class Puppet::SSL::StateMachine::NeedKey

Load or generate a private key. If the key exists, try to load the client cert and transition to Done. If the cert is mismatched or otherwise fails valiation, raise an error. If the key doesn't exist yet, generate one, and save it. If the cert doesn't exist yet, transition to NeedSubmitCSR.

Public Instance Methods

next_state() click to toggle source
    # File lib/puppet/ssl/state_machine.rb
165 def next_state
166   Puppet.debug(_("Loading/generating private key"))
167 
168   password = @cert_provider.load_private_key_password
169   key = @cert_provider.load_private_key(Puppet[:certname], password: password)
170   if key
171     cert = @cert_provider.load_client_cert(Puppet[:certname])
172     if cert
173       next_ctx = @ssl_provider.create_context(
174         cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: key, client_cert: cert
175       )
176       return Done.new(@machine, next_ctx)
177     end
178   else
179     if Puppet[:key_type] == 'ec'
180       Puppet.info _("Creating a new EC SSL key for %{name} using curve %{curve}") % { name: Puppet[:certname], curve: Puppet[:named_curve] }
181       key = OpenSSL::PKey::EC.generate(Puppet[:named_curve])
182     else
183       Puppet.info _("Creating a new RSA SSL key for %{name}") % { name: Puppet[:certname] }
184       key = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i)
185     end
186 
187     @cert_provider.save_private_key(Puppet[:certname], key, password: password)
188   end
189 
190   NeedSubmitCSR.new(@machine, @ssl_context, key)
191 end