Re: [pve-devel] [PATCH v2 common 3/4] acme: add challenge plugins

2018-04-30 Thread Thomas Lamprecht 
On 4/30/18 8:35 AM, Fabian Grünbichler wrote:
> On Fri, Apr 27, 2018 at 03:38:26PM +0200, Thomas Lamprecht wrote:
>> On 4/19/18 2:01 PM, Fabian Grünbichler wrote:
>>> 
>>> +package PVE::ACME::StandAlone::Server;
>>> +
>>> +use HTTP::Server::Simple::CGI;
>>> +use base qw(HTTP::Server::Simple::CGI);
>>
>> needs a new dependency on libhttp-server-simple-perl ...
>>
>> We depend already on libwww-perl here (and access-control and apiclient),
>> which also provides a server module AFAIK.
>>
>> Maybe it would be nicer to reuse this, if possible?
> 
> yes, like I mentioned in v1, this can be switched out for any other
> "serve content $foo under path $bar" HTTP server implementation.
> 

Ah yes, then there's really no reason to pull in another
new dependency ;)

> I'll take a stab at implementing it with HTTP::Daemon :)
> 

Perfect! Then I wait for a new 3/4, the other common related
patches look OK, I'll push them all together once I get the
3/4 v3.


___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH v2 common 3/4] acme: add challenge plugins

2018-04-30 Thread Fabian Grünbichler 
On Fri, Apr 27, 2018 at 03:38:26PM +0200, Thomas Lamprecht wrote:
> On 4/19/18 2:01 PM, Fabian Grünbichler wrote:
> > Signed-off-by: Fabian Grünbichler 
> > ---
> >  src/PVE/ACME/Challenge.pm  | 22 ++
> >  src/PVE/ACME/StandAlone.pm | 74 
> > ++
> >  2 files changed, 96 insertions(+)
> >  create mode 100644 src/PVE/ACME/Challenge.pm
> >  create mode 100644 src/PVE/ACME/StandAlone.pm
> > 
> > diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm
> > new file mode 100644
> > index 000..40d32b6
> > --- /dev/null
> > +++ b/src/PVE/ACME/Challenge.pm
> > @@ -0,0 +1,22 @@
> > +package PVE::ACME::Challenge;
> > +
> > +use strict;
> > +use warnings;
> > +
> > +sub supported_challenge_types {
> > +return {};
> > +}
> > +
> > +sub setup {
> > +my ($class, $acme, $authorization) = @_;
> > +
> > +die "implement me\n";
> > +}
> > +
> > +sub teardown {
> > +my ($self) = @_;
> > +
> > +die "implement me\n";
> > +}
> > +
> > +1;
> > diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm
> > new file mode 100644
> > index 000..0d82213
> > --- /dev/null
> > +++ b/src/PVE/ACME/StandAlone.pm
> > @@ -0,0 +1,74 @@
> > +package PVE::ACME::StandAlone;
> > +
> > +use strict;
> > +use warnings;
> > +
> > +use base qw(PVE::ACME::Challenge);
> > +
> > +sub supported_challenge_types {
> > +return { 'http-01' => 1 };
> > +}
> > +
> > +sub setup {
> > +my ($class, $acme, $authorization) = @_;
> > +
> > +my $challenges = $authorization->{challenges};
> > +die "no challenges defined in authorization\n" if !$challenges;
> > +
> > +my $http_challenges = [ grep {$_->{type} eq 'http-01'} @$challenges ];
> > +die "no http-01 challenge defined in authorization\n"
> > +   if ! scalar $http_challenges;
> > +
> > +my $http_challenge = $http_challenges->[0];
> > +
> > +die "no token found in http-01 challenge\n" if 
> > !$http_challenge->{token};
> > +
> > +my $key_authorization = 
> > $acme->key_authorization($http_challenge->{token});
> > +
> > +my $server = PVE::ACME::StandAlone::Server->new(80);
> > +$server->{key_auth} = $key_authorization;
> > +my $pid = $server->background();
> > +
> > +my $self = {
> > +   server => $server,
> > +   pid => $pid,
> > +   authorization => $authorization,
> > +   key_auth => $key_authorization,
> > +   url => $http_challenge->{url},
> > +};
> > +
> > +return bless $self, $class;
> > +}
> > +
> > +sub teardown {
> > +my ($self) = @_;
> > +
> > +kill 'KILL', $self->{pid};
> > +}
> > +
> > +1;
> > +
> > +package PVE::ACME::StandAlone::Server;
> > +
> > +use HTTP::Server::Simple::CGI;
> > +use base qw(HTTP::Server::Simple::CGI);
> 
> needs a new dependency on libhttp-server-simple-perl ...
> 
> We depend already on libwww-perl here (and access-control and apiclient),
> which also provides a server module AFAIK.
> 
> Maybe it would be nicer to reuse this, if possible?

yes, like I mentioned in v1, this can be switched out for any other
"serve content $foo under path $bar" HTTP server implementation.

I'll take a stab at implementing it with HTTP::Daemon :)

> 
> > +
> > +sub handle_request {
> > +my $self = shift;
> > +my $cgi  = shift;
> > +
> > +my $key_auth = $self->{key_auth};
> > +$key_auth =~ /^(.*)\..*$/;
> > +my $token = $1;
> > +
> > +my $path = $cgi->path_info();
> > +if ($path eq "/.well-known/acme-challenge/${token}") {
> > +   print "HTTP/1.0 200 OK\r\n";
> > +   print $cgi->header, $key_auth;
> > +} else {
> > +   print "HTTP/1.0 404 Not found\r\n";
> > +   print $cgi->header;
> > +}
> > +}
> > +
> > +1;
> > 
> 
> 

___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH v2 common 3/4] acme: add challenge plugins

2018-04-27 Thread Thomas Lamprecht 
On 4/19/18 2:01 PM, Fabian Grünbichler wrote:
> Signed-off-by: Fabian Grünbichler 
> ---
>  src/PVE/ACME/Challenge.pm  | 22 ++
>  src/PVE/ACME/StandAlone.pm | 74 
> ++
>  2 files changed, 96 insertions(+)
>  create mode 100644 src/PVE/ACME/Challenge.pm
>  create mode 100644 src/PVE/ACME/StandAlone.pm
> 
> diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm
> new file mode 100644
> index 000..40d32b6
> --- /dev/null
> +++ b/src/PVE/ACME/Challenge.pm
> @@ -0,0 +1,22 @@
> +package PVE::ACME::Challenge;
> +
> +use strict;
> +use warnings;
> +
> +sub supported_challenge_types {
> +return {};
> +}
> +
> +sub setup {
> +my ($class, $acme, $authorization) = @_;
> +
> +die "implement me\n";
> +}
> +
> +sub teardown {
> +my ($self) = @_;
> +
> +die "implement me\n";
> +}
> +
> +1;
> diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm
> new file mode 100644
> index 000..0d82213
> --- /dev/null
> +++ b/src/PVE/ACME/StandAlone.pm
> @@ -0,0 +1,74 @@
> +package PVE::ACME::StandAlone;
> +
> +use strict;
> +use warnings;
> +
> +use base qw(PVE::ACME::Challenge);
> +
> +sub supported_challenge_types {
> +return { 'http-01' => 1 };
> +}
> +
> +sub setup {
> +my ($class, $acme, $authorization) = @_;
> +
> +my $challenges = $authorization->{challenges};
> +die "no challenges defined in authorization\n" if !$challenges;
> +
> +my $http_challenges = [ grep {$_->{type} eq 'http-01'} @$challenges ];
> +die "no http-01 challenge defined in authorization\n"
> + if ! scalar $http_challenges;
> +
> +my $http_challenge = $http_challenges->[0];
> +
> +die "no token found in http-01 challenge\n" if !$http_challenge->{token};
> +
> +my $key_authorization = 
> $acme->key_authorization($http_challenge->{token});
> +
> +my $server = PVE::ACME::StandAlone::Server->new(80);
> +$server->{key_auth} = $key_authorization;
> +my $pid = $server->background();
> +
> +my $self = {
> + server => $server,
> + pid => $pid,
> + authorization => $authorization,
> + key_auth => $key_authorization,
> + url => $http_challenge->{url},
> +};
> +
> +return bless $self, $class;
> +}
> +
> +sub teardown {
> +my ($self) = @_;
> +
> +kill 'KILL', $self->{pid};
> +}
> +
> +1;
> +
> +package PVE::ACME::StandAlone::Server;
> +
> +use HTTP::Server::Simple::CGI;
> +use base qw(HTTP::Server::Simple::CGI);

needs a new dependency on libhttp-server-simple-perl ...

We depend already on libwww-perl here (and access-control and apiclient),
which also provides a server module AFAIK.

Maybe it would be nicer to reuse this, if possible?

> +
> +sub handle_request {
> +my $self = shift;
> +my $cgi  = shift;
> +
> +my $key_auth = $self->{key_auth};
> +$key_auth =~ /^(.*)\..*$/;
> +my $token = $1;
> +
> +my $path = $cgi->path_info();
> +if ($path eq "/.well-known/acme-challenge/${token}") {
> + print "HTTP/1.0 200 OK\r\n";
> + print $cgi->header, $key_auth;
> +} else {
> + print "HTTP/1.0 404 Not found\r\n";
> + print $cgi->header;
> +}
> +}
> +
> +1;
> 



___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH v2 common 3/4] acme: add challenge plugins

2018-04-19 Thread Fabian Grünbichler 
Signed-off-by: Fabian Grünbichler 
---
 src/PVE/ACME/Challenge.pm  | 22 ++
 src/PVE/ACME/StandAlone.pm | 74 ++
 2 files changed, 96 insertions(+)
 create mode 100644 src/PVE/ACME/Challenge.pm
 create mode 100644 src/PVE/ACME/StandAlone.pm

diff --git a/src/PVE/ACME/Challenge.pm b/src/PVE/ACME/Challenge.pm
new file mode 100644
index 000..40d32b6
--- /dev/null
+++ b/src/PVE/ACME/Challenge.pm
@@ -0,0 +1,22 @@
+package PVE::ACME::Challenge;
+
+use strict;
+use warnings;
+
+sub supported_challenge_types {
+return {};
+}
+
+sub setup {
+my ($class, $acme, $authorization) = @_;
+
+die "implement me\n";
+}
+
+sub teardown {
+my ($self) = @_;
+
+die "implement me\n";
+}
+
+1;
diff --git a/src/PVE/ACME/StandAlone.pm b/src/PVE/ACME/StandAlone.pm
new file mode 100644
index 000..0d82213
--- /dev/null
+++ b/src/PVE/ACME/StandAlone.pm
@@ -0,0 +1,74 @@
+package PVE::ACME::StandAlone;
+
+use strict;
+use warnings;
+
+use base qw(PVE::ACME::Challenge);
+
+sub supported_challenge_types {
+return { 'http-01' => 1 };
+}
+
+sub setup {
+my ($class, $acme, $authorization) = @_;
+
+my $challenges = $authorization->{challenges};
+die "no challenges defined in authorization\n" if !$challenges;
+
+my $http_challenges = [ grep {$_->{type} eq 'http-01'} @$challenges ];
+die "no http-01 challenge defined in authorization\n"
+   if ! scalar $http_challenges;
+
+my $http_challenge = $http_challenges->[0];
+
+die "no token found in http-01 challenge\n" if !$http_challenge->{token};
+
+my $key_authorization = $acme->key_authorization($http_challenge->{token});
+
+my $server = PVE::ACME::StandAlone::Server->new(80);
+$server->{key_auth} = $key_authorization;
+my $pid = $server->background();
+
+my $self = {
+   server => $server,
+   pid => $pid,
+   authorization => $authorization,
+   key_auth => $key_authorization,
+   url => $http_challenge->{url},
+};
+
+return bless $self, $class;
+}
+
+sub teardown {
+my ($self) = @_;
+
+kill 'KILL', $self->{pid};
+}
+
+1;
+
+package PVE::ACME::StandAlone::Server;
+
+use HTTP::Server::Simple::CGI;
+use base qw(HTTP::Server::Simple::CGI);
+
+sub handle_request {
+my $self = shift;
+my $cgi  = shift;
+
+my $key_auth = $self->{key_auth};
+$key_auth =~ /^(.*)\..*$/;
+my $token = $1;
+
+my $path = $cgi->path_info();
+if ($path eq "/.well-known/acme-challenge/${token}") {
+   print "HTTP/1.0 200 OK\r\n";
+   print $cgi->header, $key_auth;
+} else {
+   print "HTTP/1.0 404 Not found\r\n";
+   print $cgi->header;
+}
+}
+
+1;
-- 
2.14.2


___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel