[pve-devel] [PATCH v2 20/22] auto-installer: fetch: add http post utility module
Christoph Heiss
c.heiss at proxmox.com
Wed Feb 21 13:21:58 CET 2024
On Wed, Feb 21, 2024 at 12:08:03PM +0100, Aaron Lauterer wrote:
> It sends a http(s) POST request with the sysinfo as payload and expects
> an answer file in return.
>
[..]
> diff --git a/proxmox-auto-installer/src/fetch_plugins/utils/post.rs b/proxmox-auto-installer/src/fetch_plugins/utils/post.rs
> new file mode 100644
> index 0000000..c9f6ddb
> --- /dev/null
> +++ b/proxmox-auto-installer/src/fetch_plugins/utils/post.rs
> @@ -0,0 +1,93 @@
> +use anyhow::Result;
> +use rustls::ClientConfig;
> +use sha2::{Digest, Sha256};
> +use std::sync::Arc;
> +use ureq::{Agent, AgentBuilder};
> +
> +/// Issues a POST request with the payload (JSON). Optionally a SHA256 fingerprint can be used to
> +/// check the cert against it, instead of the regular cert validation.
> +/// To gather the sha256 fingerprint you can use the following command:
> +/// ```no_compile
> +/// openssl s_client -connect <host>:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -sha256 -noout -in /dev/stdin
> +/// ```
> +///
> +/// # Arguemnts
> +/// * `url` - URL to call
> +/// * `fingerprint` - SHA256 cert fingerprint if certificate pinning should be used. Optional.
> +/// * `payload` - The payload to send to the server. Expected to be a JSON formatted string.
> +pub fn call(url: String, fingerprint: Option<&str>, payload: String) -> Result<String> {
> + let answer ;
Bit to much whitespaces?
> +
> + if let Some(fingerprint) = fingerprint {
> + let tls_config = ClientConfig::builder()
> + .with_safe_defaults()
> + .with_custom_certificate_verifier(VerifyCertFingerprint::new(fingerprint)?)
> + .with_no_client_auth();
> +
> + let agent: Agent = AgentBuilder::new().tls_config(Arc::new(tls_config)).build();
> +
> + answer = agent
> + .post(&url)
> + .set("Content-type", "application/json; charset=utf-")
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Should probably read "application/json; charset=utf-8" I assume? :^)
> + .send_string(&payload)?
> + .into_string()?;
> + } else {
> + let mut roots = rustls::RootCertStore::empty();
> + for cert in rustls_native_certs::load_native_certs()? {
> + roots.add(&rustls::Certificate(cert.0)).unwrap();
> + }
> +
> + let tls_config = rustls::ClientConfig::builder()
> + .with_safe_defaults()
> + .with_root_certificates(roots)
> + .with_no_client_auth();
> +
> + let agent = AgentBuilder::new()
> + .tls_connector(Arc::new(native_tls::TlsConnector::new()?))
> + .tls_config(Arc::new(tls_config))
> + .build();
> + answer = agent
> + .post(&url)
> + .set("Content-type", "application/json; charset=utf-")
.. and same here
More information about the pve-devel
mailing list