From 65daeb8e0f7ee554bf4f6068886422164319440a Mon Sep 17 00:00:00 2001 From: Jesse Peterson Date: Tue, 11 Jul 2023 15:15:51 -0700 Subject: [PATCH] return not_after (expiry) when uploading a pushcert (#79) --- http/api/api.go | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/http/api/api.go b/http/api/api.go index d67fd7a..2574324 100644 --- a/http/api/api.go +++ b/http/api/api.go @@ -11,6 +11,7 @@ import ( "fmt" "net/http" "strings" + "time" "github.com/micromdm/nanomdm/cryptoutil" mdmhttp "github.com/micromdm/nanomdm/http" @@ -302,24 +303,32 @@ func StorePushCertHandler(storage storage.PushCertStore, logger log.Logger) http http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } - cert, key, err := readPEMCertAndKey(b) + certPEM, keyPEM, err := readPEMCertAndKey(b) if err == nil { // sanity check the provided cert and key to make sure they're usable as a pair. - _, err = tls.X509KeyPair(cert, key) + _, err = tls.X509KeyPair(certPEM, keyPEM) + } + var cert *x509.Certificate + if err == nil { + cert, err = cryptoutil.DecodePEMCertificate(certPEM) } var topic string if err == nil { - topic, err = cryptoutil.TopicFromPEMCert(cert) + topic, err = cryptoutil.TopicFromCert(cert) } if err == nil { - err = storage.StorePushCert(r.Context(), cert, key) + err = storage.StorePushCert(r.Context(), certPEM, keyPEM) } output := &struct { - Error string `json:"error,omitempty"` - Topic string `json:"topic,omitempty"` + Error string `json:"error,omitempty"` + Topic string `json:"topic,omitempty"` + NotAfter time.Time `json:"not_after,omitempty"` }{ Topic: topic, } + if cert != nil { + output.NotAfter = cert.NotAfter + } if err != nil { logger.Info("msg", "store push cert", "err", err) output.Error = err.Error()