puppet 8.1.0-universal-darwin → 8.2.0-universal-darwin

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (79) hide show
  1. checksums.yaml +4 -4
  2. data/Gemfile.lock +20 -20
  3. data/lib/puppet/defaults.rb +17 -5
  4. data/lib/puppet/http/client.rb +12 -5
  5. data/lib/puppet/http/service/ca.rb +25 -0
  6. data/lib/puppet/node/environment.rb +6 -4
  7. data/lib/puppet/pops/evaluator/deferred_resolver.rb +20 -3
  8. data/lib/puppet/ssl/oids.rb +2 -0
  9. data/lib/puppet/ssl/ssl_provider.rb +1 -1
  10. data/lib/puppet/ssl/state_machine.rb +60 -9
  11. data/lib/puppet/version.rb +1 -1
  12. data/lib/puppet/x509/cert_provider.rb +7 -0
  13. data/locales/puppet.pot +71 -47
  14. data/man/man5/puppet.conf.5 +16 -2
  15. data/man/man8/puppet-agent.8 +1 -1
  16. data/man/man8/puppet-apply.8 +1 -1
  17. data/man/man8/puppet-catalog.8 +1 -1
  18. data/man/man8/puppet-config.8 +1 -1
  19. data/man/man8/puppet-describe.8 +1 -1
  20. data/man/man8/puppet-device.8 +1 -1
  21. data/man/man8/puppet-doc.8 +1 -1
  22. data/man/man8/puppet-epp.8 +1 -1
  23. data/man/man8/puppet-facts.8 +1 -1
  24. data/man/man8/puppet-filebucket.8 +1 -1
  25. data/man/man8/puppet-generate.8 +1 -1
  26. data/man/man8/puppet-help.8 +1 -1
  27. data/man/man8/puppet-lookup.8 +1 -1
  28. data/man/man8/puppet-module.8 +1 -1
  29. data/man/man8/puppet-node.8 +1 -1
  30. data/man/man8/puppet-parser.8 +1 -1
  31. data/man/man8/puppet-plugin.8 +1 -1
  32. data/man/man8/puppet-report.8 +1 -1
  33. data/man/man8/puppet-resource.8 +1 -1
  34. data/man/man8/puppet-script.8 +1 -1
  35. data/man/man8/puppet-ssl.8 +1 -1
  36. data/man/man8/puppet.8 +2 -2
  37. data/spec/fixtures/ssl/127.0.0.1-key.pem +107 -107
  38. data/spec/fixtures/ssl/127.0.0.1.pem +52 -51
  39. data/spec/fixtures/ssl/bad-basic-constraints.pem +56 -56
  40. data/spec/fixtures/ssl/bad-int-basic-constraints.pem +53 -53
  41. data/spec/fixtures/ssl/ca.pem +54 -54
  42. data/spec/fixtures/ssl/crl.pem +26 -26
  43. data/spec/fixtures/ssl/ec-key.pem +11 -11
  44. data/spec/fixtures/ssl/ec.pem +33 -32
  45. data/spec/fixtures/ssl/encrypted-ec-key.pem +12 -12
  46. data/spec/fixtures/ssl/encrypted-key.pem +108 -108
  47. data/spec/fixtures/ssl/intermediate-agent-crl.pem +26 -26
  48. data/spec/fixtures/ssl/intermediate-agent.pem +56 -56
  49. data/spec/fixtures/ssl/intermediate-crl.pem +29 -29
  50. data/spec/fixtures/ssl/intermediate.pem +53 -53
  51. data/spec/fixtures/ssl/oid-key.pem +107 -107
  52. data/spec/fixtures/ssl/oid.pem +51 -50
  53. data/spec/fixtures/ssl/pluto-key.pem +107 -107
  54. data/spec/fixtures/ssl/pluto.pem +52 -51
  55. data/spec/fixtures/ssl/renewed.pem +67 -0
  56. data/spec/fixtures/ssl/request-key.pem +107 -107
  57. data/spec/fixtures/ssl/request.pem +50 -48
  58. data/spec/fixtures/ssl/revoked-key.pem +107 -107
  59. data/spec/fixtures/ssl/revoked.pem +51 -50
  60. data/spec/fixtures/ssl/signed-key.pem +107 -107
  61. data/spec/fixtures/ssl/signed.pem +49 -48
  62. data/spec/fixtures/ssl/tampered-cert.pem +51 -50
  63. data/spec/fixtures/ssl/tampered-csr.pem +50 -48
  64. data/spec/fixtures/ssl/unknown-127.0.0.1-key.pem +107 -107
  65. data/spec/fixtures/ssl/unknown-127.0.0.1.pem +50 -49
  66. data/spec/fixtures/ssl/unknown-ca-key.pem +107 -107
  67. data/spec/fixtures/ssl/unknown-ca.pem +54 -54
  68. data/spec/integration/application/agent_spec.rb +27 -27
  69. data/spec/integration/application/apply_spec.rb +14 -0
  70. data/spec/integration/http/client_spec.rb +16 -0
  71. data/spec/lib/puppet/test_ca.rb +3 -10
  72. data/spec/unit/defaults_spec.rb +2 -40
  73. data/spec/unit/file_system/path_pattern_spec.rb +15 -0
