puppet 8.0.1-universal-darwin → 8.2.0-universal-darwin

Sign up to get free protection for your applications and to get access to all the features.
Files changed (83) hide show
  1. checksums.yaml +4 -4
  2. data/CODEOWNERS +5 -5
  3. data/Gemfile.lock +47 -39
  4. data/ext/project_data.yaml +1 -1
  5. data/lib/puppet/defaults.rb +37 -7
  6. data/lib/puppet/http/client.rb +12 -5
  7. data/lib/puppet/http/service/ca.rb +32 -2
  8. data/lib/puppet/node/environment.rb +6 -4
  9. data/lib/puppet/pops/evaluator/deferred_resolver.rb +20 -3
  10. data/lib/puppet/ssl/oids.rb +2 -0
  11. data/lib/puppet/ssl/ssl_provider.rb +1 -1
  12. data/lib/puppet/ssl/state_machine.rb +143 -14
  13. data/lib/puppet/thread_local.rb +1 -4
  14. data/lib/puppet/version.rb +1 -1
  15. data/lib/puppet/x509/cert_provider.rb +29 -0
  16. data/locales/puppet.pot +2346 -2310
  17. data/man/man5/puppet.conf.5 +31 -3
  18. data/man/man8/puppet-agent.8 +1 -1
  19. data/man/man8/puppet-apply.8 +1 -1
  20. data/man/man8/puppet-catalog.8 +1 -1
  21. data/man/man8/puppet-config.8 +1 -1
  22. data/man/man8/puppet-describe.8 +1 -1
  23. data/man/man8/puppet-device.8 +1 -1
  24. data/man/man8/puppet-doc.8 +1 -1
  25. data/man/man8/puppet-epp.8 +1 -1
  26. data/man/man8/puppet-facts.8 +1 -1
  27. data/man/man8/puppet-filebucket.8 +1 -1
  28. data/man/man8/puppet-generate.8 +1 -1
  29. data/man/man8/puppet-help.8 +1 -1
  30. data/man/man8/puppet-lookup.8 +1 -1
  31. data/man/man8/puppet-module.8 +1 -1
  32. data/man/man8/puppet-node.8 +1 -1
  33. data/man/man8/puppet-parser.8 +1 -1
  34. data/man/man8/puppet-plugin.8 +1 -1
  35. data/man/man8/puppet-report.8 +1 -1
  36. data/man/man8/puppet-resource.8 +1 -1
  37. data/man/man8/puppet-script.8 +1 -1
  38. data/man/man8/puppet-ssl.8 +1 -1
  39. data/man/man8/puppet.8 +2 -2
  40. data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -107
  41. data/spec/fixtures/ssl/127.0.0.1.pem +52 -51
  42. data/spec/fixtures/ssl/bad-basic-constraints.pem +56 -56
  43. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +53 -53
  44. data/spec/fixtures/ssl/ca.pem +54 -54
  45. data/spec/fixtures/ssl/crl.pem +26 -26
  46. data/spec/fixtures/ssl/ec-key.pem +11 -11
  47. data/spec/fixtures/ssl/ec.pem +33 -32
  48. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  49. data/spec/fixtures/ssl/encrypted-key.pem +108 -108
  50. data/spec/fixtures/ssl/intermediate-agent-crl.pem +26 -26
  51. data/spec/fixtures/ssl/intermediate-agent.pem +56 -56
  52. data/spec/fixtures/ssl/intermediate-crl.pem +29 -29
  53. data/spec/fixtures/ssl/intermediate.pem +53 -53
  54. data/spec/fixtures/ssl/oid-key.pem +107 -107
  55. data/spec/fixtures/ssl/oid.pem +51 -50
  56. data/spec/fixtures/ssl/pluto-key.pem +107 -107
  57. data/spec/fixtures/ssl/pluto.pem +52 -51
  58. data/spec/fixtures/ssl/renewed.pem +67 -0
  59. data/spec/fixtures/ssl/request-key.pem +107 -107
  60. data/spec/fixtures/ssl/request.pem +50 -48
  61. data/spec/fixtures/ssl/revoked-key.pem +107 -107
  62. data/spec/fixtures/ssl/revoked.pem +51 -50
  63. data/spec/fixtures/ssl/signed-key.pem +107 -107
  64. data/spec/fixtures/ssl/signed.pem +49 -48
  65. data/spec/fixtures/ssl/tampered-cert.pem +51 -50
  66. data/spec/fixtures/ssl/tampered-csr.pem +50 -48
  67. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -107
  68. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -49
  69. data/spec/fixtures/ssl/unknown-ca-key.pem +107 -107
  70. data/spec/fixtures/ssl/unknown-ca.pem +54 -54
  71. data/spec/integration/application/agent_spec.rb +63 -13
  72. data/spec/integration/application/apply_spec.rb +14 -0
  73. data/spec/integration/http/client_spec.rb +16 -0
