diff options
author | Christian Breunig <christian@breunig.cc> | 2024-08-20 07:18:17 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-08-20 07:18:17 +0200 |
commit | 538930c27a0984cd9f9a58115e6ea6395002707e (patch) | |
tree | ba08df6788d04c1736437c7666d0aa601999a9e5 /src/services | |
parent | 26ebd3af8cd2aa296621dbda11ac1c1e64514ba9 (diff) | |
parent | 27fb633bbe45321eecd8225c32a2fd16882633a9 (diff) | |
download | vyos-1x-538930c27a0984cd9f9a58115e6ea6395002707e.tar.gz vyos-1x-538930c27a0984cd9f9a58115e6ea6395002707e.zip |
Merge pull request #3977 from natali-rs1985/T5743-current
T5743: HTTPS API ability to import PKI certificates
Diffstat (limited to 'src/services')
-rwxr-xr-x | src/services/vyos-http-api-server | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server index 7f5233c6b..97633577d 100755 --- a/src/services/vyos-http-api-server +++ b/src/services/vyos-http-api-server @@ -212,6 +212,22 @@ class ImageModel(ApiModel): } } +class ImportPkiModel(ApiModel): + op: StrictStr + path: List[StrictStr] + passphrase: StrictStr = None + + class Config: + schema_extra = { + "example": { + "key": "id_key", + "op": "import_pki", + "path": ["op", "mode", "path"], + "passphrase": "passphrase", + } + } + + class ContainerImageModel(ApiModel): op: StrictStr name: StrictStr = None @@ -585,6 +601,14 @@ def _configure_op(data: Union[ConfigureModel, ConfigureListModel, return success(msg) +def create_path_import_pki_no_prompt(path): + correct_paths = ['ca', 'certificate', 'key-pair'] + if path[1] not in correct_paths: + return False + path[1] = '--' + path[1].replace('-', '') + path[3] = '--key-filename' + return path[1:] + @app.post('/configure') def configure_op(data: Union[ConfigureModel, ConfigureListModel], @@ -814,6 +838,44 @@ def reset_op(data: ResetModel): return success(res) +@app.post('/import-pki') +def import_pki(data: ImportPkiModel): + session = app.state.vyos_session + + op = data.op + path = data.path + + lock.acquire() + + try: + if op == 'import-pki': + # need to get rid or interactive mode for private key + if len(path) == 5 and path[3] in ['key-file', 'private-key']: + path_no_prompt = create_path_import_pki_no_prompt(path) + if not path_no_prompt: + return error(400, f"Invalid command: {' '.join(path)}") + if data.passphrase: + path_no_prompt += ['--passphrase', data.passphrase] + res = session.import_pki_no_prompt(path_no_prompt) + else: + res = session.import_pki(path) + if not res[0].isdigit(): + return error(400, res) + # commit changes + session.commit() + res = res.split('. ')[0] + else: + return error(400, f"'{op}' is not a valid operation") + except ConfigSessionError as e: + return error(400, str(e)) + except Exception as e: + logger.critical(traceback.format_exc()) + return error(500, "An internal error occured. Check the logs for details.") + finally: + lock.release() + + return success(res) + @app.post('/poweroff') def poweroff_op(data: PoweroffModel): session = app.state.vyos_session |