Class: Puppet::SSL::StateMachine::NeedCert

Inherits:

KeySSLState

• Object
• SSLState
• KeySSLState
• Puppet::SSL::StateMachine::NeedCert

Defined in:

lib/puppet/ssl/state_machine.rb

Overview

Attempt to load or retrieve our signed cert.

Instance Attribute Summary

Attributes inherited from KeySSLState

#private_key

Attributes inherited from SSLState

#ssl_context

Instance Method Summary

• #next_state ⇒ Object

Methods inherited from KeySSLState

#initialize

Methods inherited from SSLState

#initialize

Constructor Details

This class inherits a constructor from Puppet::SSL::StateMachine::KeySSLState

Instance Method Details

#next_state ⇒ Object

# File 'lib/puppet/ssl/state_machine.rb', line 157

def next_state
  cert = OpenSSL::X509::Certificate.new(
    Puppet::Rest::Routes.get_certificate(Puppet[:certname], @ssl_context)
  )
  # verify client cert before saving
  next_ctx = @ssl_provider.create_context(
    cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: @private_key, client_cert: cert
  )
  @cert_provider.save_client_cert(Puppet[:certname], cert)
  @cert_provider.delete_request(Puppet[:certname])
  Done.new(@machine, next_ctx)
rescue Puppet::SSL::SSLError => e
  Puppet.log_exception(e)
  Wait.new(@machine, @ssl_context)
rescue OpenSSL::X509::CertificateError => e
  Puppet.log_exception(e, _("Failed to parse certificate: %{message}") % {message: e.message})
  Wait.new(@machine, @ssl_context)
rescue Puppet::Rest::ResponseError => e
  if e.response.code.to_i == 404
    Puppet.info(_("Certificate for %{certname} has not been signed yet") % {certname: Puppet[:certname]})
  else
    Puppet.log_exception(e, _("Failed to retrieve certificate for %{certname}: %{message}") %
                         {certname: Puppet[:certname], message: e.response.message})
  end
  Wait.new(@machine, @ssl_context)
end