]>
git.proxmox.com Git - pve-manager.git/blob - PVE/CertHelpers.pm
1 package PVE
::CertHelpers
;
10 my $account_prefix = '/etc/pve/priv/acme';
12 PVE
::JSONSchema
::register_standard_option
('pve-acme-account-name', {
13 description
=> 'ACME account config file name.',
15 format
=> 'pve-configid',
16 format_description
=> 'name',
21 PVE
::JSONSchema
::register_standard_option
('pve-acme-account-contact', {
23 format
=> 'email-list',
24 description
=> 'Contact email addresses.',
27 PVE
::JSONSchema
::register_standard_option
('pve-acme-directory-url', {
29 description
=> 'URL of ACME CA directory endpoint.',
30 pattern
=> '^https?://.*',
33 my $local_cert_lock = '/var/lock/pve-certs.lock';
35 sub cert_path_prefix
{
38 return "/etc/pve/nodes/${node}/pveproxy-ssl";
41 sub default_cert_path_prefix
{
44 return "/etc/pve/nodes/${node}/pve-ssl";
48 my ($timeout, $code, @param) = @_;
50 return PVE
::Tools
::lock_file
($local_cert_lock, $timeout, $code, @param);
54 my ($cert, $key, $path_prefix, $force) = @_;
56 my ($old_cert, $old_key, $info);
58 my $cert_path = "${path_prefix}.pem";
59 my $cert_path_tmp = "${path_prefix}.pem.old";
60 my $key_path = "${path_prefix}.key";
61 my $key_path_tmp = "${path_prefix}.key.old";
63 die "Custom certificate file exists but force flag is not set.\n"
64 if !$force && -e
$cert_path;
65 die "Custom certificate key file exists but force flag is not set.\n"
66 if !$force && -e
$key_path;
68 PVE
::Tools
::file_copy
($cert_path, $cert_path_tmp) if -e
$cert_path;
69 PVE
::Tools
::file_copy
($key_path, $key_path_tmp) if -e
$key_path;
72 PVE
::Tools
::file_set_contents
($cert_path, $cert);
73 PVE
::Tools
::file_set_contents
($key_path, $key) if $key;
74 $info = PVE
::Certificate
::get_certificate_info
($cert_path);
79 if (-e
$cert_path_tmp && -e
$key_path_tmp) {
81 warn "Attempting to restore old certificate files..\n";
82 PVE
::Tools
::file_copy
($cert_path_tmp, $cert_path);
83 PVE
::Tools
::file_copy
($key_path_tmp, $key_path);
87 die "Setting certificate files failed - $err\n"
90 unlink $cert_path_tmp;
96 sub acme_account_dir
{
97 return $account_prefix;
100 sub list_acme_accounts
{
103 return $accounts if ! -d
$account_prefix;
105 PVE
::Tools
::dir_glob_foreach
($account_prefix, qr/[^.]+.*/, sub {
108 push @$accounts, $name
109 if PVE
::JSONSchema
::pve_verify_configid
($name, 1);