From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <c.heiss@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id DFCA793F4A
 for <pve-devel@lists.proxmox.com>; Wed, 21 Feb 2024 13:22:30 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id BA0F716B33
 for <pve-devel@lists.proxmox.com>; Wed, 21 Feb 2024 13:22:00 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS
 for <pve-devel@lists.proxmox.com>; Wed, 21 Feb 2024 13:21:59 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 7CDC344469
 for <pve-devel@lists.proxmox.com>; Wed, 21 Feb 2024 13:21:59 +0100 (CET)
Date: Wed, 21 Feb 2024 13:21:58 +0100
From: Christoph Heiss <c.heiss@proxmox.com>
To: Aaron Lauterer <a.lauterer@proxmox.com>
Cc: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Message-ID: <2646kro74j2uxigvijpy3zzen7ddv7aodft6fgvxfmp2gkqydw@upmuhbxzl23i>
References: <20240221110805.931925-1-a.lauterer@proxmox.com>
 <20240221110805.931925-21-a.lauterer@proxmox.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20240221110805.931925-21-a.lauterer@proxmox.com>
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.004 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [post.rs]
Subject: Re: [pve-devel] [PATCH v2 20/22] auto-installer: fetch: add http
 post utility module
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2024 12:22:30 -0000

On Wed, Feb 21, 2024 at 12:08:03PM +0100, Aaron Lauterer wrote:
> It sends a http(s) POST request with the sysinfo as payload and expects
> an answer file in return.
>
[..]
> diff --git a/proxmox-auto-installer/src/fetch_plugins/utils/post.rs b/proxmox-auto-installer/src/fetch_plugins/utils/post.rs
> new file mode 100644
> index 0000000..c9f6ddb
> --- /dev/null
> +++ b/proxmox-auto-installer/src/fetch_plugins/utils/post.rs
> @@ -0,0 +1,93 @@
> +use anyhow::Result;
> +use rustls::ClientConfig;
> +use sha2::{Digest, Sha256};
> +use std::sync::Arc;
> +use ureq::{Agent, AgentBuilder};
> +
> +/// Issues a POST request with the payload (JSON). Optionally a SHA256 fingerprint can be used to
> +/// check the cert against it, instead of the regular cert validation.
> +/// To gather the sha256 fingerprint you can use the following command:
> +/// ```no_compile
> +/// openssl s_client -connect <host>:443 < /dev/null 2>/dev/null | openssl x509 -fingerprint -sha256  -noout -in /dev/stdin
> +/// ```
> +///
> +/// # Arguemnts
> +/// * `url` - URL to call
> +/// * `fingerprint` - SHA256 cert fingerprint if certificate pinning should be used. Optional.
> +/// * `payload` - The payload to send to the server. Expected to be a JSON formatted string.
> +pub fn call(url: String, fingerprint: Option<&str>, payload: String) -> Result<String> {
> +    let answer      ;
Bit to much whitespaces?

> +
> +    if let Some(fingerprint) = fingerprint {
> +        let tls_config = ClientConfig::builder()
> +            .with_safe_defaults()
> +            .with_custom_certificate_verifier(VerifyCertFingerprint::new(fingerprint)?)
> +            .with_no_client_auth();
> +
> +        let agent: Agent = AgentBuilder::new().tls_config(Arc::new(tls_config)).build();
> +
> +        answer = agent
> +            .post(&url)
> +            .set("Content-type", "application/json; charset=utf-")
                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Should probably read "application/json; charset=utf-8" I assume? :^)

> +            .send_string(&payload)?
> +            .into_string()?;
> +    } else {
> +        let mut roots = rustls::RootCertStore::empty();
> +        for cert in rustls_native_certs::load_native_certs()? {
> +            roots.add(&rustls::Certificate(cert.0)).unwrap();
> +        }
> +
> +        let tls_config = rustls::ClientConfig::builder()
> +            .with_safe_defaults()
> +            .with_root_certificates(roots)
> +            .with_no_client_auth();
> +
> +        let agent = AgentBuilder::new()
> +            .tls_connector(Arc::new(native_tls::TlsConnector::new()?))
> +            .tls_config(Arc::new(tls_config))
> +            .build();
> +        answer = agent
> +            .post(&url)
> +            .set("Content-type", "application/json; charset=utf-")
.. and same here