From: William Lallemand <wlallemand@haproxy.com>
Date: Wed, 9 Apr 2025 19:32:05 +0000 (+0200)
Subject: MINOR: acme: generate new account
X-Git-Tag: v3.2-dev11~94
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=04d393f6610ead2845333037e9fd8d255b79a27a;p=thirdparty%2Fhaproxy.git

MINOR: acme: generate new account

The new account action in the ACME task use the same function as the
chkaccount, but onlyReturnExisting is not sent in this case!
---

diff --git a/include/haproxy/acme-t.h b/include/haproxy/acme-t.h
index 0e319d381..efe2742b9 100644
--- a/include/haproxy/acme-t.h
+++ b/include/haproxy/acme-t.h
@@ -33,6 +33,7 @@ enum acme_st {
 	ACME_RESSOURCES = 0,
 	ACME_NEWNONCE,
 	ACME_CHKACCOUNT,
+	ACME_NEWACCOUNT,
 	ACME_END
 };
 
diff --git a/src/acme.c b/src/acme.c
index 829a99829..b7d1b4fc6 100644
--- a/src/acme.c
+++ b/src/acme.c
@@ -628,7 +628,7 @@ error:
 	return ret;
 }
 
-int acme_res_account(struct task *task, struct acme_ctx *ctx, char **errmsg)
+int acme_res_account(struct task *task, struct acme_ctx *ctx, int newaccount, char **errmsg)
 {
 	struct httpclient *hc;
 	struct http_hdr *hdrs, *hdr;
@@ -663,9 +663,11 @@ int acme_res_account(struct task *task, struct acme_ctx *ctx, char **errmsg)
 		if ((ret = mjson_get_string(hc->res.buf.area, hc->res.buf.data, "$.type", t2->area, t2->size)) > -1)
 			t2->data = ret;
 
-		/* not an error, we only need to create a new account */
-		if (strcmp("urn:ietf:params:acme:error:accountDoesNotExist", t2->area) == 0)
-			goto out;
+		if (!newaccount) {
+			/* not an error, we only need to create a new account */
+			if (strcmp("urn:ietf:params:acme:error:accountDoesNotExist", t2->area) == 0)
+				goto out;
+		}
 
 		if (t2->data && t1->data)
 			memprintf(errmsg, "invalid HTTP status code %d when getting Account URL: \"%.*s\" (%.*s)", hc->res.status, (int)t1->data, t1->area, (int)t2->data, t2->area);
@@ -839,16 +841,32 @@ struct task *acme_process(struct task *task, void *context, unsigned int state)
 					goto retry;
 			}
 			if (http_st == ACME_HTTP_RES) {
-				if (acme_res_account(task, ctx, &errmsg) != 0) {
+				if (acme_res_account(task, ctx, 0, &errmsg) != 0) {
 					http_st = ACME_HTTP_REQ;
 					goto retry;
 				}
-				st = ACME_END;
+				if (!isttest(ctx->kid)) {
+					st = ACME_NEWACCOUNT;
+					http_st = ACME_HTTP_REQ;
+					task_wakeup(task, TASK_WOKEN_MSG);
+				}
+				goto end;
 			}
-
 		break;
-		case ACME_END:
-			goto end;
+		case ACME_NEWACCOUNT:
+			if (http_st == ACME_HTTP_REQ) {
+				if (acme_req_account(task, ctx, 1, &errmsg) != 0)
+					goto retry;
+			}
+			if (http_st == ACME_HTTP_RES) {
+				if (acme_res_account(task, ctx, 1, &errmsg) != 0) {
+					http_st = ACME_HTTP_REQ;
+					goto retry;
+				}
+				goto end;
+			}
+
+
 		break;
 		default:
 		break;