Re: [pve-devel] [PATCH v2 common 3/4] acme: add challenge plugins
On 4/30/18 8:35 AM, Fabian Grünbichler wrote: > On Fri, Apr 27, 2018 at 03:38:26PM +0200, Thomas Lamprecht wrote: >> On 4/19/18 2:01 PM, Fabian Grünbichler wrote: >>> >>> +package PVE::ACME::StandAlone::Server; >>> + >>> +use HTTP::Server::Simple::CGI; >>> +use base qw(HTTP::Server::Simple::CGI); >> >> needs a new dependency on libhttp-server-simple-perl ... >> >> We depend already on libwww-perl here (and access-control and apiclient), >> which also provides a server module AFAIK. >> >> Maybe it would be nicer to reuse this, if possible? > > yes, like I mentioned in v1, this can be switched out for any other > "serve content $foo under path $bar" HTTP server implementation. > Ah yes, then there's really no reason to pull in another new dependency ;) > I'll take a stab at implementing it with HTTP::Daemon :) > Perfect! Then I wait for a new 3/4, the other common related patches look OK, I'll push them all together once I get the 3/4 v3. ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH v2 common 3/4] acme: add challenge plugins
On Fri, Apr 27, 2018 at 03:38:26PM +0200, Thomas Lamprecht wrote: > On 4/19/18 2:01 PM, Fabian Grünbichler wrote: > > Signed-off-by: Fabian Grünbichler> > --- > > src/PVE/ACME/Challenge.pm | 22 ++ > > src/PVE/ACME/StandAlone.pm | 74 > > ++ > > 2 files changed, 96 insertions(+) > > create mode 100644 src/PVE/ACME/Challenge.pm > > create mode 100644 src/PVE/ACME/StandAlone.pm > > > > diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm > > new file mode 100644 > > index 000..40d32b6 > > --- /dev/null > > +++ b/src/PVE/ACME/Challenge.pm > > @@ -0,0 +1,22 @@ > > +package PVE::ACME::Challenge; > > + > > +use strict; > > +use warnings; > > + > > +sub supported_challenge_types { > > +return {}; > > +} > > + > > +sub setup { > > +my ($class, $acme, $authorization) = @_; > > + > > +die "implement me\n"; > > +} > > + > > +sub teardown { > > +my ($self) = @_; > > + > > +die "implement me\n"; > > +} > > + > > +1; > > diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm > > new file mode 100644 > > index 000..0d82213 > > --- /dev/null > > +++ b/src/PVE/ACME/StandAlone.pm > > @@ -0,0 +1,74 @@ > > +package PVE::ACME::StandAlone; > > + > > +use strict; > > +use warnings; > > + > > +use base qw(PVE::ACME::Challenge); > > + > > +sub supported_challenge_types { > > +return { 'http-01' => 1 }; > > +} > > + > > +sub setup { > > +my ($class, $acme, $authorization) = @_; > > + > > +my $challenges = $authorization->{challenges}; > > +die "no challenges defined in authorization\n" if !$challenges; > > + > > +my $http_challenges = [ grep {$_->{type} eq 'http-01'} @$challenges ]; > > +die "no http-01 challenge defined in authorization\n" > > + if ! scalar $http_challenges; > > + > > +my $http_challenge = $http_challenges->[0]; > > + > > +die "no token found in http-01 challenge\n" if > > !