[pmg-api.git] / src / PMG / API2 / DKIMSign.pm

package PMG::API2::DKIMSign;

use strict;
use warnings;

use PVE::Tools qw(extract_param dir_glob_foreach);
use PVE::JSONSchema qw(get_standard_option);
use PVE::Exception qw(raise_param_exc);
use PVE::RESTHandler;

use PMG::Config;
use PMG::DKIMSign;

use PMG::API2::DKIMSignDomains;

use base qw(PVE::RESTHandler);

__PACKAGE__->register_method({
    subclass => "PMG::API2::DKIMSignDomains",
    path => 'domains',
});

__PACKAGE__->register_method({
    name => 'index',
    path => '',
    method => 'GET',
    description => "Directory index.",
    parameters => {
	additionalProperties => 0,
	properties => {},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => { section => { type => 'string'} },
	},
	links => [ { rel => 'child', href => "{section}" } ],
    },
    code => sub {
	my ($param) = @_;

	return [
	    { section => 'domains'},
	    { section => 'selector'},
	    { section => 'selectors'}
	];
    }});

__PACKAGE__->register_method({
    name => 'set_selector',
    path => 'selector',
    method => 'POST',
    description => "Generate a new private key for selector. All future mail will be signed with the new key!",
    protected => 1,
    permissions => { check => [ 'admin' ] },
    proxyto => 'master',
    parameters => {
	additionalProperties => 0,
	properties => {
	    selector => {
		description => "DKIM Selector",
		type => 'string', format => 'dns-name',
	    },
	    keysize => {
		description => "Number of bits for the RSA-Key",
		type => 'integer', minimum => 1024
	    },
	    force => {
		description => "Overwrite existing key",
		type => 'boolean', optional => 1
	    },
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;
	my $selector = extract_param($param, 'selector');
	my $keysize = extract_param($param, 'keysize');
	my $force = extract_param($param, 'force');

	PMG::DKIMSign::set_selector($selector, $keysize, $force);

	return undef;
    }});

sub pmg_verify_dkim_pubkey_record {
    my ($rec, $noerr) = @_;

    if ($rec !~ /\._domainkey\tIN\tTXT\t\( "v=DKIM1; h=sha256; k=rsa; ".+ \)  ; ----- DKIM key/ms ) {
	return undef if $noerr;
	die "value does not look like a valid DKIM TXT record\n";
    }

    return $rec
}

PVE::JSONSchema::register_format(
    'pmg-dkim-record', \&pmg_verify_dkim_pubkey_record);

__PACKAGE__->register_method({
    name => 'get_selector_info',
    path => 'selector',
    method => 'GET',
    description => "Get the public key for the configured selector, prepared as DKIM TXT record",
    protected => 1,
    permissions => { check => [ 'admin' ] },
    proxyto => 'master',
    parameters => {
	additionalProperties => 0,
	properties => { },
    },
    returns => {
	type => 'object',
	properties => {
	    selector => { type => 'string', format => 'dns-name', optional => 1 },
	    keysize => { type => 'integer', minimum => 1024 , optional => 1},
	    record => { type => 'string', format => 'pmg-dkim-record', optional => 1},
	},
    },
    code => sub {
	my $cfg = PMG::Config->new();
	my $selector = $cfg->get('admin', 'dkim_selector');

	return {} if !defined($selector);

	my ($record, $size);
	eval { ($record, $size) = PMG::DKIMSign::get_selector_info($selector); };
	return {selector => $selector} if $@;

	return { selector => $selector, keysize => $size, record => $record };
    }});

__PACKAGE__->register_method({
    name => 'get_selector_list',
    path => 'selectors',
    method => 'GET',
    description => "Get a list of all existing selectors",
    protected => 1,
    permissions => { check => [ 'admin' ] },
    proxyto => 'master',
    parameters => {
	additionalProperties => 0,
	properties => { },
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => { selector => { type => 'string', format => 'dns-name' } },
	},
	links => [ { rel => 'child', href => "{selector}" } ],
    },
    code => sub {
	my $res = [];

	my @selectors = dir_glob_foreach('/etc/pmg/dkim/', '.*\.private', sub {
	    my ($sel) = @_;
	    $sel =~ s/\.private$//;
	    push @$res, { selector => $sel };
	});

	return $res;
    }});

