Class: Puppet::SSL::StateMachine::NeedCACerts Private
- Defined in:
- lib/puppet/ssl/state_machine.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Load existing CA certs or download them. Transition to NeedCRLs.
Instance Attribute Summary
Attributes inherited from SSLState
Instance Method Summary collapse
-
#initialize(machine) ⇒ NeedCACerts
constructor
private
A new instance of NeedCACerts.
- #next_state ⇒ Object private
Methods inherited from SSLState
Constructor Details
#initialize(machine) ⇒ NeedCACerts
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns a new instance of NeedCACerts.
44 45 46 47 |
# File 'lib/puppet/ssl/state_machine.rb', line 44 def initialize(machine) super(machine, nil) @ssl_context = @ssl_provider.create_insecure_context end |
Instance Method Details
#next_state ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 |
# File 'lib/puppet/ssl/state_machine.rb', line 49 def next_state Puppet.debug("Loading CA certs") cacerts = @cert_provider.load_cacerts if cacerts next_ctx = @ssl_provider.create_root_context(cacerts: cacerts, revocation: false) else route = @machine.session.route_to(:ca, ssl_context: @ssl_context) _, pem = route.get_certificate(Puppet::SSL::CA_NAME, ssl_context: @ssl_context) if @machine.ca_fingerprint actual_digest = Puppet::SSL::Digest.new(@machine.digest, pem).to_hex expected_digest = @machine.ca_fingerprint.scan(/../).join(':').upcase if actual_digest == expected_digest Puppet.info(_("Verified CA bundle with digest (%{digest_type}) %{actual_digest}") % { digest_type: @machine.digest, actual_digest: actual_digest }) else e = Puppet::Error.new(_("CA bundle with digest (%{digest_type}) %{actual_digest} did not match expected digest %{expected_digest}") % { digest_type: @machine.digest, actual_digest: actual_digest, expected_digest: expected_digest }) return Error.new(@machine, e., e) end end cacerts = @cert_provider.load_cacerts_from_pem(pem) # verify cacerts before saving next_ctx = @ssl_provider.create_root_context(cacerts: cacerts, revocation: false) @cert_provider.save_cacerts(cacerts) end NeedCRLs.new(@machine, next_ctx) rescue OpenSSL::X509::CertificateError => e Error.new(@machine, e., e) rescue Puppet::HTTP::ResponseError => e if e.response.code == 404 to_error(_('CA certificate is missing from the server'), e) else to_error(_('Could not download CA certificate: %{message}') % { message: e. }, e) end end |