  74. data/spec/unit/http/service/ca_spec.rb +71 -0
  75. data/spec/unit/ssl/ssl_provider_spec.rb +20 -0
  76. data/spec/unit/ssl/state_machine_spec.rb +75 -3
  77. data/spec/unit/x509/cert_provider_spec.rb +23 -0
  78. data/tasks/generate_cert_fixtures.rake +4 -0
  79. metadata +4 -2
@@ -1,117 +1,117 @@
1
- RSA Private-Key: (2048 bit, 2 primes)
1
+ Private-Key: (2048 bit, 2 primes)
2
2
  modulus:
3
- 00:b4:79:b0:16:e7:9b:22:20:17:4b:36:87:eb:38:
4
- 03:1f:df:88:00:1b:37:40:5e:1f:1d:89:1f:3e:f4:
5
- fa:69:90:9c:d8:68:df:c8:71:07:07:4e:01:1d:f0:
6
- a8:9a:67:94:af:47:f2:b8:60:f5:ca:fb:bb:ac:7c:
7
- 23:58:59:bc:95:b0:ad:b2:c7:a0:28:e1:4f:1e:c4:
8
- ef:5f:2b:a3:4e:f2:6a:95:c8:4f:f5:af:bc:fa:36:
9
- 10:f9:a9:62:7a:04:d5:01:cd:9b:ba:97:32:4c:99:
10
- e5:88:fc:05:84:34:f5:4a:f2:f1:ec:04:c7:c7:63:
11
- 28:eb:9e:ee:91:cd:95:8b:60:9e:5f:51:a1:2b:5a:
12
- cd:02:b2:a7:52:6c:d1:8a:ab:b1:c4:52:cd:10:ce:
13
- 9e:56:24:6c:63:84:2c:15:6c:c0:62:ea:c2:d9:04:
14
- 88:e2:e2:0f:ff:ce:87:51:eb:77:50:83:33:1c:c7:
15
- 88:5b:08:d4:3a:22:2f:13:a6:89:f7:4b:a0:2e:30:
16
- c1:12:7a:bb:37:1f:aa:87:56:44:2f:5a:63:4b:b2:
17
- 36:f6:29:5e:b8:67:52:6f:63:2a:ad:3d:c3:a5:45:
18
- af:97:e9:85:9e:76:1e:51:9c:68:36:58:32:ad:cf:
19
- 3e:4d:f0:92:e2:ad:d6:f0:e1:5d:af:08:ca:2a:82:
20
- 0e:a3
3
+ 00:a8:08:cd:22:aa:fa:a1:38:0e:d8:be:2f:57:b6:
4
+ fb:f5:e2:9b:04:72:49:56:15:71:42:1d:12:a8:8f:
5
+ 29:03:63:e1:2a:1f:ec:4d:67:3d:7d:5e:27:a5:21:
6
+ fe:16:38:a0:f5:de:5c:76:ec:71:7d:6c:ae:ca:8a:
7
+ 30:5d:fe:39:c5:4a:d0:14:13:76:b5:89:d8:58:7a:
8
+ 11:76:54:3e:4d:e3:be:f9:fb:72:80:bc:19:07:0f:
9
+ e0:53:46:5b:f1:45:8c:d2:5c:af:e4:0f:ab:7d:bc:
10
+ 22:3c:7a:b1:95:7d:6a:04:4b:fa:d2:e8:1e:c4:39:
11
+ 4b:bd:dc:7e:69:ba:8e:a9:96:a5:17:e4:ae:4e:3e:
12
+ 98:ad:2b:55:95:ac:6d:40:4b:20:55:51:31:98:9e:
13
+ 4e:de:b4:37:31:5b:d9:3a:6c:e4:b1:0a:19:ce:5e:
14
+ a8:e2:29:97:de:3d:c7:50:54:fb:f2:8f:2a:a4:58:
15
+ a5:52:82:0b:52:c8:4e:6c:5d:78:10:c6:4b:05:36:
16
+ 02:e4:df:bc:95:4a:47:b7:e8:e4:8b:6d:46:ab:fb:
17
+ fb:41:6b:bb:90:c4:1b:5a:7d:3b:2e:19:2d:0d:95:
18
+ 70:d2:10:f9:7a:1a:ee:8f:20:cb:8d:8d:bf:23:75:
19
+ 11:dd:02:ab:e3:fd:9e:b1:05:3b:63:2e:ab:87:93:
20
+ 63:a3
21
21
  publicExponent: 65537 (0x10001)
22
22
  privateExponent:
23
- 00:9b:ce:8e:a2:47:93:5b:b3:be:c8:75:2c:84:7a:
24
- 97:df:f5:78:11:37:6d:cc:c9:35:2d:a7:8a:ed:2c:
25
- 4b:df:c5:34:53:74:be:f5:e9:f6:7a:6c:f2:73:e9:
26
- a7:75:9d:c4:f4:4a:36:16:cd:c6:85:56:2c:a0:ed:
27
- 8f:0a:20:76:b9:f8:8d:0c:d2:60:c7:ca:34:27:49:
28
- 37:aa:bf:1e:be:f2:73:e8:19:c6:46:42:50:f0:e6:
29
- aa:63:0f:c3:ef:b9:aa:37:63:4d:75:9a:40:97:77:
30
- 29:7d:c8:ad:ee:84:55:dc:3d:bf:73:d6:70:af:07:
31
- 41:75:a1:81:2f:29:00:59:11:3e:98:49:12:ec:e9:
32
- 9d:ca:ca:71:1e:bc:2f:9f:13:9c:5c:01:54:6d:69:
33
- 6b:85:6f:2a:2f:96:a5:38:37:e3:0c:7d:9f:6c:12:
34
- a4:13:1b:bf:cb:35:16:88:a6:c6:47:6f:0b:61:22:
35
- c2:de:00:7a:b1:70:f6:1e:01:99:70:87:1d:23:21:
36
- 0f:bf:41:59:16:75:40:8e:7c:50:73:bb:ce:17:7c:
37
- 07:ec:f2:83:12:95:4e:6a:ac:79:89:8f:32:58:61:
38
- af:55:df:30:1d:3a:d1:f3:fa:ee:74:27:73:62:f8:
39
- c4:e2:b2:e3:a5:64:e4:6b:4b:86:13:44:00:3d:51:
40
- 45:d9
23
+ 12:00:67:61:98:69:a3:4d:eb:21:43:36:b5:31:f0:
24
+ 4a:46:4d:8f:2b:63:39:ea:b0:28:82:0e:d6:aa:07:
25
+ 9d:ca:5c:7b:f3:d1:8f:f5:48:7c:1e:d3:26:78:be:
26
+ cc:c8:a2:4d:d4:d5:99:13:f9:90:93:4d:22:7b:ad:
27
+ 74:d4:60:82:07:62:c5:53:d4:7a:dc:5a:a6:17:e5:
28
+ b9:04:8b:6c:32:c2:e9:eb:0b:38:49:6e:70:f8:3d:
29
+ 73:0e:6d:99:2a:77:4c:ae:0b:55:e6:6b:db:db:84:
30
+ db:6f:d5:88:8b:58:09:3f:ce:8e:3b:b9:d8:11:bf:
31
+ 50:86:c7:b0:32:01:48:9f:a3:5d:c2:dc:9a:67:2f:
32
+ 94:70:99:08:31:bf:a3:e3:89:de:e2:f1:8c:4d:73:
33
