On 4/19/18 2:01 PM, Fabian Grünbichler wrote:
> Signed-off-by: Fabian Grünbichler <f.gruenbich...@proxmox.com>
> ---
> src/PVE/ACME/Challenge.pm | 22 ++++++++++++++
> src/PVE/ACME/StandAlone.pm | 74
> ++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 96 insertions(+)
> create mode 100644 src/PVE/ACME/Challenge.pm
> create mode 100644 src/PVE/ACME/StandAlone.pm
>
> diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm
> new file mode 100644
> index 0000000..40d32b6
> --- /dev/null
> +++ b/src/PVE/ACME/Challenge.pm
> @@ -0,0 +1,22 @@
> +package PVE::ACME::Challenge;
> +
> +use strict;
> +use warnings;
> +
> +sub supported_challenge_types {
> + return {};
> +}
> +
> +sub setup {
> + my ($class, $acme, $authorization) = @_;
> +
> + die "implement me\n";
> +}
> +
> +sub teardown {
> + my ($self) = @_;
> +
> + die "implement me\n";
> +}
> +
> +1;
> diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm
> new file mode 100644
> index 0000000..0d82213
> --- /dev/null
> +++ b/src/PVE/ACME/StandAlone.pm
> @@ -0,0 +1,74 @@
> +package PVE::ACME::StandAlone;
> +
> +use strict;
> +use warnings;
> +
> +use base qw(PVE::ACME::Challenge);
> +
> +sub supported_challenge_types {
> + return { 'http-01' => 1 };
> +}
> +
> +sub setup {
> + my ($class, $acme, $authorization) = @_;
> +
> + my $challenges = $authorization->{challenges};
> + die "no challenges defined in authorization\n" if !$challenges;
> +
> + my $http_challenges = [ grep {$_->{type} eq 'http-01'} @$challenges ];
> + die "no http-01 challenge defined in authorization\n"
> + if ! scalar $http_challenges;
> +
> + my $http_challenge = $http_challenges->[0];
> +
> + die "no token found in http-01 challenge\n" if !$http_challenge->{token};
> +
> + my $key_authorization =
> $acme->key_authorization($http_challenge->{token});
> +
> + my $server = PVE::ACME::StandAlone::Server->new(80);
> + $server->{key_auth} = $key_authorization;
> + my $pid = $server->background();
> +
> + my $self = {
> + server => $server,
> + pid => $pid,
> + authorization => $authorization,
> + key_auth => $key_authorization,
> + url => $http_challenge->{url},
> + };
> +
> + return bless $self, $class;
> +}
> +
> +sub teardown {
> + my ($self) = @_;
> +
> + kill 'KILL', $self->{pid};
> +}
> +
> +1;
> +
> +package PVE::ACME::StandAlone::Server;
> +
> +use HTTP::Server::Simple::CGI;
> +use base qw(HTTP::Server::Simple::CGI);
needs a new dependency on libhttp-server-simple-perl ...
We depend already on libwww-perl here (and access-control and apiclient),
which also provides a server module AFAIK.
Maybe it would be nicer to reuse this, if possible?
> +
> +sub handle_request {
> + my $self = shift;
> + my $cgi = shift;
> +
> + my $key_auth = $self->{key_auth};
> + $key_auth =~ /^(.*)\..*$/;
> + my $token = $1;
> +
> + my $path = $cgi->path_info();
> + if ($path eq "/.well-known/acme-challenge/${token}") {
> + print "HTTP/1.0 200 OK\r\n";
> + print $cgi->header, $key_auth;
> + } else {
> + print "HTTP/1.0 404 Not found\r\n";
> + print $cgi->header;
> + }
> +}
> +
> +1;
>
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
