]>
git.proxmox.com Git - pve-manager.git/blob - PVE/CertHelpers.pm
1 package PVE
::CertHelpers
;
10 my $account_prefix = '/etc/pve/priv/acme';
12 PVE
::JSONSchema
::register_standard_option
('pve-acme-account-name', {
13 description
=> 'ACME account config file name.',
15 format
=> 'pve-configid',
16 format_description
=> 'name',
21 PVE
::JSONSchema
::register_standard_option
('pve-acme-account-contact', {
23 format
=> 'email-list',
24 description
=> 'Contact email addresses.',
27 PVE
::JSONSchema
::register_standard_option
('pve-acme-directory-url', {
29 description
=> 'URL of ACME CA directory endpoint.',
30 pattern
=> '^https?://.*',
33 my $local_cert_lock = '/var/lock/pve-certs.lock';
35 sub cert_path_prefix
{
38 return "/etc/pve/nodes/${node}/pveproxy-ssl";
42 my ($timeout, $code, @param) = @_;
44 return PVE
::Tools
::lock_file
($local_cert_lock, $timeout, $code, @param);
48 my ($cert, $key, $path_prefix, $force) = @_;
50 my ($old_cert, $old_key, $info);
52 my $cert_path = "${path_prefix}.pem";
53 my $cert_path_tmp = "${path_prefix}.pem.old";
54 my $key_path = "${path_prefix}.key";
55 my $key_path_tmp = "${path_prefix}.key.old";
57 die "Custom certificate file exists but force flag is not set.\n"
58 if !$force && -e
$cert_path;
59 die "Custom certificate key file exists but force flag is not set.\n"
60 if !$force && -e
$key_path;
62 PVE
::Tools
::file_copy
($cert_path, $cert_path_tmp) if -e
$cert_path;
63 PVE
::Tools
::file_copy
($key_path, $key_path_tmp) if -e
$key_path;
66 PVE
::Tools
::file_set_contents
($cert_path, $cert);
67 PVE
::Tools
::file_set_contents
($key_path, $key) if $key;
68 $info = PVE
::Certificate
::get_certificate_info
($cert_path);
73 if (-e
$cert_path_tmp && -e
$key_path_tmp) {
75 warn "Attempting to restore old certificate files..\n";
76 PVE
::Tools
::file_copy
($cert_path_tmp, $cert_path);
77 PVE
::Tools
::file_copy
($key_path_tmp, $key_path);
81 die "Setting certificate files failed - $err\n"
84 unlink $cert_path_tmp;
90 sub acme_account_dir
{
91 return $account_prefix;
94 sub list_acme_accounts
{
97 return $accounts if ! -d
$account_prefix;
99 PVE
::Tools
::dir_glob_foreach
($account_prefix, qr/[^.]+.*/, sub {
102 push @$accounts, $name
103 if PVE
::JSONSchema
::pve_verify_configid
($name, 1);