18: def request_cert
19: Puppet.settings.use(:main, :ssl)
20:
21: if cert = read_cert
22: return cert
23: end
24:
25: begin
26: cert, cacert = @driver.getcert(csr.to_pem)
27: rescue => detail
28: if Puppet[:trace]
29: puts detail.backtrace
30: end
31: raise Puppet::Error.new("Certificate retrieval failed: %s" % detail)
32: end
33:
34: if cert.nil? or cert == ""
35: return nil
36: end
37:
38: begin
39: @cert = OpenSSL::X509::Certificate.new(cert)
40: @cacert = OpenSSL::X509::Certificate.new(cacert)
41: rescue => detail
42: raise InvalidCertificate.new(
43: "Invalid certificate: %s" % detail
44: )
45: end
46:
47: unless @cert.check_private_key(key)
48: raise InvalidCertificate, "Certificate does not match private key. Try 'puppetca --clean %s' on the server." % Puppet[:certname]
49: end
50:
51:
52: Puppet.settings.write(:hostcert) do |f| f.print cert end
53: Puppet.settings.write(:localcacert) do |f| f.print cacert end
54:
55: return @cert
56: end