From b421d6f79b134284092c7bba0cdcfc6751f5dc98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn-Michael=20Miehe?=
 <40151420+ldericher@users.noreply.github.com>
Date: Fri, 1 Apr 2022 17:51:01 +0000
Subject: [PATCH] device: request_certificate (no "approval" check)

---
 api/kiwi_vpn_api/routers/device.py | 37 +++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/api/kiwi_vpn_api/routers/device.py b/api/kiwi_vpn_api/routers/device.py
index 710de22..3d9ae71 100644
--- a/api/kiwi_vpn_api/routers/device.py
+++ b/api/kiwi_vpn_api/routers/device.py
@@ -4,7 +4,8 @@
 
 from fastapi import APIRouter, Depends, HTTPException, status
 
-from ..db import Device, DeviceCreate, DeviceRead, User
+from ..db import Connection, Device, DeviceCreate, DeviceRead, User
+from ..easyrsa import CertificateType, DistinguishedName, EasyRSA
 from ._common import (Responses, get_current_user, get_device_by_id,
                       get_user_by_name)
 
@@ -75,3 +76,37 @@ async def remove_device(
 
     # delete device
     device.delete()
+
+
+@router.post(
+    "/{device_id}/csr",
+    responses={
+        status.HTTP_200_OK: Responses.OK,
+        status.HTTP_400_BAD_REQUEST: Responses.NOT_INSTALLED,
+        status.HTTP_401_UNAUTHORIZED: Responses.NEEDS_USER,
+        status.HTTP_403_FORBIDDEN: Responses.NEEDS_PERMISSION,
+        status.HTTP_404_NOT_FOUND: Responses.ENTRY_DOESNT_EXIST,
+    },
+)
+async def request_certificate(
+    current_user: User = Depends(get_current_user),
+    device: Device = Depends(get_device_by_id),
+):
+    """
+    POST ./{device_id}/csr: Request certificate for a device.
+    """
+
+    # check permission
+    if not current_user.can_edit(device):
+        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN)
+
+    easy_rsa = EasyRSA()
+
+    with Connection.session as db:
+        db.add(device)
+        dn = DistinguishedName.build(device)
+
+    easy_rsa.issue(
+        dn=dn,
+        cert_type=CertificateType.server,
+    )