feat: basic endpoint setup

server/fleet/service.go

@@ -689,6 +689,8 @@ type Service interface {
 	GetAppleBM(ctx context.Context) (*AppleBM, error)
 	RequestMDMAppleCSR(ctx context.Context, email, org string) (*AppleCSR, error)
 
+	GetMDMAppleCSR(ctx context.Context) (*AppleCSR, error)
+
 	// GetHostDEPAssignment retrieves the host DEP assignment for the specified host.
 	GetHostDEPAssignment(ctx context.Context, host *Host) (*HostDEPAssignment, error)
 

server/mdm/apple/cert.go

@@ -60,6 +60,33 @@ func GenerateAPNSCSRKey(email, org string) (*x509.CertificateRequest, *rsa.Priva
 	return certReq, key, nil
 }
 
+func GenerateAPNSCSRKeyNoEmail(org string) (*x509.CertificateRequest, *rsa.PrivateKey, error) {
+	key, err := newPrivateKey()
+	if err != nil {
+		return nil, nil, fmt.Errorf("generate private key: %w", err)
+	}
+
+	subj := pkix.Name{
+		Organization: []string{org},
+	}
+	template := &x509.CertificateRequest{
+		Subject:            subj,
+		SignatureAlgorithm: x509.SHA256WithRSA,
+	}
+
+	b, err := x509.CreateCertificateRequest(rand.Reader, template, key)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	certReq, err := x509.ParseCertificateRequest(b)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	return certReq, key, nil
+}
+
 type FleetWebsiteError struct {
 	Status  int
 	message string

server/service/handler.go

@@ -495,6 +495,8 @@ func attachFleetAPIRoutes(r *mux.Router, svc fleet.Service, config config.FleetC
 	// Generative AI
 	ue.POST("/api/_version_/fleet/autofill/policy", autofillPoliciesEndpoint, autofillPoliciesRequest{})
 
+	ue.GET("/api/_version_/fleet/mdm/apple/request_csr", getMDMAppleCSREndpoint, getMDMAppleCSRRequest{})
+
 	// Only Fleet MDM specific endpoints should be within the root /mdm/ path.
 	// NOTE: remember to update
 	// `service.mdmConfigurationRequiredEndpoints` when you add an

server/service/mdm.go

@@ -7,6 +7,7 @@ import (
 	"errors"
 	"fmt"
 	"io"
+	"log/slog"
 	"mime/multipart"
 	"net/http"
 	"path/filepath"
@@ -2109,3 +2110,38 @@ func (svc *Service) ResendHostMDMProfile(ctx context.Context, hostID uint, profi
 
 	return nil
 }
+
+////////////////////////////////////////////////////////////////////////////////
+// GET /mdm/apple/request_csr
+////////////////////////////////////////////////////////////////////////////////
+
+type getMDMAppleCSRRequest struct{}
+
+type getMDMAppleCSRResponse struct {
+	Err error `json:"error,omitempty"`
+}
+
+func (r getMDMAppleCSRResponse) error() error { return r.Err }
+
+func getMDMAppleCSREndpoint(ctx context.Context, request interface{}, svc fleet.Service) (errorer, error) {
+	slog.With("filename", "server/service/mdm.go", "func", "getMDMAppleCSREndpoint").Info("JVE_LOG: in endpoint method ")
+	_, _ = svc.GetMDMAppleCSR(ctx)
+
+	return &getMDMAppleCSRResponse{}, nil
+}
+
+func (svc *Service) GetMDMAppleCSR(ctx context.Context) (*fleet.AppleCSR, error) {
+	// TODO(JVE): figure out auth
+	if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionSelectiveList); err != nil {
+		return nil, ctxerr.Wrap(ctx, err)
+	}
+	slog.With("filename", "server/service/mdm.go", "func", "GetMDMAppleCSR").Info("JVE_LOG: in service method ")
+
+	a, b, err := apple_mdm.GenerateAPNSCSRKeyNoEmail("foo")
+	if err != nil {
+		return nil, err
+	}
+	slog.With("filename", "server/service/mdm.go", "func", "GetMDMAppleCSR").Info("\n\n\nJVE_LOG: what we got\n\n\n ", "certReq", string(a.Raw), "privateKey", b)
+
+	return nil, nil
+}