  74. data/spec/lib/puppet/test_ca.rb +3 -10
  75. data/spec/unit/application/lookup_spec.rb +1 -0
  76. data/spec/unit/defaults_spec.rb +2 -40
  77. data/spec/unit/file_system/path_pattern_spec.rb +15 -0
  78. data/spec/unit/http/service/ca_spec.rb +83 -0
  79. data/spec/unit/ssl/ssl_provider_spec.rb +20 -0
  80. data/spec/unit/ssl/state_machine_spec.rb +143 -3
  81. data/spec/unit/x509/cert_provider_spec.rb +49 -0
  82. data/tasks/generate_cert_fixtures.rake +4 -0
  83. metadata +5 -9
@@ -1,117 +1,117 @@
1
- RSA Private-Key: (2048 bit, 2 primes)
1
+ Private-Key: (2048 bit, 2 primes)
2
2
  modulus:
3
- 00:b4:79:b0:16:e7:9b:22:20:17:4b:36:87:eb:38:
4
- 03:1f:df:88:00:1b:37:40:5e:1f:1d:89:1f:3e:f4:
5
- fa:69:90:9c:d8:68:df:c8:71:07:07:4e:01:1d:f0:
6
- a8:9a:67:94:af:47:f2:b8:60:f5:ca:fb:bb:ac:7c:
7
- 23:58:59:bc:95:b0:ad:b2:c7:a0:28:e1:4f:1e:c4:
8
- ef:5f:2b:a3:4e:f2:6a:95:c8:4f:f5:af:bc:fa:36:
9
- 10:f9:a9:62:7a:04:d5:01:cd:9b:ba:97:32:4c:99:
10
- e5:88:fc:05:84:34:f5:4a:f2:f1:ec:04:c7:c7:63:
11
- 28:eb:9e:ee:91:cd:95:8b:60:9e:5f:51:a1:2b:5a:
12
- cd:02:b2:a7:52:6c:d1:8a:ab:b1:c4:52:cd:10:ce:
13
- 9e:56:24:6c:63:84:2c:15:6c:c0:62:ea:c2:d9:04:
14
- 88:e2:e2:0f:ff:ce:87:51:eb:77:50:83:33:1c:c7:
15
- 88:5b:08:d4:3a:22:2f:13:a6:89:f7:4b:a0:2e:30:
16
- c1:12:7a:bb:37:1f:aa:87:56:44:2f:5a:63:4b:b2:
17
- 36:f6:29:5e:b8:67:52:6f:63:2a:ad:3d:c3:a5:45:
18
- af:97:e9:85:9e:76:1e:51:9c:68:36:58:32:ad:cf:
19
- 3e:4d:f0:92:e2:ad:d6:f0:e1:5d:af:08:ca:2a:82:
20
- 0e:a3
3
+ 00:a8:08:cd:22:aa:fa:a1:38:0e:d8:be:2f:57:b6:
4
+ fb:f5:e2:9b:04:72:49:56:15:71:42:1d:12:a8:8f:
5
+ 29:03:63:e1:2a:1f:ec:4d:67:3d:7d:5e:27:a5:21:
6
+ fe:16:38:a0:f5:de:5c:76:ec:71:7d:6c:ae:ca:8a:
7
+ 30:5d:fe:39:c5:4a:d0:14:13:76:b5:89:d8:58:7a:
8
+ 11:76:54:3e:4d:e3:be:f9:fb:72:80:bc:19:07:0f:
9
+ e0:53:46:5b:f1:45:8c:d2:5c:af:e4:0f:ab:7d:bc:
10
+ 22:3c:7a:b1:95:7d:6a:04:4b:fa:d2:e8:1e:c4:39:
11
+ 4b:bd:dc:7e:69:ba:8e:a9:96:a5:17:e4:ae:4e:3e:
12
+ 98:ad:2b:55:95:ac:6d:40:4b:20:55:51:31:98:9e:
13
+ 4e:de:b4:37:31:5b:d9:3a:6c:e4:b1:0a:19:ce:5e:
14
+ a8:e2:29:97:de:3d:c7:50:54:fb:f2:8f:2a:a4:58:
15
+ a5:52:82:0b:52:c8:4e:6c:5d:78:10:c6:4b:05:36:
16
+ 02:e4:df:bc:95:4a:47:b7:e8:e4:8b:6d:46:ab:fb:
17
+ fb:41:6b:bb:90:c4:1b:5a:7d:3b:2e:19:2d:0d:95:
18
+ 70:d2:10:f9:7a:1a:ee:8f:20:cb:8d:8d:bf:23:75:
19
+ 11:dd:02:ab:e3:fd:9e:b1:05:3b:63:2e:ab:87:93:
20
+ 63:a3
21
21
  publicExponent: 65537 (0x10001)
22
22
  privateExponent:
23
- 00:9b:ce:8e:a2:47:93:5b:b3:be:c8:75:2c:84:7a:
24
- 97:df:f5:78:11:37:6d:cc:c9:35:2d:a7:8a:ed:2c:
25
- 4b:df:c5:34:53:74:be:f5:e9:f6:7a:6c:f2:73:e9:
26
- a7:75:9d:c4:f4:4a:36:16:cd:c6:85:56:2c:a0:ed:
27
- 8f:0a:20:76:b9:f8:8d:0c:d2:60:c7:ca:34:27:49:
28
- 37:aa:bf:1e:be:f2:73:e8:19:c6:46:42:50:f0:e6:
29
- aa:63:0f:c3:ef:b9:aa:37:63:4d:75:9a:40:97:77:
30
- 29:7d:c8:ad:ee:84:55:dc:3d:bf:73:d6:70:af:07:
31
- 41:75:a1:81:2f:29:00:59:11:3e:98:49:12:ec:e9:
32
- 9d:ca:ca:71:1e:bc:2f:9f:13:9c:5c:01:54:6d:69:
33
- 6b:85:6f:2a:2f:96:a5:38:37:e3:0c:7d:9f:6c:12:
34
- a4:13:1b:bf:cb:35:16:88:a6:c6:47:6f:0b:61:22:
35
- c2:de:00:7a:b1:70:f6:1e:01:99:70:87:1d:23:21:
36
- 0f:bf:41:59:16:75:40:8e:7c:50:73:bb:ce:17:7c:
37
- 07:ec:f2:83:12:95:4e:6a:ac:79:89:8f:32:58:61:
38
- af:55:df:30:1d:3a:d1:f3:fa:ee:74:27:73:62:f8:
39
- c4:e2:b2:e3:a5:64:e4:6b:4b:86:13:44:00:3d:51:
40
- 45:d9
23
+ 12:00:67:61:98:69:a3:4d:eb:21:43:36:b5:31:f0:
24
+ 4a:46:4d:8f:2b:63:39:ea:b0:28:82:0e:d6:aa:07:
25
+ 9d:ca:5c:7b:f3:d1:8f:f5:48:7c:1e:d3:26:78:be:
26
+ cc:c8:a2:4d:d4:d5:99:13:f9:90:93:4d:22:7b:ad:
27
+ 74:d4:60:82:07:62:c5:53:d4:7a:dc:5a:a6:17:e5:
28
+ b9:04:8b:6c:32:c2:e9:eb:0b:38:49:6e:70:f8:3d:
29
+ 73:0e:6d:99:2a:77:4c:ae:0b:55:e6:6b:db:db:84:
30
+ db:6f:d5:88:8b:58:09:3f:ce:8e:3b:b9:d8:11:bf:
31
+ 50:86:c7:b0:32:01:48:9f:a3:5d:c2:dc:9a:67:2f:
32
+ 94:70:99:08:31:bf:a3:e3:89:de:e2:f1:8c:4d:73:
33
+ 5c:68:ac:76:36:4f:0d:ce:e8:62:5a:32:44:7a:13:
34
+ fa:9a:46:2e:30:aa:66:10:43:81:5d:57:65:99:3c:
35
+ 82:0c:65:83:44:36:6a:e1:0d:44:16:74:e1:c6:a8:
36
+ 9a:3d:a5:fa:a2:7e:cb:a1:76:c0:21:e0:4c:ea:a2:
37
+ f2:d9:a7:53:a8:41:39:db:51:c7:5d:31:b2:04:86:
38
+ 4b:7d:cf:11:10:16:b3:b1:22:37:29:c4:20:7e:b0:
39
+ 0c:7b:ac:89:78:6b:ef:3b:98:29:c2:23:29:9f:4e:
40
+ 89
41
41
  prime1:
42
- 00:da:9b:01:67:9b:20:66:3b:69:da:ce:9e:ac:fa:
43
- 03:84:8e:da:fb:04:8d:9b:f0:ff:c9:55:a4:26:c4:
44
- b8:e3:1c:47:7d:fb:f5:2e:f6:50:22:75:63:ac:b7:
45
- 2d:f0:d5:75:0f:04:d5:e6:ee:75:9c:15:9f:e4:5c:
46
- 76:2c:0b:df:7f:9d:5f:16:3a:8a:82:36:6b:c9:fc:
47
- 49:e1:83:fe:cf:85:e1:fc:80:60:06:33:b2:e6:54:
48
- 6c:ba:29:6e:e4:3a:ee:d7:e6:0a:d6:bd:27:5d:40:
49
- e0:89:97:89:2a:3e:cf:a5:ec:ae:5f:db:df:3e:e8:
50
- c4:b0:9a:77:96:4d:a1:5e:5d
42
+ 00:c0:6f:d4:87:c5:6a:30:aa:2a:5e:a1:f9:0c:0e:
43
+ c8:14:8e:56:8a:57:15:13:a9:10:31:a4:c9:62:21:
44
+ 60:a0:98:a9:fa:82:8e:c6:c7:3a:1f:bb:2b:db:32:
45
+ e9:fc:9e:93:8e:d7:4c:1a:3a:87:11:76:a7:e9:7b:
46
+ 1f:5c:2a:8f:22:d5:24:e1:5b:7d:fe:15:cd:af:43:
47
+ 20:52:c8:2f:b1:a9:7c:11:5d:7a:61:71:d5:a8:e7:
48
+ 22:66:4f:40:08:bf:75:b5:c4:7a:db:83:52:6c:88:
49
+ f9:27:6b:fd:8c:0d:05:f7:30:6f:0f:f7:7c:21:58:
50
+ aa:45:34:b1:73:12:63:45:af
51
51
  prime2:
52
- 00:d3:58:ea:f8:aa:9b:e0:95:aa:81:27:f4:1a:5e:
53
- ae:60:bf:0f:37:be:b8:64:78:d4:ce:47:7e:21:82:
54
- 49:a7:f6:ff:15:62:1c:87:e8:c2:d5:d2:9b:d2:21:
55
- 87:36:36:66:bc:03:23:8f:5e:09:2b:4f:a2:8a:7f:
56
- ea:c8:ea:fb:21:54:4a:ba:b8:14:74:59:50:fa:31:
57
- cf:31:c3:22:32:4a:db:05:b6:3c:f5:9f:6b:cd:3c:
58
- 6b:1b:48:b0:b5:13:5d:c7:b6:13:4e:09:85:e2:db:
59
- 38:ac:ee:27:42:d8:49:47:9e:0c:59:95:97:e7:c2:
60
- 78:0a:65:c9:ee:29:e8:50:ff
52
+ 00:df:89:89:3a:49:8a:0f:91:87:04:b4:aa:73:d6:
53
+ b7:03:60:20:60:2e:b8:c0:eb:c4:70:ef:19:d6:ce:
54
+ 72:ae:4c:b6:bb:c4:45:20:e7:8d:1a:44:4a:e4:1a:
55
+ 67:67:42:28:93:32:b7:f2:90:04:53:88:46:1b:8a:
56
+ 79:b8:18:fb:11:92:a3:fc:7e:b0:75:29:99:ee:89:
57
+ d9:5d:4e:fa:09:e0:cf:9f:e4:23:bc:72:97:32:99:
58
+ fc:14:78:ca:bc:b5:73:08:f8:cc:9b:81:ea:ae:71:
59
+ 5b:f7:b0:f8:1b:16:0a:28:4e:01:11:40:e1:68:10:
60
+ 5c:26:84:74:a7:a3:a8:f2:4d
61
61
  exponent1:
62
- 50:f7:12:19:1e:72:6c:8a:da:d4:e8:ac:0a:62:fb:
63
- 04:90:a8:78:4a:22:6c:bc:60:f0:5f:e0:d1:5f:11:
64
- 1f:44:ad:11:f3:4c:c7:1d:01:67:11:d5:5d:f5:e6:
65
- 75:09:8a:36:8a:d2:f2:9a:25:43:2f:1b:2e:48:34:
66
- 98:71:b9:50:99:a7:cb:22:d9:84:0a:c5:f7:64:92:
67
- b4:8c:df:c6:5a:ce:ed:67:5a:a9:51:62:94:3e:76:
68
- 9a:a8:97:e2:be:15:12:2f:a8:9a:0a:2a:d7:36:1d:
69
- 33:b8:c5:5b:b9:31:cd:41:90:ff:fd:fe:7c:5d:57:
70
- e4:15:01:ef:d0:46:d1:1d
62
+ 00:86:75:9d:2a:c0:e5:d1:db:14:7f:ca:ed:19:5f:
63
+ ba:ad:a2:47:15:a2:83:37:99:89:97:26:6d:10:04:
64
+ 02:60:34:4b:90:9e:68:e4:bb:90:01:5b:e6:e8:e2:
65
+ 4a:5c:18:f1:41:7d:6d:cf:65:d5:ba:7e:0e:15:35:
66
+ d2:53:b3:e9:0f:8d:9e:97:58:36:50:b3:2b:64:aa:
67
+ a2:8b:35:15:1e:2e:2e:62:73:ce:6f:07:fb:22:69:
68
+ 5d:bf:de:df:ff:3c:c8:22:99:86:be:9a:a3:9c:f2:
69
+ 98:24:d3:6f:f5:cb:a3:bf:74:38:26:0f:e6:cb:e6:
70
+ 08:13:13:1e:6a:29:0e:f4:41
71
71
  exponent2:
72
- 00:91:f0:d9:b8:c2:df:06:b3:72:dc:e3:00:fd:e0:
73
- 99:9b:76:f3:84:33:ef:d2:79:59:c1:e3:be:66:57:
74
- 38:93:82:cc:dc:30:36:b1:66:fa:7b:7a:86:5d:11:
75
- 07:f4:58:96:92:87:bc:5b:78:bc:ee:2a:7c:7c:15:
76
- 1e:c4:84:f6:cb:2a:10:bc:64:f6:c2:ed:16:2c:de:
77
- 8e:4b:b7:8a:7a:9e:14:26:1a:94:77:ac:11:5d:d4:
78
- b5:c5:4e:69:af:70:63:16:d0:54:fe:53:37:1f:d2:
79
- ef:8d:02:9b:1b:de:8c:a3:a6:b0:b2:7f:c9:38:a1:
80
- a2:10:d3:ff:1f:b5:d2:95:73
72
+ 00:b3:dc:7a:6a:47:d9:aa:85:31:da:7b:73:db:19:
73
+ 1c:d0:be:7b:ce:68:49:88:11:2c:52:a2:50:6c:22:
74
+ 58:ec:1e:15:ba:27:46:68:1f:67:cd:86:bd:ab:a4:
75
+ 03:27:76:78:27:58:5b:e1:f4:37:46:ef:13:59:fd:
76
+ a5:ca:97:6f:0c:c8:ac:e1:f1:1e:12:67:92:cf:f8:
77
+ 62:c9:4d:4e:aa:bc:14:d3:56:41:da:d3:69:0c:f2:
78
+ 11:7e:77:62:c9:4c:46:6f:25:a1:9c:4e:80:82:33:
79
+ fc:07:e4:80:fd:6a:52:69:f3:b9:b0:24:40:39:f7:
80
+ 4f:ee:3e:0d:8f:05:84:5e:d1
81
81
  coefficient:
82
- 00:bb:0a:77:ec:98:3c:fe:92:2b:66:06:7a:2a:80:
83
- a6:41:bb:d8:60:7e:fa:90:41:f3:4d:e4:4e:95:1e:
84
- 48:19:33:49:9a:24:09:6c:17:98:ce:72:09:ad:96:
85
- 43:3a:16:6c:16:cd:38:39:13:58:3e:dc:89:98:08:
86
- 38:d3:e5:d8:c1:34:8c:71:a9:88:a1:79:23:af:ad:
87
- 94:04:7a:ca:20:82:76:af:84:2a:43:c4:d6:96:b0:
88
- c8:f7:e6:be:4c:e8:d8:7c:bb:79:7a:c8:d9:32:72:
89
- 81:63:9f:2c:45:33:e3:6a:6a:42:3d:d6:19:b4:0d:
90
- 0d:15:1b:44:67:47:ef:b6:2e
82
+ 6d:a8:08:7a:ad:94:c8:0f:dc:07:57:71:1b:a7:3a:
83
+ 4d:b9:a5:39:81:36:75:c3:ff:b5:ed:7c:6a:df:28:
84
+ f6:22:1e:33:a6:48:31:8f:dc:ba:03:72:e6:51:39:
85
+ d1:ce:c5:0a:7c:a3:dd:44:9b:1b:38:94:44:ce:1e:
86
+ c5:6b:f1:4d:c8:e8:6d:ed:ad:1e:8c:86:50:98:fb:
87
+ 90:4a:25:d5:3d:2f:66:a7:b9:d6:5d:84:e7:77:25:
88
+ 69:0b:89:4b:30:53:7c:74:01:72:37:91:31:2b:aa:
89
+ 54:92:9e:41:18:a1:8c:0e:c6:74:c9:0b:1e:be:76:
90
+ 06:54:29:52:c6:a1:26:01
91
91
  -----BEGIN RSA PRIVATE KEY-----
92
- MIIEpQIBAAKCAQEAtHmwFuebIiAXSzaH6zgDH9+IABs3QF4fHYkfPvT6aZCc2Gjf
93
- yHEHB04BHfCommeUr0fyuGD1yvu7rHwjWFm8lbCtssegKOFPHsTvXyujTvJqlchP
94
- 9a+8+jYQ+aliegTVAc2bupcyTJnliPwFhDT1SvLx7ATHx2Mo657ukc2Vi2CeX1Gh
95
- K1rNArKnUmzRiquxxFLNEM6eViRsY4QsFWzAYurC2QSI4uIP/86HUet3UIMzHMeI
96
- WwjUOiIvE6aJ90ugLjDBEnq7Nx+qh1ZEL1pjS7I29ileuGdSb2MqrT3DpUWvl+mF
97
- nnYeUZxoNlgyrc8+TfCS4q3W8OFdrwjKKoIOowIDAQABAoIBAQCbzo6iR5Nbs77I
98
- dSyEepff9XgRN23MyTUtp4rtLEvfxTRTdL716fZ6bPJz6ad1ncT0SjYWzcaFViyg
99
- 7Y8KIHa5+I0M0mDHyjQnSTeqvx6+8nPoGcZGQlDw5qpjD8Pvuao3Y011mkCXdyl9
100
- yK3uhFXcPb9z1nCvB0F1oYEvKQBZET6YSRLs6Z3KynEevC+fE5xcAVRtaWuFbyov
101
- lqU4N+MMfZ9sEqQTG7/LNRaIpsZHbwthIsLeAHqxcPYeAZlwhx0jIQ+/QVkWdUCO
102
- fFBzu84XfAfs8oMSlU5qrHmJjzJYYa9V3zAdOtHz+u50J3Ni+MTisuOlZORrS4YT
103
- RAA9UUXZAoGBANqbAWebIGY7adrOnqz6A4SO2vsEjZvw/8lVpCbEuOMcR3379S72
104
- UCJ1Y6y3LfDVdQ8E1ebudZwVn+RcdiwL33+dXxY6ioI2a8n8SeGD/s+F4fyAYAYz
105
- suZUbLopbuQ67tfmCta9J11A4ImXiSo+z6Xsrl/b3z7oxLCad5ZNoV5dAoGBANNY
106
- 6viqm+CVqoEn9BpermC/Dze+uGR41M5HfiGCSaf2/xViHIfowtXSm9IhhzY2ZrwD
107
- I49eCStPoop/6sjq+yFUSrq4FHRZUPoxzzHDIjJK2wW2PPWfa808axtIsLUTXce2
108
- E04JheLbOKzuJ0LYSUeeDFmVl+fCeAplye4p6FD/AoGAUPcSGR5ybIra1OisCmL7
109
- BJCoeEoibLxg8F/g0V8RH0StEfNMxx0BZxHVXfXmdQmKNorS8polQy8bLkg0mHG5
110
- UJmnyyLZhArF92SStIzfxlrO7WdaqVFilD52mqiX4r4VEi+omgoq1zYdM7jFW7kx
111
- zUGQ//3+fF1X5BUB79BG0R0CgYEAkfDZuMLfBrNy3OMA/eCZm3bzhDPv0nlZweO+
112
- Zlc4k4LM3DA2sWb6e3qGXREH9FiWkoe8W3i87ip8fBUexIT2yyoQvGT2wu0WLN6O
113
- S7eKep4UJhqUd6wRXdS1xU5pr3BjFtBU/lM3H9LvjQKbG96Mo6awsn/JOKGiENP/
114
- H7XSlXMCgYEAuwp37Jg8/pIrZgZ6KoCmQbvYYH76kEHzTeROlR5IGTNJmiQJbBeY
115
- znIJrZZDOhZsFs04ORNYPtyJmAg40+XYwTSMcamIoXkjr62UBHrKIIJ2r4QqQ8TW
116
- lrDI9+a+TOjYfLt5esjZMnKBY58sRTPjampCPdYZtA0NFRtEZ0fvti4=
92
+ MIIEpAIBAAKCAQEAqAjNIqr6oTgO2L4vV7b79eKbBHJJVhVxQh0SqI8pA2PhKh/s
93
+ TWc9fV4npSH+Fjig9d5cduxxfWyuyoowXf45xUrQFBN2tYnYWHoRdlQ+TeO++fty
94
+ gLwZBw/gU0Zb8UWM0lyv5A+rfbwiPHqxlX1qBEv60ugexDlLvdx+abqOqZalF+Su
95
+ Tj6YrStVlaxtQEsgVVExmJ5O3rQ3MVvZOmzksQoZzl6o4imX3j3HUFT78o8qpFil
96
+ UoILUshObF14EMZLBTYC5N+8lUpHt+jki21Gq/v7QWu7kMQbWn07LhktDZVw0hD5
97
+ ehrujyDLjY2/I3UR3QKr4/2esQU7Yy6rh5NjowIDAQABAoIBABIAZ2GYaaNN6yFD
98
+ NrUx8EpGTY8rYznqsCiCDtaqB53KXHvz0Y/1SHwe0yZ4vszIok3U1ZkT+ZCTTSJ7
99
+ rXTUYIIHYsVT1HrcWqYX5bkEi2wywunrCzhJbnD4PXMObZkqd0yuC1Xma9vbhNtv
100
