puppetlabs-stdlib

opuppet/puppetlabs-stdlib

Fork 0

Commit graph

Author	SHA1	Message	Date
Matt Bostock	41f9319bbd	Change order of tests to be more logical Put the tests using a valid certificate fixture together and put tests using a valid key fixture together.	2016-01-08 11:09:45 +00:00
Matt Bostock	4acba73b00	Test certificate and key with a truncated middle Test a valid certificate and valid key that have had 48 characters removed from their middle, to simulate a malformed certificate and key. Suggested by @DavidS in https://github.com/puppetlabs/puppetlabs-stdlib/pull/552	2016-01-08 11:09:45 +00:00
Matt Bostock	97320ab421	Add a function to validate an x509 RSA key pair Add a function to validate an x509 RSA certificate and key pair, as commonly used for TLS certificates. The rationale behind this is that we store our TLS certificates and private keys in Hiera YAML files, and poor indentation or formatting in the YAML file could cause a valid certificate to be considered invalid. Will cause the Puppet run to fail if: - an invalid certificate is detected - an invalid RSA key is detected - the certificate does not match the key, i.e. the certificate has not been signed by the supplied key The test certificates I've used in the spec tests were generated using the Go standard library: $ go run $GOROOT/src/crypto/tls/generate_cert.go -host localhost Example output: ==> cache-1.router: Error: Not a valid RSA key: Neither PUB key nor PRIV key:: nested asn1 error at /var/govuk/puppet/modules/nginx/manifests/config/ssl.pp:30 on node cache-1.router.dev.gov.uk	2016-01-08 11:09:45 +00:00

Author

SHA1

Message

Date

Matt Bostock

41f9319bbd

Change order of tests to be more logical

Put the tests using a valid certificate fixture together and put tests
using a valid key fixture together.

2016-01-08 11:09:45 +00:00

Matt Bostock

4acba73b00

Test certificate and key with a truncated middle

Test a valid certificate and valid key that have had 48 characters
removed from their middle, to simulate a malformed certificate and key.

Suggested by @DavidS in https://github.com/puppetlabs/puppetlabs-stdlib/pull/552

2016-01-08 11:09:45 +00:00

Matt Bostock

97320ab421

Add a function to validate an x509 RSA key pair

Add a function to validate an x509 RSA certificate and key pair, as
commonly used for TLS certificates.

The rationale behind this is that we store our TLS certificates and
private keys in Hiera YAML files, and poor indentation or formatting in
the YAML file could cause a valid certificate to be considered invalid.

Will cause the Puppet run to fail if:

- an invalid certificate is detected
- an invalid RSA key is detected
- the certificate does not match the key, i.e. the certificate
  has not been signed by the supplied key

The test certificates I've used in the spec tests were generated using
the Go standard library:

    $ go run $GOROOT/src/crypto/tls/generate_cert.go -host localhost

Example output:

    ==> cache-1.router: Error: Not a valid RSA key: Neither PUB key nor PRIV key:: nested asn1 error at /var/govuk/puppet/modules/nginx/manifests/config/ssl.pp:30 on node cache-1.router.dev.gov.uk

2016-01-08 11:09:45 +00:00

3 commits