gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-09 13:26:52 +08:00
Code Issues Projects Releases Packages Wiki Activity

register/cert gen

Browse source
This commit is contained in:
Matthew R. Kasun 2022-04-16 08:27:22 -04:00
parent 4f19beda00
commit a2805ddc80
3 changed files with 19 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

51
controllers/server.go
View file

@ -3,6 +3,7 @@ package controller
import ( import (
"crypto/ed25519" "crypto/ed25519"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix"
"encoding/json" "encoding/json"
"fmt" "fmt"
"net/http" "net/http"
@ -137,7 +138,6 @@ func register(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return return
} }
request.CSR.PublicKey = request.Key
found := false found := false
networks, err := logic.GetNetworks() networks, err := logic.GetNetworks()
if err != nil { if err != nil {
@ -166,7 +166,7 @@ func register(w http.ResponseWriter, r *http.Request) {
} }
// not working --- use openssl instead // not working --- use openssl instead
// cert, ca, err := genCerts(&request.CSR, request.Key) // cert, ca, err := genCerts(&request.CSR, request.Key)
key, cert, ca, err := genOpenSSLCerts() cert, ca, err := genOpenSSLCerts(&request.Key, &request.CommonName)
if err != nil { if err != nil {
logger.Log(0, "failed to generater certs ", err.Error()) logger.Log(0, "failed to generater certs ", err.Error())
errorResponse := models.ErrorResponse{ errorResponse := models.ErrorResponse{
@ -176,31 +176,9 @@ func register(w http.ResponseWriter, r *http.Request) {
return return
} }
// caBytes, err := config.ConvertCertToBytes(*ca)
// if err != nil {
// logger.Log(0, "failed to encode CA cert ", err.Error())
// errorResponse := models.ErrorResponse{
// Code: http.StatusInternalServerError, Message: err.Error(),
// }
// returnErrorResponse(w, r, errorResponse)
// return
// }
// certBytes, err := config.ConvertCertToBytes(*cert)
// if err != nil {
// logger.Log(0, "failed to encode CA cert ", err.Error())
// errorResponse := models.ErrorResponse{
// Code: http.StatusInternalServerError, Message: err.Error(),
// }
// returnErrorResponse(w, r, errorResponse)
// return
// }
tls.SaveCert("/tmp/sent/", "root.pem", ca) tls.SaveCert("/tmp/sent/", "root.pem", ca)
tls.SaveCert("/tmp/sent/", "client.pem", cert) tls.SaveCert("/tmp/sent/", "client.pem", cert)
tls.SaveKey("/tmp/sent/", "client.key", *key)
response := config.RegisterResponse{ response := config.RegisterResponse{
Key: *key,
CA: *ca, CA: *ca,
CAPubKey: (ca.PublicKey).(ed25519.PublicKey), CAPubKey: (ca.PublicKey).(ed25519.PublicKey),
Cert: *cert, Cert: *cert,
@ -241,31 +219,26 @@ func genCerts(csr *x509.CertificateRequest, publickey ed25519.PublicKey) (*x509.
return ca, cert, nil return ca, cert, nil
} }
func genOpenSSLCerts() (*ed25519.PrivateKey, *x509.Certificate, *x509.Certificate, error) { func genOpenSSLCerts(key *ed25519.PrivateKey, name *pkix.Name) (*x509.Certificate, *x509.Certificate, error) {
cmd1 := "openssl genpkey -algorithm Ed25519 -out /tmp/client.key" if err := tls.SaveKey("/tmp/", "client.key", *key); err != nil {
cmd2 := "openssl req -new -out /tmp/client.csr -key /tmp/client.key -subj /CN=client" return nil, nil, fmt.Errorf("failed to store client key %w", err)
}
cmd2 := fmt.Sprintf("openssl req -new -out /tmp/client.csr -key /tmp/client.key -subj /CN=%s", name.CommonName)
cmd3 := "openssl x509 -req -in /tmp/client.csr -days 365 -CA /etc/netmaker/root.pem -CAkey /etc/netmaker/root.key -CAcreateserial -out /tmp/client.pem" cmd3 := "openssl x509 -req -in /tmp/client.csr -days 365 -CA /etc/netmaker/root.pem -CAkey /etc/netmaker/root.key -CAcreateserial -out /tmp/client.pem"
if _, err := ncutils.RunCmd(cmd1, true); err != nil {
return nil, nil, nil, fmt.Errorf("client key error %w", err)
}
if _, err := ncutils.RunCmd(cmd2, true); err != nil { if _, err := ncutils.RunCmd(cmd2, true); err != nil {
return nil, nil, nil, fmt.Errorf("client csr error %w", err) return nil, nil, fmt.Errorf("client csr error %w", err)
} }
if _, err := ncutils.RunCmd(cmd3, true); err != nil { if _, err := ncutils.RunCmd(cmd3, true); err != nil {
return nil, nil, nil, fmt.Errorf("client cert error %w", err) return nil, nil, fmt.Errorf("client cert error %w", err)
}
key, err := tls.ReadKey("/tmp/client.key")
if err != nil {
return nil, nil, nil, fmt.Errorf("read client key error %w", err)
} }
cert, err := tls.ReadCert("/tmp/client.pem") cert, err := tls.ReadCert("/tmp/client.pem")
if err != nil { if err != nil {
return nil, nil, nil, fmt.Errorf("read client cert error %w", err) return nil, nil, fmt.Errorf("read client cert error %w", err)
} }
ca, err := tls.ReadCert("/etc/netmaker/root.pem") ca, err := tls.ReadCert("/etc/netmaker/root.pem")
if err != nil { if err != nil {
return nil, nil, nil, fmt.Errorf("read ca cert error %w", err) return nil, nil, fmt.Errorf("read ca cert error %w", err)
} }
return key, cert, ca, nil return cert, ca, nil
} }

