Class: Puppet::SSL::StateMachine::NeedCert
- Inherits:
-
KeySSLState
- Object
- SSLState
- KeySSLState
- Puppet::SSL::StateMachine::NeedCert
- Defined in:
- lib/puppet/ssl/state_machine.rb
Overview
Attempt to load or retrieve our signed cert.
Instance Attribute Summary
Attributes inherited from KeySSLState
Attributes inherited from SSLState
Instance Method Summary collapse
Methods inherited from KeySSLState
Methods inherited from SSLState
Constructor Details
This class inherits a constructor from Puppet::SSL::StateMachine::KeySSLState
Instance Method Details
#next_state ⇒ Object
232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 |
# File 'lib/puppet/ssl/state_machine.rb', line 232 def next_state Puppet.debug(_("Downloading client certificate")) route = @machine.session.route_to(:ca, ssl_context: @ssl_context) cert = OpenSSL::X509::Certificate.new( route.get_certificate(Puppet[:certname], ssl_context: @ssl_context) ) Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url } # verify client cert before saving next_ctx = @ssl_provider.create_context( cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: @private_key, client_cert: cert ) @cert_provider.save_client_cert(Puppet[:certname], cert) @cert_provider.delete_request(Puppet[:certname]) Done.new(@machine, next_ctx) rescue Puppet::SSL::SSLError => e Error.new(@machine, e., e) rescue OpenSSL::X509::CertificateError => e Error.new(@machine, _("Failed to parse certificate: %{message}") % {message: e.}, e) rescue Puppet::HTTP::ResponseError => e if e.response.code == 404 Puppet.info(_("Certificate for %{certname} has not been signed yet") % {certname: Puppet[:certname]}) $stdout.puts _("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}).") % { name: Puppet[:certname] } Wait.new(@machine) else to_error(_("Failed to retrieve certificate for %{certname}: %{message}") % {certname: Puppet[:certname], message: e.response.}, e) end end |