+ 5c:68:ac:76:36:4f:0d:ce:e8:62:5a:32:44:7a:13:
34
+ fa:9a:46:2e:30:aa:66:10:43:81:5d:57:65:99:3c:
35
+ 82:0c:65:83:44:36:6a:e1:0d:44:16:74:e1:c6:a8:
36
+ 9a:3d:a5:fa:a2:7e:cb:a1:76:c0:21:e0:4c:ea:a2:
37
+ f2:d9:a7:53:a8:41:39:db:51:c7:5d:31:b2:04:86:
38
+ 4b:7d:cf:11:10:16:b3:b1:22:37:29:c4:20:7e:b0:
39
+ 0c:7b:ac:89:78:6b:ef:3b:98:29:c2:23:29:9f:4e:
40
+ 89
41
41
  prime1:
42
- 00:da:9b:01:67:9b:20:66:3b:69:da:ce:9e:ac:fa:
43
- 03:84:8e:da:fb:04:8d:9b:f0:ff:c9:55:a4:26:c4:
44
- b8:e3:1c:47:7d:fb:f5:2e:f6:50:22:75:63:ac:b7:
45
- 2d:f0:d5:75:0f:04:d5:e6:ee:75:9c:15:9f:e4:5c:
46
- 76:2c:0b:df:7f:9d:5f:16:3a:8a:82:36:6b:c9:fc:
47
- 49:e1:83:fe:cf:85:e1:fc:80:60:06:33:b2:e6:54:
48
- 6c:ba:29:6e:e4:3a:ee:d7:e6:0a:d6:bd:27:5d:40:
49
- e0:89:97:89:2a:3e:cf:a5:ec:ae:5f:db:df:3e:e8:
50
- c4:b0:9a:77:96:4d:a1:5e:5d
42
+ 00:c0:6f:d4:87:c5:6a:30:aa:2a:5e:a1:f9:0c:0e:
43
+ c8:14:8e:56:8a:57:15:13:a9:10:31:a4:c9:62:21:
44
+ 60:a0:98:a9:fa:82:8e:c6:c7:3a:1f:bb:2b:db:32:
45
+ e9:fc:9e:93:8e:d7:4c:1a:3a:87:11:76:a7:e9:7b:
46
+ 1f:5c:2a:8f:22:d5:24:e1:5b:7d:fe:15:cd:af:43:
47
+ 20:52:c8:2f:b1:a9:7c:11:5d:7a:61:71:d5:a8:e7:
48
+ 22:66:4f:40:08:bf:75:b5:c4:7a:db:83:52:6c:88:
49
+ f9:27:6b:fd:8c:0d:05:f7:30:6f:0f:f7:7c:21:58:
50
+ aa:45:34:b1:73:12:63:45:af
51
51
  prime2:
52
- 00:d3:58:ea:f8:aa:9b:e0:95:aa:81:27:f4:1a:5e:
53
- ae:60:bf:0f:37:be:b8:64:78:d4:ce:47:7e:21:82:
54
- 49:a7:f6:ff:15:62:1c:87:e8:c2:d5:d2:9b:d2:21:
55
- 87:36:36:66:bc:03:23:8f:5e:09:2b:4f:a2:8a:7f:
56
- ea:c8:ea:fb:21:54:4a:ba:b8:14:74:59:50:fa:31:
57
- cf:31:c3:22:32:4a:db:05:b6:3c:f5:9f:6b:cd:3c:
58
- 6b:1b:48:b0:b5:13:5d:c7:b6:13:4e:09:85:e2:db:
59
- 38:ac:ee:27:42:d8:49:47:9e:0c:59:95:97:e7:c2:
60
- 78:0a:65:c9:ee:29:e8:50:ff
52
+ 00:df:89:89:3a:49:8a:0f:91:87:04:b4:aa:73:d6:
53
+ b7:03:60:20:60:2e:b8:c0:eb:c4:70:ef:19:d6:ce:
54
+ 72:ae:4c:b6:bb:c4:45:20:e7:8d:1a:44:4a:e4:1a:
55
+ 67:67:42:28:93:32:b7:f2:90:04:53:88:46:1b:8a:
56
+ 79:b8:18:fb:11:92:a3:fc:7e:b0:75:29:99:ee:89:
57
+ d9:5d:4e:fa:09:e0:cf:9f:e4:23:bc:72:97:32:99:
58
+ fc:14:78:ca:bc:b5:73:08:f8:cc:9b:81:ea:ae:71:
59
+ 5b:f7:b0:f8:1b:16:0a:28:4e:01:11:40:e1:68:10:
60
+ 5c:26:84:74:a7:a3:a8:f2:4d
61
61
  exponent1:
62
- 50:f7:12:19:1e:72:6c:8a:da:d4:e8:ac:0a:62:fb:
63
- 04:90:a8:78:4a:22:6c:bc:60:f0:5f:e0:d1:5f:11:
64
- 1f:44:ad:11:f3:4c:c7:1d:01:67:11:d5:5d:f5:e6:
65
- 75:09:8a:36:8a:d2:f2:9a:25:43:2f:1b:2e:48:34:
66
- 98:71:b9:50:99:a7:cb:22:d9:84:0a:c5:f7:64:92:
67
- b4:8c:df:c6:5a:ce:ed:67:5a:a9:51:62:94:3e:76:
68
- 9a:a8:97:e2:be:15:12:2f:a8:9a:0a:2a:d7:36:1d:
69
- 33:b8:c5:5b:b9:31:cd:41:90:ff:fd:fe:7c:5d:57:
70
- e4:15:01:ef:d0:46:d1:1d
62
+ 00:86:75:9d:2a:c0:e5:d1:db:14:7f:ca:ed:19:5f:
63
+ ba:ad:a2:47:15:a2:83:37:99:89:97:26:6d:10:04:
64
+ 02:60:34:4b:90:9e:68:e4:bb:90:01:5b:e6:e8:e2:
65
+ 4a:5c:18:f1:41:7d:6d:cf:65:d5:ba:7e:0e:15:35:
66
+ d2:53:b3:e9:0f:8d:9e:97:58:36:50:b3:2b:64:aa:
67
+ a2:8b:35:15:1e:2e:2e:62:73:ce:6f:07:fb:22:69:
68
+ 5d:bf:de:df:ff:3c:c8:22:99:86:be:9a:a3:9c:f2:
69
+ 98:24:d3:6f:f5:cb:a3:bf:74:38:26:0f:e6:cb:e6:
70
+ 08:13:13:1e:6a:29:0e:f4:41
71
71
  exponent2:
72
- 00:91:f0:d9:b8:c2:df:06:b3:72:dc:e3:00:fd:e0:
73
- 99:9b:76:f3:84:33:ef:d2:79:59:c1:e3:be:66:57:
74
- 38:93:82:cc:dc:30:36:b1:66:fa:7b:7a:86:5d:11:
75
- 07:f4:58:96:92:87:bc:5b:78:bc:ee:2a:7c:7c:15:
76
- 1e:c4:84:f6:cb:2a:10:bc:64:f6:c2:ed:16:2c:de:
77
- 8e:4b:b7:8a:7a:9e:14:26:1a:94:77:ac:11:5d:d4:
78
- b5:c5:4e:69:af:70:63:16:d0:54:fe:53:37:1f:d2:
79
- ef:8d:02:9b:1b:de:8c:a3:a6:b0:b2:7f:c9:38:a1:
80
- a2:10:d3:ff:1f:b5:d2:95:73
72
+ 00:b3:dc:7a:6a:47:d9:aa:85:31:da:7b:73:db:19:
73
+ 1c:d0:be:7b:ce:68:49:88:11:2c:52:a2:50:6c:22:
74
+ 58:ec:1e:15:ba:27:46:68:1f:67:cd:86:bd:ab:a4:
