[pve-devel] [PATCH v2 20/22] auto-installer: fetch: add http post utility module

Wed Feb 21 13:21:58 CET 2024

On Wed, Feb 21, 2024 at 12:08:03PM +0100, Aaron Lauterer wrote:
> It sends a http(s) POST request with the sysinfo as payload and expects
> an answer file in return.
>
[..]
> diff --git a/proxmox-auto-installer/src/fetch_plugins/utils/post.rs b/proxmox-auto-installer/src/fetch_plugins/utils/post.rs
> new file mode 100644
> index 0000000..c9f6ddb
> --- /dev/null
> +++ b/proxmox-auto-installer/src/fetch_plugins/utils/post.rs
> @@ -0,0 +1,93 @@
> +use anyhow::Result;
> +use rustls::ClientConfig;
> +use sha2::{Digest, Sha256};
> +use std::sync::Arc;
> +use ureq::{Agent, AgentBuilder};
> +
> +/// Issues a POST request with the payload (JSON). Optionally a SHA256 fingerprint can be used to
> +/// check the cert against it, instead of the regular cert validation.
> +/// To gather the sha256 fingerprint you can use the following command:
> +/// ```no_compile
> +/// openssl s_client -connect <host>:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -sha256  -noout -in /dev/stdin
> +/// ```
> +///
> +/// # Arguemnts
> +/// * `url` - URL to call
> +/// * `fingerprint` - SHA256 cert fingerprint if certificate pinning should be used. Optional.
> +/// * `payload` - The payload to send to the server. Expected to be a JSON formatted string.
> +pub fn call(url: String, fingerprint: Option<&str>, payload: String) -> Result<String> {
> +    let answer      ;
Bit to much whitespaces?

> +
> +    if let Some(fingerprint) = fingerprint {
> +        let tls_config = ClientConfig::builder()
> +            .with_safe_defaults()
> +            .with_custom_certificate_verifier(VerifyCertFingerprint::new(fingerprint)?)
> +            .with_no_client_auth();
> +
> +        let agent: Agent = AgentBuilder::new().tls_config(Arc::new(tls_config)).build();
> +
> +        answer = agent
> +            .post(&url)
> +            .set("Content-type", "application/json; charset=utf-")
                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Should probably read "application/json; charset=utf-8" I assume? :^)

> +            .send_string(&payload)?
> +            .into_string()?;
> +    } else {
> +        let mut roots = rustls::RootCertStore::empty();
> +        for cert in rustls_native_certs::load_native_certs()? {
> +            roots.add(&rustls::Certificate(cert.0)).unwrap();
> +        }
> +
> +        let tls_config = rustls::ClientConfig::builder()
> +            .with_safe_defaults()
> +            .with_root_certificates(roots)
> +            .with_no_client_auth();
> +
> +        let agent = AgentBuilder::new()
> +            .tls_connector(Arc::new(native_tls::TlsConnector::new()?))
> +            .tls_config(Arc::new(tls_config))
> +            .build();
> +        answer = agent
> +            .post(&url)
> +            .set("Content-type", "application/json; charset=utf-")
.. and same here