[pve-devel] [common 2/9] refactor validating_url

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Oct 18 11:23:35 CEST 2019 

On October 14, 2019 1:08 pm, Wolfgang Link wrote:
> ---
>  src/PVE/ACME.pm            | 12 ++++++++++++
>  src/PVE/ACME/Challenge.pm  |  6 ++++++
>  src/PVE/ACME/StandAlone.pm | 32 +++++++++++++++++++++++++++++++-
>  3 files changed, 49 insertions(+), 1 deletion(-)
> 
> diff --git a/src/PVE/ACME.pm b/src/PVE/ACME.pm
> index da4cbcc..c82f297 100644
> --- a/src/PVE/ACME.pm
> +++ b/src/PVE/ACME.pm
> @@ -74,6 +74,18 @@ sub fromjs($) {
>      return from_json($_[0]);
>  }
>  
> +sub validating_url($$$$) {
> +    my ($acme, $auth, $auth_url, $node_config) = @_;
> +
> +    my $plugin_type = $node_config->{plugin} ?
> +	$node_config->{plugin} : 'standalone';
> +
> +    my $plugin = PVE::ACME::Challenge->lookup($plugin_type);
> +    my $challenge = $plugin->supported_challenge_types();
> +    print "Use Plugin $plugin with $challenge as challenge\n";
> +    return $plugin->validating_url($acme, $auth, $auth_url, $node_config);
> +}

this file is the low-level ACME protocol library. the actual client 
based on it is in pve-manager..

> +
>  sub fatal($$;$$) {
>      my ($self, $msg, $dump, $noerr) = @_;
>  
> diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm
> index 786666c..ced779b 100644
> --- a/src/PVE/ACME/Challenge.pm
> +++ b/src/PVE/ACME/Challenge.pm
> @@ -15,6 +15,12 @@ sub supported_challenge_types {
>      return {};
>  }
>  
> +sub validating_url {
> +    my ($class, $acme, $auth, $auth_url, $node_config) = @_;
> +
> +    die "implement me\n";
> +}
> +

see comments on the patch in pve-manager

>  sub setup {
>      my ($class, $acme, $authorization) = @_;
>  
> diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm
> index 3766862..965fb32 100644
> --- a/src/PVE/ACME/StandAlone.pm
> +++ b/src/PVE/ACME/StandAlone.pm
> @@ -13,7 +13,37 @@ sub type {
>  }
>  
>  sub supported_challenge_types {
> -    return { 'http-01' => 1 };
> +    return 'http-01';
> +}
> +
> +sub validating_url {
> +    my ($class, $acme, $auth, $auth_url, $node_config) = @_;
> +
> +    print "Setting up webserver\n";
> +    my $validation = eval { setup($class, $acme, $auth) };
> +    die "failed setting up webserver - $@\n" if $@;
> +    print "Triggering validation\n";
> +    eval {
> +	$acme->request_challenge_validation($validation->{url}, $validation->{key_auth});
> +	print "Sleeping for 5 seconds\n";
> +	sleep 5;
> +	while (1) {
> +	    $auth = $acme->get_authorization($auth_url);
> +	    if ($auth->{status} eq 'pending') {
> +		print "Status is still 'pending', trying again in 30 seconds\n";
> +		sleep 30;
> +		next;
> +	    } elsif ($auth->{status} eq 'valid') {
> +		print "Status is 'valid'!\n";
> +		last;
> +	    }
> +	    die "validating challenge '$auth_url' failed\n";
> +	}
> +    };
> +    my $err = $@;
> +    eval { $validation->teardown() };
> +    warn "$@\n" if $@;
> +    die $err if $err;

same here

>  }
>  
>  sub setup {
> -- 
> 2.20.1
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
>

More information about the pve-devel mailing list