Class: Puppet::SSL::StateMachine::NeedCert

# File 'lib/puppet/ssl/state_machine.rb', line 232

def next_state
  Puppet.debug(_("Downloading client certificate"))

  route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
  cert = OpenSSL::X509::Certificate.new(
    route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)
  )
  Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url }
  # verify client cert before saving
  next_ctx = @ssl_provider.create_context(
    cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: @private_key, client_cert: cert
  )
  @cert_provider.save_client_cert(Puppet[:certname], cert)
  @cert_provider.delete_request(Puppet[:certname])
  Done.new(@machine, next_ctx)
rescue Puppet::SSL::SSLError => e
  Error.new(@machine, e.message, e)
rescue OpenSSL::X509::CertificateError => e
  Error.new(@machine, _("Failed to parse certificate: %{message}") % {message: e.message}, e)
rescue Puppet::HTTP::ResponseError => e
  if e.response.code == 404
    Puppet.info(_("Certificate for %{certname} has not been signed yet") % {certname: Puppet[:certname]})
    $stdout.puts _("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}).") % { name: Puppet[:certname] }
    Wait.new(@machine)
  else
    to_error(_("Failed to retrieve certificate for %{certname}: %{message}") %
             {certname: Puppet[:certname], message: e.response.message}, e)
  end
end

Class: Puppet::SSL::StateMachine::NeedCert

Overview

Instance Attribute Summary

Attributes inherited from KeySSLState

Attributes inherited from SSLState

Instance Method Summary collapse

Methods inherited from KeySSLState

Methods inherited from SSLState

Constructor Details

Instance Method Details

#next_state ⇒ Object

#next_state ⇒ `Object`