acme: detect base64 vs base64url encoded hmac keys
We do this in the PVE code as well. Link: https://forum.proxmox.com/threads/acme-with-custom-acme-directory-doesnt-work.147058/ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
parent
c30169d08f
commit
f298ed6aec
@ -323,7 +323,12 @@ impl AccountCreator {
|
||||
|
||||
/// Set the EAB credentials for the account registration
|
||||
pub fn set_eab_credentials(mut self, kid: String, hmac_key: String) -> Result<Self, Error> {
|
||||
let hmac_key = PKey::hmac(&base64::decode(hmac_key)?)?;
|
||||
let hmac_key = if hmac_key.contains('+') || hmac_key.contains('/') {
|
||||
base64::decode(hmac_key)?
|
||||
} else {
|
||||
b64u::decode(&hmac_key)?
|
||||
};
|
||||
let hmac_key = PKey::hmac(&hmac_key)?;
|
||||
self.eab_credentials = Some((kid, hmac_key));
|
||||
Ok(self)
|
||||
}
|
||||
|
@ -7,6 +7,11 @@ pub fn encode(data: &[u8]) -> String {
|
||||
base64::encode_config(data, config())
|
||||
}
|
||||
|
||||
/// Decode a base64url encoded string.
|
||||
pub fn decode<T: AsRef<[u8]>>(data: &T) -> Result<Vec<u8>, crate::Error> {
|
||||
Ok(base64::decode_config(data.as_ref(), config())?)
|
||||
}
|
||||
|
||||
// curiously currently unused as we don't deserialize any of that
|
||||
// /// Decode bytes from a base64url string.
|
||||
// pub fn decode(data: &str) -> Result<Vec<u8>, base64::DecodeError> {
|
||||
|
Loading…
Reference in New Issue
Block a user