[pmg-api.git] / src / PMG / API2 / ACME.pm

package PMG::API2::ACME;

use strict;
use warnings;

use File::Path;

use PVE::Exception qw(raise_param_exc);
use PVE::JSONSchema qw(get_standard_option);
use PVE::Tools qw(extract_param);

use PVE::ACME::Challenge;

use PMG::RESTEnvironment;
use PMG::RS::Acme;
use PMG::CertHelpers;

use PMG::API2::ACMEPlugin;

use base qw(PVE::RESTHandler);

__PACKAGE__->register_method ({
    subclass => "PMG::API2::ACMEPlugin",
    path => 'plugins',
});

# FIXME: Put this list in pve-common or proxmox-acme{,-rs}?
my $acme_directories = [
    {
	name => 'Let\'s Encrypt V2',
	url => 'https://acme-v02.api.letsencrypt.org/directory',
    },
    {
	name => 'Let\'s Encrypt V2 Staging',
	url => 'https://acme-staging-v02.api.letsencrypt.org/directory',
    },
];
my $acme_default_directory_url = $acme_directories->[0]->{url};
my $account_contact_from_param = sub {
    my @addresses = PVE::Tools::split_list(extract_param($_[0], 'contact'));
    return [ map { "mailto:$_" } @addresses ];
};
my $acme_account_dir = PMG::CertHelpers::acme_account_dir();

__PACKAGE__->register_method ({
    name => 'index',
    path => '',
    method => 'GET',
    permissions => { user => 'all' },
    description => "ACME index.",
    parameters => {
	additionalProperties => 0,
	properties => {
	},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => {},
	},
	links => [ { rel => 'child', href => "{name}" } ],
    },
    code => sub {
	my ($param) = @_;

	return [
	    { name => 'account' },
	    { name => 'tos' },
	    { name => 'directories' },
	    { name => 'plugins' },
	    { name => 'challenge-schema' },
	];
    }});

__PACKAGE__->register_method ({
    name => 'account_index',
    path => 'account',
    method => 'GET',
    permissions => { check => [ 'admin', 'audit' ] },
    description => "ACME account index.",
    protected => 1,
    parameters => {
	additionalProperties => 0,
	properties => {
	},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => {},
	},
	links => [ { rel => 'child', href => "{name}" } ],
    },
    code => sub {
	my ($param) = @_;

	my $accounts = PMG::CertHelpers::list_acme_accounts();
	return [ map { { name => $_ }  } @$accounts ];
    }});

# extract the optional account name and fill in the default, also return the file name
my sub extract_account_name : prototype($) {
    my ($param) = @_;

    my $account_name = extract_param($param, 'name') // 'default';
    my $account_file = "${acme_account_dir}/${account_name}";

    return ($account_name, $account_file);
}

__PACKAGE__->register_method ({
    name => 'register_account',
    path => 'account',
    method => 'POST',
    description => "Register a new ACME account with CA.",
    proxyto => 'master',
    permissions => { check => [ 'admin' ] },
    protected => 1,
    parameters => {
	additionalProperties => 0,
	properties => {
	    name => get_standard_option('pmg-acme-account-name'),
	    contact => get_standard_option('pmg-acme-account-contact'),
	    tos_url => {
		type => 'string',
		description => 'URL of CA TermsOfService - setting this indicates agreement.',
		optional => 1,
	    },
	    directory => get_standard_option('pmg-acme-directory-url', {
		default => $acme_default_directory_url,
		optional => 1,
	    }),
	},
    },
    returns => {
	type => 'string',
    },
    code => sub {
	my ($param) = @_;

	my $rpcenv = PMG::RESTEnvironment->get();
	my $authuser = $rpcenv->get_user();

	my ($account_name, $account_file) = extract_account_name($param);
	File::Path::make_path($acme_account_dir) if ! -e $acme_account_dir;

	raise_param_exc({'name' => "ACME account config file '${account_name}' already exists."})
	    if -e $account_file;

	my $directory = extract_param($param, 'directory') // $acme_default_directory_url;
	my $contact = $account_contact_from_param->($param);

	my $realcmd = sub {
	    PMG::CertHelpers::lock_acme($account_name, 10, sub {
		die "ACME account config file '${account_name}' already exists.\n"
		    if -e $account_file;

