18: def request_cert
19: Puppet.settings.use(:main, :ssl)
20:
21: if cert = read_cert
22: return cert
23: end
24:
25: begin
26: cert, cacert = @driver.getcert(csr.to_pem)
27: rescue => detail
28: puts detail.backtrace if Puppet[:trace]
29: raise Puppet::Error.new("Certificate retrieval failed: #{detail}")
30: end
31:
32: if cert.nil? or cert == ""
33: return nil
34: end
35:
36: begin
37: @cert = OpenSSL::X509::Certificate.new(cert)
38: @cacert = OpenSSL::X509::Certificate.new(cacert)
39: rescue => detail
40: raise InvalidCertificate.new(
41: "Invalid certificate: #{detail}"
42: )
43: end
44:
45: unless @cert.check_private_key(key)
46: raise InvalidCertificate, "Certificate does not match private key. Try 'puppetca --clean #{Puppet[:certname]}' on the server."
47: end
48:
49:
50: Puppet.settings.write(:hostcert) do |f| f.print cert end
51: Puppet.settings.write(:localcacert) do |f| f.print cacert end
52:
53: @cert
54: end