zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-07 09:41:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

rm unused func

Browse Source
This commit is contained in:
Abhishek Kondur
2022-09-30 23:16:14 +05:30
parent acbca2c2d8
commit 2b4e34ac0b
1 changed files with 0 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
main.go
View File

@@ -3,9 +3,6 @@ package main
import (
"context"
"crypto/ed25519"
"crypto/rand"
"errors"
"flag"
"fmt"
"os"
@@ -14,7 +11,6 @@ import (
"strconv"
"sync"
"syscall"
"time"
"github.com/gravitl/netmaker/auth"
"github.com/gravitl/netmaker/config"
@@ -29,7 +25,6 @@ import (
"github.com/gravitl/netmaker/netclient/ncutils"
"github.com/gravitl/netmaker/servercfg"
"github.com/gravitl/netmaker/serverctl"
"github.com/gravitl/netmaker/tls"
)
var version = "dev"
@@ -208,142 +203,3 @@ func setGarbageCollection() {
debug.SetGCPercent(ncutils.DEFAULT_GC_PERCENT)
}
}
func genCerts() error {
logger.Log(0, "checking keys and certificates")
var private *ed25519.PrivateKey
var err error
// == ROOT key handling ==
private, err = serverctl.ReadKeyFromDB(tls.ROOT_KEY_NAME)
if errors.Is(err, os.ErrNotExist) || database.IsEmptyRecord(err) {
logger.Log(0, "generating new root key")
_, newKey, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
return err
}
private = &newKey
} else if err != nil {
return err
}
logger.Log(2, "saving root.key")
if err := serverctl.SaveKey(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.ROOT_KEY_NAME, *private); err != nil {
return err
}
// == ROOT cert handling ==
ca, err := serverctl.ReadCertFromDB(tls.ROOT_PEM_NAME)
//if cert doesn't exist or will expire within 10 days --- but can't do this as clients won't be able to connect
//if errors.Is(err, os.ErrNotExist) || cert.NotAfter.Before(time.Now().Add(time.Hour*24*10)) {
if errors.Is(err, os.ErrNotExist) || database.IsEmptyRecord(err) || ca.NotAfter.Before(time.Now().Add(time.Hour*24*10)) {
logger.Log(0, "generating new root CA")
caName := tls.NewName("CA Root", "US", "Gravitl")
csr, err := tls.NewCSR(*private, caName)
if err != nil {
return err
}
rootCA, err := tls.SelfSignedCA(*private, csr, tls.CERTIFICATE_VALIDITY)
if err != nil {
return err
}
ca = rootCA
} else if err != nil {
return err
}
logger.Log(2, "saving root.pem")
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.ROOT_PEM_NAME, ca); err != nil {
return err
}
// == SERVER cert handling ==
cert, err := serverctl.ReadCertFromDB(tls.SERVER_PEM_NAME)
if errors.Is(err, os.ErrNotExist) || database.IsEmptyRecord(err) || cert.NotAfter.Before(time.Now().Add(time.Hour*24*10)) {
//gen new key
logger.Log(0, "generating new server key/certificate")
_, key, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
return err
}
serverName := tls.NewCName(servercfg.GetServer())
csr, err := tls.NewCSR(key, serverName)
if err != nil {
return err
}
newCert, err := tls.NewEndEntityCert(*private, csr, ca, tls.CERTIFICATE_VALIDITY)
if err != nil {
return err
}
if err := serverctl.SaveKey(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_KEY_NAME, key); err != nil {
return err
}
cert = newCert
} else if err != nil {
return err
} else if err == nil {
if serverKey, err := serverctl.ReadKeyFromDB(tls.SERVER_KEY_NAME); err == nil {
logger.Log(2, "saving server.key")
if err := serverctl.SaveKey(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_KEY_NAME, *serverKey); err != nil {
return err
}
} else {
return err
}
}
logger.Log(2, "saving server.pem")
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_PEM_NAME, cert); err != nil {
return err
}
// == SERVER-CLIENT connection cert handling ==
serverClientCert, err := serverctl.ReadCertFromDB(tls.SERVER_CLIENT_PEM)
if errors.Is(err, os.ErrNotExist) || database.IsEmptyRecord(err) || serverClientCert.NotAfter.Before(time.Now().Add(time.Hour*24*10)) {
//gen new key
logger.Log(0, "generating new server client key/certificate")
_, key, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
return err
}
serverName := tls.NewCName(tls.SERVER_CLIENT_ENTRY)
csr, err := tls.NewCSR(key, serverName)
if err != nil {
return err
}
newServerClientCert, err := tls.NewEndEntityCert(*private, csr, ca, tls.CERTIFICATE_VALIDITY)
if err != nil {
return err
}
if err := serverctl.SaveKey(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_CLIENT_KEY, key); err != nil {
return err
}
serverClientCert = newServerClientCert
} else if err != nil {
return err
} else if err == nil {
logger.Log(2, "saving serverclient.key")
if serverClientKey, err := serverctl.ReadKeyFromDB(tls.SERVER_CLIENT_KEY); err == nil {
if err := serverctl.SaveKey(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_CLIENT_KEY, *serverClientKey); err != nil {
return err
}
} else {
return err
}
}
logger.Log(2, "saving serverclient.pem")
if err := serverctl.SaveCert(functions.GetNetmakerPath()+ncutils.GetSeparator(), tls.SERVER_CLIENT_PEM, serverClientCert); err != nil {
return err
}
logger.Log(1, "ensure the root.pem, root.key, server.pem, and server.key files are updated on your broker")
return serverctl.SetClientTLSConf(
functions.GetNetmakerPath()+ncutils.GetSeparator()+tls.SERVER_CLIENT_PEM,
functions.GetNetmakerPath()+ncutils.GetSeparator()+tls.SERVER_CLIENT_KEY,
ca,
)
}