		print "Registering new ACME account..\n";
		my $acme = PMG::RS::Acme->new($directory);
		eval {
		    $acme->new_account($account_file, defined($param->{tos_url}), $contact, undef);
		};
		if (my $err = $@) {
		    unlink $account_file;
		    die "Registration failed: $err\n";
		}
		my $location = $acme->location();
		print "Registration successful, account URL: '$location'\n";
	    });
	};

	return $rpcenv->fork_worker('acmeregister', undef, $authuser, $realcmd);
    }});

my $update_account = sub {
    my ($param, $msg, $force_deactivate, %info) = @_;

    my ($account_name, $account_file) = extract_account_name($param);

    raise_param_exc({'name' => "ACME account config file '${account_name}' does not exist."})
	if ! -e $account_file;


    my $rpcenv = PMG::RESTEnvironment->get();
    my $authuser = $rpcenv->get_user();

    my $realcmd = sub {
	PMG::CertHelpers::lock_acme($account_name, 10, sub {
	    die "ACME account config file '${account_name}' does not exist.\n"
		if ! -e $account_file;

	    my $acme = PMG::RS::Acme->load($account_file);
	    eval {
		$acme->update_account(\%info);
	    };
	    if (my $err = $@) {
		die $err if !$force_deactivate;
		warn "got error, but forced to continue - $err\n";
	    }
	    if ($info{status} && $info{status} eq 'deactivated') {
		my $deactivated_name;
		for my $i (0..100) {
		    my $candidate = "${acme_account_dir}/_deactivated_${account_name}_${i}";
		    if (! -e $candidate) {
			$deactivated_name = $candidate;
			last;
		    }
		}
		if ($deactivated_name) {
		    print "Renaming account file from '$account_file' to '$deactivated_name'\n";
		    rename($account_file, $deactivated_name) or
			warn ".. failed - $!\n";
		} else {
		    warn "No free slot to rename deactivated account file '$account_file', leaving in place\n";
		}
	    }
	});
    };

    return $rpcenv->fork_worker("acme${msg}", undef, $authuser, $realcmd);
};

__PACKAGE__->register_method ({
    name => 'update_account',
    path => 'account/{name}',
    method => 'PUT',
    description => "Update existing ACME account information with CA. Note: not specifying any new account information triggers a refresh.",
    proxyto => 'master',
    permissions => { check => [ 'admin' ] },
    protected => 1,
    parameters => {
	additionalProperties => 0,
	properties => {
	    name => get_standard_option('pmg-acme-account-name'),
	    contact => get_standard_option('pmg-acme-account-contact', {
		optional => 1,
	    }),
	},
    },
    returns => {
	type => 'string',
    },
    code => sub {
	my ($param) = @_;

	my $contact = $account_contact_from_param->($param);
	if (scalar @$contact) {
	    return $update_account->($param, 'update', 0, contact => $contact);
	} else {
	    return $update_account->($param, 'refresh', 0);
	}
    }});

__PACKAGE__->register_method ({
    name => 'get_account',
    path => 'account/{name}',
    method => 'GET',
    description => "Return existing ACME account information.",
    protected => 1,
    proxyto => 'master',
    parameters => {
	additionalProperties => 0,
	properties => {
	    name => get_standard_option('pmg-acme-account-name'),
	},
    },
    returns => {
	type => 'object',
	additionalProperties => 0,
	properties => {
	    account => {
		type => 'object',
		optional => 1,
		renderer => 'yaml',
	    },
	    directory => get_standard_option('pmg-acme-directory-url', {
		optional => 1,
	    }),
	    location => {
		type => 'string',
		optional => 1,
	    },
	    tos => {
		type => 'string',
		optional => 1,
	    },
	},
    },
    code => sub {
	my ($param) = @_;

	my ($account_name, $account_file) = extract_account_name($param);

	raise_param_exc({'name' => "ACME account config file '${account_name}' does not exist."})
	    if ! -e $account_file;

	my $acme = PMG::RS::Acme->load($account_file);
	my $data = $acme->account();

	return {
	    account => $data->{account},
	    tos => $data->{tos},
	    location => $data->{location},
	    directory => $data->{directoryUrl},
	};
    }});

