Class: Puppet::SSL::StateMachine::NeedSubmitCSR

Inherits:
KeySSLState show all
Defined in:
lib/puppet/ssl/state_machine.rb

Overview

Generate and submit a CSR using the CA cert bundle and optional CRL bundle from earlier states. If the request is submitted, proceed to NeedCert, otherwise Wait. This could be due to the server already having a CSR for this host (either the same or different CSR content), having a signed certificate, or a revoked certificate.

Instance Attribute Summary

Attributes inherited from KeySSLState

#private_key

Attributes inherited from SSLState

#ssl_context

Instance Method Summary collapse

Methods inherited from KeySSLState

#initialize

Methods inherited from SSLState

#initialize, #to_error

Constructor Details

This class inherits a constructor from Puppet::SSL::StateMachine::KeySSLState

Instance Method Details

#next_stateObject


212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
# File 'lib/puppet/ssl/state_machine.rb', line 212

def next_state
  Puppet.debug(_("Generating and submitting a CSR"))

  csr = @cert_provider.create_request(Puppet[:certname], @private_key)
  route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
  route.put_certificate_request(Puppet[:certname], csr, ssl_context: @ssl_context)
  @cert_provider.save_request(Puppet[:certname], csr)
  NeedCert.new(@machine, @ssl_context, @private_key)
rescue Puppet::HTTP::ResponseError => e
  if e.response.code == 400
    NeedCert.new(@machine, @ssl_context, @private_key)
  else
    to_error(_("Failed to submit the CSR, HTTP response was %{code}") % { code: e.response.code }, e)
  end
end