Re: [pve-devel] [RFC manager 1/5] add CertHelpers utility

2018-04-17 Thread Dominik Csapak 

comment inline

On 04/11/2018 10:08 AM, Fabian Grünbichler wrote:

PVE-specific certificate helper functions

Signed-off-by: Fabian Grünbichler 
---
  PVE/Makefile   |   1 +
  PVE/CertHelpers.pm | 104 +
  2 files changed, 105 insertions(+)
  create mode 100644 PVE/CertHelpers.pm

diff --git a/PVE/Makefile b/PVE/Makefile
index 5cc19904..395faf8a 100644
--- a/PVE/Makefile
+++ b/PVE/Makefile
@@ -3,6 +3,7 @@ include ../defines.mk
  SUBDIRS=API2 Status CLI Service
  
  PERLSOURCE = 			\

+   CertHelpers.pm  \
API2.pm \
API2Tools.pm\
HTTPServer.pm   \
diff --git a/PVE/CertHelpers.pm b/PVE/CertHelpers.pm
new file mode 100644
index ..bcada050
--- /dev/null
+++ b/PVE/CertHelpers.pm
@@ -0,0 +1,104 @@
+package PVE::CertHelpers;
+
+use strict;
+use warnings;
+
+use PVE::JSONSchema;
+use PVE::Tools;
+
+my $account_prefix = '/etc/pve/priv/acme';
+
+PVE::JSONSchema::register_standard_option('pve-acme-account-name', {
+description => 'ACME account config file name.',
+type => 'string',
+format => 'pve-configid',
+format_description => 'name',
+optional => 1,
+default => 'default',
+});
+
+PVE::JSONSchema::register_standard_option('pve-acme-account-contact', {
+type => 'string',
+format => 'email-list',
+description => 'Contact email addresses.',
+});
+
+my $local_cert_lock = '/var/lock/pve-certs.lock';
+
+sub cert_path_prefix {
+my ($node) = @_;
+
+return "/etc/pve/nodes/${node}/pveproxy-ssl";
+}
+
+sub cert_lock {
+my ($timeout, $code, @param) = @_;
+
+return PVE::Tools::lock_file($local_cert_lock, $timeout, $code, @param);
+}
+
+sub set_cert_files {
+my ($cert, $key, $path_prefix, $force) = @_;
+
+my ($old_cert, $old_key, $info);
+
+my $cert_path = "${path_prefix}.pem";
+my $cert_path_tmp = "${path_prefix}.pem.old";
+my $key_path = "${path_prefix}.key";
+my $key_path_tmp = "${path_prefix}.key.old";
+
+if (-e $cert_path) {
+   die "Custom Certificates certificate file exists but force flag is not 
set.\n"
+   if !$force;
+   PVE::Tools::file_copy($cert_path, $cert_path_tmp);
+}
+
+if (-e $key_path) {
+   die "Custom Certificates certificate key file exists but force flag is not 
set.\n"
+   if !$force;
+   PVE::Tools::file_copy($key_path, $key_path_tmp);
+}
+
+eval {
+   PVE::Tools::file_set_contents($cert_path, $cert);
+   PVE::Tools::file_set_contents($key_path, $key);
+   $info = get_certificate_info($cert_path);


this should be PVE::Certificate::get_certificate_info
and a use statement for this


+};
+my $err = $@;
+
+if ($err) {
+   if (-e $cert_path_tmp && -e $key_path_tmp) {
+   eval {
+   warn "Attempting to restore old Certificates certificate 
files..\n";
+   PVE::Tools::file_copy($cert_path_tmp, $cert_path);
+   PVE::Tools::file_copy($key_path_tmp, $key_path);
+   };
+   warn "$@\n" if $@;
+   }
+   die "Setting Certificates certificate files failed - $err\n"
+}
+
+unlink $cert_path_tmp;
+unlink $key_path_tmp;
+
+return $info;
+}
+
+sub get_acme_account_file {
+my ($account_name) = @_;
+
+return "${account_prefix}/${account_name}";
+}
+
+sub list_acme_accounts {
+my $accounts = [];
+
+PVE::Tools::dir_glob_foreach($account_prefix, qr/[^.]+.*/, sub {
+   my ($name) = @_;
+
+   push @$accounts, $name
+   if PVE::JSONSchema::pve_verify_configid($name, 1);
+});
+
+return $accounts;
+}