1;
Commit	Line	Data
03daa12d SI	1	package PMG::API2::DKIMSign;
	2
	3	use strict;
	4	use warnings;
	5
f25a7dc3	6	use PVE::Tools qw(extract_param dir_glob_foreach);
03daa12d SI	7	use PVE::JSONSchema qw(get_standard_option);
	8	use PVE::Exception qw(raise_param_exc);
	9	use PVE::RESTHandler;
	10
	11	use PMG::Config;
	12	use PMG::DKIMSign;
	13
	14	use PMG::API2::DKIMSignDomains;
	15
	16	use base qw(PVE::RESTHandler);
	17
	18	__PACKAGE__->register_method({
	19	subclass => "PMG::API2::DKIMSignDomains",
	20	path => 'domains',
	21	});
	22
	23	__PACKAGE__->register_method({
	24	name => 'index',
	25	path => '',
	26	method => 'GET',
	27	description => "Directory index.",
	28	parameters => {
	29	additionalProperties => 0,
	30	properties => {},
	31	},
	32	returns => {
	33	type => 'array',
	34	items => {
	35	type => "object",
	36	properties => { section => { type => 'string'} },
	37	},
	38	links => [ { rel => 'child', href => "{section}" } ],
	39	},
	40	code => sub {
	41	my ($param) = @_;
	42
	43	return [
	44	{ section => 'domains'},
f25a7dc3 SI	45	{ section => 'selector'},
f25a7dc3 SI	46	{ section => 'selectors'}
03daa12d SI	47	];
	48	}});
	49
	50	__PACKAGE__->register_method({
	51	name => 'set_selector',
	52	path => 'selector',
	53	method => 'POST',
	54	description => "Generate a new private key for selector. All future mail will be signed with the new key!",
	55	protected => 1,
	56	permissions => { check => [ 'admin' ] },
	57	proxyto => 'master',
	58	parameters => {
	59	additionalProperties => 0,
	60	properties => {
	61	selector => {
	62	description => "DKIM Selector",
	63	type => 'string', format => 'dns-name',
	64	},
	65	keysize => {
	66	description => "Number of bits for the RSA-Key",
	67	type => 'integer', minimum => 1024
	68	},
d95c075a SI	69	force => {
	70	description => "Overwrite existing key",
	71	type => 'boolean', optional => 1
	72	},
03daa12d SI	73	},
	74	},
	75	returns => { type => 'null' },
	76	code => sub {
	77	my ($param) = @_;
	78	my $selector = extract_param($param, 'selector');
	79	my $keysize = extract_param($param, 'keysize');
d95c075a	80	my $force = extract_param($param, 'force');
03daa12d	81
d95c075a	82	PMG::DKIMSign::set_selector($selector, $keysize, $force);
03daa12d SI	83
	84	return undef;
	85	}});
	86
	87	sub pmg_verify_dkim_pubkey_record {
	88	my ($rec, $noerr) = @_;
	89
	90	if ($rec !~ /\._domainkey\tIN\tTXT\t\( "v=DKIM1; h=sha256; k=rsa; ".+ \) ; ----- DKIM key/ms ) {
	91	return undef if $noerr;
	92	die "value does not look like a valid DKIM TXT record\n";
	93	}
	94
	95	return $rec
	96	}
	97
	98	PVE::JSONSchema::register_format(
	99	'pmg-dkim-record', \&pmg_verify_dkim_pubkey_record);
	100
	101	__PACKAGE__->register_method({
	102	name => 'get_selector_info',
	103	path => 'selector',
	104	method => 'GET',
	105	description => "Get the public key for the configured selector, prepared as DKIM TXT record",
	106	protected => 1,
	107	permissions => { check => [ 'admin' ] },
	108	proxyto => 'master',
	109	parameters => {
	110	additionalProperties => 0,
	111	properties => { },
	112	},
	113	returns => {
	114	type => 'object',
	115	properties => {
	116	selector => { type => 'string', format => 'dns-name', optional => 1 },
	117	keysize => { type => 'integer', minimum => 1024 , optional => 1},
	118	record => { type => 'string', format => 'pmg-dkim-record', optional => 1},
	119	},
	120	},
	121	code => sub {
	122	my $cfg = PMG::Config->new();
	123	my $selector = $cfg->get('admin', 'dkim_selector');
	124
	125	return {} if !defined($selector);
	126
	127	my ($record, $size);
	128	eval { ($record, $size) = PMG::DKIMSign::get_selector_info($selector); };
	129	return {selector => $selector} if $@;
	130
	131	return { selector => $selector, keysize => $size, record => $record };
	132	}});
f25a7dc3 SI	133
	134	__PACKAGE__->register_method({
	135	name => 'get_selector_list',
	136	path => 'selectors',
	137	method => 'GET',
	138	description => "Get a list of all existing selectors",
	139	protected => 1,
	140	permissions => { check => [ 'admin' ] },
	141	proxyto => 'master',
	142	parameters => {
	143	additionalProperties => 0,
	144	properties => { },
	145	},
	146	returns => {
	147	type => 'array',
	148	items => {
	149	type => "object",
	150	properties => { selector => { type => 'string', format => 'dns-name' } },
	151	},
	152	links => [ { rel => 'child', href => "{selector}" } ],
	153	},
	154	code => sub {
	155	my $res = [];
	156
	157	my @selectors = dir_glob_foreach('/etc/pmg/dkim/', '.*\.private', sub {
	158	my ($sel) = @_;
	159	$sel =~ s/\.private$//;
	160	push @$res, { selector => $sel };
	161	});
	162
	163	return $res;
	164	}});
	165
03daa12d	166	1;