Start to implement devices enrollment

central_backend/src/server/custom_error.rs

@@ -103,6 +103,12 @@ impl From<actix_identity::error::LoginError> for HttpErr {
     }
 }
 
+impl From<openssl::error::ErrorStack> for HttpErr {
+    fn from(value: openssl::error::ErrorStack) -> Self {
+        HttpErr::Err(std::io::Error::new(ErrorKind::Other, value.to_string()).into())
+    }
+}
+
 impl From<HttpResponse> for HttpErr {
     fn from(value: HttpResponse) -> Self {
         HttpErr::HTTPResponse(value)

central_backend/src/server/devices_api/mgmt_controller.rs

@@ -0,0 +1,32 @@
+use crate::devices::device::DeviceInfo;
+use crate::server::custom_error::HttpResult;
+use actix_web::{web, HttpResponse};
+use openssl::x509::X509Req;
+
+#[derive(Debug, serde::Deserialize)]
+pub struct EnrollRequest {
+    /// Device CSR
+    csr: String,
+    /// Associated device information
+    info: DeviceInfo,
+}
+
+/// Enroll a new device
+pub async fn enroll(req: web::Json<EnrollRequest>) -> HttpResult {
+    let csr = match X509Req::from_pem(req.csr.as_bytes()) {
+        Ok(r) => r,
+        Err(e) => {
+            log::error!("Failed to parse given CSR! {e}");
+            return Ok(HttpResponse::BadRequest().json("Failed to parse given CSR!"));
+        }
+    };
+
+    if !csr.verify(csr.public_key()?.as_ref())? {
+        log::error!("Invalid CSR signature!");
+        return Ok(HttpResponse::BadRequest().json("Could not verify CSR signature!"));
+    }
+
+    println!("{:#?}", &req);
+
+    Ok(HttpResponse::Ok().json("go on"))
+}

central_backend/src/server/devices_api/mod.rs

@@ -1 +1,2 @@
+pub mod mgmt_controller;
 pub mod utils_controller;

central_backend/src/server/servers.rs

@@ -3,7 +3,7 @@ use crate::constants;
 use crate::crypto::pki;
 use crate::energy::energy_actor::EnergyActorAddr;
 use crate::server::auth_middleware::AuthChecker;
-use crate::server::devices_api::utils_controller;
+use crate::server::devices_api::{mgmt_controller, utils_controller};
 use crate::server::unsecure_server::*;
 use crate::server::web_api::*;
 use actix_cors::Cors;
@@ -136,6 +136,10 @@ pub async fn secure_server(energy_actor: EnergyActorAddr) -> anyhow::Result<()>
                 "/devices_api/utils/time",
                 web::get().to(utils_controller::curr_time),
             )
+            .route(
+                "/devices_api/mgmt/enroll",
+                web::post().to(mgmt_controller::enroll),
+            )
     })
     .bind_openssl(&AppConfig::get().listen_address, builder)?
     .run()

central_backend/src/server/unsecure_server/unsecure_pki_controller.rs

@@ -12,7 +12,7 @@ pub async fn serve_pki_file(path: web::Path<ServeCRLPath>) -> HttpResult {
     for f in std::fs::read_dir(AppConfig::get().pki_path())? {
         let f = f?;
         let file_name = f.file_name().to_string_lossy().to_string();
-        if !file_name.ends_with(".crl") && !file_name.ends_with(".pem") {
+        if !file_name.ends_with(".crl") && !file_name.ends_with(".crt") {
             continue;
         }