Class: Puppet::SSL::StateMachine::NeedCert Private

Inherits:
KeySSLState show all
Defined in:
lib/puppet/ssl/state_machine.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Attempt to load or retrieve our signed cert.

Instance Attribute Summary

Attributes inherited from KeySSLState

#private_key

Attributes inherited from SSLState

#ssl_context

Instance Method Summary collapse

Methods inherited from KeySSLState

#initialize

Methods inherited from SSLState

#initialize, #log_error, #to_error

Constructor Details

This class inherits a constructor from Puppet::SSL::StateMachine::KeySSLState

Instance Method Details

#next_stateObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
 
# File 'lib/puppet/ssl/state_machine.rb', line 316

def next_state
  Puppet.debug(_("Downloading client certificate"))

  route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
  cert = OpenSSL::X509::Certificate.new(
    route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)[1]
  )
  Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url }
  # verify client cert before saving
  next_ctx = @ssl_provider.create_context(
    cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: @private_key, client_cert: cert
  )
  @cert_provider.save_client_cert(Puppet[:certname], cert)
  @cert_provider.delete_request(Puppet[:certname])
  Done.new(@machine, next_ctx)
rescue Puppet::SSL::SSLError => e
  Error.new(@machine, e.message, e)
rescue OpenSSL::X509::CertificateError => e
  Error.new(@machine, _("Failed to parse certificate: %{message}") % {message: e.message}, e)
rescue Puppet::HTTP::ResponseError => e
  if e.response.code == 404
    Puppet.info(_("Certificate for %{certname} has not been signed yet") % {certname: Puppet[:certname]})
    $stdout.puts _("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}).") % { name: Puppet[:certname] }
    Wait.new(@machine)
  else
    to_error(_("Failed to retrieve certificate for %{certname}: %{message}") %
             {certname: Puppet[:certname], message: e.response.message}, e)
  end
end