class Puppet::SSL::StateMachine::NeedKey
Load or generate a private key. If the key exists, try to load the client cert and transition to Done. If the cert is mismatched or otherwise fails valiation, raise an error. If the key doesn't exist yet, generate one, and save it. If the cert doesn't exist yet, transition to NeedSubmitCSR.
Public Instance Methods
next_state()
click to toggle source
# File lib/puppet/ssl/state_machine.rb 175 def next_state 176 Puppet.debug(_("Loading/generating private key")) 177 178 password = @cert_provider.load_private_key_password 179 key = @cert_provider.load_private_key(Puppet[:certname], password: password) 180 if key 181 cert = @cert_provider.load_client_cert(Puppet[:certname]) 182 if cert 183 next_ctx = @ssl_provider.create_context( 184 cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: key, client_cert: cert 185 ) 186 return Done.new(@machine, next_ctx) 187 end 188 else 189 if Puppet[:key_type] == 'ec' 190 Puppet.info _("Creating a new EC SSL key for %{name} using curve %{curve}") % { name: Puppet[:certname], curve: Puppet[:named_curve] } 191 key = OpenSSL::PKey::EC.generate(Puppet[:named_curve]) 192 else 193 Puppet.info _("Creating a new RSA SSL key for %{name}") % { name: Puppet[:certname] } 194 key = OpenSSL::PKey::RSA.new(Puppet[:keylength].to_i) 195 end 196 197 @cert_provider.save_private_key(Puppet[:certname], key, password: password) 198 end 199 200 NeedSubmitCSR.new(@machine, @ssl_context, key) 201 end