+ 1YiLWAk/zo47udgRv1CGx7AyAUifo13C3JpnL5RwmQgxv6Pjid7i8YxNc1xorHY2
101
+ Tw3O6GJaMkR6E/qaRi4wqmYQQ4FdV2WZPIIMZYNENmrhDUQWdOHGqJo9pfqifsuh
102
+ dsAh4EzqovLZp1OoQTnbUcddMbIEhkt9zxEQFrOxIjcpxCB+sAx7rIl4a+87mCnC
103
+ IymfTokCgYEAwG/Uh8VqMKoqXqH5DA7IFI5WilcVE6kQMaTJYiFgoJip+oKOxsc6
104
+ H7sr2zLp/J6TjtdMGjqHEXan6XsfXCqPItUk4Vt9/hXNr0MgUsgvsal8EV16YXHV
105
+ qOciZk9ACL91tcR624NSbIj5J2v9jA0F9zBvD/d8IViqRTSxcxJjRa8CgYEA34mJ
106
+ OkmKD5GHBLSqc9a3A2AgYC64wOvEcO8Z1s5yrky2u8RFIOeNGkRK5BpnZ0IokzK3
107
+ 8pAEU4hGG4p5uBj7EZKj/H6wdSmZ7onZXU76CeDPn+QjvHKXMpn8FHjKvLVzCPjM
108
+ m4HqrnFb97D4GxYKKE4BEUDhaBBcJoR0p6Oo8k0CgYEAhnWdKsDl0dsUf8rtGV+6
109
+ raJHFaKDN5mJlyZtEAQCYDRLkJ5o5LuQAVvm6OJKXBjxQX1tz2XVun4OFTXSU7Pp
110
+ D42el1g2ULMrZKqiizUVHi4uYnPObwf7Imldv97f/zzIIpmGvpqjnPKYJNNv9cuj
111
+ v3Q4Jg/my+YIExMeaikO9EECgYEAs9x6akfZqoUx2ntz2xkc0L57zmhJiBEsUqJQ
112
+ bCJY7B4VuidGaB9nzYa9q6QDJ3Z4J1hb4fQ3Ru8TWf2lypdvDMis4fEeEmeSz/hi
113
+ yU1OqrwU01ZB2tNpDPIRfndiyUxGbyWhnE6AgjP8B+SA/WpSafO5sCRAOfdP7j4N
114
+ jwWEXtECgYBtqAh6rZTID9wHV3EbpzpNuaU5gTZ1w/+17Xxq3yj2Ih4zpkgxj9y6
115
+ A3LmUTnRzsUKfKPdRJsbOJREzh7Fa/FNyOht7a0ejIZQmPuQSiXVPS9mp7nWXYTn
116
+ dyVpC4lLMFN8dAFyN5ExK6pUkp5BGKGMDsZ0yQsevnYGVClSxqEmAQ==
117
117
  -----END RSA PRIVATE KEY-----
@@ -6,30 +6,30 @@ Certificate:
6
6
  Issuer: CN=Unknown CA
7
7
  Validity
8
8
  Not Before: Jan 1 00:00:00 1970 GMT
9
- Not After : Jun 15 01:19:37 2031 GMT
9
+ Not After : Jun 24 21:18:00 2033 GMT
10
10
  Subject: CN=Unknown CA
11
11
  Subject Public Key Info:
12
12
  Public Key Algorithm: rsaEncryption
13
- RSA Public-Key: (2048 bit)
13
+ Public-Key: (2048 bit)
14
14
  Modulus:
15
- 00:b4:79:b0:16:e7:9b:22:20:17:4b:36:87:eb:38:
16
- 03:1f:df:88:00:1b:37:40:5e:1f:1d:89:1f:3e:f4:
17
- fa:69:90:9c:d8:68:df:c8:71:07:07:4e:01:1d:f0:
18
- a8:9a:67:94:af:47:f2:b8:60:f5:ca:fb:bb:ac:7c:
19
- 23:58:59:bc:95:b0:ad:b2:c7:a0:28:e1:4f:1e:c4:
20
- ef:5f:2b:a3:4e:f2:6a:95:c8:4f:f5:af:bc:fa:36:
21
- 10:f9:a9:62:7a:04:d5:01:cd:9b:ba:97:32:4c:99:
22
- e5:88:fc:05:84:34:f5:4a:f2:f1:ec:04:c7:c7:63:
23
- 28:eb:9e:ee:91:cd:95:8b:60:9e:5f:51:a1:2b:5a:
24
- cd:02:b2:a7:52:6c:d1:8a:ab:b1:c4:52:cd:10:ce:
25
- 9e:56:24:6c:63:84:2c:15:6c:c0:62:ea:c2:d9:04:
26
- 88:e2:e2:0f:ff:ce:87:51:eb:77:50:83:33:1c:c7:
27
- 88:5b:08:d4:3a:22:2f:13:a6:89:f7:4b:a0:2e:30:
28
- c1:12:7a:bb:37:1f:aa:87:56:44:2f:5a:63:4b:b2:
29
- 36:f6:29:5e:b8:67:52:6f:63:2a:ad:3d:c3:a5:45:
30
- af:97:e9:85:9e:76:1e:51:9c:68:36:58:32:ad:cf:
31
- 3e:4d:f0:92:e2:ad:d6:f0:e1:5d:af:08:ca:2a:82:
32
- 0e:a3
15
+ 00:a8:08:cd:22:aa:fa:a1:38:0e:d8:be:2f:57:b6:
16
+ fb:f5:e2:9b:04:72:49:56:15:71:42:1d:12:a8:8f:
17
+ 29:03:63:e1:2a:1f:ec:4d:67:3d:7d:5e:27:a5:21:
18
+ fe:16:38:a0:f5:de:5c:76:ec:71:7d:6c:ae:ca:8a:
19
+ 30:5d:fe:39:c5:4a:d0:14:13:76:b5:89:d8:58:7a:
20
+ 11:76:54:3e:4d:e3:be:f9:fb:72:80:bc:19:07:0f:
21
+ e0:53:46:5b:f1:45:8c:d2:5c:af:e4:0f:ab:7d:bc:
22
+ 22:3c:7a:b1:95:7d:6a:04:4b:fa:d2:e8:1e:c4:39:
23
+ 4b:bd:dc:7e:69:ba:8e:a9:96:a5:17:e4:ae:4e:3e:
24
+ 98:ad:2b:55:95:ac:6d:40:4b:20:55:51:31:98:9e:
25
+ 4e:de:b4:37:31:5b:d9:3a:6c:e4:b1:0a:19:ce:5e:
26
+ a8:e2:29:97:de:3d:c7:50:54:fb:f2:8f:2a:a4:58:
27
+ a5:52:82:0b:52:c8:4e:6c:5d:78:10:c6:4b:05:36:
28
+ 02:e4:df:bc:95:4a:47:b7:e8:e4:8b:6d:46:ab:fb:
29
+ fb:41:6b:bb:90:c4:1b:5a:7d:3b:2e:19:2d:0d:95:
30
+ 70:d2:10:f9:7a:1a:ee:8f:20:cb:8d:8d:bf:23:75:
31
+ 11:dd:02:ab:e3:fd:9e:b1:05:3b:63:2e:ab:87:93:
32
+ 63:a3
33
33
  Exponent: 65537 (0x10001)
34
34
  X509v3 extensions:
35
35
  X509v3 Basic Constraints: critical
@@ -37,45 +37,45 @@ Certificate:
37
37
  X509v3 Key Usage: critical
38
38
  Certificate Sign, CRL Sign
39
39
  X509v3 Subject Key Identifier:
40
- D0:CD:40:49:88:F6:74:BB:B4:D7:05:37:74:33:B1:C2:27:73:81:CB
