[pve-devel] [common 2/9] refactor validating_url

Fabian Grünbichler f.gruenbichler at proxmox.com
Tue Oct 22 11:17:54 CEST 2019


On October 21, 2019 12:11 pm, Wolfgang Link wrote:
> comment inline
> 
> On 10/18/19 11:23 AM, Fabian Grünbichler wrote:
>> On October 14, 2019 1:08 pm, Wolfgang Link wrote:
>>> ---
>>>   src/PVE/ACME.pm            | 12 ++++++++++++
>>>   src/PVE/ACME/Challenge.pm  |  6 ++++++
>>>   src/PVE/ACME/StandAlone.pm | 32 +++++++++++++++++++++++++++++++-
>>>   3 files changed, 49 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/src/PVE/ACME.pm b/src/PVE/ACME.pm
>>> index da4cbcc..c82f297 100644
>>> --- a/src/PVE/ACME.pm
>>> +++ b/src/PVE/ACME.pm
>>> @@ -74,6 +74,18 @@ sub fromjs($) {
>>>       return from_json($_[0]);
>>>   }
>>>   
>>> +sub validating_url($$$$) {
>>> +    my ($acme, $auth, $auth_url, $node_config) = @_;
>>> +
>>> +    my $plugin_type = $node_config->{plugin} ?
>>> +	$node_config->{plugin} : 'standalone';
>>> +
>>> +    my $plugin = PVE::ACME::Challenge->lookup($plugin_type);
>>> +    my $challenge = $plugin->supported_challenge_types();
>>> +    print "Use Plugin $plugin with $challenge as challenge\n";
>>> +    return $plugin->validating_url($acme, $auth, $auth_url, $node_config);
>>> +}
>> this file is the low-level ACME protocol library. the actual client
>> based on it is in pve-manager..
> 
> I understand what you meant by validating_url has not to be done in the 
> Plugin.
> 
> But what you mean with "this file is the low-level ACME protocol library."?

PVE::ACME is just a low-level implementation of the ACME protocol and 
some basic helpers. it does not care about challenge plugins, how to 
solve challenges, etc. that is what a client does, which uses this 
module.

> 
>>> +
>>>   sub fatal($$;$$) {
>>>       my ($self, $msg, $dump, $noerr) = @_;
>>>   
>>> diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm
>>> index 786666c..ced779b 100644
>>> --- a/src/PVE/ACME/Challenge.pm
>>> +++ b/src/PVE/ACME/Challenge.pm
>>> @@ -15,6 +15,12 @@ sub supported_challenge_types {
>>>       return {};
>>>   }
>>>   
>>> +sub validating_url {
>>> +    my ($class, $acme, $auth, $auth_url, $node_config) = @_;
>>> +
>>> +    die "implement me\n";
>>> +}
>>> +
>> see comments on the patch in pve-manager
>>
>>>   sub setup {
>>>       my ($class, $acme, $authorization) = @_;
>>>   
>>> diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm
>>> index 3766862..965fb32 100644
>>> --- a/src/PVE/ACME/StandAlone.pm
>>> +++ b/src/PVE/ACME/StandAlone.pm
>>> @@ -13,7 +13,37 @@ sub type {
>>>   }
>>>   
>>>   sub supported_challenge_types {
>>> -    return { 'http-01' => 1 };
>>> +    return 'http-01';
>>> +}
>>> +
>>> +sub validating_url {
>>> +    my ($class, $acme, $auth, $auth_url, $node_config) = @_;
>>> +
>>> +    print "Setting up webserver\n";
>>> +    my $validation = eval { setup($class, $acme, $auth) };
>>> +    die "failed setting up webserver - $@\n" if $@;
>>> +    print "Triggering validation\n";
>>> +    eval {
>>> +	$acme->request_challenge_validation($validation->{url}, $validation->{key_auth});
>>> +	print "Sleeping for 5 seconds\n";
>>> +	sleep 5;
>>> +	while (1) {
>>> +	    $auth = $acme->get_authorization($auth_url);
>>> +	    if ($auth->{status} eq 'pending') {
>>> +		print "Status is still 'pending', trying again in 30 seconds\n";
>>> +		sleep 30;
>>> +		next;
>>> +	    } elsif ($auth->{status} eq 'valid') {
>>> +		print "Status is 'valid'!\n";
>>> +		last;
>>> +	    }
>>> +	    die "validating challenge '$auth_url' failed\n";
>>> +	}
>>> +    };
>>> +    my $err = $@;
>>> +    eval { $validation->teardown() };
>>> +    warn "$@\n" if $@;
>>> +    die $err if $err;
>> same here
>>
>>>   }
>>>   
>>>   sub setup {
>>> -- 
>>> 2.20.1
>>>
>>>
>>> _______________________________________________
>>> pve-devel mailing list
>>> pve-devel at pve.proxmox.com
>>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>>
>>>
>> _______________________________________________
>> pve-devel mailing list
>> pve-devel at pve.proxmox.com
>> https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>>
> 




More information about the pve-devel mailing list