75
+ 03:27:76:78:27:58:5b:e1:f4:37:46:ef:13:59:fd:
76
+ a5:ca:97:6f:0c:c8:ac:e1:f1:1e:12:67:92:cf:f8:
77
+ 62:c9:4d:4e:aa:bc:14:d3:56:41:da:d3:69:0c:f2:
78
+ 11:7e:77:62:c9:4c:46:6f:25:a1:9c:4e:80:82:33:
79
+ fc:07:e4:80:fd:6a:52:69:f3:b9:b0:24:40:39:f7:
80
+ 4f:ee:3e:0d:8f:05:84:5e:d1
81
81
  coefficient:
82
- 00:bb:0a:77:ec:98:3c:fe:92:2b:66:06:7a:2a:80:
83
- a6:41:bb:d8:60:7e:fa:90:41:f3:4d:e4:4e:95:1e:
84
- 48:19:33:49:9a:24:09:6c:17:98:ce:72:09:ad:96:
85
- 43:3a:16:6c:16:cd:38:39:13:58:3e:dc:89:98:08:
86
- 38:d3:e5:d8:c1:34:8c:71:a9:88:a1:79:23:af:ad:
87
- 94:04:7a:ca:20:82:76:af:84:2a:43:c4:d6:96:b0:
88
- c8:f7:e6:be:4c:e8:d8:7c:bb:79:7a:c8:d9:32:72:
89
- 81:63:9f:2c:45:33:e3:6a:6a:42:3d:d6:19:b4:0d:
90
- 0d:15:1b:44:67:47:ef:b6:2e
82
+ 6d:a8:08:7a:ad:94:c8:0f:dc:07:57:71:1b:a7:3a:
83
+ 4d:b9:a5:39:81:36:75:c3:ff:b5:ed:7c:6a:df:28:
84
+ f6:22:1e:33:a6:48:31:8f:dc:ba:03:72:e6:51:39:
85
+ d1:ce:c5:0a:7c:a3:dd:44:9b:1b:38:94:44:ce:1e:
86
+ c5:6b:f1:4d:c8:e8:6d:ed:ad:1e:8c:86:50:98:fb:
87
+ 90:4a:25:d5:3d:2f:66:a7:b9:d6:5d:84:e7:77:25:
88
+ 69:0b:89:4b:30:53:7c:74:01:72:37:91:31:2b:aa:
89
+ 54:92:9e:41:18:a1:8c:0e:c6:74:c9:0b:1e:be:76:
90
+ 06:54:29:52:c6:a1:26:01
91
91
  -----BEGIN RSA PRIVATE KEY-----
92
- MIIEpQIBAAKCAQEAtHmwFuebIiAXSzaH6zgDH9+IABs3QF4fHYkfPvT6aZCc2Gjf
93
- yHEHB04BHfCommeUr0fyuGD1yvu7rHwjWFm8lbCtssegKOFPHsTvXyujTvJqlchP
94
- 9a+8+jYQ+aliegTVAc2bupcyTJnliPwFhDT1SvLx7ATHx2Mo657ukc2Vi2CeX1Gh
95
- K1rNArKnUmzRiquxxFLNEM6eViRsY4QsFWzAYurC2QSI4uIP/86HUet3UIMzHMeI
96
- WwjUOiIvE6aJ90ugLjDBEnq7Nx+qh1ZEL1pjS7I29ileuGdSb2MqrT3DpUWvl+mF
97
- nnYeUZxoNlgyrc8+TfCS4q3W8OFdrwjKKoIOowIDAQABAoIBAQCbzo6iR5Nbs77I
98
- dSyEepff9XgRN23MyTUtp4rtLEvfxTRTdL716fZ6bPJz6ad1ncT0SjYWzcaFViyg
99
- 7Y8KIHa5+I0M0mDHyjQnSTeqvx6+8nPoGcZGQlDw5qpjD8Pvuao3Y011mkCXdyl9
100
- yK3uhFXcPb9z1nCvB0F1oYEvKQBZET6YSRLs6Z3KynEevC+fE5xcAVRtaWuFbyov
101
- lqU4N+MMfZ9sEqQTG7/LNRaIpsZHbwthIsLeAHqxcPYeAZlwhx0jIQ+/QVkWdUCO
102
- fFBzu84XfAfs8oMSlU5qrHmJjzJYYa9V3zAdOtHz+u50J3Ni+MTisuOlZORrS4YT
103
- RAA9UUXZAoGBANqbAWebIGY7adrOnqz6A4SO2vsEjZvw/8lVpCbEuOMcR3379S72
104
- UCJ1Y6y3LfDVdQ8E1ebudZwVn+RcdiwL33+dXxY6ioI2a8n8SeGD/s+F4fyAYAYz
105
- suZUbLopbuQ67tfmCta9J11A4ImXiSo+z6Xsrl/b3z7oxLCad5ZNoV5dAoGBANNY
106
- 6viqm+CVqoEn9BpermC/Dze+uGR41M5HfiGCSaf2/xViHIfowtXSm9IhhzY2ZrwD
107
- I49eCStPoop/6sjq+yFUSrq4FHRZUPoxzzHDIjJK2wW2PPWfa808axtIsLUTXce2
108
- E04JheLbOKzuJ0LYSUeeDFmVl+fCeAplye4p6FD/AoGAUPcSGR5ybIra1OisCmL7
109
- BJCoeEoibLxg8F/g0V8RH0StEfNMxx0BZxHVXfXmdQmKNorS8polQy8bLkg0mHG5
110
- UJmnyyLZhArF92SStIzfxlrO7WdaqVFilD52mqiX4r4VEi+omgoq1zYdM7jFW7kx
111
- zUGQ//3+fF1X5BUB79BG0R0CgYEAkfDZuMLfBrNy3OMA/eCZm3bzhDPv0nlZweO+
112
- Zlc4k4LM3DA2sWb6e3qGXREH9FiWkoe8W3i87ip8fBUexIT2yyoQvGT2wu0WLN6O
113
- S7eKep4UJhqUd6wRXdS1xU5pr3BjFtBU/lM3H9LvjQKbG96Mo6awsn/JOKGiENP/
114
- H7XSlXMCgYEAuwp37Jg8/pIrZgZ6KoCmQbvYYH76kEHzTeROlR5IGTNJmiQJbBeY
115
- znIJrZZDOhZsFs04ORNYPtyJmAg40+XYwTSMcamIoXkjr62UBHrKIIJ2r4QqQ8TW
116
- lrDI9+a+TOjYfLt5esjZMnKBY58sRTPjampCPdYZtA0NFRtEZ0fvti4=
92
+ MIIEpAIBAAKCAQEAqAjNIqr6oTgO2L4vV7b79eKbBHJJVhVxQh0SqI8pA2PhKh/s
93
+ TWc9fV4npSH+Fjig9d5cduxxfWyuyoowXf45xUrQFBN2tYnYWHoRdlQ+TeO++fty
94
+ gLwZBw/gU0Zb8UWM0lyv5A+rfbwiPHqxlX1qBEv60ugexDlLvdx+abqOqZalF+Su
95
+ Tj6YrStVlaxtQEsgVVExmJ5O3rQ3MVvZOmzksQoZzl6o4imX3j3HUFT78o8qpFil
96
+ UoILUshObF14EMZLBTYC5N+8lUpHt+jki21Gq/v7QWu7kMQbWn07LhktDZVw0hD5
97
+ ehrujyDLjY2/I3UR3QKr4/2esQU7Yy6rh5NjowIDAQABAoIBABIAZ2GYaaNN6yFD
98
+ NrUx8EpGTY8rYznqsCiCDtaqB53KXHvz0Y/1SHwe0yZ4vszIok3U1ZkT+ZCTTSJ7
99
+ rXTUYIIHYsVT1HrcWqYX5bkEi2wywunrCzhJbnD4PXMObZkqd0yuC1Xma9vbhNtv
100
+ 1YiLWAk/zo47udgRv1CGx7AyAUifo13C3JpnL5RwmQgxv6Pjid7i8YxNc1xorHY2
