On October 21, 2019 12:11 pm, Wolfgang Link wrote:
> comment inline
>
> On 10/18/19 11:23 AM, Fabian Grünbichler wrote:
>> On October 14, 2019 1:08 pm, Wolfgang Link wrote:
>>> ---
>>> src/PVE/ACME.pm | 12 ++++++++++++
>>> src/PVE/ACME/Challenge.pm | 6 ++++++
>>> src/PVE/ACME/StandAlone.pm | 32 +++++++++++++++++++++++++++++++-
>>> 3 files changed, 49 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/src/PVE/ACME.pm b/src/PVE/ACME.pm
>>> index da4cbcc..c82f297 100644
>>> --- a/src/PVE/ACME.pm
>>> +++ b/src/PVE/ACME.pm
>>> @@ -74,6 +74,18 @@ sub fromjs($) {
>>> return from_json($_[0]);
>>> }
>>>
>>> +sub validating_url($$$$) {
>>> + my ($acme, $auth, $auth_url, $node_config) = @_;
>>> +
>>> + my $plugin_type = $node_config->{plugin} ?
>>> + $node_config->{plugin} : 'standalone';
>>> +
>>> + my $plugin = PVE::ACME::Challenge->lookup($plugin_type);
>>> + my $challenge = $plugin->supported_challenge_types();
>>> + print "Use Plugin $plugin with $challenge as challenge\n";
>>> + return $plugin->validating_url($acme, $auth, $auth_url, $node_config);
>>> +}
>> this file is the low-level ACME protocol library. the actual client
>> based on it is in pve-manager..
>
> I understand what you meant by validating_url has not to be done in the
> Plugin.
>
> But what you mean with "this file is the low-level ACME protocol library."?
PVE::ACME is just a low-level implementation of the ACME protocol and
some basic helpers. it does not care about challenge plugins, how to
solve challenges, etc. that is what a client does, which uses this
module.
>
>>> +
>>> sub fatal($$;$$) {
>>> my ($self, $msg, $dump, $noerr) = @_;
>>>
>>> diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm
>>> index 786666c..ced779b 100644
>>> --- a/src/PVE/ACME/Challenge.pm
>>> +++ b/src/PVE/ACME/Challenge.pm
>>> @@ -15,6 +15,12 @@ sub supported_challenge_types {
>>> return {};
>>> }
>>>
>>> +sub validating_url {
>>> + my ($class, $acme, $auth, $auth_url, $node_config) = @_;
>>> +
>>> + die "implement me\n";
>>> +}
>>> +
>> see comments on the patch in pve-manager
>>
>>> sub setup {
>>> my ($class, $acme, $authorization) = @_;
>>>
>>> diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm
>>> index 3766862..965fb32 100644
>>> --- a/src/PVE/ACME/StandAlone.pm
>>> +++ b/src/PVE/ACME/StandAlone.pm
>>> @@ -13,7 +13,37 @@ sub type {
>>> }
>>>
>>> sub supported_challenge_types {
>>> - return { 'http-01' => 1 };
>>> + return 'http-01';
>>> +}
>>> +
>>> +sub validating_url {
>>> + my ($class, $acme, $auth, $auth_url, $node_config) = @_;
>>> +
>>> + print "Setting up webserver\n";
>>> + my $validation = eval { setup($class, $acme, $auth) };
>>> + die "failed setting up webserver - $@\n" if $@;
>>> + print "Triggering validation\n";
>>> + eval {
>>> + $acme->request_challenge_validation($validation->{url},
>>> $validation->{key_auth});
>>> + print "Sleeping for 5 seconds\n";
>>> + sleep 5;
>>> + while (1) {
>>> + $auth = $acme->get_authorization($auth_url);
>>> + if ($auth->{status} eq 'pending') {
>>> + print "Status is still 'pending', trying again in 30 seconds\n";
>>> + sleep 30;
>>> + next;
>>> + } elsif ($auth->{status} eq 'valid') {
>>> + print "Status is 'valid'!\n";
>>> + last;
>>> + }
>>> + die "validating challenge '$auth_url' failed\n";
>>> + }
>>> + };
>>> + my $err = $@;
>>> + eval { $validation->teardown() };
>>> + warn "$@\n" if $@;
>>> + die $err if $err;
>> same here
>>
>>> }
>>>
>>> sub setup {
>>> --
>>> 2.20.1
>>>
>>>
>>> _______________________________________________
>>> pve-devel mailing list
>>> pve-devel@pve.proxmox.com
>>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>>
>>>
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel@pve.proxmox.com
>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>
>
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
