Class: Puppet::SSL::StateMachine::NeedRenewedCert Private

# File 'lib/puppet/ssl/state_machine.rb', line 369

def next_state
  Puppet.debug(_("Renewing client certificate"))

  route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
  cert = OpenSSL::X509::Certificate.new(
    route.post_certificate_renewal(@ssl_context)[1]
  )

  # verify client cert before saving
  next_ctx = @ssl_provider.create_context(
    cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: @private_key, client_cert: cert
  )
  @cert_provider.save_client_cert(Puppet[:certname], cert)

  Puppet.info(_("Renewed client certificate: %{cert_digest}, not before '%{not_before}', not after '%{not_after}'") % { cert_digest: @machine.digest_as_hex(cert.to_pem), not_before: cert.not_before, not_after: cert.not_after })

  Done.new(@machine, next_ctx)
rescue Puppet::HTTP::ResponseError => e
  if e.response.code == 404
    Puppet.info(_("Certificate autorenewal has not been enabled on the server."))
  else
    Puppet.warning(_("Failed to automatically renew certificate: %{code} %{reason}") % { code: e.response.code, reason: e.response.reason })
  end
  Done.new(@machine, @ssl_context)
rescue => e
  Puppet.warning(_("Unable to automatically renew certificate: %{message}") % { message: e })
  Done.new(@machine, @ssl_context)
end

Class: Puppet::SSL::StateMachine::NeedRenewedCert Private

Overview

Instance Attribute Summary

Attributes inherited from KeySSLState

Attributes inherited from SSLState

Instance Method Summary collapse

Methods inherited from KeySSLState

Methods inherited from SSLState

Constructor Details

Instance Method Details

#next_state ⇒ Object

#next_state ⇒ `Object`