[pve-devel] [RFC common 2/4] acme: add challenge plugins

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Apr 11 10:08:44 CEST 2018


Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
---
Note: HTTP:Server::Simple::CGI could be replaced by something else?

 src/PVE/ACME/Challenge.pm  | 22 ++++++++++++++
 src/PVE/ACME/StandAlone.pm | 74 ++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 96 insertions(+)
 create mode 100644 src/PVE/ACME/Challenge.pm
 create mode 100644 src/PVE/ACME/StandAlone.pm

diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm
new file mode 100644
index 0000000..40d32b6
--- /dev/null
+++ b/src/PVE/ACME/Challenge.pm
@@ -0,0 +1,22 @@
+package PVE::ACME::Challenge;
+
+use strict;
+use warnings;
+
+sub supported_challenge_types {
+    return {};
+}
+
+sub setup {
+    my ($class, $acme, $authorization) = @_;
+
+    die "implement me\n";
+}
+
+sub teardown {
+    my ($self) = @_;
+
+    die "implement me\n";
+}
+
+1;
diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm
new file mode 100644
index 0000000..0d82213
--- /dev/null
+++ b/src/PVE/ACME/StandAlone.pm
@@ -0,0 +1,74 @@
+package PVE::ACME::StandAlone;
+
+use strict;
+use warnings;
+
+use base qw(PVE::ACME::Challenge);
+
+sub supported_challenge_types {
+    return { 'http-01' => 1 };
+}
+
+sub setup {
+    my ($class, $acme, $authorization) = @_;
+
+    my $challenges = $authorization->{challenges};
+    die "no challenges defined in authorization\n" if !$challenges;
+
+    my $http_challenges = [ grep {$_->{type} eq 'http-01'} @$challenges ];
+    die "no http-01 challenge defined in authorization\n"
+	if ! scalar $http_challenges;
+
+    my $http_challenge = $http_challenges->[0];
+
+    die "no token found in http-01 challenge\n" if !$http_challenge->{token};
+
+    my $key_authorization = $acme->key_authorization($http_challenge->{token});
+
+    my $server = PVE::ACME::StandAlone::Server->new(80);
+    $server->{key_auth} = $key_authorization;
+    my $pid = $server->background();
+
+    my $self = {
+	server => $server,
+	pid => $pid,
+	authorization => $authorization,
+	key_auth => $key_authorization,
+	url => $http_challenge->{url},
+    };
+
+    return bless $self, $class;
+}
+
+sub teardown {
+    my ($self) = @_;
+
+    kill 'KILL', $self->{pid};
+}
+
+1;
+
+package PVE::ACME::StandAlone::Server;
+
+use HTTP::Server::Simple::CGI;
+use base qw(HTTP::Server::Simple::CGI);
+
+sub handle_request {
+    my $self = shift;
+    my $cgi  = shift;
+
+    my $key_auth = $self->{key_auth};
+    $key_auth =~ /^(.*)\..*$/;
+    my $token = $1;
+
+    my $path = $cgi->path_info();
+    if ($path eq "/.well-known/acme-challenge/${token}") {
+	print "HTTP/1.0 200 OK\r\n";
+	print $cgi->header, $key_auth;
+    } else {
+	print "HTTP/1.0 404 Not found\r\n";
+	print $cgi->header;
+    }
+}
+
+1;
-- 
2.14.2





More information about the pve-devel mailing list