]>
git.proxmox.com Git - pve-manager.git/blob - PVE/API2/Certificates.pm
1 package PVE
::API2
::Certificates
;
9 use PVE
::Exception
qw(raise_param_exc);
10 use PVE
::JSONSchema
qw(get_standard_option);
11 use PVE
::Tools
qw(extract_param file_get_contents file_set_contents);
13 use base
qw(PVE::RESTHandler);
16 __PACKAGE__-
>register_method ({
17 subclass
=> "PVE::API2::ACME",
21 __PACKAGE__-
>register_method ({
25 permissions
=> { user
=> 'all' },
26 description
=> "Node index.",
28 additionalProperties
=> 0,
30 node
=> get_standard_option
('pve-node'),
39 links
=> [ { rel
=> 'child', href
=> "{name}" } ],
52 __PACKAGE__-
>register_method ({
56 permissions
=> { user
=> 'all' },
58 description
=> "Get information about node's certificates.",
60 additionalProperties
=> 0,
62 node
=> get_standard_option
('pve-node'),
67 items
=> get_standard_option
('pve-certificate-info'),
72 my $node_path = "/etc/pve/nodes/$param->{node}";
76 '/etc/pve/pve-root-ca.pem',
77 "$node_path/pve-ssl.pem",
78 "$node_path/pveproxy-ssl.pem",
80 for my $path (@$cert_paths) {
82 my $info = PVE
::Certificate
::get_certificate_info
($path);
83 push @$res, $info if $info;
90 __PACKAGE__-
>register_method ({
91 name
=> 'upload_custom_cert',
95 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
97 description
=> 'Upload or update custom certificate chain and key.',
101 additionalProperties
=> 0,
103 node
=> get_standard_option
('pve-node'),
106 format
=> 'pem-certificate-chain',
107 description
=> 'PEM encoded certificate (chain).',
111 description
=> 'PEM encoded private key.',
112 format
=> 'pem-string',
117 description
=> 'Overwrite existing custom or ACME certificate files.',
123 description
=> 'Restart pveproxy.',
129 returns
=> get_standard_option
('pve-certificate-info'),
133 my $node = extract_param
($param, 'node');
134 my $cert_prefix = PVE
::CertHelpers
::cert_path_prefix
($node);
136 my $certs = extract_param
($param, 'certificates');
137 $certs = PVE
::Certificate
::strip_leading_text
($certs);
139 my $key = extract_param
($param, 'key');
141 $key = PVE
::Certificate
::strip_leading_text
($key);
143 raise_param_exc
({'key' => "Attempted to upload custom certificate without (existing) key."})
144 if ! -e
"${cert_prefix}.key";
150 print "Setting custom certificate files\n";
151 $info = PVE
::CertHelpers
::set_cert_files
($certs, $key, $cert_prefix, $param->{force
});
153 if ($param->{restart
}) {
154 print "Restarting pveproxy\n";
155 PVE
::Tools
::run_command
(['systemctl', 'reload-or-restart', 'pveproxy']);
159 PVE
::CertHelpers
::cert_lock
(10, $code);
165 __PACKAGE__-
>register_method ({
166 name
=> 'remove_custom_cert',
170 check
=> ['perm', '/nodes/{node}', [ 'Sys.Modify' ]],
172 description
=> 'DELETE custom certificate chain and key.',
176 additionalProperties
=> 0,
178 node
=> get_standard_option
('pve-node'),
181 description
=> 'Restart pveproxy.',
193 my $node = extract_param
($param, 'node');
194 my $cert_prefix = PVE
::CertHelpers
::cert_path_prefix
($node);
197 print "Deleting custom certificate files\n";
198 unlink "${cert_prefix}.pem";
199 unlink "${cert_prefix}.key";
201 if ($param->{restart
}) {
202 print "Restarting pveproxy\n";
203 PVE
::Tools
::run_command
(['systemctl', 'reload-or-restart', 'pveproxy']);
207 PVE
::CertHelpers
::cert_lock
(10, $code);