27
netclient/config/config.go
View file

@ -5,6 +5,7 @@ import (
"crypto/ed25519" "crypto/ed25519"
"crypto/x509" "crypto/x509"
"crypto/x509/pkix"
"encoding/base64" "encoding/base64"
"encoding/json" "encoding/json"
"errors" "errors"
@ -43,32 +44,10 @@ type ServerConfig struct {
// RegisterRequest - struct for registation with netmaker server // RegisterRequest - struct for registation with netmaker server
type RegisterRequest struct { type RegisterRequest struct {
CSR x509.CertificateRequest Key ed25519.PrivateKey
Key ed25519.PublicKey CommonName pkix.Name
} }
// // ConvertStructToByte - util to convert bytes to a key to use elsewhere
// func ConvertCertToBytes(cert x509.Certificate) ([]byte, error) {
// var buffer bytes.Buffer
// var enc = gob.NewEncoder(&buffer)
// if err := enc.Encode(cert); err != nil {
// return nil, err
// }
// return buffer.Bytes(), nil
// }
// // ConvertStructToByte - util to convert bytes to a key to use elsewhere
// func ConvertBytesToCert(data []byte) (x509.Certificate, error) {
// var buffer = bytes.NewBuffer(data)
// var dec = gob.NewDecoder(buffer)
// var result = new(x509.Certificate)
// var err = dec.Decode(result)
// if err != nil {
// return *result, err
// }
// return *result, nil
// }
// RegisterResponse - the response to register function // RegisterResponse - the response to register function
type RegisterResponse struct { type RegisterResponse struct {
Key ed25519.PrivateKey Key ed25519.PrivateKey

9
netclient/functions/register.go
View file

@ -25,18 +25,17 @@ func Register(cfg *config.ClientConfig) error {
return errors.New("no access key provided") return errors.New("no access key provided")
} }
//create certificate request //create certificate request
public, private, err := ed25519.GenerateKey(rand.Reader) _, private, err := ed25519.GenerateKey(rand.Reader)
if err != nil { if err != nil {
return err return err
} }
name := tls.NewCName(os.Getenv("HOSTNAME")) //csr, err := tls.NewCSR(private, name)
csr, err := tls.NewCSR(private, name)
if err != nil { if err != nil {
return err return err
} }
data := config.RegisterRequest{ data := config.RegisterRequest{
CSR: *csr, Key: private,
Key: public, CommonName: tls.NewCName(os.Getenv("HOSTNAME")),
} }
payload, err := json.Marshal(data) payload, err := json.Marshal(data)
if err != nil { if err != nil {