Proxmox/proxmox
5
0
Fork 1
Code Issues Pull Requests Releases Activity

acme: detect base64 vs base64url encoded hmac keys

Browse Source 
We do this in the PVE code as well.

Link: https://forum.proxmox.com/threads/acme-with-custom-acme-directory-doesnt-work.147058/
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
Wolfgang Bumiller 2024-10-02 12:45:30 +02:00
parent c30169d08f
commit f298ed6aec
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
proxmox-acme/src/account.rs
View File

@ -323,7 +323,12 @@ impl AccountCreator {
/// Set the EAB credentials for the account registration /// Set the EAB credentials for the account registration
pub fn set_eab_credentials(mut self, kid: String, hmac_key: String) -> Result<Self, Error> { pub fn set_eab_credentials(mut self, kid: String, hmac_key: String) -> Result<Self, Error> {
let hmac_key = PKey::hmac(&base64::decode(hmac_key)?)?; let hmac_key = if hmac_key.contains('+') || hmac_key.contains('/') {
base64::decode(hmac_key)?
} else {
b64u::decode(&hmac_key)?
};
let hmac_key = PKey::hmac(&hmac_key)?;
self.eab_credentials = Some((kid, hmac_key)); self.eab_credentials = Some((kid, hmac_key));
Ok(self) Ok(self)
} }

5
proxmox-acme/src/b64u.rs
View File

@ -7,6 +7,11 @@ pub fn encode(data: &[u8]) -> String {
base64::encode_config(data, config()) base64::encode_config(data, config())
} }
/// Decode a base64url encoded string.
pub fn decode<T: AsRef<[u8]>>(data: &T) -> Result<Vec<u8>, crate::Error> {
Ok(base64::decode_config(data.as_ref(), config())?)
}
// curiously currently unused as we don't deserialize any of that // curiously currently unused as we don't deserialize any of that
// /// Decode bytes from a base64url string. // /// Decode bytes from a base64url string.
// pub fn decode(data: &str) -> Result<Vec<u8>, base64::DecodeError> { // pub fn decode(data: &str) -> Result<Vec<u8>, base64::DecodeError> {