On October 14, 2019 1:08 pm, Wolfgang Link wrote:
> ---
> src/PVE/ACME.pm | 12 ++++++++++++
> src/PVE/ACME/Challenge.pm | 6 ++++++
> src/PVE/ACME/StandAlone.pm | 32 +++++++++++++++++++++++++++++++-
> 3 files changed, 49 insertions(+), 1 deletion(-)
>
> diff --git a/src/PVE/ACME.pm b/src/PVE/ACME.pm
> index da4cbcc..c82f297 100644
> --- a/src/PVE/ACME.pm
> +++ b/src/PVE/ACME.pm
> @@ -74,6 +74,18 @@ sub fromjs($) {
> return from_json($_[0]);
> }
>
> +sub validating_url($$$$) {
> + my ($acme, $auth, $auth_url, $node_config) = @_;
> +
> + my $plugin_type = $node_config->{plugin} ?
> + $node_config->{plugin} : 'standalone';
> +
> + my $plugin = PVE::ACME::Challenge->lookup($plugin_type);
> + my $challenge = $plugin->supported_challenge_types();
> + print "Use Plugin $plugin with $challenge as challenge\n";
> + return $plugin->validating_url($acme, $auth, $auth_url, $node_config);
> +}
this file is the low-level ACME protocol library. the actual client
based on it is in pve-manager..
> +
> sub fatal($$;$$) {
> my ($self, $msg, $dump, $noerr) = @_;
>
> diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm
> index 786666c..ced779b 100644
> --- a/src/PVE/ACME/Challenge.pm
> +++ b/src/PVE/ACME/Challenge.pm
> @@ -15,6 +15,12 @@ sub supported_challenge_types {
> return {};
> }
>
> +sub validating_url {
> + my ($class, $acme, $auth, $auth_url, $node_config) = @_;
> +
> + die "implement me\n";
> +}
> +
see comments on the patch in pve-manager
> sub setup {
> my ($class, $acme, $authorization) = @_;
>
> diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm
> index 3766862..965fb32 100644
> --- a/src/PVE/ACME/StandAlone.pm
> +++ b/src/PVE/ACME/StandAlone.pm
> @@ -13,7 +13,37 @@ sub type {
> }
>
> sub supported_challenge_types {
> - return { 'http-01' => 1 };
> + return 'http-01';
> +}
> +
> +sub validating_url {
> + my ($class, $acme, $auth, $auth_url, $node_config) = @_;
> +
> + print "Setting up webserver\n";
> + my $validation = eval { setup($class, $acme, $auth) };
> + die "failed setting up webserver - $@\n" if $@;
> + print "Triggering validation\n";
> + eval {
> + $acme->request_challenge_validation($validation->{url},
> $validation->{key_auth});
> + print "Sleeping for 5 seconds\n";
> + sleep 5;
> + while (1) {
> + $auth = $acme->get_authorization($auth_url);
> + if ($auth->{status} eq 'pending') {
> + print "Status is still 'pending', trying again in 30 seconds\n";
> + sleep 30;
> + next;
> + } elsif ($auth->{status} eq 'valid') {
> + print "Status is 'valid'!\n";
> + last;
> + }
> + die "validating challenge '$auth_url' failed\n";
> + }
> + };
> + my $err = $@;
> + eval { $validation->teardown() };
> + warn "$@\n" if $@;
> + die $err if $err;
same here
> }
>
> sub setup {
> --
> 2.20.1
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