40
+ EC:86:9A:24:5D:36:4B:28:24:DD:DF:75:52:D1:83:19:33:37:46:E9
41
41
  Netscape Comment:
42
42
  Puppet Server Internal Certificate
43
43
  X509v3 Authority Key Identifier:
44
- keyid:D0:CD:40:49:88:F6:74:BB:B4:D7:05:37:74:33:B1:C2:27:73:81:CB
45
-
44
+ EC:86:9A:24:5D:36:4B:28:24:DD:DF:75:52:D1:83:19:33:37:46:E9
46
45
  Signature Algorithm: sha256WithRSAEncryption
47
- 51:79:86:29:27:07:e5:fc:59:83:2d:15:ae:5f:c4:bc:0a:71:
48
- 2c:71:74:20:14:ce:47:8f:cf:79:03:76:bd:df:c9:e9:7f:12:
49
- b2:4e:5a:c5:4f:e1:0b:c3:17:44:92:37:af:10:08:75:9a:d9:
50
- c5:0d:66:e9:24:2b:ec:00:aa:de:2f:ce:df:04:fa:49:d9:bd:
51
- bd:5e:7b:e4:e7:1e:9e:20:d3:85:70:b4:95:b5:1d:2e:fa:0c:
52
- b4:47:5a:38:ec:b0:bd:7e:34:5f:4d:9d:1f:81:81:8a:6c:a6:
53
- 94:fb:f8:41:d6:a3:e4:64:3a:b7:12:4f:9e:4e:60:4a:12:a9:
54
- d1:87:a5:a8:31:91:16:96:50:73:87:64:46:f1:f2:f9:99:80:
55
- a2:89:e9:99:57:48:8a:56:08:d7:8d:a9:1d:69:7c:8f:73:e5:
56
- 53:2d:28:ee:70:d7:f8:fe:41:25:3e:4c:6c:de:31:3f:9e:7d:
57
- c4:f0:67:e9:fc:a3:02:c7:39:19:f5:6f:59:6a:ca:bb:8c:c8:
58
- e6:01:43:ad:95:67:3f:c0:d6:35:18:b1:6e:9f:e1:ce:c7:be:
59
- 35:f0:7b:65:e7:79:82:c3:b6:f7:48:28:98:d0:5c:3c:97:f3:
60
- 69:b3:5e:c3:a0:c5:82:02:6f:20:d0:1b:cd:43:b0:85:7e:4f:
61
- 71:b9:f3:8f
46
+ Signature Value:
47
+ 5a:5d:26:6a:dc:aa:0e:66:c5:9c:b8:15:09:20:25:0a:46:be:
48
+ 6b:b9:b4:6d:a9:74:e3:cd:a4:40:4a:dc:71:d2:fa:50:3c:b9:
49
+ 6e:0d:4b:c8:b9:d3:26:06:1b:3a:d7:e5:02:fd:ec:ad:e2:4b:
50
+ ad:19:49:57:11:a3:4c:0e:67:5c:46:63:7a:aa:8f:ca:f0:f5:
51
+ 5e:ad:bf:85:3d:1b:88:b8:a8:21:da:25:9c:27:96:70:60:83:
52
+ 0e:de:09:c3:a8:20:5f:9a:47:47:70:c8:94:aa:a5:2b:2d:bc:
53
+ c3:74:ee:ff:63:88:95:84:83:fe:66:99:e8:90:c0:ed:3b:1d:
54
+ 00:84:1a:29:43:15:53:9d:71:13:71:bf:5b:9a:7d:4e:e1:e2:
55
+ 28:1e:38:55:92:f8:16:28:8d:9b:1e:9a:fb:a7:7a:6e:b7:66:
56
+ 56:ed:b6:36:ef:f8:f6:21:c9:20:f3:f4:13:9e:a6:21:2e:2c:
57
+ ca:55:b0:2b:6d:2d:4a:58:f5:30:d8:70:eb:66:ac:ea:a8:64:
58
+ 23:0d:e8:39:28:34:f5:16:22:f0:84:c1:2a:9b:89:55:8f:72:
59
+ c2:6c:f0:62:bf:39:04:2c:fc:c1:f5:40:ad:fc:b0:c9:0f:ae:
60
+ 8d:f4:ce:1b:24:27:06:21:8e:9a:9a:56:40:d8:fe:b2:46:46:
61
+ 44:61:43:7c
62
62
  -----BEGIN CERTIFICATE-----
63
63
  MIIDPTCCAiWgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApVbmtu
64
- b3duIENBMB4XDTcwMDEwMTAwMDAwMFoXDTMxMDYxNTAxMTkzN1owFTETMBEGA1UE
65
- AwwKVW5rbm93biBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALR5
66
- sBbnmyIgF0s2h+s4Ax/fiAAbN0BeHx2JHz70+mmQnNho38hxBwdOAR3wqJpnlK9H
67
- 8rhg9cr7u6x8I1hZvJWwrbLHoCjhTx7E718ro07yapXIT/WvvPo2EPmpYnoE1QHN
68
- m7qXMkyZ5Yj8BYQ09Ury8ewEx8djKOue7pHNlYtgnl9RoStazQKyp1Js0YqrscRS
69
- zRDOnlYkbGOELBVswGLqwtkEiOLiD//Oh1Hrd1CDMxzHiFsI1DoiLxOmifdLoC4w
70
- wRJ6uzcfqodWRC9aY0uyNvYpXrhnUm9jKq09w6VFr5fphZ52HlGcaDZYMq3PPk3w
71
- kuKt1vDhXa8IyiqCDqMCAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
72
- DwEB/wQEAwIBBjAdBgNVHQ4EFgQU0M1ASYj2dLu01wU3dDOxwidzgcswMQYJYIZI
64
+ b3duIENBMB4XDTcwMDEwMTAwMDAwMFoXDTMzMDYyNDIxMTgwMFowFTETMBEGA1UE
65
+ AwwKVW5rbm93biBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgI
66
+ zSKq+qE4Dti+L1e2+/XimwRySVYVcUIdEqiPKQNj4Sof7E1nPX1eJ6Uh/hY4oPXe
67
+ XHbscX1srsqKMF3+OcVK0BQTdrWJ2Fh6EXZUPk3jvvn7coC8GQcP4FNGW/FFjNJc
68
+ r+QPq328Ijx6sZV9agRL+tLoHsQ5S73cfmm6jqmWpRfkrk4+mK0rVZWsbUBLIFVR
69
+ MZieTt60NzFb2Tps5LEKGc5eqOIpl949x1BU+/KPKqRYpVKCC1LITmxdeBDGSwU2
70
+ AuTfvJVKR7fo5IttRqv7+0Fru5DEG1p9Oy4ZLQ2VcNIQ+Xoa7o8gy42NvyN1Ed0C
71
+ q+P9nrEFO2Muq4eTY6MCAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
72
+ DwEB/wQEAwIBBjAdBgNVHQ4EFgQU7IaaJF02Sygk3d91UtGDGTM3RukwMQYJYIZI
73
73
  AYb4QgENBCQWIlB1cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNhdGUwHwYD
74
- VR0jBBgwFoAU0M1ASYj2dLu01wU3dDOxwidzgcswDQYJKoZIhvcNAQELBQADggEB