101
+ Tw3O6GJaMkR6E/qaRi4wqmYQQ4FdV2WZPIIMZYNENmrhDUQWdOHGqJo9pfqifsuh
102
+ dsAh4EzqovLZp1OoQTnbUcddMbIEhkt9zxEQFrOxIjcpxCB+sAx7rIl4a+87mCnC
103
+ IymfTokCgYEAwG/Uh8VqMKoqXqH5DA7IFI5WilcVE6kQMaTJYiFgoJip+oKOxsc6
104
+ H7sr2zLp/J6TjtdMGjqHEXan6XsfXCqPItUk4Vt9/hXNr0MgUsgvsal8EV16YXHV
105
+ qOciZk9ACL91tcR624NSbIj5J2v9jA0F9zBvD/d8IViqRTSxcxJjRa8CgYEA34mJ
106
+ OkmKD5GHBLSqc9a3A2AgYC64wOvEcO8Z1s5yrky2u8RFIOeNGkRK5BpnZ0IokzK3
107
+ 8pAEU4hGG4p5uBj7EZKj/H6wdSmZ7onZXU76CeDPn+QjvHKXMpn8FHjKvLVzCPjM
108
+ m4HqrnFb97D4GxYKKE4BEUDhaBBcJoR0p6Oo8k0CgYEAhnWdKsDl0dsUf8rtGV+6
109
+ raJHFaKDN5mJlyZtEAQCYDRLkJ5o5LuQAVvm6OJKXBjxQX1tz2XVun4OFTXSU7Pp
110
+ D42el1g2ULMrZKqiizUVHi4uYnPObwf7Imldv97f/zzIIpmGvpqjnPKYJNNv9cuj
111
+ v3Q4Jg/my+YIExMeaikO9EECgYEAs9x6akfZqoUx2ntz2xkc0L57zmhJiBEsUqJQ
112
+ bCJY7B4VuidGaB9nzYa9q6QDJ3Z4J1hb4fQ3Ru8TWf2lypdvDMis4fEeEmeSz/hi
113
+ yU1OqrwU01ZB2tNpDPIRfndiyUxGbyWhnE6AgjP8B+SA/WpSafO5sCRAOfdP7j4N
114
+ jwWEXtECgYBtqAh6rZTID9wHV3EbpzpNuaU5gTZ1w/+17Xxq3yj2Ih4zpkgxj9y6
115
+ A3LmUTnRzsUKfKPdRJsbOJREzh7Fa/FNyOht7a0ejIZQmPuQSiXVPS9mp7nWXYTn
116
+ dyVpC4lLMFN8dAFyN5ExK6pUkp5BGKGMDsZ0yQsevnYGVClSxqEmAQ==
117
117
  -----END RSA PRIVATE KEY-----
@@ -6,30 +6,30 @@ Certificate:
6
6
  Issuer: CN=Unknown CA
7
7
  Validity
8
8
  Not Before: Jan 1 00:00:00 1970 GMT
9
- Not After : Jun 15 01:19:37 2031 GMT
9
+ Not After : Jun 24 21:18:00 2033 GMT
10
10
  Subject: CN=Unknown CA
11
11
  Subject Public Key Info:
12
12
  Public Key Algorithm: rsaEncryption
13
- RSA Public-Key: (2048 bit)
13
+ Public-Key: (2048 bit)
14
14
  Modulus:
15
- 00:b4:79:b0:16:e7:9b:22:20:17:4b:36:87:eb:38:
16
- 03:1f:df:88:00:1b:37:40:5e:1f:1d:89:1f:3e:f4:
17
- fa:69:90:9c:d8:68:df:c8:71:07:07:4e:01:1d:f0:
18
- a8:9a:67:94:af:47:f2:b8:60:f5:ca:fb:bb:ac:7c:
19
- 23:58:59:bc:95:b0:ad:b2:c7:a0:28:e1:4f:1e:c4:
20
- ef:5f:2b:a3:4e:f2:6a:95:c8:4f:f5:af:bc:fa:36:
21
- 10:f9:a9:62:7a:04:d5:01:cd:9b:ba:97:32:4c:99:
22
- e5:88:fc:05:84:34:f5:4a:f2:f1:ec:04:c7:c7:63:
23
- 28:eb:9e:ee:91:cd:95:8b:60:9e:5f:51:a1:2b:5a:
24
- cd:02:b2:a7:52:6c:d1:8a:ab:b1:c4:52:cd:10:ce:
25
- 9e:56:24:6c:63:84:2c:15:6c:c0:62:ea:c2:d9:04:
26
- 88:e2:e2:0f:ff:ce:87:51:eb:77:50:83:33:1c:c7:
27
- 88:5b:08:d4:3a:22:2f:13:a6:89:f7:4b:a0:2e:30:
28
- c1:12:7a:bb:37:1f:aa:87:56:44:2f:5a:63:4b:b2:
29
- 36:f6:29:5e:b8:67:52:6f:63:2a:ad:3d:c3:a5:45:
30
- af:97:e9:85:9e:76:1e:51:9c:68:36:58:32:ad:cf:
31
- 3e:4d:f0:92:e2:ad:d6:f0:e1:5d:af:08:ca:2a:82:
32
- 0e:a3
15
+ 00:a8:08:cd:22:aa:fa:a1:38:0e:d8:be:2f:57:b6:
16
+ fb:f5:e2:9b:04:72:49:56:15:71:42:1d:12:a8:8f:
17
+ 29:03:63:e1:2a:1f:ec:4d:67:3d:7d:5e:27:a5:21:
18
+ fe:16:38:a0:f5:de:5c:76:ec:71:7d:6c:ae:ca:8a:
19
+ 30:5d:fe:39:c5:4a:d0:14:13:76:b5:89:d8:58:7a:
20
+ 11:76:54:3e:4d:e3:be:f9:fb:72:80:bc:19:07:0f:
21
+ e0:53:46:5b:f1:45:8c:d2:5c:af:e4:0f:ab:7d:bc:
22
+ 22:3c:7a:b1:95:7d:6a:04:4b:fa:d2:e8:1e:c4:39:
23
+ 4b:bd:dc:7e:69:ba:8e:a9:96:a5:17:e4:ae:4e:3e:
24
+ 98:ad:2b:55:95:ac:6d:40:4b:20:55:51:31:98:9e:
25
+ 4e:de:b4:37:31:5b:d9:3a:6c:e4:b1:0a:19:ce:5e:
26
+ a8:e2:29:97:de:3d:c7:50:54:fb:f2:8f:2a:a4:58:
27
+ a5:52:82:0b:52:c8:4e:6c:5d:78:10:c6:4b:05:36:
28
+ 02:e4:df:bc:95:4a:47:b7:e8:e4:8b:6d:46:ab:fb:
29
+ fb:41:6b:bb:90:c4:1b:5a:7d:3b:2e:19:2d:0d:95:
30
+ 70:d2:10:f9:7a:1a:ee:8f:20:cb:8d:8d:bf:23:75:
31
+ 11:dd:02:ab:e3:fd:9e:b1:05:3b:63:2e:ab:87:93:
32
+ 63:a3
33
33
  Exponent: 65537 (0x10001)
34
34
  X509v3 extensions:
35
35
  X509v3 Basic Constraints: critical
@@ -37,45 +37,45 @@ Certificate:
37
37
  X509v3 Key Usage: critical
38
38
  Certificate Sign, CRL Sign
39
39
  X509v3 Subject Key Identifier:
40
- D0:CD:40:49:88:F6:74:BB:B4:D7:05:37:74:33:B1:C2:27:73:81:CB
40
