4 * @module routes/agentCert
5 * @description Agent certificate management endpoints for TLS client authentication.
6 * Handles certificate retrieval and CSR (Certificate Signing Request) processing for RMM agents.
9 * @requires services/db
10 * @author RMM-PSA Development Team
11 * @copyright 2026 RMM-PSA Platform
12 * @license Proprietary
16 * @apiDefine AgentCert Agent Certificates
17 * TLS certificate management for agent authentication
20const express = require('express');
21const router = express.Router();
22const crypto = require('crypto');
23const pool = require('../services/db');
27 * @api {get} /api/agent/:id/cert Get agent certificate
28 * @apiName GetAgentCert
30 * @apiDescription Retrieve TLS certificate and keys for specified agent.
31 * Returns both certificate and privateKey (demo implementation echoes public_key).
32 * Used by agents for establishing secure communication channels.
33 * @apiParam {string} id Agent UUID
34 * @apiSuccess {string} certificate Agent TLS certificate
35 * @apiSuccess {string} privateKey Agent private key (demo: echoes public_key)
36 * @apiError (404) {String} error="Agent not found" Agent UUID not in database
37 * @apiError (500) {String} error="Failed to fetch agent cert" Database or crypto error
38 * @apiExample {curl} Example:
39 * curl -X GET http://localhost:3000/api/agent/abc-123-uuid/cert
40 * @apiSuccessExample {json} Success-Response:
43 * "certificate": "-----BEGIN CERTIFICATE-----\nMIIC...",
44 * "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIE..."
47router.get('/:id/cert', async (req, res) => {
48 const { id } = req.params;
50 const result = await pool.query(
51 'SELECT public_key FROM agents WHERE agent_uuid = $1 LIMIT 1',
54 if (result.rows.length === 0) {
55 return res.status(404).json({ error: 'Agent not found' });
57 // For demo, echo public_key as both certificate and privateKey
59 certificate: result.rows[0].public_key,
60 privateKey: result.rows[0].public_key
63 console.error('Error fetching agent cert:', err);
64 res.status(500).json({ error: 'Failed to fetch agent cert' });
69 * @api {post} /api/agent/request-cert Request certificate
70 * @apiName RequestAgentCert
72 * @apiDescription Agent submits Certificate Signing Request (CSR) to obtain signed certificate.
73 * Stores CSR in database and returns certificate (demo: echoes CSR, production: use CA).
74 * Enables agent TLS authentication and secure communications.
75 * @apiParam {string} agent_uuid Agent UUID requesting certificate
76 * @apiParam {string} csr Certificate Signing Request (PEM format)
77 * @apiSuccess {string} certificate Signed certificate (demo: echoes CSR)
78 * @apiError (400) {String} error="agent_uuid and csr required" Missing required parameters
79 * @apiError (500) {String} error="Failed to process cert request" Database or signing error
80 * @apiExample {curl} Example:
81 * curl -X POST http://localhost:3000/api/agent/request-cert \\
82 * -H "Content-Type: application/json" \\
84 * "agent_uuid": "abc-123-uuid",
85 * "csr": "-----BEGIN CERTIFICATE REQUEST-----\\nMIIC...\\n-----END CERTIFICATE REQUEST-----"
87 * @apiSuccessExample {json} Success-Response:
90 * "certificate": "-----BEGIN CERTIFICATE-----\nMIIC...\n-----END CERTIFICATE-----"
93router.post('/request-cert', async (req, res) => {
94 const { agent_uuid, csr } = req.body;
95 if (!agent_uuid || !csr) {
96 return res.status(400).json({ error: 'agent_uuid and csr required' });
99 // For demo: self-sign the CSR (in production, use a CA)
100 // Here, just echo back the CSR as the "certificate"
101 // TODO: Actually sign the CSR and store the public key
103 `UPDATE agents SET public_key = $1 WHERE agent_uuid = $2`,
106 res.json({ certificate: csr });
108 console.error('Error processing cert request:', err);
109 res.status(500).json({ error: 'Failed to process cert request' });
113module.exports = router;
1.14.0