puppet 8.0.1-universal-darwin → 8.2.0-universal-darwin
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CODEOWNERS +5 -5
- data/Gemfile.lock +47 -39
- data/ext/project_data.yaml +1 -1
- data/lib/puppet/defaults.rb +37 -7
- data/lib/puppet/http/client.rb +12 -5
- data/lib/puppet/http/service/ca.rb +32 -2
- data/lib/puppet/node/environment.rb +6 -4
- data/lib/puppet/pops/evaluator/deferred_resolver.rb +20 -3
- data/lib/puppet/ssl/oids.rb +2 -0
- data/lib/puppet/ssl/ssl_provider.rb +1 -1
- data/lib/puppet/ssl/state_machine.rb +143 -14
- data/lib/puppet/thread_local.rb +1 -4
- data/lib/puppet/version.rb +1 -1
- data/lib/puppet/x509/cert_provider.rb +29 -0
- data/locales/puppet.pot +2346 -2310
- data/man/man5/puppet.conf.5 +31 -3
- data/man/man8/puppet-agent.8 +1 -1
- data/man/man8/puppet-apply.8 +1 -1
- data/man/man8/puppet-catalog.8 +1 -1
- data/man/man8/puppet-config.8 +1 -1
- data/man/man8/puppet-describe.8 +1 -1
- data/man/man8/puppet-device.8 +1 -1
- data/man/man8/puppet-doc.8 +1 -1
- data/man/man8/puppet-epp.8 +1 -1
- data/man/man8/puppet-facts.8 +1 -1
- data/man/man8/puppet-filebucket.8 +1 -1
- data/man/man8/puppet-generate.8 +1 -1
- data/man/man8/puppet-help.8 +1 -1
- data/man/man8/puppet-lookup.8 +1 -1
- data/man/man8/puppet-module.8 +1 -1
- data/man/man8/puppet-node.8 +1 -1
- data/man/man8/puppet-parser.8 +1 -1
- data/man/man8/puppet-plugin.8 +1 -1
- data/man/man8/puppet-report.8 +1 -1
- data/man/man8/puppet-resource.8 +1 -1
- data/man/man8/puppet-script.8 +1 -1
- data/man/man8/puppet-ssl.8 +1 -1
- data/man/man8/puppet.8 +2 -2
- data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -107
- data/spec/fixtures/ssl/127.0.0.1.pem +52 -51
- data/spec/fixtures/ssl/bad-basic-constraints.pem +56 -56
- data/spec/fixtures/ssl/bad-int-basic-constraints.pem +53 -53
- data/spec/fixtures/ssl/ca.pem +54 -54
- data/spec/fixtures/ssl/crl.pem +26 -26
- data/spec/fixtures/ssl/ec-key.pem +11 -11
- data/spec/fixtures/ssl/ec.pem +33 -32
- data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
- data/spec/fixtures/ssl/encrypted-key.pem +108 -108
- data/spec/fixtures/ssl/intermediate-agent-crl.pem +26 -26
- data/spec/fixtures/ssl/intermediate-agent.pem +56 -56
- data/spec/fixtures/ssl/intermediate-crl.pem +29 -29
- data/spec/fixtures/ssl/intermediate.pem +53 -53
- data/spec/fixtures/ssl/oid-key.pem +107 -107
- data/spec/fixtures/ssl/oid.pem +51 -50
- data/spec/fixtures/ssl/pluto-key.pem +107 -107
- data/spec/fixtures/ssl/pluto.pem +52 -51
- data/spec/fixtures/ssl/renewed.pem +67 -0
- data/spec/fixtures/ssl/request-key.pem +107 -107
- data/spec/fixtures/ssl/request.pem +50 -48
- data/spec/fixtures/ssl/revoked-key.pem +107 -107
- data/spec/fixtures/ssl/revoked.pem +51 -50
- data/spec/fixtures/ssl/signed-key.pem +107 -107
