From 2d93f7c55d546be13ec53cde838758518262f96d Mon Sep 17 00:00:00 2001 From: Jahziel Villasana-Espinoza Date: Wed, 22 May 2024 09:31:08 -0400 Subject: [PATCH] feat: basic endpoint setup --- server/fleet/service.go | 2 ++ server/mdm/apple/cert.go | 27 +++++++++++++++++++++++++++ server/service/handler.go | 2 ++ server/service/mdm.go | 36 ++++++++++++++++++++++++++++++++++++ 4 files changed, 67 insertions(+) diff --git a/server/fleet/service.go b/server/fleet/service.go index f90d8b32c3..fa8c35ee07 100644 --- a/server/fleet/service.go +++ b/server/fleet/service.go @@ -689,6 +689,8 @@ type Service interface { GetAppleBM(ctx context.Context) (*AppleBM, error) RequestMDMAppleCSR(ctx context.Context, email, org string) (*AppleCSR, error) + GetMDMAppleCSR(ctx context.Context) (*AppleCSR, error) + // GetHostDEPAssignment retrieves the host DEP assignment for the specified host. GetHostDEPAssignment(ctx context.Context, host *Host) (*HostDEPAssignment, error) diff --git a/server/mdm/apple/cert.go b/server/mdm/apple/cert.go index 937d0aba9a..ab0305f68b 100644 --- a/server/mdm/apple/cert.go +++ b/server/mdm/apple/cert.go @@ -60,6 +60,33 @@ func GenerateAPNSCSRKey(email, org string) (*x509.CertificateRequest, *rsa.Priva return certReq, key, nil } +func GenerateAPNSCSRKeyNoEmail(org string) (*x509.CertificateRequest, *rsa.PrivateKey, error) { + key, err := newPrivateKey() + if err != nil { + return nil, nil, fmt.Errorf("generate private key: %w", err) + } + + subj := pkix.Name{ + Organization: []string{org}, + } + template := &x509.CertificateRequest{ + Subject: subj, + SignatureAlgorithm: x509.SHA256WithRSA, + } + + b, err := x509.CreateCertificateRequest(rand.Reader, template, key) + if err != nil { + return nil, nil, err + } + + certReq, err := x509.ParseCertificateRequest(b) + if err != nil { + return nil, nil, err + } + + return certReq, key, nil +} + type FleetWebsiteError struct { Status int message string diff --git a/server/service/handler.go b/server/service/handler.go index c6fba1ef31..825aafa7f1 100644 --- a/server/service/handler.go +++ b/server/service/handler.go @@ -495,6 +495,8 @@ func attachFleetAPIRoutes(r *mux.Router, svc fleet.Service, config config.FleetC // Generative AI ue.POST("/api/_version_/fleet/autofill/policy", autofillPoliciesEndpoint, autofillPoliciesRequest{}) + ue.GET("/api/_version_/fleet/mdm/apple/request_csr", getMDMAppleCSREndpoint, getMDMAppleCSRRequest{}) + // Only Fleet MDM specific endpoints should be within the root /mdm/ path. // NOTE: remember to update // `service.mdmConfigurationRequiredEndpoints` when you add an diff --git a/server/service/mdm.go b/server/service/mdm.go index ef47f609ca..9223af565d 100644 --- a/server/service/mdm.go +++ b/server/service/mdm.go @@ -7,6 +7,7 @@ import ( "errors" "fmt" "io" + "log/slog" "mime/multipart" "net/http" "path/filepath" @@ -2109,3 +2110,38 @@ func (svc *Service) ResendHostMDMProfile(ctx context.Context, hostID uint, profi return nil } + +//////////////////////////////////////////////////////////////////////////////// +// GET /mdm/apple/request_csr +//////////////////////////////////////////////////////////////////////////////// + +type getMDMAppleCSRRequest struct{} + +type getMDMAppleCSRResponse struct { + Err error `json:"error,omitempty"` +} + +func (r getMDMAppleCSRResponse) error() error { return r.Err } + +func getMDMAppleCSREndpoint(ctx context.Context, request interface{}, svc fleet.Service) (errorer, error) { + slog.With("filename", "server/service/mdm.go", "func", "getMDMAppleCSREndpoint").Info("JVE_LOG: in endpoint method ") + _, _ = svc.GetMDMAppleCSR(ctx) + + return &getMDMAppleCSRResponse{}, nil +} + +func (svc *Service) GetMDMAppleCSR(ctx context.Context) (*fleet.AppleCSR, error) { + // TODO(JVE): figure out auth + if err := svc.authz.Authorize(ctx, &fleet.Host{}, fleet.ActionSelectiveList); err != nil { + return nil, ctxerr.Wrap(ctx, err) + } + slog.With("filename", "server/service/mdm.go", "func", "GetMDMAppleCSR").Info("JVE_LOG: in service method ") + + a, b, err := apple_mdm.GenerateAPNSCSRKeyNoEmail("foo") + if err != nil { + return nil, err + } + slog.With("filename", "server/service/mdm.go", "func", "GetMDMAppleCSR").Info("\n\n\nJVE_LOG: what we got\n\n\n ", "certReq", string(a.Raw), "privateKey", b) + + return nil, nil +}