[pmg-api.git] / src / PMG / API2 / DKIMSign.pm

package PMG::API2::DKIMSign;

use strict;
use warnings;

use PVE::Tools qw(extract_param);
use PVE::JSONSchema qw(get_standard_option);
use PVE::Exception qw(raise_param_exc);
use PVE::RESTHandler;

use PMG::Config;
use PMG::DKIMSign;

use PMG::API2::DKIMSignDomains;

use base qw(PVE::RESTHandler);

__PACKAGE__->register_method({
    subclass => "PMG::API2::DKIMSignDomains",
    path => 'domains',
});

__PACKAGE__->register_method({
    name => 'index',
    path => '',
    method => 'GET',
    description => "Directory index.",
    parameters => {
	additionalProperties => 0,
	properties => {},
    },
    returns => {
	type => 'array',
	items => {
	    type => "object",
	    properties => { section => { type => 'string'} },
	},
	links => [ { rel => 'child', href => "{section}" } ],
    },
    code => sub {
	my ($param) = @_;

	return [
	    { section => 'domains'},
	    { section => 'selector'}
	];
    }});

__PACKAGE__->register_method({
    name => 'set_selector',
    path => 'selector',
    method => 'POST',
    description => "Generate a new private key for selector. All future mail will be signed with the new key!",
    protected => 1,
    permissions => { check => [ 'admin' ] },
    proxyto => 'master',
    parameters => {
	additionalProperties => 0,
	properties => {
	    selector => {
		description => "DKIM Selector",
		type => 'string', format => 'dns-name',
	    },
	    keysize => {
		description => "Number of bits for the RSA-Key",
		type => 'integer', minimum => 1024
	    },
	},
    },
    returns => { type => 'null' },
    code => sub {
	my ($param) = @_;
	my $selector = extract_param($param, 'selector');
	my $keysize = extract_param($param, 'keysize');

	PMG::DKIMSign::set_selector($selector, $keysize);

	return undef;
    }});

sub pmg_verify_dkim_pubkey_record {
    my ($rec, $noerr) = @_;

    if ($rec !~ /\._domainkey\tIN\tTXT\t\( "v=DKIM1; h=sha256; k=rsa; ".+ \)  ; ----- DKIM key/ms ) {
	return undef if $noerr;
	die "value does not look like a valid DKIM TXT record\n";
    }

    return $rec
}

PVE::JSONSchema::register_format(
    'pmg-dkim-record', \&pmg_verify_dkim_pubkey_record);

__PACKAGE__->register_method({
    name => 'get_selector_info',
    path => 'selector',
    method => 'GET',
    description => "Get the public key for the configured selector, prepared as DKIM TXT record",
    protected => 1,
    permissions => { check => [ 'admin' ] },
    proxyto => 'master',
    parameters => {
	additionalProperties => 0,
	properties => { },
    },
    returns => {
	type => 'object',
	properties => {
	    selector => { type => 'string', format => 'dns-name', optional => 1 },
	    keysize => { type => 'integer', minimum => 1024 , optional => 1},
	    record => { type => 'string', format => 'pmg-dkim-record', optional => 1},
	},
    },
    code => sub {
	my $cfg = PMG::Config->new();
	my $selector = $cfg->get('admin', 'dkim_selector');

	return {} if !defined($selector);

	my ($record, $size);
	eval { ($record, $size) = PMG::DKIMSign::get_selector_info($selector); };
	return {selector => $selector} if $@;

	return { selector => $selector, keysize => $size, record => $record };
    }});
1;
Commit	Line	Data
03daa12d SI	1	package PMG::API2::DKIMSign;
	2
	3	use strict;
	4	use warnings;
	5
	6	use PVE::Tools qw(extract_param);
	7	use PVE::JSONSchema qw(get_standard_option);
	8	use PVE::Exception qw(raise_param_exc);
	9	use PVE::RESTHandler;
	10
	11	use PMG::Config;
	12	use PMG::DKIMSign;
	13
	14	use PMG::API2::DKIMSignDomains;
	15
	16	use base qw(PVE::RESTHandler);
	17
	18	__PACKAGE__->register_method({
	19	subclass => "PMG::API2::DKIMSignDomains",
	20	path => 'domains',
	21	});
	22
	23	__PACKAGE__->register_method({
	24	name => 'index',
	25	path => '',
	26	method => 'GET',
	27	description => "Directory index.",
	28	parameters => {
	29	additionalProperties => 0,
	30	properties => {},
	31	},
	32	returns => {
	33	type => 'array',
	34	items => {
	35	type => "object",
	36	properties => { section => { type => 'string'} },
	37	},
	38	links => [ { rel => 'child', href => "{section}" } ],
	39	},
	40	code => sub {
	41	my ($param) = @_;
	42
	43	return [
	44	{ section => 'domains'},
	45	{ section => 'selector'}
	46	];
	47	}});
	48
	49	__PACKAGE__->register_method({
	50	name => 'set_selector',
	51	path => 'selector',
	52	method => 'POST',
	53	description => "Generate a new private key for selector. All future mail will be signed with the new key!",
	54	protected => 1,
	55	permissions => { check => [ 'admin' ] },
	56	proxyto => 'master',
	57	parameters => {
	58	additionalProperties => 0,
	59	properties => {
	60	selector => {
	61	description => "DKIM Selector",
	62	type => 'string', format => 'dns-name',
	63	},
	64	keysize => {
65	description => "Number of bits for the RSA-Key",
66	type => 'integer', minimum => 1024
67	},
68	},
69	},
70	returns => { type => 'null' },
71	code => sub {
72	my ($param) = @_;
73	my $selector = extract_param($param, 'selector');
74	my $keysize = extract_param($param, 'keysize');
75
76	PMG::DKIMSign::set_selector($selector, $keysize);
77
78	return undef;
79	}});
80
81	sub pmg_verify_dkim_pubkey_record {
82	my ($rec, $noerr) = @_;
83
84	if ($rec !~ /\._domainkey\tIN\tTXT\t\( "v=DKIM1; h=sha256; k=rsa; ".+ \) ; ----- DKIM key/ms ) {
85	return undef if $noerr;
86	die "value does not look like a valid DKIM TXT record\n";
87	}
88
89	return $rec
90	}
91
92	PVE::JSONSchema::register_format(
93	'pmg-dkim-record', \&pmg_verify_dkim_pubkey_record);
94
95	__PACKAGE__->register_method({
96	name => 'get_selector_info',
97	path => 'selector',
98	method => 'GET',
99	description => "Get the public key for the configured selector, prepared as DKIM TXT record",
100	protected => 1,
101	permissions => { check => [ 'admin' ] },
102	proxyto => 'master',
103	parameters => {
104	additionalProperties => 0,
105	properties => { },
106	},
107	returns => {
108	type => 'object',
109	properties => {
110	selector => { type => 'string', format => 'dns-name', optional => 1 },
111	keysize => { type => 'integer', minimum => 1024 , optional => 1},
112	record => { type => 'string', format => 'pmg-dkim-record', optional => 1},
113	},
114	},
115	code => sub {
116	my $cfg = PMG::Config->new();
117	my $selector = $cfg->get('admin', 'dkim_selector');
118
119	return {} if !defined($selector);
120
121	my ($record, $size);
122	eval { ($record, $size) = PMG::DKIMSign::get_selector_info($selector); };
123	return {selector => $selector} if $@;
124
125	return { selector => $selector, keysize => $size, record => $record };
126	}});
127	1;