Class: Puppet::SSL::StateMachine::NeedRenewedCert Private
- Inherits:
-
KeySSLState
- Object
- SSLState
- KeySSLState
- Puppet::SSL::StateMachine::NeedRenewedCert
- Defined in:
- lib/puppet/ssl/state_machine.rb
Overview
This class is part of a private API. You should avoid using this class if possible, as it may be removed or be changed in the future.
Class to renew a client/host certificate automatically.
Instance Attribute Summary
Attributes inherited from KeySSLState
Attributes inherited from SSLState
Instance Method Summary collapse
- #next_state ⇒ Object private
Methods inherited from KeySSLState
Methods inherited from SSLState
#initialize, #log_error, #to_error
Constructor Details
This class inherits a constructor from Puppet::SSL::StateMachine::KeySSLState
Instance Method Details
#next_state ⇒ Object
This method is part of a private API. You should avoid using this method if possible, as it may be removed or be changed in the future.
369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 |
# File 'lib/puppet/ssl/state_machine.rb', line 369 def next_state Puppet.debug(_("Renewing client certificate")) route = @machine.session.route_to(:ca, ssl_context: @ssl_context) cert = OpenSSL::X509::Certificate.new( route.post_certificate_renewal(@ssl_context)[1] ) # verify client cert before saving next_ctx = @ssl_provider.create_context( cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: @private_key, client_cert: cert ) @cert_provider.save_client_cert(Puppet[:certname], cert) Puppet.info(_("Renewed client certificate: %{cert_digest}, not before '%{not_before}', not after '%{not_after}'") % { cert_digest: @machine.digest_as_hex(cert.to_pem), not_before: cert.not_before, not_after: cert.not_after }) Done.new(@machine, next_ctx) rescue Puppet::HTTP::ResponseError => e if e.response.code == 404 Puppet.info(_("Certificate autorenewal has not been enabled on the server.")) else Puppet.warning(_("Failed to automatically renew certificate: %{code} %{reason}") % { code: e.response.code, reason: e.response.reason }) end Done.new(@machine, @ssl_context) rescue => e Puppet.warning(_("Unable to automatically renew certificate: %{message}") % { message: e. }) Done.new(@machine, @ssl_context) end |