$http_challenge->{token}; > > + > > +my $key_authorization = > > $acme->key_authorization($http_challenge->{token}); > > + > > +my $server = PVE::ACME::StandAlone::Server->new(80); > > +$server->{key_auth} = $key_authorization; > > +my $pid = $server->background(); > > + > > +my $self = { > > + server => $server, > > + pid => $pid, > > + authorization => $authorization, > > + key_auth => $key_authorization, > > + url => $http_challenge->{url}, > > +}; > > + > > +return bless $self, $class; > > +} > > + > > +sub teardown { > > +my ($self) = @_; > > + > > +kill 'KILL', $self->{pid}; > > +} > > + > > +1; > > + > > +package PVE::ACME::StandAlone::Server; > > + > > +use HTTP::Server::Simple::CGI; > > +use base qw(HTTP::Server::Simple::CGI); > > needs a new dependency on libhttp-server-simple-perl ... > > We depend already on libwww-perl here (and access-control and apiclient), > which also provides a server module AFAIK. > > Maybe it would be nicer to reuse this, if possible? yes, like I mentioned in v1, this can be switched out for any other "serve content $foo under path $bar" HTTP server implementation. I'll take a stab at implementing it with HTTP::Daemon :) > > > + > > +sub handle_request { > > +my $self = shift; > > +my $cgi = shift; > > + > > +my $key_auth = $self->{key_auth}; > > +$key_auth =~ /^(.*)\..*$/; > > +my $token = $1; > > + > > +my $path = $cgi->path_info(); > > +if ($path eq "/.well-known/acme-challenge/${token}") { > > + print "HTTP/1.0 200 OK\r\n"; > > + print $cgi->header, $key_auth; > > +} else { > > + print "HTTP/1.0 404 Not found\r\n"; > > + print $cgi->header; > > +} > > +} > > + > > +1; > > > > ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
Re: [pve-devel] [PATCH v2 common 3/4] acme: add challenge plugins
On 4/19/18 2:01 PM, Fabian Grünbichler wrote: > Signed-off-by: Fabian Grünbichler> --- > src/PVE/ACME/Challenge.pm | 22 ++ > src/PVE/ACME/StandAlone.pm | 74 > ++ > 2 files changed, 96 insertions(+) > create mode 100644 src/PVE/ACME/Challenge.pm > create mode 100644 src/PVE/ACME/StandAlone.pm > > diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm > new file mode 100644 > index 000..40d32b6 > --- /dev/null > +++ b/src/PVE/ACME/Challenge.pm > @@ -0,0 +1,22 @@ > +package PVE::ACME::Challenge; > + > +use strict; > +use warnings; > + > +sub supported_challenge_types { > +return {}; > +} > + > +sub setup { > +my ($class, $acme, $authorization) = @_; > + > +die "implement me\n"; > +} > + > +sub teardown { > +my ($self) = @_; > + > +die "implement me\n"; > +} > + > +1; > diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm > new file mode 100644 > index 000..0d82213 > --- /dev/null > +++ b/src/PVE/ACME/StandAlone.pm > @@ -0,0 +1,74 @@ > +package PVE::ACME::StandAlone; > + > +use strict; > +use warnings; > + > +use base qw(PVE::ACME::Challenge); > + > +sub supported_challenge_types { > +return { 'http-01' => 1 }; > +} > + > +sub setup { > +my ($class, $acme, $authorization) = @_; > + > +my $challenges = $authorization->{challenges}; > +die "no challenges defined in authorization\n" if !$challenges; > + > +my $http_challenges = [ grep {$_->{type} eq 'http-01'} @$challenges ]; > +die "no http-01 challenge defined in authorization\n" > + if ! scalar $http_challenges; > + > +my $http_challenge = $http_challenges->[0]; > + > +die "no token found in http-01 challenge\n" if !$http_challenge->{token}; > + > +my $key_authorization = > $acme->key_authorization($http_challenge->{token}); > + > +my $server = PVE::ACME::StandAlone::Server->new(80); > +$server->{key_auth} = $key_authorization; > +my $pid = $server->background(); > + > +my $self = { > + server => $server, > + pid => $pid, > + authorization => $authorization, > + key_auth => $key_authorization, > + url => $http_challenge->{url}, > +}; > + > +return bless $self, $class; > +} > + > +sub teardown { > +my ($self) = @_; > + > +kill 