+ EC:86:9A:24:5D:36:4B:28:24:DD:DF:75:52:D1:83:19:33:37:46:E9
41
41
  Netscape Comment:
42
42
  Puppet Server Internal Certificate
43
43
  X509v3 Authority Key Identifier:
44
- keyid:D0:CD:40:49:88:F6:74:BB:B4:D7:05:37:74:33:B1:C2:27:73:81:CB
45
-
44
+ EC:86:9A:24:5D:36:4B:28:24:DD:DF:75:52:D1:83:19:33:37:46:E9
46
45
  Signature Algorithm: sha256WithRSAEncryption
47
- 51:79:86:29:27:07:e5:fc:59:83:2d:15:ae:5f:c4:bc:0a:71:
48
- 2c:71:74:20:14:ce:47:8f:cf:79:03:76:bd:df:c9:e9:7f:12:
49
- b2:4e:5a:c5:4f:e1:0b:c3:17:44:92:37:af:10:08:75:9a:d9:
50
- c5:0d:66:e9:24:2b:ec:00:aa:de:2f:ce:df:04:fa:49:d9:bd:
51
- bd:5e:7b:e4:e7:1e:9e:20:d3:85:70:b4:95:b5:1d:2e:fa:0c:
52
- b4:47:5a:38:ec:b0:bd:7e:34:5f:4d:9d:1f:81:81:8a:6c:a6:
53
- 94:fb:f8:41:d6:a3:e4:64:3a:b7:12:4f:9e:4e:60:4a:12:a9:
54
- d1:87:a5:a8:31:91:16:96:50:73:87:64:46:f1:f2:f9:99:80:
55
- a2:89:e9:99:57:48:8a:56:08:d7:8d:a9:1d:69:7c:8f:73:e5:
56
- 53:2d:28:ee:70:d7:f8:fe:41:25:3e:4c:6c:de:31:3f:9e:7d:
57
- c4:f0:67:e9:fc:a3:02:c7:39:19:f5:6f:59:6a:ca:bb:8c:c8:
58
- e6:01:43:ad:95:67:3f:c0:d6:35:18:b1:6e:9f:e1:ce:c7:be:
59
- 35:f0:7b:65:e7:79:82:c3:b6:f7:48:28:98:d0:5c:3c:97:f3:
60
- 69:b3:5e:c3:a0:c5:82:02:6f:20:d0:1b:cd:43:b0:85:7e:4f:
61
- 71:b9:f3:8f
46
+ Signature Value:
47
+ 5a:5d:26:6a:dc:aa:0e:66:c5:9c:b8:15:09:20:25:0a:46:be:
48
+ 6b:b9:b4:6d:a9:74:e3:cd:a4:40:4a:dc:71:d2:fa:50:3c:b9:
49
+ 6e:0d:4b:c8:b9:d3:26:06:1b:3a:d7:e5:02:fd:ec:ad:e2:4b:
50
+ ad:19:49:57:11:a3:4c:0e:67:5c:46:63:7a:aa:8f:ca:f0:f5:
51
+ 5e:ad:bf:85:3d:1b:88:b8:a8:21:da:25:9c:27:96:70:60:83:
52
+ 0e:de:09:c3:a8:20:5f:9a:47:47:70:c8:94:aa:a5:2b:2d:bc:
53
+ c3:74:ee:ff:63:88:95:84:83:fe:66:99:e8:90:c0:ed:3b:1d:
54
+ 00:84:1a:29:43:15:53:9d:71:13:71:bf:5b:9a:7d:4e:e1:e2:
55
+ 28:1e:38:55:92:f8:16:28:8d:9b:1e:9a:fb:a7:7a:6e:b7:66:
56
+ 56:ed:b6:36:ef:f8:f6:21:c9:20:f3:f4:13:9e:a6:21:2e:2c:
57
+ ca:55:b0:2b:6d:2d:4a:58:f5:30:d8:70:eb:66:ac:ea:a8:64:
58
+ 23:0d:e8:39:28:34:f5:16:22:f0:84:c1:2a:9b:89:55:8f:72:
59
+ c2:6c:f0:62:bf:39:04:2c:fc:c1:f5:40:ad:fc:b0:c9:0f:ae:
60
+ 8d:f4:ce:1b:24:27:06:21:8e:9a:9a:56:40:d8:fe:b2:46:46:
61
+ 44:61:43:7c
62
62
  -----BEGIN CERTIFICATE-----
63
63
  MIIDPTCCAiWgAwIBAgIBADANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDDApVbmtu
64
- b3duIENBMB4XDTcwMDEwMTAwMDAwMFoXDTMxMDYxNTAxMTkzN1owFTETMBEGA1UE
65
- AwwKVW5rbm93biBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALR5
66
- sBbnmyIgF0s2h+s4Ax/fiAAbN0BeHx2JHz70+mmQnNho38hxBwdOAR3wqJpnlK9H
67
- 8rhg9cr7u6x8I1hZvJWwrbLHoCjhTx7E718ro07yapXIT/WvvPo2EPmpYnoE1QHN
68
- m7qXMkyZ5Yj8BYQ09Ury8ewEx8djKOue7pHNlYtgnl9RoStazQKyp1Js0YqrscRS
69
- zRDOnlYkbGOELBVswGLqwtkEiOLiD//Oh1Hrd1CDMxzHiFsI1DoiLxOmifdLoC4w
70
- wRJ6uzcfqodWRC9aY0uyNvYpXrhnUm9jKq09w6VFr5fphZ52HlGcaDZYMq3PPk3w
71
- kuKt1vDhXa8IyiqCDqMCAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
72
- DwEB/wQEAwIBBjAdBgNVHQ4EFgQU0M1ASYj2dLu01wU3dDOxwidzgcswMQYJYIZI
64
+ b3duIENBMB4XDTcwMDEwMTAwMDAwMFoXDTMzMDYyNDIxMTgwMFowFTETMBEGA1UE
65
+ AwwKVW5rbm93biBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKgI
66
+ zSKq+qE4Dti+L1e2+/XimwRySVYVcUIdEqiPKQNj4Sof7E1nPX1eJ6Uh/hY4oPXe
67
+ XHbscX1srsqKMF3+OcVK0BQTdrWJ2Fh6EXZUPk3jvvn7coC8GQcP4FNGW/FFjNJc
68
+ r+QPq328Ijx6sZV9agRL+tLoHsQ5S73cfmm6jqmWpRfkrk4+mK0rVZWsbUBLIFVR
69
+ MZieTt60NzFb2Tps5LEKGc5eqOIpl949x1BU+/KPKqRYpVKCC1LITmxdeBDGSwU2
70
+ AuTfvJVKR7fo5IttRqv7+0Fru5DEG1p9Oy4ZLQ2VcNIQ+Xoa7o8gy42NvyN1Ed0C
71
+ q+P9nrEFO2Muq4eTY6MCAwEAAaOBlzCBlDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
72
+ DwEB/wQEAwIBBjAdBgNVHQ4EFgQU7IaaJF02Sygk3d91UtGDGTM3RukwMQYJYIZI
73
73
  AYb4QgENBCQWIlB1cHBldCBTZXJ2ZXIgSW50ZXJuYWwgQ2VydGlmaWNhdGUwHwYD
74
