Class: Puppet::SSL::StateMachine::NeedCRLs Private
- Defined in:
- lib/puppet/ssl/state_machine.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
If revocation is enabled, load CRLs or download them, using the CA bundle from the previous state. Transition to NeedKey. Even if Puppet is leaf or chain, disable revocation when downloading the CRL, since 1) we may not have one yet or 2) the connection will fail if NeedCACerts downloaded a new CA for which we don’t have a CRL
Instance Attribute Summary collapse
- #force_crl_refresh ⇒ Object readonly private
Attributes inherited from SSLState
Instance Method Summary collapse
-
#initialize(machine, ssl_context, force_crl_refresh = false) ⇒ NeedCRLs
constructor
private
A new instance of NeedCRLs.
- #next_state ⇒ Object private
Methods inherited from SSLState
Constructor Details
#initialize(machine, ssl_context, force_crl_refresh = false) ⇒ NeedCRLs
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
Returns a new instance of NeedCRLs.
160 161 162 163 |
# File 'lib/puppet/ssl/state_machine.rb', line 160 def initialize(machine, ssl_context, force_crl_refresh = false) super(machine, ssl_context) @force_crl_refresh = force_crl_refresh end |
Instance Attribute Details
#force_crl_refresh ⇒ Object (readonly)
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
158 159 160 |
# File 'lib/puppet/ssl/state_machine.rb', line 158 def force_crl_refresh @force_crl_refresh end |
Instance Method Details
#next_state ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 |
# File 'lib/puppet/ssl/state_machine.rb', line 165 def next_state Puppet.debug("Loading CRLs") case Puppet[:certificate_revocation] when :chain, :leaf crls = @cert_provider.load_crls if crls next_ctx = @ssl_provider.create_root_context(cacerts: ssl_context[:cacerts], crls: crls) now = Time.now last_update = @cert_provider.crl_last_update if needs_refresh?(now, last_update) next_ctx = refresh_crl(next_ctx, last_update) end else next_ctx = download_crl(@ssl_context, nil) end else Puppet.info("Certificate revocation is disabled, skipping CRL download") next_ctx = @ssl_provider.create_root_context(cacerts: ssl_context[:cacerts], crls: []) end NeedKey.new(@machine, next_ctx) rescue OpenSSL::X509::CRLError => e Error.new(@machine, e., e) rescue Puppet::HTTP::ResponseError => e if e.response.code == 404 to_error(_('CRL is missing from the server'), e) else to_error(_('Could not download CRLs: %{message}') % { message: e. }, e) end end |