summaryrefslogtreecommitdiff
path: root/spec/acceptance/validate_hash_spec.rb
diff options
context:
space:
mode:
authorMatt Bostock <matt@mattbostock.com>2015-11-23 23:45:23 +0000
committerMatt Bostock <matt@mattbostock.com>2016-01-08 11:09:45 +0000
commit97320ab42121a10b76c642b8378c82a888148e4b (patch)
treebf92502d1d5399d8e086be6b39d05552d0911168 /spec/acceptance/validate_hash_spec.rb
parentef0c13b1afdd5fd339083015d387d669acd67066 (diff)
downloadpuppet-stdlib-97320ab42121a10b76c642b8378c82a888148e4b.tar.gz
puppet-stdlib-97320ab42121a10b76c642b8378c82a888148e4b.tar.bz2
Add a function to validate an x509 RSA key pair
Add a function to validate an x509 RSA certificate and key pair, as commonly used for TLS certificates. The rationale behind this is that we store our TLS certificates and private keys in Hiera YAML files, and poor indentation or formatting in the YAML file could cause a valid certificate to be considered invalid. Will cause the Puppet run to fail if: - an invalid certificate is detected - an invalid RSA key is detected - the certificate does not match the key, i.e. the certificate has not been signed by the supplied key The test certificates I've used in the spec tests were generated using the Go standard library: $ go run $GOROOT/src/crypto/tls/generate_cert.go -host localhost Example output: ==> cache-1.router: Error: Not a valid RSA key: Neither PUB key nor PRIV key:: nested asn1 error at /var/govuk/puppet/modules/nginx/manifests/config/ssl.pp:30 on node cache-1.router.dev.gov.uk
Diffstat (limited to 'spec/acceptance/validate_hash_spec.rb')
0 files changed, 0 insertions, 0 deletions