Class: Puppet::SSL::StateMachine::NeedCert Private
- Inherits:
-
KeySSLState
- Object
- SSLState
- KeySSLState
- Puppet::SSL::StateMachine::NeedCert
- Defined in:
- lib/puppet/ssl/state_machine.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Attempt to load or retrieve our signed cert.
Instance Attribute Summary
Attributes inherited from KeySSLState
Attributes inherited from SSLState
Instance Method Summary collapse
- #next_state ⇒ Object private
Methods inherited from KeySSLState
Methods inherited from SSLState
#initialize, #log_error, #to_error
Constructor Details
This class inherits a constructor from Puppet::SSL::StateMachine::KeySSLState
Instance Method Details
#next_state ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 |
# File 'lib/puppet/ssl/state_machine.rb', line 241 def next_state Puppet.debug(_("Downloading client certificate")) route = @machine.session.route_to(:ca, ssl_context: @ssl_context) cert = OpenSSL::X509::Certificate.new( route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)[1] ) Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url } # verify client cert before saving next_ctx = @ssl_provider.create_context( cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: @private_key, client_cert: cert ) @cert_provider.save_client_cert(Puppet[:certname], cert) @cert_provider.delete_request(Puppet[:certname]) Done.new(@machine, next_ctx) rescue Puppet::SSL::SSLError => e Error.new(@machine, e., e) rescue OpenSSL::X509::CertificateError => e Error.new(@machine, _("Failed to parse certificate: %{message}") % {message: e.}, e) rescue Puppet::HTTP::ResponseError => e if e.response.code == 404 Puppet.info(_("Certificate for %{certname} has not been signed yet") % {certname: Puppet[:certname]}) $stdout.puts _("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}).") % { name: Puppet[:certname] } Wait.new(@machine) else to_error(_("Failed to retrieve certificate for %{certname}: %{message}") % {certname: Puppet[:certname], message: e.response.}, e) end end |