Class: Puppet::SSL::StateMachine
- Defined in:
- lib/puppet/ssl/state_machine.rb
Overview
This class implements a state machine for bootstrapping a host’s CA and CRL bundles, private key and signed client certificate. Each state has a frozen SSLContext that it uses to make network connections. If a state makes progress bootstrapping the host, then the state will generate a new frozen SSLContext and pass that to the next state. For example, the NeedCACerts state will load or download a CA bundle, and generate a new SSLContext containing those CA certs. This way we’re sure about which SSLContext is being used during any phase of the bootstrapping process.
Defined Under Namespace
Classes: Done, KeySSLState, NeedCACerts, NeedCRLs, NeedCert, NeedKey, NeedSubmitCSR, SSLState, Wait
Constant Summary collapse
- CA_NAME =
'ca'.freeze
Instance Attribute Summary collapse
-
#onetime ⇒ Object
readonly
Returns the value of attribute onetime.
-
#waitforcert ⇒ Object
readonly
Returns the value of attribute waitforcert.
Instance Method Summary collapse
-
#ensure_ca_certificates ⇒ Puppet::SSL::SSLContext
Run the state machine for CA certs and CRLs.
-
#ensure_client_certificate ⇒ Puppet::SSL::SSLContext
Run the state machine for CA certs and CRLs.
-
#initialize(onetime: , waitforcert: ) ⇒ StateMachine
constructor
A new instance of StateMachine.
Constructor Details
#initialize(onetime: , waitforcert: ) ⇒ StateMachine
Returns a new instance of StateMachine.
210 211 212 213 |
# File 'lib/puppet/ssl/state_machine.rb', line 210 def initialize(onetime: Puppet[:onetime], waitforcert: Puppet[:waitforcert]) @onetime = onetime @waitforcert = waitforcert end |
Instance Attribute Details
#onetime ⇒ Object (readonly)
Returns the value of attribute onetime.
208 209 210 |
# File 'lib/puppet/ssl/state_machine.rb', line 208 def onetime @onetime end |
#waitforcert ⇒ Object (readonly)
Returns the value of attribute waitforcert.
208 209 210 |
# File 'lib/puppet/ssl/state_machine.rb', line 208 def waitforcert @waitforcert end |
Instance Method Details
#ensure_ca_certificates ⇒ Puppet::SSL::SSLContext
Run the state machine for CA certs and CRLs
218 219 220 221 |
# File 'lib/puppet/ssl/state_machine.rb', line 218 def ensure_ca_certificates final_state = run_machine(NeedCACerts.new(self), NeedKey) final_state.ssl_context end |
#ensure_client_certificate ⇒ Puppet::SSL::SSLContext
Run the state machine for CA certs and CRLs
226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 |
# File 'lib/puppet/ssl/state_machine.rb', line 226 def ensure_client_certificate final_state = run_machine(NeedCACerts.new(self), Done) ssl_context = final_state.ssl_context if Puppet::Util::Log.sendlevel?(:debug) chain = ssl_context.client_chain # print from root to client chain.reverse.each_with_index do |cert, i| digest = Puppet::SSL::Digest.new('SHA256', cert.to_der) if i == chain.length - 1 Puppet.debug(_("Verified client certificate '%{subject}' fingerprint %{digest}") % {subject: cert.subject.to_s, digest: digest}) else Puppet.debug(_("Verified CA certificate '%{subject}' fingerprint %{digest}") % {subject: cert.subject.to_s, digest: digest}) end end end ssl_context end |