- data/spec/fixtures/ssl/signed.pem +49 -48
- data/spec/fixtures/ssl/tampered-cert.pem +51 -50
- data/spec/fixtures/ssl/tampered-csr.pem +50 -48
- data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -107
- data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -49
- data/spec/fixtures/ssl/unknown-ca-key.pem +107 -107
- data/spec/fixtures/ssl/unknown-ca.pem +54 -54
- data/spec/integration/application/agent_spec.rb +63 -13
- data/spec/integration/application/apply_spec.rb +14 -0
- data/spec/integration/http/client_spec.rb +16 -0
- data/spec/lib/puppet/test_ca.rb +3 -10
- data/spec/unit/application/lookup_spec.rb +1 -0
- data/spec/unit/defaults_spec.rb +2 -40
- data/spec/unit/file_system/path_pattern_spec.rb +15 -0
- data/spec/unit/http/service/ca_spec.rb +83 -0
- data/spec/unit/ssl/ssl_provider_spec.rb +20 -0
- data/spec/unit/ssl/state_machine_spec.rb +143 -3
- data/spec/unit/x509/cert_provider_spec.rb +49 -0
- data/tasks/generate_cert_fixtures.rake +4 -0
- metadata +5 -9
@@ -1,117 +1,117 @@
|
|
1
|
-
|
1
|
+
Private-Key: (2048 bit, 2 primes)
|
2
2
|
modulus:
|
3
|
-
00:
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
3
|
+
00:a8:08:cd:22:aa:fa:a1:38:0e:d8:be:2f:57:b6:
|
4
|
+
fb:f5:e2:9b:04:72:49:56:15:71:42:1d:12:a8:8f:
|
5
|
+
29:03:63:e1:2a:1f:ec:4d:67:3d:7d:5e:27:a5:21:
|
6
|
+
fe:16:38:a0:f5:de:5c:76:ec:71:7d:6c:ae:ca:8a:
|
7
|
+
30:5d:fe:39:c5:4a:d0:14:13:76:b5:89:d8:58:7a:
|
8
|
+
11:76:54:3e:4d:e3:be:f9:fb:72:80:bc:19:07:0f:
|
9
|
+
e0:53:46:5b:f1:45:8c:d2:5c:af:e4:0f:ab:7d:bc:
|
10
|
+
22:3c:7a:b1:95:7d:6a:04:4b:fa:d2:e8:1e:c4:39:
|
11
|
+
4b:bd:dc:7e:69:ba:8e:a9:96:a5:17:e4:ae:4e:3e:
|
12
|
+
98:ad:2b:55:95:ac:6d:40:4b:20:55:51:31:98:9e:
|
13
|
+
4e:de:b4:37:31:5b:d9:3a:6c:e4:b1:0a:19:ce:5e:
|
14
|
+
a8:e2:29:97:de:3d:c7:50:54:fb:f2:8f:2a:a4:58:
|
15
|
+
a5:52:82:0b:52:c8:4e:6c:5d:78:10:c6:4b:05:36:
|
16
|
+
02:e4:df:bc:95:4a:47:b7:e8:e4:8b:6d:46:ab:fb:
|
17
|
+
fb:41:6b:bb:90:c4:1b:5a:7d:3b:2e:19:2d:0d:95:
|
18
|
+
70:d2:10:f9:7a:1a:ee:8f:20:cb:8d:8d:bf:23:75:
|
19
|
+
11:dd:02:ab:e3:fd:9e:b1:05:3b:63:2e:ab:87:93:
|
20
|
+
63:a3
|
21
21
|
publicExponent: 65537 (0x10001)
|
22
22
|
privateExponent:
|
23
|
-
00:
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
23
|
+
12:00:67:61:98:69:a3:4d:eb:21:43:36:b5:31:f0:
|
24
|
+
4a:46:4d:8f:2b:63:39:ea:b0:28:82:0e:d6:aa:07:
|
25
|
+
9d:ca:5c:7b:f3:d1:8f:f5:48:7c:1e:d3:26:78:be:
|
26
|
+
cc:c8:a2:4d:d4:d5:99:13:f9:90:93:4d:22:7b:ad:
|
27
|
+
74:d4:60:82:07:62:c5:53:d4:7a:dc:5a:a6:17:e5:
|
28
|
+
b9:04:8b:6c:32:c2:e9:eb:0b:38:49:6e:70:f8:3d:
|
29
|
+
73:0e:6d:99:2a:77:4c:ae:0b:55:e6:6b:db:db:84:
|
30
|
+
db:6f:d5:88:8b:58:09:3f:ce:8e:3b:b9:d8:11:bf:
|
31
|
+
50:86:c7:b0:32:01:48:9f:a3:5d:c2:dc:9a:67:2f:
|
32
|
+
94:70:99:08:31:bf:a3:e3:89:de:e2:f1:8c:4d:73:
|
33
