From a0e3c80e51804b8c4e190dc8481f98781e8f43f5 Mon Sep 17 00:00:00 2001 From: Rodolphe Breard Date: Tue, 7 May 2019 16:37:34 +0200 Subject: [PATCH] Add the is_clean_hook variable to challenge hooks --- CHANGELOG.md | 1 + acmed/src/acme_proto.rs | 3 ++- acmed/src/certificate.rs | 1 + acmed/src/hooks.rs | 1 + man/en/acmed.toml.5 | 21 ++++++++++++++++++--- 5 files changed, 23 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 848dc13..e57f85e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Man pages. - The project can now be built and installed using `make`. - The post-operation hooks now have access to the `is_success` template variable. +- Challenge hooks now have the `is_clean_hook` template variable. ### Changed - Unknown configuration fields are no longer tolerated. diff --git a/acmed/src/acme_proto.rs b/acmed/src/acme_proto.rs index 20274fc..44084a2 100644 --- a/acmed/src/acme_proto.rs +++ b/acmed/src/acme_proto.rs @@ -117,7 +117,8 @@ pub fn request_certificate(cert: &Certificate, root_certs: &[String]) -> Result< let domain = auth.identifier.value.to_owned(); // 7. Call the challenge hook in order to complete it - let data = cert.call_challenge_hooks(&file_name, &proof, &domain)?; + let mut data = cert.call_challenge_hooks(&file_name, &proof, &domain)?; + data.0.is_clean_hook = true; hook_datas.push(data); // 8. Tell the server the challenge has been completed diff --git a/acmed/src/certificate.rs b/acmed/src/certificate.rs index 9637c3c..047b05d 100644 --- a/acmed/src/certificate.rs +++ b/acmed/src/certificate.rs @@ -143,6 +143,7 @@ impl Certificate { domain: domain.to_string(), file_name: file_name.to_string(), proof: proof.to_string(), + is_clean_hook: false, }; let hook_type = match challenge { Challenge::Http01 => (HookType::ChallengeHttp01, HookType::ChallengeHttp01Clean), diff --git a/acmed/src/hooks.rs b/acmed/src/hooks.rs index de067f8..cb906e2 100644 --- a/acmed/src/hooks.rs +++ b/acmed/src/hooks.rs @@ -23,6 +23,7 @@ pub struct ChallengeHookData { pub challenge: String, pub file_name: String, pub proof: String, + pub is_clean_hook: bool, } #[derive(Serialize)] diff --git a/man/en/acmed.toml.5 b/man/en/acmed.toml.5 index 72b0bfd..f77e2e0 100644 --- a/man/en/acmed.toml.5 +++ b/man/en/acmed.toml.5 @@ -213,13 +213,18 @@ prefix. .It Cm proof Ar string The content of the proof that must be written to .Em file_name . +.It Cm is_clean_hook Ar bool +False .El .It Ic challenge-http-01-clean Invoked once a domain ownership has been proven using the .Em http-01 challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding .Em challenge-http-01 -hook. +hook, excepted +.Em is_clean_hook +which is set to +.Em true . .It Ic challenge-dns-01 Invoked when the ownership of a domain must be proved using the .Em dns-01 @@ -237,13 +242,18 @@ The content of the proof that must be written to a entry of the DNS zone for the .Ql _acme-challenge subdomain. +.It Cm is_clean_hook Ar bool +False .El .It Ic challenge-dns-01-clean Invoked once a domain ownership has been proven using the .Em dns-01 challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding .Em challenge-dns-01 -hook. +hook, excepted +.Em is_clean_hook +which is set to +.Em true . .It Ic challenge-tls-alpn-01 Invoked when the ownership of a domain must be proved using the .Em tls-alpn-01 @@ -264,13 +274,18 @@ ALPN extension value. .Xr acmed 8 will not generate the certificate itself since it can be done using .Xr tacd 8 . +.It Cm is_clean_hook Ar bool +False .El .It Ic challenge-tls-alpn-01-clean Invoked once a domain ownership has been proven using the .Em tls-alpn-01 challenge. This hook is intended to remove the proof since it is no longer required. The template variables are strictly identical to those given in the corresponding .Em challenge-tls-alpn-01 -hook. +hook, excepted +.Em is_clean_hook +which is set to +.Em true . .It Ic file-pre-create Invoked .Em before