]>
Commit | Line | Data |
---|---|---|
036475f8 FG |
1 | package PVE::API2::Certificates; |
2 | ||
3 | use strict; | |
4 | use warnings; | |
5 | ||
6 | use PVE::API2::ACME; | |
7 | use PVE::Certificate; | |
8 | use PVE::CertHelpers;; | |
9 | use PVE::Exception qw(raise_param_exc); | |
10 | use PVE::JSONSchema qw(get_standard_option); | |
11 | use PVE::Tools qw(extract_param file_get_contents file_set_contents); | |
12 | ||
13 | use base qw(PVE::RESTHandler); | |
14 | ||
15 | ||
16 | __PACKAGE__->register_method ({ | |
17 | subclass => "PVE::API2::ACME", | |
18 | path => 'acme', | |
19 | }); | |
20 | ||
21 | __PACKAGE__->register_method ({ | |
22 | name => 'index', | |
23 | path => '', | |
24 | method => 'GET', | |
25 | permissions => { user => 'all' }, | |
26 | description => "Node index.", | |
27 | parameters => { | |
28 | additionalProperties => 0, | |
29 | properties => { | |
30 | node => get_standard_option('pve-node'), | |
31 | }, | |
32 | }, | |
33 | returns => { | |
34 | type => 'array', | |
35 | items => { | |
36 | type => "object", | |
37 | properties => {}, | |
38 | }, | |
39 | links => [ { rel => 'child', href => "{name}" } ], | |
40 | }, | |
41 | code => sub { | |
42 | my ($param) = @_; | |
43 | ||
44 | return [ | |
45 | { name => 'acme' }, | |
46 | { name => 'custom' }, | |
47 | { name => 'info' }, | |
48 | ]; | |
49 | }, | |
50 | }); | |
51 | ||
52 | __PACKAGE__->register_method ({ | |
53 | name => 'info', | |
54 | path => 'info', | |
55 | method => 'GET', | |
56 | permissions => { user => 'all' }, | |
57 | proxyto => 'node', | |
58 | description => "Get information about node's certificates.", | |
59 | parameters => { | |
60 | additionalProperties => 0, | |
61 | properties => { | |
62 | node => get_standard_option('pve-node'), | |
63 | }, | |
64 | }, | |
65 | returns => { | |
66 | type => 'array', | |
67 | items => get_standard_option('pve-certificate-info'), | |
68 | }, | |
69 | code => sub { | |
70 | my ($param) = @_; | |
71 | ||
72 | my $node_path = "/etc/pve/nodes/$param->{node}"; | |
73 | ||
74 | my $res = []; | |
75 | my $cert_paths = [ | |
76 | '/etc/pve/pve-root-ca.pem', | |
77 | "$node_path/pve-ssl.pem", | |
78 | "$node_path/pveproxy-ssl.pem", | |
79 | ]; | |
80 | for my $path (@$cert_paths) { | |
81 | eval { | |
82 | my $info = PVE::Certificate::get_certificate_info($path); | |
83 | push @$res, $info if $info; | |
84 | }; | |
85 | } | |
86 | return $res; | |
87 | }, | |
88 | }); | |
89 | ||
90 | __PACKAGE__->register_method ({ | |
91 | name => 'upload_custom_cert', | |
92 | path => 'custom', | |
93 | method => 'POST', | |
94 | description => 'Upload or update custom certificate chain and key.', | |
95 | protected => 1, | |
96 | proxyto => 'node', | |
97 | parameters => { | |
98 | additionalProperties => 0, | |
99 | properties => { | |
100 | node => get_standard_option('pve-node'), | |
101 | certificates => { | |
102 | type => 'string', | |
103 | format => 'pem-certificate-chain', | |
104 | description => 'PEM encoded certificate (chain).', | |
105 | }, | |
106 | key => { | |
107 | type => 'string', | |
108 | description => 'PEM encoded private key.', | |
109 | format => 'pem-string', | |
110 | optional => 1, | |
111 | }, | |
112 | force => { | |
113 | type => 'boolean', | |
114 | description => 'Overwrite existing custom or ACME certificate files.', | |
115 | optional => 1, | |
116 | default => 0, | |
117 | }, | |
118 | restart => { | |
119 | type => 'boolean', | |
120 | description => 'Restart pveproxy.', | |
121 | optional => 1, | |
122 | default => 0, | |
123 | }, | |
124 | }, | |
125 | }, | |
126 | returns => get_standard_option('pve-certificate-info'), | |
127 | code => sub { | |
128 | my ($param) = @_; | |
129 | ||
130 | my $node = extract_param($param, 'node'); | |
131 | my $cert_prefix = PVE::CertHelpers::cert_path_prefix($node); | |
132 | ||
133 | my $certs = extract_param($param, 'certificates'); | |
134 | $certs = PVE::Certificate::strip_leading_text($certs); | |
135 | ||
136 | my $key = extract_param($param, 'key'); | |
137 | if ($key) { | |
138 | $key = PVE::Certificate::strip_leading_text($key); | |
139 | } else { | |
140 | raise_param_exc({'key' => "Attempted to upload custom certificate without (existing) key."}) | |
141 | if ! -e "${cert_prefix}.key"; | |
142 | } | |
143 | ||
144 | my $info; | |
145 | ||
146 | my $code = sub { | |
147 | print "Setting custom certificate files\n"; | |
148 | $info = PVE::CertHelpers::set_cert_files($certs, $key, $cert_prefix, $param->{force}); | |
149 | ||
150 | if ($param->{restart}) { | |
151 | print "Restarting pveproxy\n"; | |
152 | PVE::Tools::run_command(['systemctl', 'reload-or-restart', 'pveproxy']); | |
153 | } | |
154 | }; | |
155 | ||
156 | PVE::CertHelpers::cert_lock(10, $code); | |
157 | die "$@\n" if $@; | |
158 | ||
159 | return $info; | |
160 | }}); | |
161 | ||
162 | __PACKAGE__->register_method ({ | |
163 | name => 'remove_custom_cert', | |
164 | path => 'custom', | |
165 | method => 'DELETE', | |
166 | description => 'DELETE custom certificate chain and key.', | |
167 | protected => 1, | |
168 | proxyto => 'node', | |
169 | parameters => { | |
170 | additionalProperties => 0, | |
171 | properties => { | |
172 | node => get_standard_option('pve-node'), | |
173 | restart => { | |
174 | type => 'boolean', | |
175 | description => 'Restart pveproxy.', | |
176 | optional => 1, | |
177 | default => 0, | |
178 | }, | |
179 | }, | |
180 | }, | |
181 | returns => { | |
182 | type => 'null', | |
183 | }, | |
184 | code => sub { | |
185 | my ($param) = @_; | |
186 | ||
187 | my $node = extract_param($param, 'node'); | |
188 | my $cert_prefix = PVE::CertHelpers::cert_path_prefix($node); | |
189 | ||
190 | my $code = sub { | |
191 | print "Deleting custom certificate files\n"; | |
192 | unlink "${cert_prefix}.pem"; | |
193 | unlink "${cert_prefix}.key"; | |
194 | ||
195 | if ($param->{restart}) { | |
196 | print "Restarting pveproxy\n"; | |
197 | PVE::Tools::run_command(['systemctl', 'reload-or-restart', 'pveproxy']); | |
198 | } | |
199 | }; | |
200 | ||
201 | PVE::CertHelpers::cert_lock(10, $code); | |
202 | die "$@\n" if $@; | |
203 | ||
204 | return undef; | |
205 | }}); | |
206 | ||
207 | 1; |