___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [RFC manager 1/5] add CertHelpers utility

2018-04-13 Thread Wolfgang Bumiller 
On Wed, Apr 11, 2018 at 10:08:47AM +0200, Fabian Grünbichler wrote:
> PVE-specific certificate helper functions
> 
> Signed-off-by: Fabian Grünbichler 
> ---
>  PVE/Makefile   |   1 +
>  PVE/CertHelpers.pm | 104 
> +
>  2 files changed, 105 insertions(+)
>  create mode 100644 PVE/CertHelpers.pm
> 
> diff --git a/PVE/Makefile b/PVE/Makefile
> index 5cc19904..395faf8a 100644
> --- a/PVE/Makefile
> +++ b/PVE/Makefile
> @@ -3,6 +3,7 @@ include ../defines.mk
>  SUBDIRS=API2 Status CLI Service
>  
>  PERLSOURCE = \
> + CertHelpers.pm  \
>   API2.pm \
>   API2Tools.pm\
>   HTTPServer.pm   \
> diff --git a/PVE/CertHelpers.pm b/PVE/CertHelpers.pm
> new file mode 100644
> index ..bcada050
> --- /dev/null
> +++ b/PVE/CertHelpers.pm
> @@ -0,0 +1,104 @@
> +package PVE::CertHelpers;
> +
> +use strict;
> +use warnings;
> +
> +use PVE::JSONSchema;
> +use PVE::Tools;
> +
> +my $account_prefix = '/etc/pve/priv/acme';
> +
> +PVE::JSONSchema::register_standard_option('pve-acme-account-name', {
> +description => 'ACME account config file name.',
> +type => 'string',
> +format => 'pve-configid',
> +format_description => 'name',
> +optional => 1,
> +default => 'default',
> +});
> +
> +PVE::JSONSchema::register_standard_option('pve-acme-account-contact', {
> +type => 'string',
> +format => 'email-list',
> +description => 'Contact email addresses.',
> +});
> +
> +my $local_cert_lock = '/var/lock/pve-certs.lock';
> +
> +sub cert_path_prefix {
> +my ($node) = @_;
> +
> +return "/etc/pve/nodes/${node}/pveproxy-ssl";
> +}
> +
> +sub cert_lock {
> +my ($timeout, $code, @param) = @_;
> +
> +return PVE::Tools::lock_file($local_cert_lock, $timeout, $code, @param);
> +}
> +
> +sub set_cert_files {
> +my ($cert, $key, $path_prefix, $force) = @_;
> +
> +my ($old_cert, $old_key, $info);
> +
> +my $cert_path = "${path_prefix}.pem";
> +my $cert_path_tmp = "${path_prefix}.pem.old";
> +my $key_path = "${path_prefix}.key";
> +my $key_path_tmp = "${path_prefix}.key.old";
> +
> +if (-e $cert_path) {
> + die "Custom Certificates certificate file exists but force flag is not 
> set.\n"

This patch contains a bunch of 'Certificates certificate' sed-pasta ;-)

> + if !$force;
> + PVE::Tools::file_copy($cert_path, $cert_path_tmp);
> +}
> +
> +if (-e $key_path) {
> + die "Custom Certificates certificate key file exists but force flag is 
> not set.\n"
> + if !$force;
> + PVE::Tools::file_copy($key_path, $key_path_tmp);
> +}
> +
> +eval {
> + PVE::Tools::file_set_contents($cert_path, $cert);
> + PVE::Tools::file_set_contents($key_path, $key);
> + $info = get_certificate_info($cert_path);
> +};
> +my $err = $@;
> +
> +if ($err) {
> + if (-e $cert_path_tmp && -e $key_path_tmp) {
> + eval {
> + warn "Attempting to restore old Certificates certificate 
> files..\n";
> + PVE::Tools::file_copy($cert_path_tmp, $cert_path);
> + PVE::Tools::file_copy($key_path_tmp, $key_path);
> + };
> + warn "$@\n" if $@;
> + }
> + die "Setting Certificates certificate files failed - $err\n"
> +}
> +
> +unlink $cert_path_tmp;
> +unlink $key_path_tmp;
> +
> +return $info;
> +}
> +
> +sub get_acme_account_file {
> +my ($account_name) = @_;
> +
> +return "${account_prefix}/${account_name}";
> +}
> +
> +sub list_acme_accounts {
> +my $accounts = [];
> +
> +PVE::Tools::dir_glob_foreach($account_prefix, qr/[^.]+.*/, sub {
> + my ($name) = @_;
> +
> + push @$accounts, $name
> + if PVE::JSONSchema::pve_verify_configid($name, 1);
> +});
> +
> +return $accounts;
> +}
> -- 
> 2.14.2

