Can revoke issued certificates

central_backend/src/devices/devices_list.rs

@@ -2,7 +2,7 @@ use crate::app_config::AppConfig;
 use crate::crypto::pki;
 use crate::devices::device::{Device, DeviceId, DeviceInfo};
 use crate::utils::time_utils::time_secs;
-use openssl::x509::X509Req;
+use openssl::x509::{X509Req, X509};
 use std::collections::HashMap;
 
 #[derive(thiserror::Error, Debug)]
@@ -15,6 +15,10 @@ pub enum DevicesListError {
     ValidateDeviceFailedDeviceNotFound,
     #[error("Validated device failed: the device is already validated!")]
     ValidateDeviceFailedDeviceAlreadyValidated,
+    #[error("Requested device was not found")]
+    DeviceNotFound,
+    #[error("Requested device is not validated")]
+    DeviceNotValidated,
 }
 
 pub struct DevicesList(HashMap<DeviceId, Device>);
@@ -129,12 +133,26 @@ impl DevicesList {
         Ok(())
     }
 
+    /// Get single certificate information
+    fn get_cert(&self, id: &DeviceId) -> anyhow::Result<X509> {
+        let dev = self
+            .get_single(id)
+            .ok_or(DevicesListError::DeviceNotFound)?;
+        if !dev.validated {
+            return Err(DevicesListError::DeviceNotValidated.into());
+        }
+
+        Ok(X509::from_pem(&std::fs::read(
+            AppConfig::get().device_cert_path(id),
+        )?)?)
+    }
+
     /// Delete a device
     pub fn delete(&mut self, id: &DeviceId) -> anyhow::Result<()> {
         let crt_path = AppConfig::get().device_cert_path(id);
         if crt_path.is_file() {
-            // TODO : implement
-            unimplemented!("Certificate revocation not implemented yet!");
+            let cert = self.get_cert(id)?;
+            pki::revoke_device_cert(&cert)?;
         }
 
         let csr_path = AppConfig::get().device_csr_path(id);