__PACKAGE__->register_method ({
    name => 'deactivate_account',
    path => 'account/{name}',
    method => 'DELETE',
    description => "Deactivate existing ACME account at CA.",
    protected => 1,
    proxyto => 'master',
    permissions => { check => [ 'admin' ] },
    parameters => {
	additionalProperties => 0,
	properties => {
	    name => get_standard_option('pmg-acme-account-name'),
	    force => {
		type => 'boolean',
		description =>
		    'Delete account data even if the server refuses to deactivate the account.',
		optional => 1,
		default => 0,
	    },
	},
    },
    returns => {
	type => 'string',
    },
    code => sub {
	my ($param) = @_;

	my $force_deactivate = extract_param($param, 'force');

	return $update_account->($param, 'deactivate', $force_deactivate, status => 'deactivated');
    }});

__PACKAGE__->register_method ({
    name => 'get_tos',
    path => 'tos',
    method => 'GET',
    description => "Retrieve ACME TermsOfService URL from CA.",
    permissions => { user => 'all' },
    parameters => {
	additionalProperties => 0,
	properties => {
	    directory => get_standard_option('pmg-acme-directory-url', {
		default => $acme_default_directory_url,
		optional => 1,
	    }),
	},
    },
    returns => {
	type => 'string',
	optional => 1,
	description => 'ACME TermsOfService URL.',
    },
    code => sub {
	my ($param) = @_;

	my $directory = extract_param($param, 'directory') // $acme_default_directory_url;

	my $acme = PMG::RS::Acme->new($directory);
	my $meta = $acme->get_meta();

	return $meta ? $meta->{termsOfService} : undef;
    }});

__PACKAGE__->register_method ({
    name => 'get_directories',
    path => 'directories',
    method => 'GET',
    description => "Get named known ACME directory endpoints.",
    permissions => { user => 'all' },
    parameters => {
	additionalProperties => 0,
	properties => {},
    },
    returns => {
	type => 'array',
	items => {
	    type => 'object',
	    additionalProperties => 0,
	    properties => {
		name => {
		    type => 'string',
		},
		url => get_standard_option('pmg-acme-directory-url'),
	    },
	},
    },
    code => sub {
	my ($param) = @_;

	return $acme_directories;
    }});

__PACKAGE__->register_method ({
    name => 'challenge-schema',
    path => 'challenge-schema',
    method => 'GET',
    description => "Get schema of ACME challenge types.",
    permissions => { user => 'all' },
    parameters => {
	additionalProperties => 0,
	properties => {},
    },
    returns => {
	type => 'array',
	items => {
	    type => 'object',
	    additionalProperties => 0,
	    properties => {
		id => {
		    type => 'string',
		},
		name => {
		    description => 'Human readable name, falls back to id',
		    type => 'string',
		},
		type => {
		    type => 'string',
		},
		schema => {
		    type => 'object',
		},
	    },
	},
    },
    code => sub {
	my ($param) = @_;

	my $plugin_type_enum = PVE::ACME::Challenge->lookup_types();

	my $res = [];

	for my $type (@$plugin_type_enum) {
	    my $plugin = PVE::ACME::Challenge->lookup($type);
	    next if !$plugin->can('get_supported_plugins');

	    my $plugin_type = $plugin->type();
	    my $plugins = $plugin->get_supported_plugins();
	    for my $id (sort keys %$plugins) {
		my $schema = $plugins->{$id};
		push @$res, {
		    id => $id,
		    name => $schema->{name} // $id,
		    type => $plugin_type,
		    schema => $schema,
		};
	    }
	}

	return $res;
    }});