|
+
5c:68:ac:76:36:4f:0d:ce:e8:62:5a:32:44:7a:13:
|
34
|
+
fa:9a:46:2e:30:aa:66:10:43:81:5d:57:65:99:3c:
|
35
|
+
82:0c:65:83:44:36:6a:e1:0d:44:16:74:e1:c6:a8:
|
36
|
+
9a:3d:a5:fa:a2:7e:cb:a1:76:c0:21:e0:4c:ea:a2:
|
37
|
+
f2:d9:a7:53:a8:41:39:db:51:c7:5d:31:b2:04:86:
|
38
|
+
4b:7d:cf:11:10:16:b3:b1:22:37:29:c4:20:7e:b0:
|
39
|
+
0c:7b:ac:89:78:6b:ef:3b:98:29:c2:23:29:9f:4e:
|
40
|
+
89
|
41
41
|
prime1:
|
42
|
-
00:
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
42
|
+
00:c0:6f:d4:87:c5:6a:30:aa:2a:5e:a1:f9:0c:0e:
|
43
|
+
c8:14:8e:56:8a:57:15:13:a9:10:31:a4:c9:62:21:
|
44
|
+
60:a0:98:a9:fa:82:8e:c6:c7:3a:1f:bb:2b:db:32:
|
45
|
+
e9:fc:9e:93:8e:d7:4c:1a:3a:87:11:76:a7:e9:7b:
|
46
|
+
1f:5c:2a:8f:22:d5:24:e1:5b:7d:fe:15:cd:af:43:
|
47
|
+
20:52:c8:2f:b1:a9:7c:11:5d:7a:61:71:d5:a8:e7:
|
48
|
+
22:66:4f:40:08:bf:75:b5:c4:7a:db:83:52:6c:88:
|
49
|
+
f9:27:6b:fd:8c:0d:05:f7:30:6f:0f:f7:7c:21:58:
|
50
|
+
aa:45:34:b1:73:12:63:45:af
|
51
51
|
prime2:
|
52
|
-
00:
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
52
|
+
00:df:89:89:3a:49:8a:0f:91:87:04:b4:aa:73:d6:
|
53
|
+
b7:03:60:20:60:2e:b8:c0:eb:c4:70:ef:19:d6:ce:
|
54
|
+
72:ae:4c:b6:bb:c4:45:20:e7:8d:1a:44:4a:e4:1a:
|
55
|
+
67:67:42:28:93:32:b7:f2:90:04:53:88:46:1b:8a:
|
56
|
+
79:b8:18:fb:11:92:a3:fc:7e:b0:75:29:99:ee:89:
|
57
|
+
d9:5d:4e:fa:09:e0:cf:9f:e4:23:bc:72:97:32:99:
|
58
|
+
fc:14:78:ca:bc:b5:73:08:f8:cc:9b:81:ea:ae:71:
|
59
|
+
5b:f7:b0:f8:1b:16:0a:28:4e:01:11:40:e1:68:10:
|
60
|
+
5c:26:84:74:a7:a3:a8:f2:4d
|
61
61
|
exponent1:
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
62
|
+
00:86:75:9d:2a:c0:e5:d1:db:14:7f:ca:ed:19:5f:
|
63
|
+
ba:ad:a2:47:15:a2:83:37:99:89:97:26:6d:10:04:
|
64
|
+
02:60:34:4b:90:9e:68:e4:bb:90:01:5b:e6:e8:e2:
|
65
|
+
4a:5c:18:f1:41:7d:6d:cf:65:d5:ba:7e:0e:15:35:
|
66
|
+
d2:53:b3:e9:0f:8d:9e:97:58:36:50:b3:2b:64:aa:
|
67
|
+
a2:8b:35:15:1e:2e:2e:62:73:ce:6f:07:fb:22:69:
|
68
|
+
5d:bf:de:df:ff:3c:c8:22:99:86:be:9a:a3:9c:f2:
|
69
|
+
98:24:d3:6f:f5:cb:a3:bf:74:38:26:0f:e6:cb:e6:
|
70
|
+
08:13:13:1e:6a:29:0e:f4:41
|
71
71
|
exponent2:
|
72
|
-
00:
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
72
|
+
00:b3:dc:7a:6a:47:d9:aa:85:31:da:7b:73:db:19:
|
73
|
+
1c:d0:be:7b:ce:68:49:88:11:2c:52:a2:50:6c:22:
|
74
|
+
58:ec:1e:15:ba:27:46:68:1f:67:cd:86:bd:ab:a4:
|
75
|
+
03:27:76:78:27:58:5b:e1:f4:37:46:ef:13:59:fd:
|
76
|
+
a5:ca:97:6f:0c:c8:ac:e1:f1:1e:12:67:92:cf:f8:
|
77
|
+
62:c9:4d:4e:aa:bc:14:d3:56:41:da:d3:69:0c:f2:
|
78
|
+
11:7e:77:62:c9:4c:46:6f:25:a1:9c:4e:80:82:33:
|
79
|
+
fc:07:e4:80:fd:6a:52:69:f3:b9:b0:24:40:39:f7:
|
80
|
+
4f:ee:3e:0d:8f:05:84:5e:d1
|
81
81
|
coefficient:
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
82
|
+
6d:a8:08:7a:ad:94:c8:0f:dc:07:57:71:1b:a7:3a:
|
83
|
+
