From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <shana@zju.edu.cn>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 5765EC1B74
 for <pve-devel@lists.proxmox.com>; Thu, 18 Jan 2024 11:40:25 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 3858913CB4
 for <pve-devel@lists.proxmox.com>; Thu, 18 Jan 2024 11:40:25 +0100 (CET)
Received: from zg8tmtyylji0my4xnjqumte4.icoremail.net
 (zg8tmtyylji0my4xnjqumte4.icoremail.net [162.243.164.118])
 by firstgate.proxmox.com (Proxmox) with ESMTP
 for <pve-devel@lists.proxmox.com>; Thu, 18 Jan 2024 11:40:22 +0100 (CET)
Received: from localhost.localdomain (unknown [113.93.28.4])
 by mail-app4 (Coremail) with SMTP id cS_KCgAnRIMQAKll+bU7AA--.44308S2;
 Thu, 18 Jan 2024 18:40:17 +0800 (CST)
From: YU Jincheng <shana@zju.edu.cn>
To: pve-devel@lists.proxmox.com
Date: Thu, 18 Jan 2024 18:40:14 +0800
Message-Id: <20240118104013.91132-1-shana@zju.edu.cn>
X-Mailer: git-send-email 2.39.3 (Apple Git-145)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-CM-TRANSID: cS_KCgAnRIMQAKll+bU7AA--.44308S2
X-Coremail-Antispam: 1UD129KBjvJXoW7CF15Jw13WFWUGr1xZFWkWFg_yoW8Jw1rpr
 Z5Grs7tFyUAF18Kr9Yq3W8J3y5JFWkZrWfKF1UuwsrCFZxJryFvF429r1Yk3y3ZF4SyFWr
 Xr9xWa48uFn8ArUanT9S1TB71UUUUUDqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
 9KBjDU0xBIdaVrnRJUUUkYb7Iv0xC_Cr1lb4IE77IF4wAFF20E14v26r1j6r4UM7CY07I2
 0VC2zVCF04k26cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rw
 A2F7IY1VAKz4vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_tr0E3s1l84ACjcxK6xII
 jxv20xvEc7CjxVAFwI0_Gr1j6F4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwV
 C2z280aVCY1x0267AKxVW0oVCq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC
 0VAKzVAqx4xG6I80ewAv7VC0I7IYx2IY67AKxVWUAVWUtwAv7VC2z280aVAFwI0_Jr0_Gr
 1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0Y48IcxkI7VAKI48JMxkIecxEwVAFwVW8twCF04k2
 0xvY0x0EwIxGrwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r1j6r18MI
 8I3I0E7480Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_Jr0_JrylIxkGc2Ij64vIr41l
 IxAIcVC0I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Jr0_Gr1lIx
 AIcVCF04k26cxKx2IYs7xG6r1j6r1xMIIF0xvEx4A2jsIE14v26r1j6r4UMIIF0xvEx4A2
 jsIEc7CjxVAFwI0_Jr0_GrUvcSsGvfC2KfnxnUUI43ZEXa7IU8fsqJUUUUU==
X-CM-SenderInfo: qtrviiyqrrkko62m3hxhgxhubq/1tbiAwMCDmWlfs4VHgAast
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.751 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_HOSTKARMA_BL      1.5 Sender listed in HOSTKARMA-BLACK
 RCVD_IN_MSPIKE_H4       0.001 Very Good reputation (+4)
 RCVD_IN_MSPIKE_WL       0.001 Mailspike good senders
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [acme.pm]
Subject: [pve-devel] [PATCH acme] Fix EBA MAC key decoding
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2024 10:40:25 -0000

Accroding to RFC 8555:
> The MAC key SHOULD be provided in base64url-encoded form...

However, currently we are only decoding the MAC key as base64.
This patch uses the correct function to decode the user provided
MAC key as base64url format. This can fix authentication error
when a user uses command `pvenode acme account register` and paste
the EBA MAC key as prompted.

Signed-off-by: YU Jincheng <shana@zju.edu.cn>
---
 src/PVE/ACME.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/PVE/ACME.pm b/src/PVE/ACME.pm
index bf5410d..428cdda 100644
--- a/src/PVE/ACME.pm
+++ b/src/PVE/ACME.pm
@@ -7,7 +7,7 @@ use POSIX;
 
 use Data::Dumper;
 use Date::Parse;
-use MIME::Base64 qw(encode_base64url decode_base64);
+use MIME::Base64 qw(encode_base64url decode_base64url);
 use File::Path qw(make_path);
 use JSON;
 use Digest::SHA qw(sha256 sha256_hex hmac_sha256);
@@ -365,7 +365,7 @@ sub new_account {
     my %payload = ( contact => $info{contact} );
 
     if (defined($info{eab})) {
-	my $eab_hmac_key = decode_base64($info{eab}->{hmac_key});
+	my $eab_hmac_key = decode_base64url($info{eab}->{hmac_key});
 	$payload{externalAccountBinding} = external_account_binding_jws(
 	    $info{eab}->{kid},
 	    $eab_hmac_key,
-- 
2.39.3 (Apple Git-145)