class Puppet::SSL::StateMachine::NeedKey
Load or generate a private key. If the key exists, try to load the client cert and transition to Done
. If the cert is mismatched or otherwise fails valiation, raise an error. If the key doesn't exist yet, generate one, and save it. If the cert doesn't exist yet, transition to NeedSubmitCSR
.
Public Instance Methods
next_state()
click to toggle source
# File lib/puppet/ssl/state_machine.rb 165 def next_state 166 Puppet.debug(_("Loading/generating private key")) 167 168 password = @cert_provider.load_private_key_password 169 key = @cert_provider.load_private_key(Puppet[:certname], password: password) 170 if key 171 cert = @cert_provider.load_client_cert(Puppet[:certname]) 172 if cert 173 next_ctx = @ssl_provider.create_context( 174 cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: key, client_cert: cert 175 ) 176 return Done.new(@machine, next_ctx) 177 end 178 else 179 if Puppet[:key_type] == 'ec' 180 Puppet.info _("Creating a new EC SSL key for %{name} using curve %{curve}") % { name: Puppet[:certname], curve: Puppet[:named_curve] } 181 key = OpenSSL::PKey::EC.generate(Puppet[:named_curve]) 182 else 183 Puppet.info _("Creating a new RSA SSL key for %{name}") % { name: Puppet[:certname] } 184 key = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i) 185 end 186 187 @cert_provider.save_private_key(Puppet[:certname], key, password: password) 188 end 189 190 NeedSubmitCSR.new(@machine, @ssl_context, key) 191 end