___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [RFC manager 1/5] add CertHelpers utility

2018-04-11 Thread Fabian Grünbichler 
PVE-specific certificate helper functions

Signed-off-by: Fabian Grünbichler 
---
 PVE/Makefile   |   1 +
 PVE/CertHelpers.pm | 104 +
 2 files changed, 105 insertions(+)
 create mode 100644 PVE/CertHelpers.pm

diff --git a/PVE/Makefile b/PVE/Makefile
index 5cc19904..395faf8a 100644
--- a/PVE/Makefile
+++ b/PVE/Makefile
@@ -3,6 +3,7 @@ include ../defines.mk
 SUBDIRS=API2 Status CLI Service
 
 PERLSOURCE =   \
+   CertHelpers.pm  \
API2.pm \
API2Tools.pm\
HTTPServer.pm   \
diff --git a/PVE/CertHelpers.pm b/PVE/CertHelpers.pm
new file mode 100644
index ..bcada050
--- /dev/null
+++ b/PVE/CertHelpers.pm
@@ -0,0 +1,104 @@
+package PVE::CertHelpers;
+
+use strict;
+use warnings;
+
+use PVE::JSONSchema;
+use PVE::Tools;
+
+my $account_prefix = '/etc/pve/priv/acme';
+
+PVE::JSONSchema::register_standard_option('pve-acme-account-name', {
+description => 'ACME account config file name.',
+type => 'string',
+format => 'pve-configid',
+format_description => 'name',
+optional => 1,
+default => 'default',
+});
+
+PVE::JSONSchema::register_standard_option('pve-acme-account-contact', {
+type => 'string',
+format => 'email-list',
+description => 'Contact email addresses.',
+});
+
+my $local_cert_lock = '/var/lock/pve-certs.lock';
+
+sub cert_path_prefix {
+my ($node) = @_;
+
+return "/etc/pve/nodes/${node}/pveproxy-ssl";
+}
+
+sub cert_lock {
+my ($timeout, $code, @param) = @_;
+
+return PVE::Tools::lock_file($local_cert_lock, $timeout, $code, @param);
+}
+
+sub set_cert_files {
+my ($cert, $key, $path_prefix, $force) = @_;
+
+my ($old_cert, $old_key, $info);
+
+my $cert_path = "${path_prefix}.pem";
+my $cert_path_tmp = "${path_prefix}.pem.old";
+my $key_path = "${path_prefix}.key";
+my $key_path_tmp = "${path_prefix}.key.old";
+
+if (-e $cert_path) {
+   die "Custom Certificates certificate file exists but force flag is not 
set.\n"
+   if !$force;
+   PVE::Tools::file_copy($cert_path, $cert_path_tmp);
+}
+
+if (-e $key_path) {
+   die "Custom Certificates certificate key file exists but force flag is 
not set.\n"
+   if !$force;
+   PVE::Tools::file_copy($key_path, $key_path_tmp);
+}
+
+eval {
+   PVE::Tools::file_set_contents($cert_path, $cert);
+   PVE::Tools::file_set_contents($key_path, $key);
+   $info = get_certificate_info($cert_path);
+};
+my $err = $@;
+
+if ($err) {
+   if (-e $cert_path_tmp && -e $key_path_tmp) {
+   eval {
+   warn "Attempting to restore old Certificates certificate 
files..\n";
+   PVE::Tools::file_copy($cert_path_tmp, $cert_path);
+   PVE::Tools::file_copy($key_path_tmp, $key_path);
+   };
+   warn "$@\n" if $@;
+   }
+   die "Setting Certificates certificate files failed - $err\n"
+}
+
+unlink $cert_path_tmp;
+unlink $key_path_tmp;
+
+return $info;
+}
+
+sub get_acme_account_file {
+my ($account_name) = @_;
+
+return "${account_prefix}/${account_name}";
+}
+
+sub list_acme_accounts {
+my $accounts = [];
+
+PVE::Tools::dir_glob_foreach($account_prefix, qr/[^.]+.*/, sub {
+   my ($name) = @_;
+
+   push @$accounts, $name
+   if PVE::JSONSchema::pve_verify_configid($name, 1);
+});
+
+return $accounts;
+}
-- 
2.14.2


___
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel