netmaker/netclient/functions/register.go

package functions

import (
	"crypto/ed25519"
	"crypto/rand"
	"encoding/json"
	"errors"
	"log"
	"net/http"
	"os"

	"github.com/gravitl/netmaker/logger"
	"github.com/gravitl/netmaker/netclient/config"
	"github.com/gravitl/netmaker/netclient/ncutils"
	"github.com/gravitl/netmaker/tls"
)

// Register - the function responsible for registering with the server and acquiring certs
func Register(cfg *config.ClientConfig, key string) error {
	if cfg.Server.Server == "" {
		return errors.New("no server provided")
	}
	if cfg.Server.AccessKey == "" {
		return errors.New("no access key provided")
	}
	//generate new key if one doesn' exist
	var private *ed25519.PrivateKey
	var err error
	private, err = tls.ReadKey(ncutils.GetNetclientPath() + "/client.key")
	if err != nil {
		_, newKey, err := ed25519.GenerateKey(rand.Reader)
		if err != nil {
			return err
		}
		if err := tls.SaveKey(ncutils.GetNetclientPath(), "/client.key", newKey); err != nil {
			return err
		}
		private = &newKey
	}
	//check if cert exists
	_, err = tls.ReadCert(ncutils.GetNetclientServerPath(cfg.Server.Server) + "/client.pem")
	if errors.Is(err, os.ErrNotExist) {
		if err := RegisterWithServer(private, cfg); err != nil {
			return err
		}
	} else if err != nil {
		return err
	}
	cfg.Registered = true
	return nil
}

// RegisterWithServer calls the register endpoint with privatekey and commonname - api returns ca and client certificate
func RegisterWithServer(private *ed25519.PrivateKey, cfg *config.ClientConfig) error {
	data := config.RegisterRequest{
		Key:        *private,
		CommonName: tls.NewCName(cfg.Node.Name),
	}
	url := "https://" + cfg.Server.API + "/api/server/register"
	log.Println("register at ", url)

	token, err := Authenticate(cfg)
	if err != nil {
		return err
	}
	response, err := API(data, http.MethodPut, url, token)
	if err != nil {
		return err
	}
	if response.StatusCode != http.StatusOK {
		return errors.New(response.Status)
	}
	var resp config.RegisterResponse
	if err := json.NewDecoder(response.Body).Decode(&resp); err != nil {
		return errors.New("unmarshal cert error " + err.Error())
	}
	//x509.Certificate.PublicKey is an interface so json encoding/decoding results in a string rather that []byte
	//the pubkeys are included in the response so the values in the certificate can be updated appropriately
	resp.CA.PublicKey = resp.CAPubKey
	resp.Cert.PublicKey = resp.CertPubKey
	if err := tls.SaveCert(ncutils.GetNetclientServerPath(cfg.Server.Server)+"/", "root.pem", &resp.CA); err != nil {
		return err
	}
	if err := tls.SaveCert(ncutils.GetNetclientServerPath(cfg.Server.Server)+"/", "client.pem", &resp.Cert); err != nil {
		return err
	}
	logger.Log(0, "certificates/key saved ")
	//join the network defined in the token
	return nil
}
register command - client 2022-04-14 03:25:35 +08:00			`package functions`

			`import (`
send csr and get cert 2022-04-14 19:15:50 +08:00			`"crypto/ed25519"`
			`"crypto/rand"`
register command - client 2022-04-14 03:25:35 +08:00			`"encoding/json"`
			`"errors"`
logging 2022-04-14 05:33:40 +08:00			`"log"`
register command - client 2022-04-14 03:25:35 +08:00			`"net/http"`
send csr and get cert 2022-04-14 19:15:50 +08:00			`"os"`
register command - client 2022-04-14 03:25:35 +08:00
			`"github.com/gravitl/netmaker/logger"`
			`"github.com/gravitl/netmaker/netclient/config"`
			`"github.com/gravitl/netmaker/netclient/ncutils"`
			`"github.com/gravitl/netmaker/tls"`
			`)`