75
- AFF5hiknB+X8WYMtFa5fxLwKcSxxdCAUzkePz3kDdr3fyel/ErJOWsVP4QvDF0SS
76
- N68QCHWa2cUNZukkK+wAqt4vzt8E+knZvb1ee+TnHp4g04VwtJW1HS76DLRHWjjs
77
- sL1+NF9NnR+BgYpsppT7+EHWo+RkOrcST55OYEoSqdGHpagxkRaWUHOHZEbx8vmZ
78
- gKKJ6ZlXSIpWCNeNqR1pfI9z5VMtKO5w1/j+QSU+TGzeMT+efcTwZ+n8owLHORn1
79
- b1lqyruMyOYBQ62VZz/A1jUYsW6f4c7HvjXwe2XneYLDtvdIKJjQXDyX82mzXsOg
80
- xYICbyDQG81DsIV+T3G5848=
74
+ VR0jBBgwFoAU7IaaJF02Sygk3d91UtGDGTM3RukwDQYJKoZIhvcNAQELBQADggEB
75
+ AFpdJmrcqg5mxZy4FQkgJQpGvmu5tG2pdOPNpEBK3HHS+lA8uW4NS8i50yYGGzrX
76
+ 5QL97K3iS60ZSVcRo0wOZ1xGY3qqj8rw9V6tv4U9G4i4qCHaJZwnlnBggw7eCcOo
77
+ IF+aR0dwyJSqpSstvMN07v9jiJWEg/5mmeiQwO07HQCEGilDFVOdcRNxv1uafU7h
78
+ 4igeOFWS+BYojZsemvunem63Zlbttjbv+PYhySDz9BOepiEuLMpVsCttLUpY9TDY
79
+ cOtmrOqoZCMN6DkoNPUWIvCEwSqbiVWPcsJs8GK/OQQs/MH1QK38sMkPro30zhsk
80
+ JwYhjpqaVkDY/rJGRkRhQ3w=
81
81
  -----END CERTIFICATE-----
@@ -15,6 +15,24 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
15
15
  let(:node) { Puppet::Node.new(Puppet[:certname], environment: 'production')}
16
16
  let(:formatter) { Puppet::Network::FormatHandler.format(:rich_data_json) }
17
17
 
18
+ # Create temp fixtures since the agent will attempt to refresh the CA/CRL
19
+ before do
20
+ Puppet[:localcacert] = ca = tmpfile('ca')
21
+ Puppet[:hostcrl] = crl = tmpfile('crl')
22
+
23
+ copy_fixtures(%w[ca.pem intermediate.pem], ca)
24
+ copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
25
+ end
26
+
27
+ def copy_fixtures(sources, dest)
28
+ ssldir = File.join(PuppetSpec::FIXTURE_DIR, 'ssl')
29
+ File.open(dest, 'w') do |f|
30
+ sources.each do |s|
31
+ f.write(File.read(File.join(ssldir, s)))
32
+ end
33
+ end
34
+ end
35
+
18
36
  context 'server_list' do
19
37
  it "uses the first server in the list" do
20
38
  Puppet[:server_list] = '127.0.0.1'
@@ -835,23 +853,10 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
835
853
  end
836
854
  end
837
855
 
838
- def copy_fixtures(sources, dest)
839
- ssldir = File.join(PuppetSpec::FIXTURE_DIR, 'ssl')
840
- File.open(dest, 'w') do |f|
841
- sources.each do |s|
842
- f.write(File.read(File.join(ssldir, s)))
843
- end
844
- end
845
- end
846
-
847
856
  it "reloads the CRL between runs" do
848
- Puppet[:localcacert] = ca = tmpfile('ca')
849
- Puppet[:hostcrl] = crl = tmpfile('crl')
850
857
  Puppet[:hostcert] = cert = tmpfile('cert')
851
858
  Puppet[:hostprivkey] = key = tmpfile('key')
852
859
 
853
- copy_fixtures(%w[ca.pem intermediate.pem], ca)
854
- copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
855
860
  copy_fixtures(%w[127.0.0.1.pem], cert)
856
861
  copy_fixtures(%w[127.0.0.1-key.pem], key)
857
862
 
@@ -896,6 +901,50 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
896
901
  .and output(%r{Certificate 'CN=revoked' is revoked}).to_stderr
897
902
  end
898
903
  end
904
+
905
+ it "refreshes the CA and CRL" do
906
+ now = Time.now
907
+ yesterday = now - (60 * 60 * 24)
908
+ Puppet::FileSystem.touch(Puppet[:localcacert], mtime: yesterday)
909
+ Puppet::FileSystem.touch(Puppet[:hostcrl], mtime: yesterday)
910
+
911
+ server.start_server do |port|
912
+ Puppet[:serverport] = port
913
+ Puppet[:ca_refresh_interval] = 1
914
+
915
+ expect {
916
+ agent.command_line.args << '--test'
917
+ agent.run
918
+ }.to exit_with(0)
919
+ .and output(/Info: Refreshed CA certificate: /).to_stdout
920
+ end
921
+
922
+ # If the CA is updated, then the CRL must be updated too
923
+ expect(Puppet::FileSystem.stat(Puppet[:localcacert]).mtime).to be >= now
924
+ expect(Puppet::FileSystem.stat(Puppet[:hostcrl]).mtime).to be >= now
925
+ end
926
+
927
+ it "refreshes only the CRL" do
928
+ now = Time.now
929
+ tomorrow = now + (60 * 60 * 24)