- VR0jBBgwFoAU0M1ASYj2dLu01wU3dDOxwidzgcswDQYJKoZIhvcNAQELBQADggEB
75
- AFF5hiknB+X8WYMtFa5fxLwKcSxxdCAUzkePz3kDdr3fyel/ErJOWsVP4QvDF0SS
76
- N68QCHWa2cUNZukkK+wAqt4vzt8E+knZvb1ee+TnHp4g04VwtJW1HS76DLRHWjjs
77
- sL1+NF9NnR+BgYpsppT7+EHWo+RkOrcST55OYEoSqdGHpagxkRaWUHOHZEbx8vmZ
78
- gKKJ6ZlXSIpWCNeNqR1pfI9z5VMtKO5w1/j+QSU+TGzeMT+efcTwZ+n8owLHORn1
79
- b1lqyruMyOYBQ62VZz/A1jUYsW6f4c7HvjXwe2XneYLDtvdIKJjQXDyX82mzXsOg
80
- xYICbyDQG81DsIV+T3G5848=
74
+ VR0jBBgwFoAU7IaaJF02Sygk3d91UtGDGTM3RukwDQYJKoZIhvcNAQELBQADggEB
75
+ AFpdJmrcqg5mxZy4FQkgJQpGvmu5tG2pdOPNpEBK3HHS+lA8uW4NS8i50yYGGzrX
76
+ 5QL97K3iS60ZSVcRo0wOZ1xGY3qqj8rw9V6tv4U9G4i4qCHaJZwnlnBggw7eCcOo
77
+ IF+aR0dwyJSqpSstvMN07v9jiJWEg/5mmeiQwO07HQCEGilDFVOdcRNxv1uafU7h
78
+ 4igeOFWS+BYojZsemvunem63Zlbttjbv+PYhySDz9BOepiEuLMpVsCttLUpY9TDY
79
+ cOtmrOqoZCMN6DkoNPUWIvCEwSqbiVWPcsJs8GK/OQQs/MH1QK38sMkPro30zhsk
80
+ JwYhjpqaVkDY/rJGRkRhQ3w=
81
81
  -----END CERTIFICATE-----
@@ -15,6 +15,24 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
15
15
  let(:node) { Puppet::Node.new(Puppet[:certname], environment: 'production')}
16
16
  let(:formatter) { Puppet::Network::FormatHandler.format(:rich_data_json) }
17
17
 
18
+ # Create temp fixtures since the agent will attempt to refresh the CA/CRL
19
+ before do
20
+ Puppet[:localcacert] = ca = tmpfile('ca')
21
+ Puppet[:hostcrl] = crl = tmpfile('crl')
22
+
23
+ copy_fixtures(%w[ca.pem intermediate.pem], ca)
24
+ copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
25
+ end
26
+
27
+ def copy_fixtures(sources, dest)
28
+ ssldir = File.join(PuppetSpec::FIXTURE_DIR, 'ssl')
29
+ File.open(dest, 'w') do |f|
30
+ sources.each do |s|
31
+ f.write(File.read(File.join(ssldir, s)))
32
+ end
33
+ end
34
+ end
35
+
18
36
  context 'server_list' do
19
37
  it "uses the first server in the list" do
20
38
  Puppet[:server_list] = '127.0.0.1'
@@ -835,23 +853,10 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
835
853
  end
836
854
  end
837
855
 
838
- def copy_fixtures(sources, dest)
839
- ssldir = File.join(PuppetSpec::FIXTURE_DIR, 'ssl')
840
- File.open(dest, 'w') do |f|
841
- sources.each do |s|
842
- f.write(File.read(File.join(ssldir, s)))
843
- end
844
- end
845
- end
846
-
847
856
  it "reloads the CRL between runs" do
848
- Puppet[:localcacert] = ca = tmpfile('ca')
849
- Puppet[:hostcrl] = crl = tmpfile('crl')
850
857
  Puppet[:hostcert] = cert = tmpfile('cert')
851
858
  Puppet[:hostprivkey] = key = tmpfile('key')
852
859
 
853
- copy_fixtures(%w[ca.pem intermediate.pem], ca)
854
- copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
855
860
  copy_fixtures(%w[127.0.0.1.pem], cert)
856
861
  copy_fixtures(%w[127.0.0.1-key.pem], key)
857
862
 
@@ -898,15 +903,10 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
898
903
  end
899
904
 
900
905
  it "refreshes the CA and CRL" do
901
- Puppet[:localcacert] = ca = tmpfile('ca')
902
- Puppet[:hostcrl] = crl = tmpfile('crl')
903
- copy_fixtures(%w[ca.pem intermediate.pem], ca)
904
- copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
905
-
906
906
  now = Time.now
907
907
  yesterday = now - (60 * 60 * 24)
908
- Puppet::FileSystem.touch(ca, mtime: yesterday)
909
- Puppet::FileSystem.touch(crl, mtime: yesterday)
908
+ Puppet::FileSystem.touch(Puppet[:localcacert], mtime: yesterday)
909
+ Puppet::FileSystem.touch(Puppet[:hostcrl], mtime: yesterday)
910
910
 
911
911
  server.start_server do |port|
912
912
  Puppet[:serverport] = port
@@ -920,17 +920,17 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
920
920
  end
921
921
 
922
922
  # If the CA is updated, then the CRL must be updated too
923
- expect(Puppet::FileSystem.stat(ca).mtime).to be >= now
