Method: Puppet::SSL::StateMachine::NeedKey#next_state

Defined in:
lib/puppet/ssl/state_machine.rb

#next_stateObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
 
# File 'lib/puppet/ssl/state_machine.rb', line 255

def next_state
  Puppet.debug(_("Loading/generating private key"))

  password = @cert_provider.load_private_key_password
  key = @cert_provider.load_private_key(Puppet[:certname], password: password)
  if key
    cert = @cert_provider.load_client_cert(Puppet[:certname])
    if cert
      next_ctx = @ssl_provider.create_context(
        cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: key, client_cert: cert
      )
      if needs_refresh?(cert)
        return NeedRenewedCert.new(@machine, next_ctx, key)
      else
        return Done.new(@machine, next_ctx)
      end
    end
  else
    if Puppet[:key_type] == 'ec'
      Puppet.info _("Creating a new EC SSL key for %{name} using curve %{curve}") % { name: Puppet[:certname], curve: Puppet[:named_curve] }
      key = OpenSSL::PKey::EC.generate(Puppet[:named_curve])
    else
      Puppet.info _("Creating a new RSA SSL key for %{name}") % { name: Puppet[:certname] }
      key = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
    end

    @cert_provider.save_private_key(Puppet[:certname], key, password: password)
  end

  NeedSubmitCSR.new(@machine, @ssl_context, key)
end