gravitl/netmaker
1
1
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-11-10 00:30:37 +08:00
Code Issues Projects Releases Packages Wiki Activity

gen certs with go rather than openssl

Browse source
This commit is contained in:
Matthew R. Kasun 2022-04-16 08:37:55 -04:00
parent a2805ddc80
commit eae74e3430
1 changed files with 10 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
controllers/server.go
View file

@ -165,8 +165,8 @@ func register(w http.ResponseWriter, r *http.Request) {
return return
} }
// not working --- use openssl instead // not working --- use openssl instead
// cert, ca, err := genCerts(&request.CSR, request.Key) cert, ca, err := genCerts(&request.Key, &request.CommonName)
cert, ca, err := genOpenSSLCerts(&request.Key, &request.CommonName) //cert, ca, err := genOpenSSLCerts(&request.Key, &request.CommonName)
if err != nil { if err != nil {
logger.Log(0, "failed to generater certs ", err.Error()) logger.Log(0, "failed to generater certs ", err.Error())
errorResponse := models.ErrorResponse{ errorResponse := models.ErrorResponse{
@ -188,29 +188,22 @@ func register(w http.ResponseWriter, r *http.Request) {
json.NewEncoder(w).Encode(response) json.NewEncoder(w).Encode(response)
} }
func genCerts(csr *x509.CertificateRequest, publickey ed25519.PublicKey) (*x509.Certificate, *x509.Certificate, error) { func genCerts(clientKey *ed25519.PrivateKey, name *pkix.Name) (*x509.Certificate, *x509.Certificate, error) {
ca, err := tls.ReadCert("/etc/netmaker/server.pem") ca, err := tls.ReadCert("/etc/netmaker/root.pem")
if err != nil { if err != nil {
logger.Log(2, "root ca not found ", err.Error()) logger.Log(2, "root ca not found ", err.Error())
return nil, nil, fmt.Errorf("root ca not found %w", err) return nil, nil, fmt.Errorf("root ca not found %w", err)
} }
key, err := tls.ReadKey("/etc/netmaker/server.key") key, err := tls.ReadKey("/etc/netmaker/root.key")
if err != nil { if err != nil {
logger.Log(2, "root key not found ", err.Error()) logger.Log(2, "root key not found ", err.Error())
return nil, nil, fmt.Errorf("root key not found %w", err) return nil, nil, fmt.Errorf("root key not found %w", err)
} }
//_, privKey, err := ed25519.GenerateKey(rand.Reader) csr, err := tls.NewCSR(*clientKey, *name)
//if err != nil { if err != nil {
// logger.Log(2, "failed to generate client key", err.Error()) logger.Log(2, "failed to generate client certificate requests", err.Error())
// return nil, nil, nil, fmt.Errorf("client key generation failed %w", err) return nil, nil, fmt.Errorf("client certification request generation failed %w", err)
//} }
//csr, err := tls.NewCSR(privKey, name)
//if err != nil {
// logger.Log(2, "failed to generate client certificate requests", err.Error())
// return nil, nil, nil, fmt.Errorf("client certification request generation failed %w", err)
//}
csr.PublicKey = publickey
cert, err := tls.NewEndEntityCert(*key, csr, ca, tls.CERTIFICATE_VALIDITY) cert, err := tls.NewEndEntityCert(*key, csr, ca, tls.CERTIFICATE_VALIDITY)
if err != nil { if err != nil {
logger.Log(2, "unable to generate client certificate", err.Error()) logger.Log(2, "unable to generate client certificate", err.Error())