class Puppet::SSL::StateMachine::NeedCACerts
Load existing CA certs or download them. Transition to NeedCRLs
.
Public Class Methods
new(machine)
click to toggle source
Calls superclass method
Puppet::SSL::StateMachine::SSLState::new
# File lib/puppet/ssl/state_machine.rb 35 def initialize(machine) 36 super(machine, nil) 37 @ssl_context = @ssl_provider.create_insecure_context 38 end
Public Instance Methods
next_state()
click to toggle source
# File lib/puppet/ssl/state_machine.rb 40 def next_state 41 Puppet.debug("Loading CA certs") 42 43 cacerts = @cert_provider.load_cacerts 44 if cacerts 45 next_ctx = @ssl_provider.create_root_context(cacerts: cacerts, revocation: false) 46 else 47 route = @machine.session.route_to(:ca, ssl_context: @ssl_context) 48 _, pem = route.get_certificate(Puppet::SSL::CA_NAME, ssl_context: @ssl_context) 49 if @machine.ca_fingerprint 50 actual_digest = Puppet::SSL::Digest.new(@machine.digest, pem).to_hex 51 expected_digest = @machine.ca_fingerprint.scan(/../).join(':').upcase 52 if actual_digest == expected_digest 53 Puppet.info(_("Verified CA bundle with digest (%{digest_type}) %{actual_digest}") % 54 { digest_type: @machine.digest, actual_digest: actual_digest }) 55 else 56 e = Puppet::Error.new(_("CA bundle with digest (%{digest_type}) %{actual_digest} did not match expected digest %{expected_digest}") % { digest_type: @machine.digest, actual_digest: actual_digest, expected_digest: expected_digest }) 57 return Error.new(@machine, e.message, e) 58 end 59 end 60 61 cacerts = @cert_provider.load_cacerts_from_pem(pem) 62 # verify cacerts before saving 63 next_ctx = @ssl_provider.create_root_context(cacerts: cacerts, revocation: false) 64 @cert_provider.save_cacerts(cacerts) 65 end 66 67 NeedCRLs.new(@machine, next_ctx) 68 rescue OpenSSL::X509::CertificateError => e 69 Error.new(@machine, e.message, e) 70 rescue Puppet::HTTP::ResponseError => e 71 if e.response.code == 404 72 to_error(_('CA certificate is missing from the server'), e) 73 else 74 to_error(_('Could not download CA certificate: %{message}') % { message: e.message }, e) 75 end 76 end