1;
Commit	Line	Data
5000937e WB	1	package PMG::API2::ACME;
	2
	3	use strict;
	4	use warnings;
	5
5d30f586 SI	6	use File::Path;
5d30f586 SI	7
5000937e WB	8	use PVE::Exception qw(raise_param_exc);
	9	use PVE::JSONSchema qw(get_standard_option);
	10	use PVE::Tools qw(extract_param);
	11
	12	use PVE::ACME::Challenge;
	13
	14	use PMG::RESTEnvironment;
	15	use PMG::RS::Acme;
	16	use PMG::CertHelpers;
	17
	18	use PMG::API2::ACMEPlugin;
	19
	20	use base qw(PVE::RESTHandler);
	21
	22	__PACKAGE__->register_method ({
	23	subclass => "PMG::API2::ACMEPlugin",
	24	path => 'plugins',
	25	});
	26
	27	# FIXME: Put this list in pve-common or proxmox-acme{,-rs}?
	28	my $acme_directories = [
	29	{
	30	name => 'Let\'s Encrypt V2',
	31	url => 'https://acme-v02.api.letsencrypt.org/directory',
	32	},
	33	{
	34	name => 'Let\'s Encrypt V2 Staging',
	35	url => 'https://acme-staging-v02.api.letsencrypt.org/directory',
	36	},
	37	];
	38	my $acme_default_directory_url = $acme_directories->[0]->{url};
	39	my $account_contact_from_param = sub {
	40	my @addresses = PVE::Tools::split_list(extract_param($_[0], 'contact'));
	41	return [ map { "mailto:$_" } @addresses ];
	42	};
	43	my $acme_account_dir = PMG::CertHelpers::acme_account_dir();
	44
	45	__PACKAGE__->register_method ({
	46	name => 'index',
	47	path => '',
	48	method => 'GET',
	49	permissions => { user => 'all' },
	50	description => "ACME index.",
	51	parameters => {
	52	additionalProperties => 0,
	53	properties => {
	54	},
	55	},
	56	returns => {
	57	type => 'array',
	58	items => {
	59	type => "object",
	60	properties => {},
	61	},
	62	links => [ { rel => 'child', href => "{name}" } ],
	63	},
	64	code => sub {
	65	my ($param) = @_;
	66
	67	return [
	68	{ name => 'account' },
	69	{ name => 'tos' },
	70	{ name => 'directories' },
	71	{ name => 'plugins' },
72	{ name => 'challenge-schema' },
73	];
74	}});
75
76	__PACKAGE__->register_method ({
77	name => 'account_index',
78	path => 'account',
79	method => 'GET',
80	permissions => { check => [ 'admin', 'audit' ] },
81	description => "ACME account index.",
82	protected => 1,
83	parameters => {
84	additionalProperties => 0,
85	properties => {
86	},
87	},
88	returns => {
89	type => 'array',
90	items => {
91	type => "object",
92	properties => {},
93	},
94	links => [ { rel => 'child', href => "{name}" } ],
95	},
96	code => sub {
97	my ($param) = @_;
98
99	my $accounts = PMG::CertHelpers::list_acme_accounts();
100	return [ map { { name => $_ } } @$accounts ];
101	}});
102
103	# extract the optional account name and fill in the default, also return the file name
104	my sub extract_account_name : prototype($) {
105	my ($param) = @_;
106
107	my $account_name = extract_param($param, 'name') // 'default';
108	my $account_file = "${acme_account_dir}/${account_name}";
109
110	return ($account_name, $account_file);
111	}
112
113	__PACKAGE__->register_method ({
114	name => 'register_account',
115	path => 'account',
116	method => 'POST',
117	description => "Register a new ACME account with CA.",
118	proxyto => 'master',
119	permissions => { check => [ 'admin' ] },
120	protected => 1,
121	parameters => {
122	additionalProperties => 0,
123	properties => {
124	name => get_standard_option('pmg-acme-account-name'),
125	contact => get_standard_option('pmg-acme-account-contact'),
126	tos_url => {
127	type => 'string',
128	description => 'URL of CA TermsOfService - setting this indicates agreement.',
129	optional => 1,
130	},
131	directory => get_standard_option('pmg-acme-directory-url', {
132	default => $acme_default_directory_url,
133	optional => 1,
134	}),
135	},
136	},
137	returns => {
138	type => 'string',
139	},
140	code => sub {
141	my ($param) = @_;
142
143	my $rpcenv = PMG::RESTEnvironment->get();
144	my $authuser = $rpcenv->get_user();
145
146	my ($account_name, $account_file) = extract_account_name($param);
5d30f586	147	File::Path::make_path($acme_account_dir) if ! -e $acme_account_dir;
5000937e WB	148
	149	raise_param_exc({'name' => "ACME account config file '${account_name}' already exists."})
	150	if -e $account_file;
	151
	152	my $directory = extract_param($param, 'directory') // $acme_default_directory_url;
	153	my $contact = $account_contact_from_param->($param);
