2022-04-14 03:25:35 +08:00
|
|
|
package functions
|
|
|
|
|
|
|
|
|
|
import (
|
2022-04-14 19:15:50 +08:00
|
|
|
"bytes"
|
|
|
|
|
"crypto/ed25519"
|
|
|
|
|
"crypto/rand"
|
2022-04-14 03:25:35 +08:00
|
|
|
"encoding/json"
|
|
|
|
|
"errors"
|
2022-04-14 05:33:40 +08:00
|
|
|
"log"
|
2022-04-14 03:25:35 +08:00
|
|
|
"net/http"
|
2022-04-14 19:15:50 +08:00
|
|
|
"os"
|
2022-04-14 03:25:35 +08:00
|
|
|
|
|
|
|
|
"github.com/gravitl/netmaker/logger"
|
|
|
|
|
"github.com/gravitl/netmaker/netclient/config"
|
|
|
|
|
"github.com/gravitl/netmaker/netclient/ncutils"
|
|
|
|
|
"github.com/gravitl/netmaker/tls"
|
|
|
|
|
)
|
|
|
|
|
|
2022-04-16 03:03:54 +08:00
|
|
|
// Register - the function responsible for registering with the server and acquiring certs
|
2022-04-14 03:25:35 +08:00
|
|
|
func Register(cfg *config.ClientConfig) error {
|
|
|
|
|
if cfg.Server.Server == "" {
|
|
|
|
|
return errors.New("no server provided")
|
|
|
|
|
}
|
|
|
|
|
if cfg.Server.AccessKey == "" {
|
|
|
|
|
return errors.New("no access key provided")
|
|
|
|
|
}
|
2022-04-14 19:15:50 +08:00
|
|
|
//create certificate request
|
2022-04-15 02:42:46 +08:00
|
|
|
public, private, err := ed25519.GenerateKey(rand.Reader)
|
2022-04-14 19:15:50 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
name := tls.NewCName(os.Getenv("HOSTNAME"))
|
2022-04-15 02:42:46 +08:00
|
|
|
csr, err := tls.NewCSR(private, name)
|
2022-04-14 19:15:50 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
data := config.RegisterRequest{
|
2022-04-15 02:42:46 +08:00
|
|
|
CSR: *csr,
|
|
|
|
|
Key: public,
|
2022-04-14 19:15:50 +08:00
|
|
|
}
|
|
|
|
|
payload, err := json.Marshal(data)
|
2022-04-14 21:22:07 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2022-04-14 05:33:40 +08:00
|
|
|
url := cfg.Server.API + "/api/server/register"
|
2022-04-15 21:54:35 +08:00
|
|
|
log.Println("register at ", url)
|
2022-04-14 19:15:50 +08:00
|
|
|
|
|
|
|
|
request, err := http.NewRequest(http.MethodPost, url, bytes.NewBuffer(payload))
|
2022-04-14 03:25:35 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2022-04-14 19:15:50 +08:00
|
|
|
request.Header.Set("Content-Type", "application/json")
|
2022-04-14 03:25:35 +08:00
|
|
|
request.Header.Set("authorization", "Bearer "+cfg.Server.AccessKey)
|
|
|
|
|
client := http.Client{}
|
|
|
|
|
response, err := client.Do(request)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if response.StatusCode != http.StatusOK {
|
|
|
|
|
return errors.New(response.Status)
|
|
|
|
|
}
|
2022-04-14 06:22:03 +08:00
|
|
|
var resp config.RegisterResponse
|
|
|
|
|
if err := json.NewDecoder(response.Body).Decode(&resp); err != nil {
|
2022-04-14 06:22:03 +08:00
|
|
|
return errors.New("unmarshal cert error " + err.Error())
|
2022-04-14 03:25:35 +08:00
|
|
|
}
|
2022-04-16 03:03:54 +08:00
|
|
|
responseCA, err := config.ConvertBytesToCert(resp.CABytes)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errors.New("could not acquire CA from response " + err.Error())
|
|
|
|
|
}
|
|
|
|
|
responseCert, err := config.ConvertBytesToCert(resp.CertBytes)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errors.New("could not acquire client certificate from response " + err.Error())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := tls.SaveCert(ncutils.GetNetclientPath()+cfg.Server.Server+"/", "root.pem", &responseCA); err != nil {
|
2022-04-14 03:25:35 +08:00
|
|
|
return err
|
|
|
|
|
}
|
2022-04-16 03:03:54 +08:00
|
|
|
if err := tls.SaveCert(ncutils.GetNetclientPath()+cfg.Server.Server+"/", "client.pem", &responseCert); err != nil {
|
2022-04-14 19:15:50 +08:00
|
|
|
return err
|
|
|
|
|
}
|
2022-04-15 21:54:35 +08:00
|
|
|
if err := tls.SaveKey(ncutils.GetNetclientPath(), "client.key", private); err != nil {
|
2022-04-14 19:15:50 +08:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
logger.Log(0, "certificates/key saved ")
|
2022-04-14 03:25:35 +08:00
|
|
|
return nil
|
|
|
|
|
}
|
