diff --git a/controllers/server.go b/controllers/server.go index ef6387d5..9e9b722d 100644 --- a/controllers/server.go +++ b/controllers/server.go @@ -1,6 +1,8 @@ package controller import ( + "crypto/ed25519" + "crypto/rand" "encoding/json" "net/http" "strings" @@ -12,7 +14,6 @@ import ( "github.com/gravitl/netmaker/netclient/config" "github.com/gravitl/netmaker/servercfg" "github.com/gravitl/netmaker/tls" - "github.com/kr/pretty" ) func serverHandlers(r *mux.Router) { @@ -175,9 +176,26 @@ func register(w http.ResponseWriter, r *http.Request) { returnErrorResponse(w, r, errorResponse) return } - pretty.Println(&request.CSR.PublicKey) - pretty.Println(request.CSR.RawSubjectPublicKeyInfo) - cert, err := tls.NewEndEntityCert(*key, &request.CSR, ca, tls.CERTIFICATE_VALIDITY) + _, privKey, err := ed25519.GenerateKey(rand.Reader) + if err != nil { + logger.Log(2, "failed to generate client key", err.Error()) + errorResponse := models.ErrorResponse{ + Code: http.StatusInternalServerError, Message: err.Error(), + } + returnErrorResponse(w, r, errorResponse) + return + } + csr, err := tls.NewCSR(privKey, request.Name) + if err != nil { + logger.Log(2, "failed to generate client key", err.Error()) + errorResponse := models.ErrorResponse{ + Code: http.StatusInternalServerError, Message: err.Error(), + } + returnErrorResponse(w, r, errorResponse) + return + } + + cert, err := tls.NewEndEntityCert(*key, csr, ca, tls.CERTIFICATE_VALIDITY) if err != nil { logger.Log(2, "unable to generate client certificate", err.Error()) errorResponse := models.ErrorResponse{ @@ -189,6 +207,7 @@ func register(w http.ResponseWriter, r *http.Request) { response := config.RegisterResponse{ CA: *ca, Cert: *cert, + Key: privKey, } w.WriteHeader(http.StatusOK) json.NewEncoder(w).Encode(response) diff --git a/netclient/config/config.go b/netclient/config/config.go index 623bffdb..9729c0ac 100644 --- a/netclient/config/config.go +++ b/netclient/config/config.go @@ -2,7 +2,9 @@ package config import ( //"github.com/davecgh/go-spew/spew" + "crypto/ed25519" "crypto/x509" + "crypto/x509/pkix" "encoding/base64" "encoding/json" "errors" @@ -41,12 +43,14 @@ type ServerConfig struct { // RegisterRequest - struct for registation with netmaker server type RegisterRequest struct { - CSR x509.CertificateRequest + Name pkix.Name + CSR x509.CertificateRequest } type RegisterResponse struct { CA x509.Certificate Cert x509.Certificate + Key ed25519.PrivateKey } // Write - writes the config of a client to disk diff --git a/netclient/functions/register.go b/netclient/functions/register.go index e274ba54..2fc0343c 100644 --- a/netclient/functions/register.go +++ b/netclient/functions/register.go @@ -35,13 +35,17 @@ func Register(cfg *config.ClientConfig) error { return err } data := config.RegisterRequest{ - CSR: *csr, + Name: name, + CSR: *csr, } pretty.Println(data.CSR.PublicKey) + pretty.Println(data.CSR.RawSubjectPublicKeyInfo) + pretty.Println("data\n", data) payload, err := json.Marshal(data) if err != nil { return err } + os.WriteFile("/tmp/data", payload, os.ModePerm) url := cfg.Server.API + "/api/server/register" log.Println("registering at ", url) @@ -69,7 +73,7 @@ func Register(cfg *config.ClientConfig) error { if err := tls.SaveCert(ncutils.GetNetclientPath(), "client.cert", &resp.Cert); err != nil { return err } - if err := tls.SaveKey(ncutils.GetNetclientPath(), "client.key", key); err != nil { + if err := tls.SaveKey(ncutils.GetNetclientPath(), "client.key", resp.Key); err != nil { return err } logger.Log(0, "certificates/key saved ") diff --git a/tls/tls.go b/tls/tls.go index 210bddc3..baf96545 100644 --- a/tls/tls.go +++ b/tls/tls.go @@ -9,7 +9,6 @@ import ( "encoding/pem" "errors" "fmt" - "log" "math/big" "os" "time" @@ -233,7 +232,6 @@ func ReadKey(name string) (*ed25519.PrivateKey, error) { return nil, fmt.Errorf("unable to read file %w", err) } keyBytes, _ := pem.Decode(bytes) - log.Println(keyBytes.Type) key, err := x509.ParsePKCS8PrivateKey(keyBytes.Bytes) if err != nil { return nil, fmt.Errorf("unable to parse file %w", err)