	154
	155	my $realcmd = sub {
	156	PMG::CertHelpers::lock_acme($account_name, 10, sub {
	157	die "ACME account config file '${account_name}' already exists.\n"
	158	if -e $account_file;
	159
	160	print "Registering new ACME account..\n";
	161	my $acme = PMG::RS::Acme->new($directory);
	162	eval {
	163	$acme->new_account($account_file, defined($param->{tos_url}), $contact, undef);
	164	};
	165	if (my $err = $@) {
	166	unlink $account_file;
	167	die "Registration failed: $err\n";
	168	}
	169	my $location = $acme->location();
	170	print "Registration successful, account URL: '$location'\n";
	171	});
	172	};
	173
	174	return $rpcenv->fork_worker('acmeregister', undef, $authuser, $realcmd);
	175	}});
	176
	177	my $update_account = sub {
b9725bac	178	my ($param, $msg, $force_deactivate, %info) = @_;
5000937e WB	179
	180	my ($account_name, $account_file) = extract_account_name($param);
	181
	182	raise_param_exc({'name' => "ACME account config file '${account_name}' does not exist."})
	183	if ! -e $account_file;
	184
	185
	186	my $rpcenv = PMG::RESTEnvironment->get();
	187	my $authuser = $rpcenv->get_user();
	188
	189	my $realcmd = sub {
	190	PMG::CertHelpers::lock_acme($account_name, 10, sub {
	191	die "ACME account config file '${account_name}' does not exist.\n"
	192	if ! -e $account_file;
	193
	194	my $acme = PMG::RS::Acme->load($account_file);
b9725bac WB	195	eval {
	196	$acme->update_account(\%info);
	197	};
	198	if (my $err = $@) {
	199	die $err if !$force_deactivate;
	200	warn "got error, but forced to continue - $err\n";
	201	}
5000937e WB	202	if ($info{status} && $info{status} eq 'deactivated') {
	203	my $deactivated_name;
	204	for my $i (0..100) {
	205	my $candidate = "${acme_account_dir}/_deactivated_${account_name}_${i}";
	206	if (! -e $candidate) {
	207	$deactivated_name = $candidate;
	208	last;
	209	}
	210	}
	211	if ($deactivated_name) {
	212	print "Renaming account file from '$account_file' to '$deactivated_name'\n";
	213	rename($account_file, $deactivated_name) or
	214	warn ".. failed - $!\n";
	215	} else {
	216	warn "No free slot to rename deactivated account file '$account_file', leaving in place\n";
	217	}
	218	}
	219	});
	220	};
	221
	222	return $rpcenv->fork_worker("acme${msg}", undef, $authuser, $realcmd);
	223	};
	224
	225	__PACKAGE__->register_method ({
	226	name => 'update_account',
	227	path => 'account/{name}',
	228	method => 'PUT',
	229	description => "Update existing ACME account information with CA. Note: not specifying any new account information triggers a refresh.",
	230	proxyto => 'master',
	231	permissions => { check => [ 'admin' ] },
	232	protected => 1,
	233	parameters => {
	234	additionalProperties => 0,
	235	properties => {
	236	name => get_standard_option('pmg-acme-account-name'),
	237	contact => get_standard_option('pmg-acme-account-contact', {
	238	optional => 1,
	239	}),
	240	},
	241	},
	242	returns => {
	243	type => 'string',
	244	},
	245	code => sub {
	246	my ($param) = @_;
	247
	248	my $contact = $account_contact_from_param->($param);
	249	if (scalar @$contact) {
b9725bac	250	return $update_account->($param, 'update', 0, contact => $contact);
5000937e	251	} else {
b9725bac	252	return $update_account->($param, 'refresh', 0);
5000937e WB	253	}
	254	}});
	255
	256	__PACKAGE__->register_method ({
	257	name => 'get_account',
	258	path => 'account/{name}',
	259	method => 'GET',
	260	description => "Return existing ACME account information.",
	261	protected => 1,
	262	proxyto => 'master',
	263	parameters => {
	264	additionalProperties => 0,
	265	properties => {
	266	name => get_standard_option('pmg-acme-account-name'),
	267	},
	268	},
	269	returns => {
	270	type => 'object',
	271	additionalProperties => 0,
	272	properties => {
	273	account => {
	274	type => 'object',
	275	optional => 1,
	276	renderer => 'yaml',
	277	},
	278	directory => get_standard_option('pmg-acme-directory-url', {
	279	optional => 1,
	280	}),
	281	location => {
	282	type => 'string',
	283	optional => 1,
	284	},
	285	tos => {
	286	type => 'string',
	287	optional => 1,
	288	},
	289	},
	290	},
	291	code => sub {
	292	my ($param) = @_;
	293
	294	my ($account_name, $account_file) = extract_account_name($param);
