changes from code review

Signed-off-by: Matthew R. Kasun <mkasun@nusak.ca>

netclient/functions/common.go

@@ -23,6 +23,9 @@ import (
 	"google.golang.org/grpc/metadata"
 )
 
+// LINUX_APP_DATA_PATH - linux path
+const LINUX_APP_DATA_PATH = "/etc/netmaker"
+
 // ListPorts - lists ports of WireGuard devices
 func ListPorts() error {
 	wgclient, err := wgctrl.New()
@@ -321,3 +324,8 @@ func WipeLocal(network string) error {
 	}
 	return err
 }
+
+// GetNetmakerPath - gets netmaker path locally
+func GetNetmakerPath() string {
+	return LINUX_APP_DATA_PATH
+}

netclient/functions/daemon.go

@@ -186,7 +186,6 @@ func setupMQTTSub(server string) mqtt.Client {
 	opts := mqtt.NewClientOptions()
 	opts.AddBroker("ssl://" + server + ":8883") // TODO get the appropriate port of the comms mq server
 	opts.TLSConfig = NewTLSConfig(nil, server)
-	opts.ClientID = ncutils.MakeRandomString(23) // helps avoid id duplication on broker
 	opts.SetDefaultPublishHandler(All)
 	opts.SetAutoReconnect(true)
 	opts.SetConnectRetry(true)
@@ -328,7 +327,6 @@ func setupMQTT(cfg *config.ClientConfig, publish bool) mqtt.Client {
 	server := cfg.Server.Server
 	opts.AddBroker("ssl://" + server + ":8883") // TODO get the appropriate port of the comms mq server
 	opts.TLSConfig = NewTLSConfig(cfg, "")
-	opts.ClientID = ncutils.MakeRandomString(23) // helps avoid id duplication on broker
 	opts.SetDefaultPublishHandler(All)
 	opts.SetAutoReconnect(true)
 	opts.SetConnectRetry(true)

netclient/functions/mqpublish.go

@@ -3,7 +3,9 @@ package functions
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
+	"os"
 	"sync"
 	"time"
 
@@ -11,6 +13,7 @@ import (
 	"github.com/gravitl/netmaker/netclient/auth"
 	"github.com/gravitl/netmaker/netclient/config"
 	"github.com/gravitl/netmaker/netclient/ncutils"
+	"github.com/gravitl/netmaker/tls"
 )
 
 // Checkin  -- go routine that checks for public or local ip changes, publishes changes
@@ -75,6 +78,7 @@ func Checkin(ctx context.Context, wg *sync.WaitGroup, currentComms map[string]st
 				} else {
 					Hello(&nodeCfg)
 				}
+				checkCertExpiry(&nodeCfg)
 			}
 		}
 	}
@@ -135,3 +139,19 @@ func publish(nodeCfg *config.ClientConfig, dest string, msg []byte, qos byte) er
 	}
 	return nil
 }
+
+func checkCertExpiry(cfg *config.ClientConfig) error {
+	cert, err := tls.ReadCert(ncutils.GetNetclientServerPath(cfg.Server.Server) + "/client.pem")
+	//if cert doesn't exist or will expire within 10 days
+	if errors.Is(err, os.ErrNotExist) || cert.NotAfter.Before(time.Now().Add(time.Hour*24*10)) {
+		key, err := tls.ReadKey(ncutils.GetNetclientPath() + "/client.key")
+		if err != nil {
+			return err
+		}
+		return RegisterWithServer(key, cfg)
+	}
+	if err != nil {
+		return err
+	}
+	return nil
+}

netclient/functions/register.go

@@ -17,7 +17,7 @@ import (
 )
 
 // Register - the function responsible for registering with the server and acquiring certs
-func Register(cfg *config.ClientConfig) error {
+func Register(cfg *config.ClientConfig, key string) error {
 	if cfg.Server.Server == "" {
 		return errors.New("no server provided")
 	}
@@ -35,6 +35,20 @@ func Register(cfg *config.ClientConfig) error {
 			return err
 		}
 	}
+	//check if cert exists
+	_, err = tls.ReadCert(ncutils.GetNetclientServerPath(cfg.Server.Server) + "/client.pem")
+	if err != os.ErrNotExist {
+		if err := RegisterWithServer(private, cfg); err != nil {
+			return err
+		}
+	}
+	if err != nil {
+		return err
+	}
+	return JoinNetwork(cfg, key, false)
+}
+
+func RegisterWithServer(private *ed25519.PrivateKey, cfg *config.ClientConfig) error {
 	data := config.RegisterRequest{
 		Key:        *private,
 		CommonName: tls.NewCName(os.Getenv("HOSTNAME")),
@@ -75,5 +89,5 @@ func Register(cfg *config.ClientConfig) error {
 	}
 	logger.Log(0, "certificates/key saved ")
 	//join the network defined in the token
-	return JoinNetwork(cfg, "", false)
+	return nil
 }