From 7e94fd61d4bae76a830448daa0d72b8d13891e4b Mon Sep 17 00:00:00 2001
From: Pete Higgins <pete@peterhiggins.org>
Date: Thu, 17 Dec 2020 11:06:00 -0800
Subject: Don't pollute trusted_certs test data to keep bootstrap tests happy.

Signed-off-by: Pete Higgins <pete@peterhiggins.org>
---
 spec/data/ssl/binary/chef-rspec-der.cert | Bin 0 -> 1174 bytes
 spec/data/ssl/binary/chef-rspec-der.key  | Bin 0 -> 1191 bytes
 spec/data/ssl/chef-rspec-der.cert        | Bin 1174 -> 0 bytes
 spec/data/ssl/chef-rspec-der.key         | Bin 1191 -> 0 bytes
 spec/data/trusted_certs/example_der.crt  | Bin 1174 -> 0 bytes
 spec/unit/http/ssl_policies_spec.rb      |  27 +++++++++++++++++----------
 6 files changed, 17 insertions(+), 10 deletions(-)
 create mode 100644 spec/data/ssl/binary/chef-rspec-der.cert
 create mode 100644 spec/data/ssl/binary/chef-rspec-der.key
 delete mode 100644 spec/data/ssl/chef-rspec-der.cert
 delete mode 100644 spec/data/ssl/chef-rspec-der.key
 delete mode 100644 spec/data/trusted_certs/example_der.crt

diff --git a/spec/data/ssl/binary/chef-rspec-der.cert b/spec/data/ssl/binary/chef-rspec-der.cert
new file mode 100644
index 0000000000..e49df6252a
Binary files /dev/null and b/spec/data/ssl/binary/chef-rspec-der.cert differ
diff --git a/spec/data/ssl/binary/chef-rspec-der.key b/spec/data/ssl/binary/chef-rspec-der.key
new file mode 100644
index 0000000000..d8adadc5c9
Binary files /dev/null and b/spec/data/ssl/binary/chef-rspec-der.key differ
diff --git a/spec/data/ssl/chef-rspec-der.cert b/spec/data/ssl/chef-rspec-der.cert
deleted file mode 100644
index e49df6252a..0000000000
Binary files a/spec/data/ssl/chef-rspec-der.cert and /dev/null differ
diff --git a/spec/data/ssl/chef-rspec-der.key b/spec/data/ssl/chef-rspec-der.key
deleted file mode 100644
index d8adadc5c9..0000000000
Binary files a/spec/data/ssl/chef-rspec-der.key and /dev/null differ
diff --git a/spec/data/trusted_certs/example_der.crt b/spec/data/trusted_certs/example_der.crt
deleted file mode 100644
index e49df6252a..0000000000
Binary files a/spec/data/trusted_certs/example_der.crt and /dev/null differ
diff --git a/spec/unit/http/ssl_policies_spec.rb b/spec/unit/http/ssl_policies_spec.rb
index 2eda19a4e2..6fc00b5fd9 100644
--- a/spec/unit/http/ssl_policies_spec.rb
+++ b/spec/unit/http/ssl_policies_spec.rb
@@ -116,7 +116,7 @@ describe "HTTP SSL Policy" do
       end
 
       it "configures the HTTP client's cert and private key with a DER encoded cert" do
-        Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec-der.cert"
+        Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/binary/chef-rspec-der.cert"
         Chef::Config[:ssl_client_key]  = CHEF_SPEC_DATA + "/ssl/chef-rspec.key"
         expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s)
         expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s)
@@ -124,7 +124,7 @@ describe "HTTP SSL Policy" do
 
       it "configures the HTTP client's cert and private key with a DER encoded key" do
         Chef::Config[:ssl_client_cert] = CHEF_SPEC_DATA + "/ssl/chef-rspec.cert"
-        Chef::Config[:ssl_client_key]  = CHEF_SPEC_DATA + "/ssl/chef-rspec-der.key"
+        Chef::Config[:ssl_client_key]  = CHEF_SPEC_DATA + "/ssl/binary/chef-rspec-der.key"
         expect(http_client.cert.to_s).to eq(OpenSSL::X509::Certificate.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.cert")).to_s)
         expect(http_client.key.to_s).to eq(OpenSSL::PKey::RSA.new(IO.read(CHEF_SPEC_DATA + "/ssl/chef-rspec.key")).to_s)
       end
@@ -164,17 +164,24 @@ describe "HTTP SSL Policy" do
         ssl_policy.set_custom_certs
         ssl_policy.set_custom_certs # should not raise an error
       end
-    end
 
-    it "raises ConfigurationError with a bad cert file in the trusted_certs dir" do
-      ssl_policy = ssl_policy_class.new(Net::HTTP.new("example.com"))
+      it "raises ConfigurationError with a bad cert file in the trusted_certs dir" do
+        ssl_policy = ssl_policy_class.new(Net::HTTP.new("example.com"))
+
+        Dir.mktmpdir do |dir|
+          bad_cert_file = File.join(dir, "bad_cert_file.crt")
+          File.write(bad_cert_file, File.read(__FILE__))
 
-      Dir.mktmpdir do |dir|
-        bad_cert_file = File.join(dir, "bad_cert_file.crt")
-        File.binwrite(bad_cert_file, File.read(__FILE__))
+          Chef::Config.trusted_certs_dir = dir
+          expect { ssl_policy.set_custom_certs }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading cert file/)
+        end
+      end
 
-        Chef::Config.trusted_certs_dir = dir
-        expect { ssl_policy.set_custom_certs }.to raise_error(Chef::Exceptions::ConfigurationError, /Error reading cert file/)
+      it "works with binary certs" do
+        Chef::Config.trusted_certs_dir = File.join(CHEF_SPEC_DATA, "ssl", "binary")
+
+        ssl_policy = ssl_policy_class.new(Net::HTTP.new("example.com"))
+        ssl_policy.set_custom_certs
       end
     end
   end
-- 
cgit v1.2.1