class Puppet::SSL::StateMachine::NeedCert
Attempt to load or retrieve our signed cert.
Public Instance Methods
next_state()
click to toggle source
# File lib/puppet/ssl/state_machine.rb 232 def next_state 233 Puppet.debug(_("Downloading client certificate")) 234 235 route = @machine.session.route_to(:ca, ssl_context: @ssl_context) 236 cert = OpenSSL::X509::Certificate.new( 237 route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)[1] 238 ) 239 Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url } 240 # verify client cert before saving 241 next_ctx = @ssl_provider.create_context( 242 cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: @private_key, client_cert: cert 243 ) 244 @cert_provider.save_client_cert(Puppet[:certname], cert) 245 @cert_provider.delete_request(Puppet[:certname]) 246 Done.new(@machine, next_ctx) 247 rescue Puppet::SSL::SSLError => e 248 Error.new(@machine, e.message, e) 249 rescue OpenSSL::X509::CertificateError => e 250 Error.new(@machine, _("Failed to parse certificate: %{message}") % {message: e.message}, e) 251 rescue Puppet::HTTP::ResponseError => e 252 if e.response.code == 404 253 Puppet.info(_("Certificate for %{certname} has not been signed yet") % {certname: Puppet[:certname]}) 254 $stdout.puts _("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}).") % { name: Puppet[:certname] } 255 Wait.new(@machine) 256 else 257 to_error(_("Failed to retrieve certificate for %{certname}: %{message}") % 258 {certname: Puppet[:certname], message: e.response.message}, e) 259 end 260 end