Skip to content

Commit 2a972f0

Browse files
oscartbeaumontoscartbeaumont
committedOct 21, 2024
fix wap provisioning profile generation + ms-mdm wip
1 parent d985623 commit 2a972f0

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

45 files changed

+1463
-164
lines changed
 

‎.vscode/settings.json

+3
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
{
2+
"editor.defaultFormatter": "biomejs.biome"
3+
}

‎apps/api/src/authority/index.ts

+52
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
import { getObject } from "~/aws/s3";
2+
import { env } from "~/env";
3+
import { identityCertificate, identityPrivateKey } from "~/win/common";
4+
5+
// TODO: For better self-hosting we are probs gonna wanna have R2 as our main storage and replicate to S3 where required.
6+
// Why S3? Because API Gateway handles TLS terminations and it requires the certificate pool to be in S3.
7+
8+
export const TRUSTSTORE_BUCKET_REGION = "us-east-1";
9+
export const TRUSTSTORE_ACTIVE_AUTHORITY = "authority";
10+
11+
// Get the public and private keypair for the active MDM authority certificates used for issuing new client certificates.
12+
export async function getMDMAuthority() {
13+
// if (!env.TRUSTSTORE_BUCKET) return undefined;
14+
15+
// const activeAuthority = await getObject(
16+
// env.TRUSTSTORE_BUCKET,
17+
// TRUSTSTORE_BUCKET_REGION,
18+
// TRUSTSTORE_ACTIVE_AUTHORITY,
19+
// {
20+
// // This is okay. Search for the `REF[0]` comment for explanation.
21+
// // @ts-expect-error // TODO: Fix this type error
22+
// cf: {
23+
// // Cache for 1 day
24+
// cacheTtl: 24 * 60 * 60,
25+
// cacheEverything: true,
26+
// },
27+
// },
28+
// );
29+
// let activeAuthorityRaw: string;
30+
// if (activeAuthority.status === 404) {
31+
// activeAuthorityRaw = await (await import("./issue")).issueAuthority("");
32+
// } else if (!activeAuthority.ok)
33+
// throw new Error(
34+
// `Failed to get '${TRUSTSTORE_ACTIVE_AUTHORITY}' from bucket '${env.TRUSTSTORE_BUCKET}' with status ${activeAuthority.statusText}: ${await activeAuthority.text()}`,
35+
// );
36+
// else activeAuthorityRaw = await activeAuthority.text();
37+
38+
// const parts = activeAuthorityRaw.split("\n---\n");
39+
// if (parts.length !== 2) throw new Error("Authority file is malformed");
40+
41+
const { pki } = (await import("node-forge")).default;
42+
43+
// return [
44+
// pki.certificateFromPem(parts[0]!),
45+
// pki.privateKeyFromPem(parts[1]!),
46+
// ] as const;
47+
48+
return [
49+
pki.certificateFromPem(identityCertificate),
50+
pki.privateKeyFromPem(identityPrivateKey),
51+
];
52+
}

0 commit comments

Comments
 (0)