summaryrefslogtreecommitdiff
path: root/src/services
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-08-20 07:18:17 +0200
committerGitHub <noreply@github.com>2024-08-20 07:18:17 +0200
commit538930c27a0984cd9f9a58115e6ea6395002707e (patch)
treeba08df6788d04c1736437c7666d0aa601999a9e5 /src/services
parent26ebd3af8cd2aa296621dbda11ac1c1e64514ba9 (diff)
parent27fb633bbe45321eecd8225c32a2fd16882633a9 (diff)
downloadvyos-1x-538930c27a0984cd9f9a58115e6ea6395002707e.tar.gz
vyos-1x-538930c27a0984cd9f9a58115e6ea6395002707e.zip
Merge pull request #3977 from natali-rs1985/T5743-current
T5743: HTTPS API ability to import PKI certificates
Diffstat (limited to 'src/services')
-rwxr-xr-xsrc/services/vyos-http-api-server62
1 files changed, 62 insertions, 0 deletions
diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
index 7f5233c6b..97633577d 100755
--- a/src/services/vyos-http-api-server
+++ b/src/services/vyos-http-api-server
@@ -212,6 +212,22 @@ class ImageModel(ApiModel):
}
}
+class ImportPkiModel(ApiModel):
+ op: StrictStr
+ path: List[StrictStr]
+ passphrase: StrictStr = None
+
+ class Config:
+ schema_extra = {
+ "example": {
+ "key": "id_key",
+ "op": "import_pki",
+ "path": ["op", "mode", "path"],
+ "passphrase": "passphrase",
+ }
+ }
+
+
class ContainerImageModel(ApiModel):
op: StrictStr
name: StrictStr = None
@@ -585,6 +601,14 @@ def _configure_op(data: Union[ConfigureModel, ConfigureListModel,
return success(msg)
+def create_path_import_pki_no_prompt(path):
+ correct_paths = ['ca', 'certificate', 'key-pair']
+ if path[1] not in correct_paths:
+ return False
+ path[1] = '--' + path[1].replace('-', '')
+ path[3] = '--key-filename'
+ return path[1:]
+
@app.post('/configure')
def configure_op(data: Union[ConfigureModel,
ConfigureListModel],
@@ -814,6 +838,44 @@ def reset_op(data: ResetModel):
return success(res)
+@app.post('/import-pki')
+def import_pki(data: ImportPkiModel):
+ session = app.state.vyos_session
+
+ op = data.op
+ path = data.path
+
+ lock.acquire()
+
+ try:
+ if op == 'import-pki':
+ # need to get rid or interactive mode for private key
+ if len(path) == 5 and path[3] in ['key-file', 'private-key']:
+ path_no_prompt = create_path_import_pki_no_prompt(path)
+ if not path_no_prompt:
+ return error(400, f"Invalid command: {' '.join(path)}")
+ if data.passphrase:
+ path_no_prompt += ['--passphrase', data.passphrase]
+ res = session.import_pki_no_prompt(path_no_prompt)
+ else:
+ res = session.import_pki(path)
+ if not res[0].isdigit():
+ return error(400, res)
+ # commit changes
+ session.commit()
+ res = res.split('. ')[0]
+ else:
+ return error(400, f"'{op}' is not a valid operation")
+ except ConfigSessionError as e:
+ return error(400, str(e))
+ except Exception as e:
+ logger.critical(traceback.format_exc())
+ return error(500, "An internal error occured. Check the logs for details.")
+ finally:
+ lock.release()
+
+ return success(res)
+
@app.post('/poweroff')
def poweroff_op(data: PoweroffModel):
session = app.state.vyos_session