src/PMG/API2/DKIMSign.pm

   1 package PMG::API2::DKIMSign;
   2
   3 use strict;
   4 use warnings;
   5
   6 use PVE::Tools qw(extract_param dir_glob_foreach);
   7 use PVE::JSONSchema qw(get_standard_option);
   8 use PVE::Exception qw(raise_param_exc);
   9 use PVE::RESTHandler;
  10
  11 use PMG::Config;
  12 use PMG::DKIMSign;
  13
  14 use PMG::API2::DKIMSignDomains;
  15
  16 use base qw(PVE::RESTHandler);
  17
  18 __PACKAGE__->register_method({
  19     subclass => "PMG::API2::DKIMSignDomains",
  20     path => 'domains',
  21 });
  22
  23 __PACKAGE__->register_method({
  24     name => 'index',
  25     path => '',
  26     method => 'GET',
  27     description => "Directory index.",
  28     parameters => {
  29         additionalProperties => 0,
  30         properties => {},
  31     },
  32     returns => {
  33         type => 'array',
  34         items => {
  35             type => "object",
  36             properties => { section => { type => 'string'} },
  37         },
  38         links => [ { rel => 'child', href => "{section}" } ],
  39     },
  40     code => sub {
  41         my ($param) = @_;
  42
  43         return [
  44             { section => 'domains'},
  45             { section => 'selector'},
  46             { section => 'selectors'}
  47         ];
  48     }});
  49
  50 __PACKAGE__->register_method({
  51     name => 'set_selector',
  52     path => 'selector',
  53     method => 'POST',
  54     description => "Generate a new private key for selector. All future mail will be signed with the new key!",
  55     protected => 1,
  56     permissions => { check => [ 'admin' ] },
  57     proxyto => 'master',
  58     parameters => {
  59         additionalProperties => 0,
  60         properties => {
  61             selector => {
  62                 description => "DKIM Selector",
  63                 type => 'string', format => 'dns-name',
  64             },
  65             keysize => {
  66                 description => "Number of bits for the RSA-Key",
  67                 type => 'integer', minimum => 1024
  68             },
  69             force => {
  70                 description => "Overwrite existing key",
  71                 type => 'boolean', optional => 1
  72             },
  73         },
  74     },
  75     returns => { type => 'null' },
  76     code => sub {
  77         my ($param) = @_;
  78         my $selector = extract_param($param, 'selector');
  79         my $keysize = extract_param($param, 'keysize');
  80         my $force = extract_param($param, 'force');
  81
  82         PMG::DKIMSign::set_selector($selector, $keysize, $force);
  83
  84         return undef;
  85     }});
  86
  87 sub pmg_verify_dkim_pubkey_record {
  88     my ($rec, $noerr) = @_;
  89
  90     if ($rec !~ /\._domainkey\tIN\tTXT\t\( "v=DKIM1; h=sha256; k=rsa; ".+ \)  ; ----- DKIM key/ms ) {
  91         return undef if $noerr;
  92         die "value does not look like a valid DKIM TXT record\n";
  93     }
  94
  95     return $rec
  96 }
  97
  98 PVE::JSONSchema::register_format(
  99     'pmg-dkim-record', \&pmg_verify_dkim_pubkey_record);
 100
 101 __PACKAGE__->register_method({
 102     name => 'get_selector_info',
 103     path => 'selector',
 104     method => 'GET',
 105     description => "Get the public key for the configured selector, prepared as DKIM TXT record",
 106     protected => 1,
 107     permissions => { check => [ 'admin' ] },
 108     proxyto => 'master',
 109     parameters => {
 110         additionalProperties => 0,
 111         properties => { },
 112     },
 113     returns => {
 114         type => 'object',
 115         properties => {
 116             selector => { type => 'string', format => 'dns-name', optional => 1 },
 117             keysize => { type => 'integer', minimum => 1024 , optional => 1},
 118             record => { type => 'string', format => 'pmg-dkim-record', optional => 1},
 119         },
 120     },
 121     code => sub {
 122         my $cfg = PMG::Config->new();
 123         my $selector = $cfg->get('admin', 'dkim_selector');
 124
 125         return {} if !defined($selector);
 126
 127         my ($record, $size);
 128         eval { ($record, $size) = PMG::DKIMSign::get_selector_info($selector); };
 129         return {selector => $selector} if $@;
 130
 131         return { selector => $selector, keysize => $size, record => $record };
 132     }});
 133
 134 __PACKAGE__->register_method({
 135     name => 'get_selector_list',
 136     path => 'selectors',
 137     method => 'GET',
 138     description => "Get a list of all existing selectors",
 139     protected => 1,
 140     permissions => { check => [ 'admin' ] },
 141     proxyto => 'master',
 142     parameters => {
 143         additionalProperties => 0,
 144         properties => { },
 145     },
 146     returns => {
 147         type => 'array',
 148         items => {
 149             type => "object",
 150             properties => { selector => { type => 'string', format => 'dns-name' } },
 151         },
 152         links => [ { rel => 'child', href => "{selector}" } ],
 153     },
 154     code => sub {
 155         my $res = [];
 156
 157         my @selectors = dir_glob_foreach('/etc/pmg/dkim/', '.*\.private', sub {
 158             my ($sel) = @_;
 159             $sel =~ s/\.private$//;
 160             push @$res, { selector => $sel };
 161         });
 162
 163         return $res;
 164     }});
 165
 166 1;