	295
	296	raise_param_exc({'name' => "ACME account config file '${account_name}' does not exist."})
	297	if ! -e $account_file;
	298
	299	my $acme = PMG::RS::Acme->load($account_file);
	300	my $data = $acme->account();
	301
	302	return {
	303	account => $data->{account},
	304	tos => $data->{tos},
	305	location => $data->{location},
	306	directory => $data->{directoryUrl},
	307	};
	308	}});
	309
	310	__PACKAGE__->register_method ({
	311	name => 'deactivate_account',
	312	path => 'account/{name}',
	313	method => 'DELETE',
	314	description => "Deactivate existing ACME account at CA.",
	315	protected => 1,
	316	proxyto => 'master',
317	permissions => { check => [ 'admin' ] },
318	parameters => {
319	additionalProperties => 0,
320	properties => {
321	name => get_standard_option('pmg-acme-account-name'),
b9725bac WB	322	force => {
	323	type => 'boolean',
	324	description =>
	325	'Delete account data even if the server refuses to deactivate the account.',
	326	optional => 1,
	327	default => 0,
	328	},
5000937e WB	329	},
	330	},
	331	returns => {
	332	type => 'string',
	333	},
	334	code => sub {
	335	my ($param) = @_;
	336
b9725bac WB	337	my $force_deactivate = extract_param($param, 'force');
	338
	339	return $update_account->($param, 'deactivate', $force_deactivate, status => 'deactivated');
5000937e WB	340	}});
	341
	342	__PACKAGE__->register_method ({
	343	name => 'get_tos',
	344	path => 'tos',
	345	method => 'GET',
	346	description => "Retrieve ACME TermsOfService URL from CA.",
	347	permissions => { user => 'all' },
	348	parameters => {
	349	additionalProperties => 0,
	350	properties => {
	351	directory => get_standard_option('pmg-acme-directory-url', {
	352	default => $acme_default_directory_url,
	353	optional => 1,
	354	}),
	355	},
	356	},
	357	returns => {
	358	type => 'string',
	359	optional => 1,
	360	description => 'ACME TermsOfService URL.',
	361	},
	362	code => sub {
	363	my ($param) = @_;
	364
	365	my $directory = extract_param($param, 'directory') // $acme_default_directory_url;
	366
	367	my $acme = PMG::RS::Acme->new($directory);
	368	my $meta = $acme->get_meta();
	369
	370	return $meta ? $meta->{termsOfService} : undef;
	371	}});
	372
	373	__PACKAGE__->register_method ({
	374	name => 'get_directories',
	375	path => 'directories',
	376	method => 'GET',
	377	description => "Get named known ACME directory endpoints.",
	378	permissions => { user => 'all' },
	379	parameters => {
	380	additionalProperties => 0,
	381	properties => {},
	382	},
	383	returns => {
	384	type => 'array',
	385	items => {
	386	type => 'object',
	387	additionalProperties => 0,
	388	properties => {
	389	name => {
	390	type => 'string',
	391	},
	392	url => get_standard_option('pmg-acme-directory-url'),
	393	},
	394	},
	395	},
	396	code => sub {
	397	my ($param) = @_;
	398
	399	return $acme_directories;
	400	}});
	401
	402	__PACKAGE__->register_method ({
	403	name => 'challenge-schema',
404	path => 'challenge-schema',
405	method => 'GET',
406	description => "Get schema of ACME challenge types.",
407	permissions => { user => 'all' },
408	parameters => {
409	additionalProperties => 0,
410	properties => {},
411	},
412	returns => {
413	type => 'array',
414	items => {
415	type => 'object',
416	additionalProperties => 0,
417	properties => {
418	id => {
419	type => 'string',
420	},
421	name => {
422	description => 'Human readable name, falls back to id',
423	type => 'string',
424	},
425	type => {
426	type => 'string',
427	},
428	schema => {
429	type => 'object',
430	},
431	},
432	},
433	},
434	code => sub {
435	my ($param) = @_;
436
437	my $plugin_type_enum = PVE::ACME::Challenge->lookup_types();
438
439	my $res = [];
440
441	for my $type (@$plugin_type_enum) {
442	my $plugin = PVE::ACME::Challenge->lookup($type);
443	next if !$plugin->can('get_supported_plugins');
444
445	my $plugin_type = $plugin->type();
446	my $plugins = $plugin->get_supported_plugins();
447	for my $id (sort keys %$plugins) {
448	my $schema = $plugins->{$id};
449	push @$res, {
450	id => $id,
451	name => $schema->{name} // $id,
452	type => $plugin_type,
453	schema => $schema,
454	};
455	}
456	}
457
458	return $res;
459	}});
460
461	1;