From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id E32E7C1931 for ; Tue, 16 Jan 2024 18:43:39 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id C42B33A08A for ; Tue, 16 Jan 2024 18:43:39 +0100 (CET) Received: from zg8tmja2lje4os4yms4ymjma.icoremail.net (zg8tmja2lje4os4yms4ymjma.icoremail.net [206.189.21.223]) by firstgate.proxmox.com (Proxmox) with ESMTP for ; Tue, 16 Jan 2024 18:43:38 +0100 (CET) Received: from localhost.localdomain (unknown [113.93.28.4]) by mail-app2 (Coremail) with SMTP id by_KCgDHCqpCwKZlGxExAA--.8647S3; Wed, 17 Jan 2024 01:43:34 +0800 (CST) From: LoveSy To: pmg-devel@lists.proxmox.com Cc: YU Jincheng Date: Wed, 17 Jan 2024 01:43:28 +0800 Message-Id: <20240116174328.75567-2-shana@zju.edu.cn> X-Mailer: git-send-email 2.39.3 (Apple Git-145) In-Reply-To: <20240116174328.75567-1-shana@zju.edu.cn> References: <20240116174328.75567-1-shana@zju.edu.cn> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID: by_KCgDHCqpCwKZlGxExAA--.8647S3 X-Coremail-Antispam: 1UD129KBjvJXoW7Wr4xZrW7GF4fuw43KF1xKrg_yoW8Jr1Dpr WDJrs7tFyUAF18Kr95tF1UJ3y5Ja1kZrWfKF1j9wsrCFZxJryFvF429r1Ykw43Zr4SyFW5 X3sIqa4xZFn8JrDanT9S1TB71UUUUUJqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUQF14x267AKxVWUJVW8JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0 rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2048vs2IY020E87I2jVAFwI0_Jr4l82xGYIkIc2 x26xkF7I0E14v26r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4vEj48ve4kI8wA2z4x0Y4vE 2Ix0cI8IcVAFwI0_Ar0_tr1l84ACjcxK6xIIjxv20xvEc7CjxVAFwI0_Cr0_Gr1UM28EF7 xvwVC2z280aVAFwI0_GcCE3s1l84ACjcxK6I8E87Iv6xkF7I0E14v26rxl6s0DM2kKe7AK xVWUXVWUAwAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG6I80ew Av7VC0I7IYx2IY67AKxVWUtVWrXwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFVCjc4AY 6r1j6r4UM4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IErcIFxwCY1x0262kKe7 AKxVWUAVWUtwCY02Avz4vE14v_GwCF04k20xvY0x0EwIxGrwCF54CYxVAaw2AFwI0_Jrv_ JF1l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8Gjc xK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r1Y6r17MIIYrxkI7VAKI48JMIIF0xvE2Ix0 cI8IcVAFwI0_JFI_Gr1lIxAIcVC0I7IYx2IY6xkF7I0E14v26r1j6r4UMIIF0xvE42xK8V AvwI8IcIk0rVWUJVWUCwCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E87Iv6xkF7I0E 14v26r1j6r4UYxBIdaVFxhVjvjDU0xZFpf9x0pRXtxDUUUUU= X-CM-SenderInfo: qtrviiyqrrkko62m3hxhgxhubq/1tbiAwMCDmWlfs4VHgAHsw X-SPAM-LEVEL: Spam detection results: 0 AWL -0.001 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_MSPIKE_H4 0.001 Very Good reputation (+4) RCVD_IN_MSPIKE_WL 0.001 Mailspike good senders SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [acme.pm] X-Mailman-Approved-At: Wed, 17 Jan 2024 09:05:26 +0100 Subject: [pmg-devel] [PATCH acme 1/1] Fix EBA MAC key decoding X-BeenThere: pmg-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Jan 2024 17:43:39 -0000 From: YU Jincheng Accroding to RFC 8555: > The MAC key SHOULD be provided in base64url-encoded form... However, currently we are only decoding the MAC key as base64. This patch uses the correct function to decode the user provided MAC key as base64url format. Signed-off-by: YU Jincheng --- src/PVE/ACME.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/PVE/ACME.pm b/src/PVE/ACME.pm index bf5410d..428cdda 100644 --- a/src/PVE/ACME.pm +++ b/src/PVE/ACME.pm @@ -7,7 +7,7 @@ use POSIX; use Data::Dumper; use Date::Parse; -use MIME::Base64 qw(encode_base64url decode_base64); +use MIME::Base64 qw(encode_base64url decode_base64url); use File::Path qw(make_path); use JSON; use Digest::SHA qw(sha256 sha256_hex hmac_sha256); @@ -365,7 +365,7 @@ sub new_account { my %payload = ( contact => $info{contact} ); if (defined($info{eab})) { - my $eab_hmac_key = decode_base64($info{eab}->{hmac_key}); + my $eab_hmac_key = decode_base64url($info{eab}->{hmac_key}); $payload{externalAccountBinding} = external_account_binding_jws( $info{eab}->{kid}, $eab_hmac_key, -- 2.39.3 (Apple Git-145)