'KILL', $self->{pid}; > +} > + > +1; > + > +package PVE::ACME::StandAlone::Server; > + > +use HTTP::Server::Simple::CGI; > +use base qw(HTTP::Server::Simple::CGI); needs a new dependency on libhttp-server-simple-perl ... We depend already on libwww-perl here (and access-control and apiclient), which also provides a server module AFAIK. Maybe it would be nicer to reuse this, if possible? > + > +sub handle_request { > +my $self = shift; > +my $cgi = shift; > + > +my $key_auth = $self->{key_auth}; > +$key_auth =~ /^(.*)\..*$/; > +my $token = $1; > + > +my $path = $cgi->path_info(); > +if ($path eq "/.well-known/acme-challenge/${token}") { > + print "HTTP/1.0 200 OK\r\n"; > + print $cgi->header, $key_auth; > +} else { > + print "HTTP/1.0 404 Not found\r\n"; > + print $cgi->header; > +} > +} > + > +1; > ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
[pve-devel] [PATCH v2 common 3/4] acme: add challenge plugins
Signed-off-by: Fabian Grünbichler--- src/PVE/ACME/Challenge.pm | 22 ++ src/PVE/ACME/StandAlone.pm | 74 ++ 2 files changed, 96 insertions(+) create mode 100644 src/PVE/ACME/Challenge.pm create mode 100644 src/PVE/ACME/StandAlone.pm diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm new file mode 100644 index 000..40d32b6 --- /dev/null +++ b/src/PVE/ACME/Challenge.pm @@ -0,0 +1,22 @@ +package PVE::ACME::Challenge; + +use strict; +use warnings; + +sub supported_challenge_types { +return {}; +} + +sub setup { +my ($class, $acme, $authorization) = @_; + +die "implement me\n"; +} + +sub teardown { +my ($self) = @_; + +die "implement me\n"; +} + +1; diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm new file mode 100644 index 000..0d82213 --- /dev/null +++ b/src/PVE/ACME/StandAlone.pm @@ -0,0 +1,74 @@ +package PVE::ACME::StandAlone; + +use strict; +use warnings; + +use base qw(PVE::ACME::Challenge); + +sub supported_challenge_types { +return { 'http-01' => 1 }; +} + +sub setup { +my ($class, $acme, $authorization) = @_; + +my $challenges = $authorization->{challenges}; +die "no challenges defined in authorization\n" if !$challenges; + +my $http_challenges = [ grep {$_->{type} eq 'http-01'} @$challenges ]; +die "no http-01 challenge defined in authorization\n" + if ! scalar $http_challenges; + +my $http_challenge = $http_challenges->[0]; + +die "no token found in http-01 challenge\n" if !$http_challenge->{token}; + +my $key_authorization = $acme->key_authorization($http_challenge->{token}); + +my $server = PVE::ACME::StandAlone::Server->new(80); +$server->{key_auth} = $key_authorization; +my $pid = $server->background(); + +my $self = { + server => $server, + pid => $pid, + authorization => $authorization, + key_auth => $key_authorization, + url => $http_challenge->{url}, +}; + +return bless $self, $class; +} + +sub teardown { +my ($self) = @_; + +kill 'KILL', $self->{pid}; +} + +1; + +package PVE::ACME::StandAlone::Server; + +use HTTP::Server::Simple::CGI; +use base qw(HTTP::Server::Simple::CGI); + +sub handle_request { +my $self = shift; +my $cgi = shift; + +my $key_auth = $self->{key_auth}; +$key_auth =~ /^(.*)\..*$/; +my $token = $1; + +my $path = $cgi->path_info(); +if ($path eq "/.well-known/acme-challenge/${token}") { + print "HTTP/1.0 200 OK\r\n"; + print $cgi->header, $key_auth; +} else { + print "HTTP/1.0 404 Not found\r\n"; + print $cgi->header; +} +} + +1; -- 2.14.2 ___ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel