proxmox-mirrors/pve-manager
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-manager synced 2025-08-15 13:36:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix #4497: acme: add support for external account bindings

Browse Source 
Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
Reviewed-by: Fabian.Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Fabian.Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Folke Gleumes 2023-10-31 10:05:11 +01:00 committed by Thomas Lamprecht
parent ed38c56b2b
commit fe64969b63
1 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
PVE/API2/ACMEAccount.pm
View File

@ -115,6 +115,18 @@ __PACKAGE__->register_method ({
default => $acme_default_directory_url, default => $acme_default_directory_url,
optional => 1, optional => 1,
}), }),
'eab-kid' => {
type => 'string',
description => 'Key Identifier for External Account Binding.',
requires => 'eab-hmac-key',
optional => 1,
},
'eab-hmac-key' => {
type => 'string',
description => 'HMAC key for External Account Binding.',
requires => 'eab-kid',
optional => 1,
},
}, },
}, },
returns => { returns => {
@ -130,6 +142,9 @@ __PACKAGE__->register_method ({
my $account_file = "${acme_account_dir}/${account_name}"; my $account_file = "${acme_account_dir}/${account_name}";
mkdir $acme_account_dir if ! -e $acme_account_dir; mkdir $acme_account_dir if ! -e $acme_account_dir;
my $eab_kid = extract_param($param, 'eab-kid');
my $eab_hmac_key = extract_param($param, 'eab-hmac-key');
raise_param_exc({'name' => "ACME account config file '${account_name}' already exists."}) raise_param_exc({'name' => "ACME account config file '${account_name}' already exists."})
if -e $account_file; if -e $account_file;
@ -145,7 +160,17 @@ __PACKAGE__->register_method ({
print "Generating ACME account key..\n"; print "Generating ACME account key..\n";
$acme->init(4096); $acme->init(4096);
print "Registering ACME account..\n"; print "Registering ACME account..\n";
eval { $acme->new_account($param->{tos_url}, contact => $contact); };
my %info = (contact => $contact);
if (defined($eab_kid)) {
$info{eab} = {
kid => $eab_kid,
hmac_key => $eab_hmac_key
};
}
eval { $acme->new_account($param->{tos_url}, %info); };
if (my $err = $@) { if (my $err = $@) {
unlink $account_file; unlink $account_file;
die "Registration failed: $err\n"; die "Registration failed: $err\n";