Re: [pve-devel] [common 2/9] refactor validating_url

Mon, 21 Oct 2019 03:13:48 -0700 

comment inline

On 10/18/19 11:23 AM, Fabian Grünbichler wrote:

On October 14, 2019 1:08 pm, Wolfgang Link wrote:

---
  src/PVE/ACME.pm            | 12 ++++++++++++
  src/PVE/ACME/Challenge.pm  |  6 ++++++
  src/PVE/ACME/StandAlone.pm | 32 +++++++++++++++++++++++++++++++-
  3 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/src/PVE/ACME.pm b/src/PVE/ACME.pm
index da4cbcc..c82f297 100644
--- a/src/PVE/ACME.pm
+++ b/src/PVE/ACME.pm
@@ -74,6 +74,18 @@ sub fromjs($) {
      return from_json($_[0]);
  }
+sub validating_url($$$$) { 
+    my ($acme, $auth, $auth_url, $node_config) = @_;
+
+    my $plugin_type = $node_config->{plugin} ?
+       $node_config->{plugin} : 'standalone';
+
+    my $plugin = PVE::ACME::Challenge->lookup($plugin_type);
+    my $challenge = $plugin->supported_challenge_types();
+    print "Use Plugin $plugin with $challenge as challenge\n";
+    return $plugin->validating_url($acme, $auth, $auth_url, $node_config);
+}

this file is the low-level ACME protocol library. the actual client
based on it is in pve-manager..
I understand what you meant by validating_url has not to be done in the Plugin. 

But what you mean with "this file is the low-level ACME protocol library."?


+
  sub fatal($$;$$) {
      my ($self, $msg, $dump, $noerr) = @_;
diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm 
index 786666c..ced779b 100644
--- a/src/PVE/ACME/Challenge.pm
+++ b/src/PVE/ACME/Challenge.pm
@@ -15,6 +15,12 @@ sub supported_challenge_types {
      return {};
  }
+sub validating_url { 
+    my ($class, $acme, $auth, $auth_url, $node_config) = @_;
+
+    die "implement me\n";
+}
+

see comments on the patch in pve-manager


  sub setup {
      my ($class, $acme, $authorization) = @_;
diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm 
index 3766862..965fb32 100644
--- a/src/PVE/ACME/StandAlone.pm
+++ b/src/PVE/ACME/StandAlone.pm
@@ -13,7 +13,37 @@ sub type {
  }
sub supported_challenge_types { 
-    return { 'http-01' => 1 };
+    return 'http-01';
+}
+
+sub validating_url {
+    my ($class, $acme, $auth, $auth_url, $node_config) = @_;
+
+    print "Setting up webserver\n";
+    my $validation = eval { setup($class, $acme, $auth) };
+    die "failed setting up webserver - $@\n" if $@;
+    print "Triggering validation\n";
+    eval {
+       $acme->request_challenge_validation($validation->{url}, 
$validation->{key_auth});
+       print "Sleeping for 5 seconds\n";
+       sleep 5;
+       while (1) {
+           $auth = $acme->get_authorization($auth_url);
+           if ($auth->{status} eq 'pending') {
+               print "Status is still 'pending', trying again in 30 seconds\n";
+               sleep 30;
+               next;
+           } elsif ($auth->{status} eq 'valid') {
+               print "Status is 'valid'!\n";
+               last;
+           }
+           die "validating challenge '$auth_url' failed\n";
+       }
+    };
+    my $err = $@;
+    eval { $validation->teardown() };
+    warn "$@\n" if $@;
+    die $err if $err;

same here


  }
sub setup { 
--
2.20.1


_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel



_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel



_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Reply via email to