From 6ce99e7e02f1c61ab02c75c90ccdd9d34c07543e Mon Sep 17 00:00:00 2001 From: Daniel M Date: Thu, 28 Jul 2022 19:59:36 +0200 Subject: [PATCH] Increase timeouts --- src/certs.rs | 56 +++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 45 insertions(+), 11 deletions(-) diff --git a/src/certs.rs b/src/certs.rs index cd994be..a67b42d 100644 --- a/src/certs.rs +++ b/src/certs.rs @@ -6,7 +6,7 @@ use acme2::{ DirectoryBuilder, OrderBuilder, OrderStatus, }; use log::{debug, info}; -use std::{sync::Arc, time::Duration, fmt::Display, collections::HashSet}; +use std::{collections::HashSet, fmt::Display, sync::Arc, time::Duration}; use tokio::fs; #[derive(thiserror::Error, Debug)] @@ -29,6 +29,8 @@ pub enum ReqErr { Finalizing, #[error("No certificate chain error")] NoChain, + #[error("Timeout: {0}")] + Timeout(Box), } /// Convenience extension for X509 information in certs @@ -110,7 +112,10 @@ impl CertRequester { builder.private_key(key).build().await? } Err(_) => { - info!("Account '{}' does not exists. Creating new", &self.conf.account_file); + info!( + "Account '{}' does not exists. Creating new", + &self.conf.account_file + ); let acc = builder.terms_of_service_agreed(true).build().await?; let key = acc.private_key().private_key_to_pem_pkcs8()?; fs::write(&self.conf.account_file, &key).await?; @@ -169,7 +174,11 @@ impl CertRequester { challenge.validate().await.map_err(|_| ReqErr::Validation)?; - let challenge = challenge.wait_done(Duration::from_secs(5), 3).await.map_err(|_| ReqErr::Validation)?; + let challenge = challenge + .wait_done(Duration::from_secs(15), 3) + .await + .map_err(|_| ReqErr::Timeout(ReqErr::Validation.into()))?; + if !matches!(challenge.status, ChallengeStatus::Valid) { return Err(ReqErr::Validation); } @@ -177,14 +186,22 @@ impl CertRequester { self.challenge_mgr.remove(&token).await; debug!("Wait for authorization"); - let auth = auth.wait_done(Duration::from_secs(5), 3).await.map_err(|_| ReqErr::Validation)?; + let auth = auth + .wait_done(Duration::from_secs(15), 3) + .await + .map_err(|_| ReqErr::Timeout(ReqErr::Validation.into()))?; + if !matches!(auth.status, AuthorizationStatus::Valid) { return Err(ReqErr::Validation); } } info!("Waiting for order"); - let order = order.wait_ready(Duration::from_secs(10), 5).await.map_err(|_| ReqErr::Order)?; + let order = order + .wait_ready(Duration::from_secs(15), 5) + .await + .map_err(|_| ReqErr::Timeout(ReqErr::Order.into()))?; + if !matches!(order.status, OrderStatus::Ready) { return Err(ReqErr::Order); } @@ -192,19 +209,34 @@ impl CertRequester { let pkey = gen_rsa_private_key(4096).unwrap(); info!("Finalizing certificate"); - let order = order.finalize(Csr::Automatic(pkey.clone())).await.map_err(|_| ReqErr::Finalizing)?; - let order = order.wait_done(Duration::from_secs(5), 3).await.map_err(|_| ReqErr::Finalizing)?; + let order = order + .finalize(Csr::Automatic(pkey.clone())) + .await + .map_err(|_| ReqErr::Finalizing)?; + + let order = order + .wait_done(Duration::from_secs(15), 3) + .await + .map_err(|_| ReqErr::Timeout(ReqErr::Finalizing.into()))?; + if !matches!(order.status, OrderStatus::Valid) { return Err(ReqErr::Finalizing); } - let certs = order.certificate().await.map_err(|_| ReqErr::Finalizing)?.ok_or(ReqErr::Finalizing)?; - + let certs = order + .certificate() + .await + .map_err(|_| ReqErr::Finalizing)? + .ok_or(ReqErr::Finalizing)?; + if certs.len() <= 1 { return Err(ReqErr::NoChain); } - info!("The new certificate expires in {} days", certs[0].expires_in_days()); + info!( + "The new certificate expires in {} days", + certs[0].expires_in_days() + ); let x = certs .into_iter() @@ -213,7 +245,9 @@ impl CertRequester { .chain(pkey.private_key_to_pem_pkcs8().unwrap().into_iter()) .collect::>(); - tokio::fs::write(&self.conf.fullchain_file, x).await.unwrap(); + tokio::fs::write(&self.conf.fullchain_file, x) + .await + .unwrap(); Ok(()) }