class Puppet::SSL::StateMachine::NeedCert
Attempt to load or retrieve our signed cert.
Public Instance Methods
next_state()
click to toggle source
# File lib/puppet/ssl/state_machine.rb 242 def next_state 243 Puppet.debug(_("Downloading client certificate")) 244 245 route = @machine.session.route_to(:ca, ssl_context: @ssl_context) 246 cert = OpenSSL::X509::Certificate.new( 247 route.get_certificate(Puppet[:certname], ssl_context: @ssl_context)[1] 248 ) 249 Puppet.info _("Downloaded certificate for %{name} from %{url}") % { name: Puppet[:certname], url: route.url } 250 # verify client cert before saving 251 next_ctx = @ssl_provider.create_context( 252 cacerts: @ssl_context.cacerts, crls: @ssl_context.crls, private_key: @private_key, client_cert: cert 253 ) 254 @cert_provider.save_client_cert(Puppet[:certname], cert) 255 @cert_provider.delete_request(Puppet[:certname]) 256 Done.new(@machine, next_ctx) 257 rescue Puppet::SSL::SSLError => e 258 Error.new(@machine, e.message, e) 259 rescue OpenSSL::X509::CertificateError => e 260 Error.new(@machine, _("Failed to parse certificate: %{message}") % {message: e.message}, e) 261 rescue Puppet::HTTP::ResponseError => e 262 if e.response.code == 404 263 Puppet.info(_("Certificate for %{certname} has not been signed yet") % {certname: Puppet[:certname]}) 264 $stdout.puts _("Couldn't fetch certificate from CA server; you might still need to sign this agent's certificate (%{name}).") % { name: Puppet[:certname] } 265 Wait.new(@machine) 266 else 267 to_error(_("Failed to retrieve certificate for %{certname}: %{message}") % 268 {certname: Puppet[:certname], message: e.response.message}, e) 269 end 270 end