930
+ Puppet::FileSystem.touch(Puppet[:localcacert], mtime: tomorrow)
931
+
932
+ yesterday = now - (60 * 60 * 24)
933
+ Puppet::FileSystem.touch(Puppet[:hostcrl], mtime: yesterday)
934
+
935
+ server.start_server do |port|
936
+ Puppet[:serverport] = port
937
+ Puppet[:crl_refresh_interval] = 1
938
+
939
+ expect {
940
+ agent.command_line.args << '--test'
941
+ agent.run
942
+ }.to exit_with(0)
943
+ .and output(/Info: Refreshed CRL: /).to_stdout
944
+ end
945
+
946
+ expect(Puppet::FileSystem.stat(Puppet[:hostcrl]).mtime).to be >= now
947
+ end
899
948
  end
900
949
 
901
950
  context "legacy facts" do
@@ -994,6 +1043,7 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
994
1043
  expect {
995
1044
  agent.run
996
1045
  }.to exit_with(1)
1046
+ .and output(/Info: Loading facts/).to_stdout
997
1047
  .and output(
998
1048
  match(/Error: Evaluation Error: Unknown variable: 'osfamily'/)
999
1049
  .and match(/Error: Could not retrieve catalog from remote server: Error 500 on SERVER:/)
@@ -763,5 +763,19 @@ class amod::bad_type {
763
763
  .and output(/Notify\[runs before file\]/).to_stdout
764
764
  .and output(/Validation of File.* failed: You cannot specify more than one of content, source, target/).to_stderr
765
765
  end
766
+
767
+ it "applies deferred sensitive file content" do
768
+ manifest = <<~END
769
+ file { '#{deferred_file}':
770
+ ensure => file,
771
+ content => Deferred('new', [Sensitive, "hello\n"])
772
+ }
773
+ END
774
+ apply.command_line.args = ['-e', manifest]
775
+ expect {
776
+ apply.run
777
+ }.to exit_with(0)
778
+ .and output(/ensure: changed \[redacted\] to \[redacted\]/).to_stdout
779
+ end
766
780
  end
767
781
  end
@@ -175,6 +175,22 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
175
175
  end
176
176
  end
177
177
 
178
+ context 'ensure that retrying does not attempt to read the body after closing the connection' do
179
+ let(:client) { Puppet::HTTP::Client.new(retry_limit: 1) }
180
+ it 'raises a retry error instead' do
181
+ response_proc = -> (req, res) {
182
+ res['Retry-After'] = 1
183
+ res.status = 503
184
+ }
185
+
186
+ https_server.start_server(response_proc: response_proc) do |port|
187
+ uri = URI("https://127.0.0.1:#{port}")
188
+ kwargs = {headers: {'Content-Type' => 'text/plain'}, options: {ssl_context: root_context}}
189
+ expect{client.post(uri, '', **kwargs)}.to raise_error(Puppet::HTTP::TooManyRetryAfters)
190
+ end
191
+ end
192
+ end
193
+
178
194
  context 'persistent connections' do
179
195
  it "detects when the server has closed the connection and reconnects" do
180
196
  Puppet[:http_debug] = true
@@ -131,20 +131,13 @@ module Puppet
131
131
  def build_cert(name, issuer, opts = {})
132
132
  key = if opts[:key_type] == :ec
133
133
  key = OpenSSL::PKey::EC.generate('prime256v1')
134
+ elsif opts[:reuse_key]
135
+ key = opts[:reuse_key]
134
136
  else
135
137
  key = OpenSSL::PKey::RSA.new(2048)
136
138
  end
137
139
  cert = OpenSSL::X509::Certificate.new
138
- cert.public_key = if key.is_a?(OpenSSL::PKey::EC)
139
- # EC#public_key doesn't following the PKey API,
140
- # see https://github.com/ruby/openssl/issues/29
141
- point = key.public_key
142
- pubkey = OpenSSL::PKey::EC.new(point.group)
143
- pubkey.public_key = point
144
- pubkey
145
- else
146
- key.public_key
147
- end
140
+ cert.public_key = key
148
141
  cert.subject = OpenSSL::X509::Name.new([["CN", name]])
149
142
  cert.issuer = issuer
150
143
  cert.version = 2
@@ -668,6 +668,7 @@ Searching for "a"
668
668
  expect {
669
669
  lookup.run_command
670
670
  }.to exit_with(0)
671
+ .and output(/This is in facts hash/).to_stdout
671
672
  end
672
673
  end
673
674
  end