feat: write encrypted apns cert

2026-05-24 09:28:54 +00:00 · 2024-05-24 18:03:20 -04:00 · 2024-05-24 18:03:20 -04:00 · c808588e1b
commit c808588e1b
parent 3b065f1ddb
1 changed files with 11 additions and 4 deletions
--- a/server/service/mdm.go
+++ b/server/service/mdm.go
@ -13,7 +13,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"log/slog"
 	"mime/multipart"
 	"net/http"
 	"path/filepath"
@ -2346,7 +2345,10 @@ func (svc *Service) UploadMDMAppleAPNSCert(ctx context.Context, cert io.ReadSeek
 		return err
 	}

-	slog.With("filename", "server/service/mdm.go", "func", "UploadMDMAppleAPNSCert").Info("JVE_LOG: env var value ", "var", svc.config.Server.PrivateKey)
+	if len(svc.config.Server.PrivateKey) == 0 {
+		return ctxerr.Wrap(ctx, errors.New("no private key configured"))
+	}
+
 	if cert == nil {
 		return ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError("certificate", "Invalid certificate. Please provide a valid certificate from Apple Push Certificate Portal."))
 	}
@ -2363,11 +2365,16 @@ func (svc *Service) UploadMDMAppleAPNSCert(ctx context.Context, cert io.ReadSeek
 		return ctxerr.Wrap(ctx, fleet.NewInvalidArgumentError("certificate", "Invalid certificate. Please provide a valid certificate from Apple Push Certificate Portal."))
 	}

-	// Save to DB
+	// Save to DB encrypted
+	encryptedCert, err := Encrypt(certBytes, svc.config.Server.PrivateKey)
+	if err != nil {
+		return ctxerr.Wrap(ctx, err, "encrypting apns certificate")
+	}
+
 	return ctxerr.Wrap(
 		ctx,
 		svc.ds.InsertMDMConfigAssets(ctx, []fleet.MDMConfigAsset{
-			{Name: fleet.MDMAssetAPNSCert, Value: certBytes},
+			{Name: fleet.MDMAssetAPNSCert, Value: encryptedCert},
 		}),
 		"writing apns cert to db",
 	)