gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2024-09-20 15:26:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

always save certs on server start

Browse source
This commit is contained in:
0xdcarns 2022-07-07 14:36:22 -04:00
parent 5cccc4c889
commit 8e5ee2a390
1 changed files with 13 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
main.go
View file

@ -220,13 +220,13 @@ func genCerts() error {
if err != nil {
return err
}
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.ROOT_PEM_NAME, rootCA); err != nil {
return err
}
ca = rootCA
} else if err != nil {
return err
}
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.ROOT_PEM_NAME, ca); err != nil {
return err
}
cert, err := serverctl.ReadCertFromDB(tls.SERVER_PEM_NAME)
if errors.Is(err, os.ErrNotExist) || database.IsEmptyRecord(err) || cert.NotAfter.Before(time.Now().Add(time.Hour*24*10)) {
//gen new key
@ -240,19 +240,20 @@ func genCerts() error {
if err != nil {
return err
}
cert, err := tls.NewEndEntityCert(*private, csr, ca, tls.CERTIFICATE_VALIDITY)
newCert, err := tls.NewEndEntityCert(*private, csr, ca, tls.CERTIFICATE_VALIDITY)
if err != nil {
return err
}
if err := serverctl.SaveKey(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_KEY_NAME, key); err != nil {
return err
}
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_PEM_NAME, cert); err != nil {
return err
}
cert = newCert
} else if err != nil {
return err
}
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_PEM_NAME, cert); err != nil {
return err
}
logger.Log(2, "ensure the root.pem, root.key, server.pem, and server.key files are updated on your broker")
@ -269,7 +270,7 @@ func genCerts() error {
if err != nil {
return err
}
serverClientCert, err := tls.NewEndEntityCert(*private, csr, ca, tls.CERTIFICATE_VALIDITY)
newServerClientCert, err := tls.NewEndEntityCert(*private, csr, ca, tls.CERTIFICATE_VALIDITY)
if err != nil {
return err
}
@ -277,23 +278,12 @@ func genCerts() error {
if err := serverctl.SaveKey(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_CLIENT_KEY, key); err != nil {
return err
}
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_CLIENT_PEM, serverClientCert); err != nil {
return err
}
serverClientCert = newServerClientCert
} else if err != nil {
return err
} else if err == nil {
logger.Log(0, "detected valid server client cert, re-saving for future consumption")
key, err := serverctl.ReadKeyFromDB(tls.SERVER_CLIENT_KEY)
if err != nil {
return err
}
if err := serverctl.SaveKey(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_CLIENT_KEY, *key); err != nil {
return err
}
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_CLIENT_PEM, serverClientCert); err != nil {
return err
}
}
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_CLIENT_PEM, serverClientCert); err != nil {
return err
}
return serverctl.SetClientTLSConf(