2022-04-14 03:25:35 +08:00
|
|
|
package functions
|
|
|
|
|
|
|
|
import (
|
2022-04-14 19:15:50 +08:00
|
|
|
"crypto/ed25519"
|
|
|
|
"crypto/rand"
|
2022-04-14 03:25:35 +08:00
|
|
|
"encoding/json"
|
|
|
|
"errors"
|
|
|
|
"net/http"
|
2022-04-14 19:15:50 +08:00
|
|
|
"os"
|
2022-04-14 03:25:35 +08:00
|
|
|
|
|
|
|
"github.com/gravitl/netmaker/logger"
|
|
|
|
"github.com/gravitl/netmaker/netclient/config"
|
|
|
|
"github.com/gravitl/netmaker/netclient/ncutils"
|
|
|
|
"github.com/gravitl/netmaker/tls"
|
|
|
|
)
|
|
|
|
|
2022-04-16 03:03:54 +08:00
|
|
|
// Register - the function responsible for registering with the server and acquiring certs
|
2022-06-22 21:55:10 +08:00
|
|
|
func Register(cfg *config.ClientConfig) error {
|
2022-05-31 20:42:12 +08:00
|
|
|
|
2022-04-17 04:43:10 +08:00
|
|
|
//generate new key if one doesn' exist
|
2022-04-19 19:42:28 +08:00
|
|
|
var private *ed25519.PrivateKey
|
|
|
|
var err error
|
2022-07-01 09:56:11 +08:00
|
|
|
private, err = tls.ReadKeyFromFile(ncutils.GetNetclientPath() + ncutils.GetSeparator() + "client.key")
|
2022-04-14 19:15:50 +08:00
|
|
|
if err != nil {
|
2022-04-19 19:42:28 +08:00
|
|
|
_, newKey, err := ed25519.GenerateKey(rand.Reader)
|
2022-04-17 04:43:10 +08:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-07-01 09:56:11 +08:00
|
|
|
if err := tls.SaveKeyToFile(ncutils.GetNetclientPath(), ncutils.GetSeparator()+"client.key", newKey); err != nil {
|
2022-04-17 04:43:10 +08:00
|
|
|
return err
|
|
|
|
}
|
2022-04-19 19:42:28 +08:00
|
|
|
private = &newKey
|
2022-04-14 19:15:50 +08:00
|
|
|
}
|
2022-04-19 05:19:26 +08:00
|
|
|
//check if cert exists
|
2022-07-01 09:56:11 +08:00
|
|
|
_, err = tls.ReadCertFromFile(ncutils.GetNetclientServerPath(cfg.Server.Server) + ncutils.GetSeparator() + "client.pem")
|
2022-04-19 19:42:28 +08:00
|
|
|
if errors.Is(err, os.ErrNotExist) {
|
2022-04-19 05:19:26 +08:00
|
|
|
if err := RegisterWithServer(private, cfg); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-04-19 19:42:28 +08:00
|
|
|
} else if err != nil {
|
2022-04-19 05:19:26 +08:00
|
|
|
return err
|
|
|
|
}
|
2022-04-25 22:38:29 +08:00
|
|
|
return nil
|
2022-04-19 05:19:26 +08:00
|
|
|
}
|
|
|
|
|
2022-04-20 21:26:23 +08:00
|
|
|
// RegisterWithServer calls the register endpoint with privatekey and commonname - api returns ca and client certificate
|
2022-04-19 05:19:26 +08:00
|
|
|
func RegisterWithServer(private *ed25519.PrivateKey, cfg *config.ClientConfig) error {
|
2022-04-14 19:15:50 +08:00
|
|
|
data := config.RegisterRequest{
|
2022-04-17 04:43:10 +08:00
|
|
|
Key: *private,
|
2022-04-25 18:33:06 +08:00
|
|
|
CommonName: tls.NewCName(cfg.Node.Name),
|
2022-04-14 19:15:50 +08:00
|
|
|
}
|
2022-04-17 03:35:05 +08:00
|
|
|
url := "https://" + cfg.Server.API + "/api/server/register"
|
2022-04-26 08:37:05 +08:00
|
|
|
logger.Log(1, "register at "+url)
|
2022-04-25 22:38:29 +08:00
|
|
|
|
|
|
|
token, err := Authenticate(cfg)
|
2022-04-14 03:25:35 +08:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2022-04-25 23:07:21 +08:00
|
|
|
response, err := API(data, http.MethodPost, url, token)
|
2022-04-14 03:25:35 +08:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if response.StatusCode != http.StatusOK {
|
|
|
|
return errors.New(response.Status)
|
|
|
|
}
|
2022-04-14 06:22:03 +08:00
|
|
|
var resp config.RegisterResponse
|
|
|
|
if err := json.NewDecoder(response.Body).Decode(&resp); err != nil {
|
2022-04-14 06:22:03 +08:00
|
|
|
return errors.New("unmarshal cert error " + err.Error())
|
2022-04-14 03:25:35 +08:00
|
|
|
}
|
2022-05-31 00:39:33 +08:00
|
|
|
|
|
|
|
// set broker information on register
|
2022-06-01 00:07:56 +08:00
|
|
|
var modServer bool
|
|
|
|
if resp.Broker != "" && resp.Broker != cfg.Server.Server {
|
|
|
|
cfg.Server.Server = resp.Broker
|
|
|
|
modServer = true
|
|
|
|
}
|
|
|
|
if resp.Port != "" && resp.Port != cfg.Server.MQPort {
|
|
|
|
cfg.Server.MQPort = resp.Port
|
|
|
|
modServer = true
|
|
|
|
}
|
|
|
|
if modServer {
|
|
|
|
if err = config.ModServerConfig(&cfg.Server, cfg.Node.Network); err != nil {
|
|
|
|
logger.Log(0, "error overwriting config with broker information: "+err.Error())
|
|
|
|
}
|
2022-05-31 00:39:33 +08:00
|
|
|
}
|
|
|
|
|
2022-04-17 04:43:10 +08:00
|
|
|
//x509.Certificate.PublicKey is an interface so json encoding/decoding results in a string rather that []byte
|
|
|
|
//the pubkeys are included in the response so the values in the certificate can be updated appropriately
|
2022-04-16 03:20:46 +08:00
|
|
|
resp.CA.PublicKey = resp.CAPubKey
|
|
|
|
resp.Cert.PublicKey = resp.CertPubKey
|
2022-07-01 10:30:28 +08:00
|
|
|
if err := tls.SaveCertToFile(ncutils.GetNetclientServerPath(cfg.Server.Server)+ncutils.GetSeparator(), tls.ROOT_PEM_NAME, &resp.CA); err != nil {
|
2022-04-14 03:25:35 +08:00
|
|
|
return err
|
|
|
|
}
|
2022-07-01 09:56:11 +08:00
|
|
|
if err := tls.SaveCertToFile(ncutils.GetNetclientServerPath(cfg.Server.Server)+ncutils.GetSeparator(), "client.pem", &resp.Cert); err != nil {
|
2022-04-14 19:15:50 +08:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
logger.Log(0, "certificates/key saved ")
|
2022-04-17 04:43:10 +08:00
|
|
|
//join the network defined in the token
|
2022-04-19 05:19:26 +08:00
|
|
|
return nil
|
2022-04-14 03:25:35 +08:00
|
|
|
}
|