acme: detect base64 vs base64url encoded hmac keys

We do this in the PVE code as well.

Link: https://forum.proxmox.com/threads/acme-with-custom-acme-directory-doesnt-work.147058/
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2024-10-02 12:45:30 +02:00
parent c30169d08f
commit f298ed6aec
2 changed files with 11 additions and 1 deletions

View File

@ -323,7 +323,12 @@ impl AccountCreator {
/// Set the EAB credentials for the account registration
pub fn set_eab_credentials(mut self, kid: String, hmac_key: String) -> Result<Self, Error> {
let hmac_key = PKey::hmac(&base64::decode(hmac_key)?)?;
let hmac_key = if hmac_key.contains('+') || hmac_key.contains('/') {
base64::decode(hmac_key)?
} else {
b64u::decode(&hmac_key)?
};
let hmac_key = PKey::hmac(&hmac_key)?;
self.eab_credentials = Some((kid, hmac_key));
Ok(self)
}

View File

@ -7,6 +7,11 @@ pub fn encode(data: &[u8]) -> String {
base64::encode_config(data, config())
}
/// Decode a base64url encoded string.
pub fn decode<T: AsRef<[u8]>>(data: &T) -> Result<Vec<u8>, crate::Error> {
Ok(base64::decode_config(data.as_ref(), config())?)
}
// curiously currently unused as we don't deserialize any of that
// /// Decode bytes from a base64url string.
// pub fn decode(data: &str) -> Result<Vec<u8>, base64::DecodeError> {