4d:b9:a5:39:81:36:75:c3:ff:b5:ed:7c:6a:df:28:
|
84
|
+
f6:22:1e:33:a6:48:31:8f:dc:ba:03:72:e6:51:39:
|
85
|
+
d1:ce:c5:0a:7c:a3:dd:44:9b:1b:38:94:44:ce:1e:
|
86
|
+
c5:6b:f1:4d:c8:e8:6d:ed:ad:1e:8c:86:50:98:fb:
|
87
|
+
90:4a:25:d5:3d:2f:66:a7:b9:d6:5d:84:e7:77:25:
|
88
|
+
69:0b:89:4b:30:53:7c:74:01:72:37:91:31:2b:aa:
|
89
|
+
54:92:9e:41:18:a1:8c:0e:c6:74:c9:0b:1e:be:76:
|
90
|
+
06:54:29:52:c6:a1:26:01
|
91
91
|
-----BEGIN RSA PRIVATE KEY-----
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
102
|
-
|
103
|
-
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
|
92
|
+
MIIEpAIBAAKCAQEAqAjNIqr6oTgO2L4vV7b79eKbBHJJVhVxQh0SqI8pA2PhKh/s
|
93
|
+
TWc9fV4npSH+Fjig9d5cduxxfWyuyoowXf45xUrQFBN2tYnYWHoRdlQ+TeO++fty
|
94
|
+
gLwZBw/gU0Zb8UWM0lyv5A+rfbwiPHqxlX1qBEv60ugexDlLvdx+abqOqZalF+Su
|
95
|
+
Tj6YrStVlaxtQEsgVVExmJ5O3rQ3MVvZOmzksQoZzl6o4imX3j3HUFT78o8qpFil
|
96
|
+
UoILUshObF14EMZLBTYC5N+8lUpHt+jki21Gq/v7QWu7kMQbWn07LhktDZVw0hD5
|
97
|
+
ehrujyDLjY2/I3UR3QKr4/2esQU7Yy6rh5NjowIDAQABAoIBABIAZ2GYaaNN6yFD
|
98
|
+
NrUx8EpGTY8rYznqsCiCDtaqB53KXHvz0Y/1SHwe0yZ4vszIok3U1ZkT+ZCTTSJ7
|
99
|
+
rXTUYIIHYsVT1HrcWqYX5bkEi2wywunrCzhJbnD4PXMObZkqd0yuC1Xma9vbhNtv
|
100
|
+
1YiLWAk/zo47udgRv1CGx7AyAUifo13C3JpnL5RwmQgxv6Pjid7i8YxNc1xorHY2
|
101
|
+
Tw3O6GJaMkR6E/qaRi4wqmYQQ4FdV2WZPIIMZYNENmrhDUQWdOHGqJo9pfqifsuh
|
102
|
+
dsAh4EzqovLZp1OoQTnbUcddMbIEhkt9zxEQFrOxIjcpxCB+sAx7rIl4a+87mCnC
|
103
|
+
IymfTokCgYEAwG/Uh8VqMKoqXqH5DA7IFI5WilcVE6kQMaTJYiFgoJip+oKOxsc6
|
104
|
+
H7sr2zLp/J6TjtdMGjqHEXan6XsfXCqPItUk4Vt9/hXNr0MgUsgvsal8EV16YXHV
|
105
|
+
qOciZk9ACL91tcR624NSbIj5J2v9jA0F9zBvD/d8IViqRTSxcxJjRa8CgYEA34mJ
|
106
|
+
OkmKD5GHBLSqc9a3A2AgYC64wOvEcO8Z1s5yrky2u8RFIOeNGkRK5BpnZ0IokzK3
|
107
|
+
8pAEU4hGG4p5uBj7EZKj/H6wdSmZ7onZXU76CeDPn+QjvHKXMpn8FHjKvLVzCPjM
|
108
|
+
m4HqrnFb97D4GxYKKE4BEUDhaBBcJoR0p6Oo8k0CgYEAhnWdKsDl0dsUf8rtGV+6
|
109
|
+
raJHFaKDN5mJlyZtEAQCYDRLkJ5o5LuQAVvm6OJKXBjxQX1tz2XVun4OFTXSU7Pp
|
110
|
+
D42el1g2ULMrZKqiizUVHi4uYnPObwf7Imldv97f/zzIIpmGvpqjnPKYJNNv9cuj
|
111
|
+
v3Q4Jg/my+YIExMeaikO9EECgYEAs9x6akfZqoUx2ntz2xkc0L57zmhJiBEsUqJQ
|
112
|
+
bCJY7B4VuidGaB9nzYa9q6QDJ3Z4J1hb4fQ3Ru8TWf2lypdvDMis4fEeEmeSz/hi
|
113
|
+
yU1OqrwU01ZB2tNpDPIRfndiyUxGbyWhnE6AgjP8B+SA/WpSafO5sCRAOfdP7j4N
|
114
|
+
jwWEXtECgYBtqAh6rZTID9wHV3EbpzpNuaU5gTZ1w/+17Xxq3yj2Ih4zpkgxj9y6
|
115
|
+
A3LmUTnRzsUKfKPdRJsbOJREzh7Fa/FNyOht7a0ejIZQmPuQSiXVPS9mp7nWXYTn
|
116
|
+
dyVpC4lLMFN8dAFyN5ExK6pUkp5BGKGMDsZ0yQsevnYGVClSxqEmAQ==
|
117
117
|
-----END RSA PRIVATE KEY-----
|
@@ -6,30 +6,30 @@ Certificate:
|
|
6
6
|
Issuer: CN=Unknown CA
|
7
7
|
Validity
|
8
8
|
Not Before: Jan 1 00:00:00 1970 GMT
|
9
|
-
Not After : Jun
|
9
|
+
Not After : Jun 24 21:18:00 2033 GMT
|
10
10
|
Subject: CN=Unknown CA
|
11
11
|
Subject Public Key Info:
|
12
12
|
Public Key Algorithm: rsaEncryption
|
13
|
-
|
13
|
+
Public-Key: (2048 bit)
|
14
14
|
Modulus:
|
15
|
-
00:
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
15
|
+
00:a8:08:cd:22:aa:fa:a1:38:0e:d8:be:2f:57:b6:
|
16
|
+
fb:f5:e2:9b:04:72:49:56:15:71:42:1d:12:a8:8f:
|
17
|
+
29:03:63:e1:2a:1f:ec:4d:67:3d:7d:5e:27:a5:21:
|
18
|
+
fe:16:38:a0:f5:de:5c:76:ec:71:7d:6c:ae:ca:8a:
|
19
|
+
30:5d:fe:39:c5:4a:d0:14:13:76:b5:89:d8:58:7a:
|
20
|
+
11:76:54:3e:4d:e3:be:f9:fb:72:80:bc:19:07:0f:
|
21
|
+
e0:53:46:5b:f1:45:8c:d2:5c:af:e4:0f:ab:7d:bc:
|
22
|
+
22:3c:7a:b1:95:7d:6a:04:4b:fa:d2:e8:1e:c4:39:
|
23
|
+
4b:bd:dc:7e:69:ba:8e:a9:96:a5:17:e4:ae:4e:3e:
|
24
|
+
98:ad:2b:55:95:ac:6d:40:4b:20:55:51:31:98:9e:
|
25
|
+
4e:de:b4:37:31:5b:d9:3a:6c:e4:b1:0a:19:ce:5e:
|
26
|
+
a8:e2:29:97:de:3d:c7:50:54:fb:f2:8f:2a:a4:58:
|
27
|
+
a5:52:82:0b:52:c8:4e:6c:5d:78:10:c6:4b:05:36:
|
28
|
+
02:e4:df:bc:95:4a:47:b7:e8:e4:8b:6d:46:ab:fb:
|
29
|
+
fb:41:6b:bb:90:c4:1b:5a:7d:3b:2e:19:2d:0d:95:
|
30
|
+
70:d2:10:f9:7a:1a:ee:8f:20:cb:8d:8d:bf:23:75:
|
31
|
+
11:dd:02:ab:e3:fd:9e:b1:05:3b:63:2e:ab:87:93:
|
32
|
+
63:a3
|
33
33
|
Exponent: 65537 (0x10001)
|
34
34
|
X509v3 extensions:
|
35
35
|
X509v3 Basic Constraints: critical
|
@@ -37,45 +37,45 @@ Certificate:
|
|
37
37
|
X509v3 Key Usage: critical
|
38
38
|
Certificate Sign, CRL Sign
|
39
39
|
X509v3 Subject Key Identifier:
|
40
|
-
|
40
|
+
EC:86:9A:24:5D:36:4B:28:24:DD:DF:75:52:D1:83:19:33:37:46:E9
|
41
41
|
Netscape Comment:
|
42
42
|
Puppet Server Internal Certificate
|
43
43
|
X509v3 Authority Key Identifier:
|
44
|
-
|
45
|
-
|
44
|
+
EC:86:9A:24:5D:36:4B:28:24:DD:DF:75:52:D1:83:19:33:37:46:E9
|
46
45
|
Signature Algorithm: sha256WithRSAEncryption
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
46
|
+
Signature Value:
|
47
|
+
5a:5d:26:6a:dc:aa:0e:66:c5:9c:b8:15:09:20:25:0a:46:be:
|
48
|
+
6b:b9:b4:6d:a9:74:e3:cd:a4:40:4a:dc:71:d2:fa:50:3c:b9:
|
49
|
+
6e:0d:4b:c8:b9:d3:26:06:1b:3a:d7:e5:02:fd:ec:ad:e2:4b:
|
50
|
+
ad:19:49:57:11:a3:4c:0e:67:5c:46:63:7a:aa:8f:ca:f0:f5:
|
51
|
+
5e:ad:bf:85:3d:1b:88:b8:a8:21:da:25:9c:27:96:70:60:83:
|
52
|
+
0e:de:09:c3:a8:20:5f:9a:47:47:70:c8:94:aa:a5:2b:2d:bc:
|
53
|
+
c3:74:ee:ff:63:88:95:84:83:fe:66:99:e8:90:c0:ed:3b:1d:
|
54
|
+
00:84:1a:29:43:15:53:9d:71:13:71:bf:5b:9a:7d:4e:e1:e2:
|
55
|
+
28:1e:38:55:92:f8:16:28:8d:9b:1e:9a:fb:a7:7a:6e:b7:66:
|
56
|
+
56:ed:b6:36:ef:f8:f6:21:c9:20:f3:f4:13:9e:a6:21:2e:2c:
|
57
|
+
ca:55:b0:2b:6d:2d:4a:58:f5:30:d8:70:eb:66:ac:ea:a8:64:
|
58
|
+
23:0d:e8:39:28:34:f5:16:22:f0:84:c1:2a:9b:89:55:8f:72:
|
59
|
+
c2:6c:f0:62:bf:39:04:2c:fc:c1:f5:40:ad:fc:b0:c9:0f:ae:
|
60
|
+
8d:f4:ce:1b:24:27:06:21:8e:9a:9a:56:40:d8:fe:b2:46:46:
|
61
|
+
44:61:43:7c
|
62
62
|
-----BEGIN CERTIFICATE-----
|
63
63
|
MIIDPTCCAiWgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApVbmtu
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
DwEB/
|
64
|
+
b3duIENBMB4XDTcwMDEwMTAwMDAwMFoXDTMzMDYyNDIxMTgwMFowFTETMBEGA1UE
|
65
|
+
AwwKVW5rbm93biBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgI
|
66
|
+
zSKq+qE4Dti+L1e2+/XimwRySVYVcUIdEqiPKQNj4Sof7E1nPX1eJ6Uh/hY4oPXe
|
67
|
+
XHbscX1srsqKMF3+OcVK0BQTdrWJ2Fh6EXZUPk3jvvn7coC8GQcP4FNGW/FFjNJc
|
68
|
+
r+QPq328Ijx6sZV9agRL+tLoHsQ5S73cfmm6jqmWpRfkrk4+mK0rVZWsbUBLIFVR
|
69
|
+
MZieTt60NzFb2Tps5LEKGc5eqOIpl949x1BU+/KPKqRYpVKCC1LITmxdeBDGSwU2
|
70
|
+
AuTfvJVKR7fo5IttRqv7+0Fru5DEG1p9Oy4ZLQ2VcNIQ+Xoa7o8gy42NvyN1Ed0C
|
71
|
+
q+P9nrEFO2Muq4eTY6MCAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
|
72
|
+
DwEB/wQEAwIBBjAdBgNVHQ4EFgQU7IaaJF02Sygk3d91UtGDGTM3RukwMQYJYIZI
|
73
73
|
AYb4QgENBCQWIlB1cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNhdGUwHwYD
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
74
|
+
VR0jBBgwFoAU7IaaJF02Sygk3d91UtGDGTM3RukwDQYJKoZIhvcNAQELBQADggEB
|
75
|
+
AFpdJmrcqg5mxZy4FQkgJQpGvmu5tG2pdOPNpEBK3HHS+lA8uW4NS8i50yYGGzrX
|
76
|
+
5QL97K3iS60ZSVcRo0wOZ1xGY3qqj8rw9V6tv4U9G4i4qCHaJZwnlnBggw7eCcOo
|
77
|
+
IF+aR0dwyJSqpSstvMN07v9jiJWEg/5mmeiQwO07HQCEGilDFVOdcRNxv1uafU7h
|
78
|
+
4igeOFWS+BYojZsemvunem63Zlbttjbv+PYhySDz9BOepiEuLMpVsCttLUpY9TDY
|
79
|
+
cOtmrOqoZCMN6DkoNPUWIvCEwSqbiVWPcsJs8GK/OQQs/MH1QK38sMkPro30zhsk
|
80
|
+
JwYhjpqaVkDY/rJGRkRhQ3w=
|
81
81
|
-----END CERTIFICATE-----
|
@@ -15,6 +15,24 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
|
|
15
15
|
let(:node) { Puppet::Node.new(Puppet[:certname], environment: 'production')}
|
16
16
|
let(:formatter) { Puppet::Network::FormatHandler.format(:rich_data_json) }
|
17
17
|
|
18
|
+
# Create temp fixtures since the agent will attempt to refresh the CA/CRL
|
19
|
+
before do
|
20
|
+
Puppet[:localcacert] = ca = tmpfile('ca')
|
21
|
+
Puppet[:hostcrl] = crl = tmpfile('crl')
|
22
|
+
|
23
|
+
copy_fixtures(%w[ca.pem intermediate.pem], ca)
|
24
|
+
copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
|
25
|
+
end
|
26
|
+
|
27
|
+
def copy_fixtures(sources, dest)
|
28
|
+
ssldir = File.join(PuppetSpec::FIXTURE_DIR, 'ssl')
|
29
|
+
File.open(dest, 'w') do |f|
|
30
|
+
sources.each do |s|
|
31
|
+
f.write(File.read(File.join(ssldir, s)))
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
18
36
|
context 'server_list' do
|
19
37
|
it "uses the first server in the list" do
|
20
38
|
Puppet[:server_list] = '127.0.0.1'
|
@@ -835,23 +853,10 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
|
|
835
853
|
end
|
836
854
|
end
|
837
855
|
|
838
|
-
def copy_fixtures(sources, dest)
|
839
|
-
ssldir = File.join(PuppetSpec::FIXTURE_DIR, 'ssl')
|
840
|
-
File.open(dest, 'w') do |f|
|
841
|
-
sources.each do |s|
|
842
|
-
f.write(File.read(File.join(ssldir, s)))
|
843
|
-
end
|
844
|
-
end
|
845
|
-
end
|
846
|
-
|
847
856
|
it "reloads the CRL between runs" do
|
848
|
-
Puppet[:localcacert] = ca = tmpfile('ca')
|
849
|
-
Puppet[:hostcrl] = crl = tmpfile('crl')
|
850
857
|
Puppet[:hostcert] = cert = tmpfile('cert')
|
851
858
|
Puppet[:hostprivkey] = key = tmpfile('key')
|
852
859
|
|
853
|
-
copy_fixtures(%w[ca.pem intermediate.pem], ca)
|
854
|
-
copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
|
855
860
|
copy_fixtures(%w[127.0.0.1.pem], cert)
|
856
861
|
copy_fixtures(%w[127.0.0.1-key.pem], key)
|
857
862
|
|
@@ -896,6 +901,50 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
|
|
896
901
|
.and output(%r{Certificate 'CN=revoked' is revoked}).to_stderr
|
897
902
|
end
|
898
903
|
end
|
904
|
+
|
905
|
+
it "refreshes the CA and CRL" do
|
906
|
+
now = Time.now
|
907
|
+
yesterday = now - (60 * 60 * 24)
|
908
|
+
Puppet::FileSystem.touch(Puppet[:localcacert], mtime: yesterday)
|
909
|
+
Puppet::FileSystem.touch(Puppet[:hostcrl], mtime: yesterday)
|
910
|
+
|
911
|
+
server.start_server do |port|
|
912
|
+
Puppet[:serverport] = port
|
913
|
+
Puppet[:ca_refresh_interval] = 1
|
914
|
+
|
915
|
+
expect {
|
916
|
+
agent.command_line.args << '--test'
|
917
|
+
agent.run
|
918
|
+
}.to exit_with(0)
|
919
|
+
.and output(/Info: Refreshed CA certificate: /).to_stdout
|
920
|
+
end
|
921
|
+
|
922
|
+
# If the CA is updated, then the CRL must be updated too
|
923
|
+
expect(Puppet::FileSystem.stat(Puppet[:localcacert]).mtime).to be >= now
|
924
|
+
expect(Puppet::FileSystem.stat(Puppet[:hostcrl]).mtime).to be >= now
|
925
|
+
end
|
926
|
+
|
927
|
+
it "refreshes only the CRL" do
|
928
|
+
now = Time.now
|
929
|
+
tomorrow = now + (60 * 60 * 24)
|
930
|
+
Puppet::FileSystem.touch(Puppet[:localcacert], mtime: tomorrow)
|
931
|
+
|
932
|
+
yesterday = now - (60 * 60 * 24)
|
933
|
+
Puppet::FileSystem.touch(Puppet[:hostcrl], mtime: yesterday)
|
934
|
+
|
935
|
+
server.start_server do |port|
|
936
|
+
Puppet[:serverport] = port
|
937
|
+
Puppet[:crl_refresh_interval] = 1
|
938
|
+
|
939
|
+
expect {
|
940
|
+
agent.command_line.args << '--test'
|
941
|
+
agent.run
|
942
|
+
}.to exit_with(0)
|
943
|
+
.and output(/Info: Refreshed CRL: /).to_stdout
|
944
|
+
end
|
945
|
+
|
946
|
+
expect(Puppet::FileSystem.stat(Puppet[:hostcrl]).mtime).to be >= now
|
947
|
+
end
|
899
948
|
end
|
900
949
|
|
901
950
|
context "legacy facts" do
|
@@ -994,6 +1043,7 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
|
|
994
1043
|
expect {
|
995
1044
|
agent.run
|
996
1045
|
}.to exit_with(1)
|
1046
|
+
.and output(/Info: Loading facts/).to_stdout
|
997
1047
|
.and output(
|
998
1048
|
match(/Error: Evaluation Error: Unknown variable: 'osfamily'/)
|
999
1049
|
.and match(/Error: Could not retrieve catalog from remote server: Error 500 on SERVER:/)
|
@@ -763,5 +763,19 @@ class amod::bad_type {
|
|
763
763
|
.and output(/Notify\[runs before file\]/).to_stdout
|
764
764
|
.and output(/Validation of File.* failed: You cannot specify more than one of content, source, target/).to_stderr
|
765
765
|
end
|
766
|
+
|
767
|
+
it "applies deferred sensitive file content" do
|
768
|
+
manifest = <<~END
|
769
|
+
file { '#{deferred_file}':
|
770
|
+
ensure => file,
|
771
|
+
content => Deferred('new', [Sensitive, "hello\n"])
|
772
|
+
}
|
773
|
+
END
|
774
|
+
apply.command_line.args = ['-e', manifest]
|
775
|
+
expect {
|
776
|
+
apply.run
|
777
|
+
}.to exit_with(0)
|
778
|
+
.and output(/ensure: changed \[redacted\] to \[redacted\]/).to_stdout
|
779
|
+
end
|
766
780
|
end
|
767
781
|
end
|
@@ -175,6 +175,22 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
|
|
175
175
|
end
|
176
176
|
end
|
177
177
|
|
178
|
+
context 'ensure that retrying does not attempt to read the body after closing the connection' do
|
179
|
+
let(:client) { Puppet::HTTP::Client.new(retry_limit: 1) }
|
180
|
+
it 'raises a retry error instead' do
|
181
|
+
response_proc = -> (req, res) {
|
182
|
+
res['Retry-After'] = 1
|
183
|
+
res.status = 503
|
184
|
+
}
|
185
|
+
|
186
|
+
https_server.start_server(response_proc: response_proc) do |port|
|
187
|
+
uri = URI("https://127.0.0.1:#{port}")
|
188
|
+
kwargs = {headers: {'Content-Type' => 'text/plain'}, options: {ssl_context: root_context}}
|
189
|
+
expect{client.post(uri, '', **kwargs)}.to raise_error(Puppet::HTTP::TooManyRetryAfters)
|
190
|
+
end
|
191
|
+
end
|
192
|
+
end
|
193
|
+
|
178
194
|
context 'persistent connections' do
|
179
195
|
it "detects when the server has closed the connection and reconnects" do
|
180
196
|
Puppet[:http_debug] = true
|
data/spec/lib/puppet/test_ca.rb
CHANGED
@@ -131,20 +131,13 @@ module Puppet
|
|
131
131
|
def build_cert(name, issuer, opts = {})
|
132
132
|
key = if opts[:key_type] == :ec
|
133
133
|
key = OpenSSL::PKey::EC.generate('prime256v1')
|
134
|
+
elsif opts[:reuse_key]
|
135
|
+
key = opts[:reuse_key]
|
134
136
|
else
|
135
137
|
key = OpenSSL::PKey::RSA.new(2048)
|
136
138
|
end
|
137
139
|
cert = OpenSSL::X509::Certificate.new
|
138
|
-
cert.public_key =
|
139
|
-
# EC#public_key doesn't following the PKey API,
|
140
|
-
# see https://github.com/ruby/openssl/issues/29
|
141
|
-
point = key.public_key
|
142
|
-
pubkey = OpenSSL::PKey::EC.new(point.group)
|
143
|
-
pubkey.public_key = point
|
144
|
-
pubkey
|
145
|
-
else
|
146
|
-
key.public_key
|
147
|
-
end
|
140
|
+
cert.public_key = key
|
148
141
|
cert.subject = OpenSSL::X509::Name.new([["CN", name]])
|
149
142
|
cert.issuer = issuer
|
150
143
|
cert.version = 2
|