Using correct content type (as per version 10 of ACME draft). (#37165) (#37190)

* Using correct content type (as per version 10 of ACME draft). * Another incompatibility with ACME v2: body must be {} and not contain v1 data (Pebble fails otherwise). (cherry picked from commit 155adb1631)
2018-03-08 16:55:49 +01:00 · 2018-03-08 16:55:49 +01:00 · d06f8dda3b
commit d06f8dda3b
parent 7213d0017b
1 changed files with 11 additions and 8 deletions
--- a/lib/ansible/modules/web_infrastructure/letsencrypt.py
+++ b/lib/ansible/modules/web_infrastructure/letsencrypt.py
@ -643,7 +643,7 @@ class ACMEAccount(object):
        '''
        Sends a JWS signed HTTP POST request to the ACME server and returns
        the response as dictionary
-        https://tools.ietf.org/html/draft-ietf-acme-acme-09#section-6.2
+        https://tools.ietf.org/html/draft-ietf-acme-acme-10#section-6.2
        '''
        failed_tries = 0
        while True:
@ -687,7 +687,10 @@ class ACMEAccount(object):
                data["header"] = self.jws_header
            data = self.module.jsonify(data)

-            resp, info = fetch_url(self.module, url, data=data, method='POST')
+            headers = {
+                'Content-Type': 'application/jose+json',
+            }
+            resp, info = fetch_url(self.module, url, data=data, headers=headers, method='POST')
            result = {}
            try:
                content = resp.read()
@ -947,13 +950,13 @@ class ACMEClient(object):
                continue

            uri = challenge['uri'] if self.version == 1 else challenge['url']
-            token = re.sub(r"[^A-Za-z0-9_\-]", "_", challenge['token'])
-            keyauthorization = self.account.get_keyauthorization(token)

-            challenge_response = {
-                "resource": "challenge",
-                "keyAuthorization": keyauthorization,
-            }
+            challenge_response = {}
+            if self.version == 1:
+                token = re.sub(r"[^A-Za-z0-9_\-]", "_", challenge['token'])
+                keyauthorization = self.account.get_keyauthorization(token)
+                challenge_response["resource"] = "challenge"
+                challenge_response["keyAuthorization"] = keyauthorization
            result, info = self.account.send_signed_request(uri, challenge_response)
            if info['status'] not in [200, 202]:
                self.module.fail_json(msg="Error validating challenge: CODE: {0} RESULT: {1}".format(info['status'], result))