changed encoding of structs 2022-04-16 03:03:54 +08:00			`// Register - the function responsible for registering with the server and acquiring certs`
changes from code review Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 05:19:26 +08:00			`func Register(cfg *config.ClientConfig, key string) error {`
register command - client 2022-04-14 03:25:35 +08:00			`if cfg.Server.Server == "" {`
			`return errors.New("no server provided")`
			`}`
			`if cfg.Server.AccessKey == "" {`
			`return errors.New("no access key provided")`
			`}`
cleanup and comments 2022-04-17 04:43:10 +08:00			`//generate new key if one doesn' exist`
fix logic for key/cert gen on start Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 19:42:28 +08:00			`var private *ed25519.PrivateKey`
			`var err error`
			`private, err = tls.ReadKey(ncutils.GetNetclientPath() + "/client.key")`
send csr and get cert 2022-04-14 19:15:50 +08:00			`if err != nil {`
fix logic for key/cert gen on start Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 19:42:28 +08:00			`_, newKey, err := ed25519.GenerateKey(rand.Reader)`
cleanup and comments 2022-04-17 04:43:10 +08:00			`if err != nil {`
			`return err`
			`}`
fix logic for key/cert gen on start Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 19:42:28 +08:00			`if err := tls.SaveKey(ncutils.GetNetclientPath(), "/client.key", newKey); err != nil {`
cleanup and comments 2022-04-17 04:43:10 +08:00			`return err`
			`}`
fix logic for key/cert gen on start Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 19:42:28 +08:00			`private = &newKey`
send csr and get cert 2022-04-14 19:15:50 +08:00			`}`
changes from code review Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 05:19:26 +08:00			`//check if cert exists`
			`_, err = tls.ReadCert(ncutils.GetNetclientServerPath(cfg.Server.Server) + "/client.pem")`
fix logic for key/cert gen on start Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 19:42:28 +08:00			`if errors.Is(err, os.ErrNotExist) {`
changes from code review Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 05:19:26 +08:00			`if err := RegisterWithServer(private, cfg); err != nil {`
			`return err`
			`}`
fix logic for key/cert gen on start Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 19:42:28 +08:00			`} else if err != nil {`
changes from code review Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 05:19:26 +08:00			`return err`
			`}`
reorder register/join 2022-04-25 22:38:29 +08:00			`cfg.Registered = true`
			`return nil`
changes from code review Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 05:19:26 +08:00			`}`

review comments addressed Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-20 21:26:23 +08:00			`// RegisterWithServer calls the register endpoint with privatekey and commonname - api returns ca and client certificate`
changes from code review Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 05:19:26 +08:00			`func RegisterWithServer(private ed25519.PrivateKey, cfg config.ClientConfig) error {`
send csr and get cert 2022-04-14 19:15:50 +08:00			`data := config.RegisterRequest{`
cleanup and comments 2022-04-17 04:43:10 +08:00			`Key: *private,`
certificate cleanup 2022-04-25 18:33:06 +08:00			`CommonName: tls.NewCName(cfg.Node.Name),`
send csr and get cert 2022-04-14 19:15:50 +08:00			`}`
join after register 2022-04-17 03:35:05 +08:00			`url := "https://" + cfg.Server.API + "/api/server/register"`
use issuer's public key for certs 2022-04-15 21:54:35 +08:00			`log.Println("register at ", url)`
reorder register/join 2022-04-25 22:38:29 +08:00
			`token, err := Authenticate(cfg)`
register command - client 2022-04-14 03:25:35 +08:00			`if err != nil {`
			`return err`
			`}`
reorder register/join 2022-04-25 22:38:29 +08:00			`response, err := API(data, http.MethodPut, url, token)`
register command - client 2022-04-14 03:25:35 +08:00			`if err != nil {`
			`return err`
			`}`
			`if response.StatusCode != http.StatusOK {`
			`return errors.New(response.Status)`
			`}`
return struct 2022-04-14 06:22:03 +08:00			`var resp config.RegisterResponse`
			`if err := json.NewDecoder(response.Body).Decode(&resp); err != nil {`
return struct 2022-04-14 06:22:03 +08:00			`return errors.New("unmarshal cert error " + err.Error())`
register command - client 2022-04-14 03:25:35 +08:00			`}`
cleanup and comments 2022-04-17 04:43:10 +08:00			`//x509.Certificate.PublicKey is an interface so json encoding/decoding results in a string rather that []byte`
			`//the pubkeys are included in the response so the values in the certificate can be updated appropriately`
idk 2022-04-16 03:20:46 +08:00			`resp.CA.PublicKey = resp.CAPubKey`
			`resp.Cert.PublicKey = resp.CertPubKey`
ncutils.GetNetclientServerPath Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 03:30:59 +08:00			`if err := tls.SaveCert(ncutils.GetNetclientServerPath(cfg.Server.Server)+"/", "root.pem", &resp.CA); err != nil {`
register command - client 2022-04-14 03:25:35 +08:00			`return err`
			`}`
ncutils.GetNetclientServerPath Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 03:30:59 +08:00			`if err := tls.SaveCert(ncutils.GetNetclientServerPath(cfg.Server.Server)+"/", "client.pem", &resp.Cert); err != nil {`
send csr and get cert 2022-04-14 19:15:50 +08:00			`return err`
			`}`
			`logger.Log(0, "certificates/key saved ")`
cleanup and comments 2022-04-17 04:43:10 +08:00			`//join the network defined in the token`
changes from code review Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca> 2022-04-19 05:19:26 +08:00			`return nil`
register command - client 2022-04-14 03:25:35 +08:00			`}`