From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id B55B5C1C09 for ; Thu, 18 Jan 2024 14:16:07 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 944AD155FC for ; Thu, 18 Jan 2024 14:15:37 +0100 (CET) Received: from druiddev.proxmox.com (unknown [94.136.29.99]) by firstgate.proxmox.com (Proxmox) with ESMTP for ; Thu, 18 Jan 2024 14:15:36 +0100 (CET) Received: by druiddev.proxmox.com (Postfix, from userid 1000) id 56296800C9; Thu, 18 Jan 2024 14:15:35 +0100 (CET) From: Dietmar Maurer To: pbs-devel@lists.proxmox.com Date: Thu, 18 Jan 2024 14:15:33 +0100 Message-Id: <20240118131533.4138518-1-dietmar@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 1 AWL -2.207 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment KAM_LAZY_DOMAIN_SECURITY 1 Sending domain does not have any anti-forgery methods RCVD_IN_SBL_CSS 3.335 Received via a relay in Spamhaus SBL-CSS RDNS_NONE 0.793 Delivered to internal network by a host with no rDNS SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_NONE 0.001 SPF: sender does not publish an SPF Record T_SCC_BODY_TEXT_LINE -0.01 - URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [certificates.rs] Subject: [pbs-devel] [PATCH proxmox-backup] upload_custom_certificate api: make key optional X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Jan 2024 13:16:07 -0000 Use existing key if not specified (same as PVE API). Signed-off-by: Dietmar Maurer --- src/api2/node/certificates.rs | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/src/api2/node/certificates.rs b/src/api2/node/certificates.rs index e86840a7..b44697c4 100644 --- a/src/api2/node/certificates.rs +++ b/src/api2/node/certificates.rs @@ -1,3 +1,4 @@ +use std::path::PathBuf; use std::sync::Arc; use std::time::Duration; @@ -163,7 +164,10 @@ pub fn get_info() -> Result, Error> { properties: { node: { schema: NODE_SCHEMA }, certificates: { description: "PEM encoded certificate (chain)." }, - key: { description: "PEM encoded private key." }, + key: { + description: "PEM encoded private key.", + optional: true, + }, // FIXME: widget-toolkit should have an option to disable using these 2 parameters... restart: { description: "UI compatibility parameter, ignored", @@ -192,10 +196,19 @@ pub fn get_info() -> Result, Error> { /// Upload a custom certificate. pub async fn upload_custom_certificate( certificates: String, - key: String, + key: Option, ) -> Result, Error> { let certificates = X509::stack_from_pem(certificates.as_bytes()) .map_err(|err| format_err!("failed to decode certificate chain: {}", err))?; + + let key = match key { + Some(key) => key, + None => { + let key_path = PathBuf::from(configdir!("/proxy.key")); + proxmox_sys::fs::file_read_string(key_path)? + } + }; + let key = PKey::private_key_from_pem(key.as_bytes()) .map_err(|err| format_err!("failed to parse private key: {}", err))?; -- 2.39.2