machine)
       end
 
       it "should setup traps" do
@@ -552,26 +544,55 @@ describe Puppet::Application::Agent do
 
     describe "with --fingerprint" do
       before :each do
-        @cert = double('cert')
         @puppetd.options[:fingerprint] = true
         @puppetd.options[:digest] = :MD5
       end
 
       it "should fingerprint the certificate if it exists" do
-        allow(@cert).to receive(:to_der).and_return('ABCDE')
-        ssl_context = double('ssl_context', client_cert: @cert)
-        allow(Puppet::SSL::StateMachine).to receive(:new).with(onetime: true).and_return(double(ensure_client_certificate: ssl_context))
+        cert = cert_fixture('signed.pem')
+        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_client_cert).and_return(cert)
 
-        expect(@puppetd).to receive(:puts).with('(MD5) 2E:CD:DE:39:59:05:1D:91:3F:61:B1:45:79:EA:13:6D')
+        expect(@puppetd).to receive(:puts).with('(MD5) A6:00:3E:C1:DF:CF:E8:44:A6:4F:8D:92:E8:B2:D9:47')
 
         @puppetd.fingerprint
       end
+
+      it "should fingerprint the request if it exists" do
+        request = request_fixture('request.pem')
+        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_client_cert).and_return(nil)
+        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_request).and_return(request)
+
+        expect(@puppetd).to receive(:puts).with('(MD5) 04:D0:69:23:32:2F:48:77:FE:2F:F2:0C:4E:90:BE:AC')
+
+        @puppetd.fingerprint
+      end
+
+      it "should print an error to stderr if neither exist" do
+        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_client_cert).and_return(nil)
+        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_request).and_return(nil)
+
+        expect {
+          expect {
+            @puppetd.fingerprint
+          }.to exit_with(1)
+        }.to output(/Fingerprint asked but neither the certificate, nor the certificate request have been issued/).to_stderr
+      end
+
+      it "should log an error if an exception occurs" do
+        allow_any_instance_of(Puppet::X509::CertProvider).to receive(:load_client_cert).and_raise(Puppet::Error, "Invalid PEM")
+
+        expect {
+          @puppetd.fingerprint
+        }.to exit_with(1)
+
+        expect(@logs).to include(an_object_having_attributes(message: /Failed to generate fingerprint: Invalid PEM/))
+      end
     end
 
     describe "without --onetime and --fingerprint" do
       before :each do
         allow(Puppet).to receive(:notice)
-        allow(Puppet::SSL::StateMachine).to receive(:new).and_return(double(ensure_client_certificate: nil))
+        allow(Puppet::SSL::StateMachine).to receive(:new).and_return(machine)
       end
 
       it "should start our daemon" do