tsarevvv/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

cli: acme: add possibility to set eab via the cli

Browse Source 
If the ca demands external account binding credentials, the user will be
asked for them. If a custom directory is used, the user will be asked if
eab should be used.

Signed-off-by: Folke Gleumes <f.gleumes@proxmox.com>
This commit is contained in:
Folke Gleumes 2023-11-14 15:14:04 +01:00 committed by Wolfgang Bumiller
parent 6aeb96e708
commit 54ddd689ab
2 changed files with 43 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/acme/client.rs
View File

@ -577,7 +577,7 @@ impl AcmeClient {
Self::execute(&mut self.http_client, request, &mut self.nonce).await
}
async fn directory(&mut self) -> Result<&Directory, Error> {
pub async fn directory(&mut self) -> Result<&Directory, Error> {
Ok(Self::get_directory(
&mut self.http_client,
&self.directory_url,

51
src/bin/proxmox_backup_manager/acme.rs
View File

@ -103,8 +103,8 @@ async fn register_account(
contact: String,
directory: Option<String>,
) -> Result<(), Error> {
let directory = match directory {
Some(directory) => directory,
let (directory_url, custom_directory) = match directory {
Some(directory) => (directory, true),
None => {
println!("Directory endpoints:");
for (i, dir) in KNOWN_ACME_DIRECTORIES.iter().enumerate() {
@ -122,12 +122,12 @@ async fn register_account(
match input.trim().parse::<usize>() {
Ok(n) if n < KNOWN_ACME_DIRECTORIES.len() => {
break KNOWN_ACME_DIRECTORIES[n].url.to_owned();
break (KNOWN_ACME_DIRECTORIES[n].url.to_owned(), false);
}
Ok(n) if n == KNOWN_ACME_DIRECTORIES.len() => {
input.clear();
std::io::stdin().read_line(&mut input)?;
break input.trim().to_owned();
break (input.trim().to_owned(), true);
}
_ => eprintln!("Invalid selection."),
}
@ -140,9 +140,13 @@ async fn register_account(
}
};
println!("Attempting to fetch Terms of Service from {:?}", directory);
let mut client = AcmeClient::new(directory.clone());
let tos_agreed = if let Some(tos_url) = client.terms_of_service_url().await? {
println!(
"Attempting to fetch Terms of Service from {:?}",
directory_url
);
let mut client = AcmeClient::new(directory_url.clone());
let directory = client.directory().await?;
let tos_agreed = if let Some(tos_url) = directory.terms_of_service_url() {
println!("Terms of Service: {}", tos_url);
print!("Do you agree to the above terms? [y|N]: ");
std::io::stdout().flush()?;
@ -154,7 +158,36 @@ async fn register_account(
true
};
println!("Attempting to register account with {:?}...", directory);
let mut eab_enabled = directory.external_account_binding_required();
if !eab_enabled && custom_directory {
print!("Do you want to use external account binding? [y|N]: ");
std::io::stdout().flush()?;
let mut input = String::new();
std::io::stdin().read_line(&mut input)?;
eab_enabled = input.trim().eq_ignore_ascii_case("y");
} else if eab_enabled {
println!("The CA requires external account binding.");
}
let eab_creds = if eab_enabled {
println!("You should have received a key id and a key from your CA.");
print!("Enter EAB key id: ");
std::io::stdout().flush()?;
let mut eab_kid = String::new();
std::io::stdin().read_line(&mut eab_kid)?;
print!("Enter EAB key: ");
std::io::stdout().flush()?;
let mut eab_hmac_key = String::new();
std::io::stdin().read_line(&mut eab_hmac_key)?;
Some((eab_kid.trim().to_owned(), eab_hmac_key.trim().to_owned()))
} else {
None
};
println!("Attempting to register account with {:?}...", directory_url);
let account = api2::config::acme::do_register_account(
&mut client,
@ -162,7 +195,7 @@ async fn register_account(
tos_agreed,
contact,
None,
None,
eab_creds,
)
.await?;