class Puppet::SSL::StateMachine::NeedCert

Attempt to load or retrieve our signed cert.

Public Instance Methods

next_state() click to toggle source
    # File lib/puppet/ssl/state_machine.rb
232 def next_state
233   Puppet.debug(_("Downloading client certificate"))
234 
235   route = @machine.session.route_to(:ca, ssl_context: @ssl_context)
236   cert = OpenSSL::X509::Certificate.new(
237     route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)[1]
238   )
239   Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url }
240   # verify client cert before saving
241   next_ctx = @ssl_provider.create_context(
242     cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: @private_key, client_cert: cert
243   )
244   @cert_provider.save_client_cert(Puppet[:certname], cert)
245   @cert_provider.delete_request(Puppet[:certname])
246   Done.new(@machine, next_ctx)
247 rescue Puppet::SSL::SSLError => e
248   Error.new(@machine, e.message, e)
249 rescue OpenSSL::X509::CertificateError => e
250   Error.new(@machine, _("Failed to parse certificate: %{message}") % {message: e.message}, e)
251 rescue Puppet::HTTP::ResponseError => e
252   if e.response.code == 404
253     Puppet.info(_("Certificate for %{certname} has not been signed yet") % {certname: Puppet[:certname]})
254     $stdout.puts _("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}).") % { name: Puppet[:certname] }
255     Wait.new(@machine)
256   else
257     to_error(_("Failed to retrieve certificate for %{certname}: %{message}") %
258              {certname: Puppet[:certname], message: e.response.message}, e)
259   end
260 end