Class: Puppet::SSL::StateMachine::NeedKey Private

Inherits:
SSLState show all
Defined in:
lib/puppet/ssl/state_machine.rb

Overview

This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.

Load or generate a private key. If the key exists, try to load the client cert and transition to Done. If the cert is mismatched or otherwise fails valiation, raise an error. If the key doesn’t exist yet, generate one, and save it. If the cert doesn’t exist yet, transition to NeedSubmitCSR.

Instance Attribute Summary

Attributes inherited from SSLState

#ssl_context

Instance Method Summary collapse

Methods inherited from SSLState

#initialize, #log_error, #to_error

Constructor Details

This class inherits a constructor from Puppet::SSL::StateMachine::SSLState

Instance Method Details

#next_stateObject

This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future. 



255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
 
# File 'lib/puppet/ssl/state_machine.rb', line 255

def next_state
  Puppet.debug(_("Loading/generating private key"))

  password = @cert_provider.load_private_key_password
  key = @cert_provider.load_private_key(Puppet[:certname], password: password)
  if key
    cert = @cert_provider.load_client_cert(Puppet[:certname])
    if cert
      next_ctx = @ssl_provider.create_context(
        cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: key, client_cert: cert
      )
      if needs_refresh?(cert)
        return NeedRenewedCert.new(@machine, next_ctx, key)
      else
        return Done.new(@machine, next_ctx)
      end
    end
  else
    if Puppet[:key_type] == 'ec'
      Puppet.info _("Creating a new EC SSL key for %{name} using curve %{curve}") % { name: Puppet[:certname], curve: Puppet[:named_curve] }
      key = OpenSSL::PKey::EC.generate(Puppet[:named_curve])
    else
      Puppet.info _("Creating a new RSA SSL key for %{name}") % { name: Puppet[:certname] }
      key = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
    end

    @cert_provider.save_private_key(Puppet[:certname], key, password: password)
  end

  NeedSubmitCSR.new(@machine, @ssl_context, key)
end