[webinterface] Add simple API to remotely supply a certificate

1 files changed, 38 insertions, 0 deletions

diff --git a/modules-available/webinterface/api.inc.php b/modules-available/webinterface/api.inc.php
new file mode 100644
index 00000000..be374ed5
--- /dev/null
+++ b/modules-available/webinterface/api.inc.php
@@ -0,0 +1,38 @@
+<?php
+
+Header('Content-Type: application/json; charset=utf-8');
+
+$apikey = WebInterface::getApiKey();
+if (empty($apikey) || $apikey !== Request::post('token', null, 'string')) {
+	http_response_code(403);
+	die('{"error":"Unauthorized"}');
+}
+
+$newKey = Request::post('privkey', null, 'string');
+if (empty($newKey)) {
+	http_response_code(400);
+	die('{"error":"privkey missing"}');
+}
+$newCert = Request::post('cert', null, 'string');
+if (empty($newCert)) {
+	http_response_code(400);
+	die('{"error":"cert missing"}');
+}
+
+// Import will try to validate the certificate too
+$task = WebInterface::tmImportCustomCert($newKey, $newCert);
+$task = Taskmanager::waitComplete($task, 10000);
+if (!Taskmanager::isTask($task)) {
+	http_send_status(500);
+	die('{"error":"error communicating with task manager"}');
+}
+if (Taskmanager::isFailed($task)) {
+	// Send task data back to user, might contain more information
+	http_send_status(400);
+	die(json_encode([
+		'error' => 'import failed',
+		'data' => $task['data'] ?? [],
+	]));
+}
+
+die('{"message":"OK"}');
\ No newline at end of file