Can issue certificate for devices

2024-07-01 22:24:03 +02:00
parent 9ba4aa5194
commit e64a444bd0
6 changed files with 181 additions and 41 deletions
--- a/central_backend/src/server/devices_api/mgmt_controller.rs
+++ b/central_backend/src/server/devices_api/mgmt_controller.rs
@ -1,6 +1,10 @@
-use crate::devices::device::DeviceInfo;
+use crate::crypto::pki;
+use crate::devices::device::{DeviceId, DeviceInfo};
+use crate::energy::energy_actor;
 use crate::server::custom_error::HttpResult;
+use crate::server::WebEnergyActor;
 use actix_web::{web, HttpResponse};
+use openssl::nid::Nid;
 use openssl::x509::X509Req;

 #[derive(Debug, serde::Deserialize)]
@ -12,7 +16,14 @@ pub struct EnrollRequest {
 }

 /// Enroll a new device
-pub async fn enroll(req: web::Json<EnrollRequest>) -> HttpResult {
+pub async fn enroll(req: web::Json<EnrollRequest>, actor: WebEnergyActor) -> HttpResult {
+    // Check device information
+    if let Some(e) = req.info.error() {
+        log::error!("Failed to validate device information! {e}");
+        return Ok(HttpResponse::BadRequest().json(e));
+    }
+
+    // Check CSR
    let csr = match X509Req::from_pem(req.csr.as_bytes()) {
        Ok(r) => r,
        Err(e) => {
@ -26,7 +37,32 @@ pub async fn enroll(req: web::Json<EnrollRequest>) -> HttpResult {
        return Ok(HttpResponse::BadRequest().json("Could not verify CSR signature!"));
    }

-    println!("{:#?}", &req);
+    let cn = match csr.subject_name().entries_by_nid(Nid::COMMONNAME).next() {
+        None => {
+            log::error!("Missing Common Name in CSR!");
+            return Ok(HttpResponse::BadRequest().json("Missing Common Name in CSR!"));
+        }
+        Some(cn) => cn.data().as_utf8()?.to_string(),
+    };

-    Ok(HttpResponse::Ok().json("go on"))
+    if !lazy_regex::regex!("[a-zA-Z0-9 ]{1,100}").is_match(&cn) {
+        log::error!("Given Common Name is invalid!");
+        return Ok(HttpResponse::BadRequest().json("Invalid Common Name in CSR!"));
+    }
+
+    let device_id = DeviceId(cn);
+    log::info!("Received enrollment request for device with ID {device_id:?}",);
+
+    if actor
+        .send(energy_actor::CheckDeviceExists(device_id.clone()))
+        .await?
+    {
+        log::error!("Device could not be enrolled: it already exists!");
+        return Ok(HttpResponse::Conflict().json("Device "));
+    }
+
+    log::info!("Issue certificate for device...");
+    let cert = pki::gen_certificate_for_device(&csr)?;
+
+    Ok(HttpResponse::Ok().body(cert))
 }