Class: Puppet::SSL::StateMachine::NeedCert

Inherits:
KeySSLState show all
Defined in:
lib/puppet/ssl/state_machine.rb

Overview

Attempt to load or retrieve our signed cert.

Instance Attribute Summary

Attributes inherited from KeySSLState

#private_key

Attributes inherited from SSLState

#ssl_context

Instance Method Summary collapse

Methods inherited from KeySSLState

#initialize

Methods inherited from SSLState

#initialize, #to_error

Constructor Details

This class inherits a constructor from Puppet::SSL::StateMachine::KeySSLState

Instance Method Details

#next_stateObject


232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
# File 'lib/puppet/ssl/state_machine.rb', line 232

def next_state
  Puppet.debug(_("Downloading client certificate"))

  route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
  cert = OpenSSL::X509::Certificate.new(
    route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)
  )
  Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url }
  # verify client cert before saving
  next_ctx = @ssl_provider.create_context(
    cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: @private_key, client_cert: cert
  )
  @cert_provider.save_client_cert(Puppet[:certname], cert)
  @cert_provider.delete_request(Puppet[:certname])
  Done.new(@machine, next_ctx)
rescue Puppet::SSL::SSLError => e
  Error.new(@machine, e.message, e)
rescue OpenSSL::X509::CertificateError => e
  Error.new(@machine, _("Failed to parse certificate: %{message}") % {message: e.message}, e)
rescue Puppet::HTTP::ResponseError => e
  if e.response.code == 404
    Puppet.info(_("Certificate for %{certname} has not been signed yet") % {certname: Puppet[:certname]})
    $stdout.puts _("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}).") % { name: Puppet[:certname] }
    Wait.new(@machine)
  else
    to_error(_("Failed to retrieve certificate for %{certname}: %{message}") %
             {certname: Puppet[:certname], message: e.response.message}, e)
  end
end