924
- expect(Puppet::FileSystem.stat(crl).mtime).to be >= now
923
+ expect(Puppet::FileSystem.stat(Puppet[:localcacert]).mtime).to be >= now
924
+ expect(Puppet::FileSystem.stat(Puppet[:hostcrl]).mtime).to be >= now
925
925
  end
926
926
 
927
927
  it "refreshes only the CRL" do
928
- Puppet[:hostcrl] = crl = tmpfile('crl')
929
- copy_fixtures(%w[crl.pem intermediate-crl.pem], crl)
930
-
931
928
  now = Time.now
929
+ tomorrow = now + (60 * 60 * 24)
930
+ Puppet::FileSystem.touch(Puppet[:localcacert], mtime: tomorrow)
931
+
932
932
  yesterday = now - (60 * 60 * 24)
933
- Puppet::FileSystem.touch(crl, mtime: yesterday)
933
+ Puppet::FileSystem.touch(Puppet[:hostcrl], mtime: yesterday)
934
934
 
935
935
  server.start_server do |port|
936
936
  Puppet[:serverport] = port
@@ -943,7 +943,7 @@ describe "puppet agent", unless: Puppet::Util::Platform.jruby? do
943
943
  .and output(/Info: Refreshed CRL: /).to_stdout
944
944
  end
945
945
 
946
- expect(Puppet::FileSystem.stat(crl).mtime).to be >= now
946
+ expect(Puppet::FileSystem.stat(Puppet[:hostcrl]).mtime).to be >= now
947
947
  end
948
948
  end
949
949
 
@@ -763,5 +763,19 @@ class amod::bad_type {
763
763
  .and output(/Notify\[runs before file\]/).to_stdout
764
764
  .and output(/Validation of File.* failed: You cannot specify more than one of content, source, target/).to_stderr
765
765
  end
766
+
767
+ it "applies deferred sensitive file content" do
768
+ manifest = <<~END
769
+ file { '#{deferred_file}':
770
+ ensure => file,
771
+ content => Deferred('new', [Sensitive, "hello\n"])
772
+ }
773
+ END
774
+ apply.command_line.args = ['-e', manifest]
775
+ expect {
776
+ apply.run
777
+ }.to exit_with(0)
778
+ .and output(/ensure: changed \[redacted\] to \[redacted\]/).to_stdout
779
+ end
766
780
  end
767
781
  end
@@ -175,6 +175,22 @@ describe Puppet::HTTP::Client, unless: Puppet::Util::Platform.jruby? do
175
175
  end
176
176
  end
177
177
 
178
+ context 'ensure that retrying does not attempt to read the body after closing the connection' do
179
+ let(:client) { Puppet::HTTP::Client.new(retry_limit: 1) }
180
+ it 'raises a retry error instead' do
181
+ response_proc = -> (req, res) {
182
+ res['Retry-After'] = 1
183
+ res.status = 503
184
+ }
185
+
186
+ https_server.start_server(response_proc: response_proc) do |port|
187
+ uri = URI("https://127.0.0.1:#{port}")
188
+ kwargs = {headers: {'Content-Type' => 'text/plain'}, options: {ssl_context: root_context}}
189
+ expect{client.post(uri, '', **kwargs)}.to raise_error(Puppet::HTTP::TooManyRetryAfters)
190
+ end
191
+ end
192
+ end
193
+
178
194
  context 'persistent connections' do
179
195
  it "detects when the server has closed the connection and reconnects" do
180
196
  Puppet[:http_debug] = true
@@ -131,20 +131,13 @@ module Puppet
131
131
  def build_cert(name, issuer, opts = {})
132
132
  key = if opts[:key_type] == :ec
133
133
  key = OpenSSL::PKey::EC.generate('prime256v1')
134
+ elsif opts[:reuse_key]
135
+ key = opts[:reuse_key]
134
136
  else
135
137
  key = OpenSSL::PKey::RSA.new(2048)
136
138
  end
137
139
  cert = OpenSSL::X509::Certificate.new
138
- cert.public_key = if key.is_a?(OpenSSL::PKey::EC)
139
- # EC#public_key doesn't following the PKey API,
140
- # see https://github.com/ruby/openssl/issues/29
141
- point = key.public_key
142
- pubkey = OpenSSL::PKey::EC.new(point.group)
143
- pubkey.public_key = point
144
- pubkey
145
- else
146
- key.public_key
147
- end
140
+ cert.public_key = key
148
141
  cert.subject = OpenSSL::X509::Name.new([["CN", name]])
149
142
  cert.issuer = issuer
150
143
  cert.version = 2