diff --git a/netclient/functions/daemon.go b/netclient/functions/daemon.go index 95faf0de..d3a1c99f 100644 --- a/netclient/functions/daemon.go +++ b/netclient/functions/daemon.go @@ -2,13 +2,10 @@ package functions import ( "context" - "crypto/ed25519" - "crypto/rand" "crypto/tls" "crypto/x509" "errors" "fmt" - "log" "os" "os/signal" "strings" @@ -21,12 +18,10 @@ import ( "github.com/gravitl/netmaker/mq" "github.com/gravitl/netmaker/netclient/auth" "github.com/gravitl/netmaker/netclient/config" - "github.com/gravitl/netmaker/netclient/daemon" "github.com/gravitl/netmaker/netclient/global_settings" "github.com/gravitl/netmaker/netclient/local" "github.com/gravitl/netmaker/netclient/ncutils" "github.com/gravitl/netmaker/netclient/wireguard" - ssl "github.com/gravitl/netmaker/tls" "golang.zx2c4.com/wireguard/wgctrl/wgtypes" ) @@ -320,19 +315,6 @@ func setupMQTT(cfg *config.ClientConfig) error { return nil } -func reRegisterWithServer(cfg *config.ClientConfig) { - logger.Log(0, "connection issue detected.. attempt connection with new certs and broker information") - key, err := ssl.ReadKeyFromFile(ncutils.GetNetclientPath() + ncutils.GetSeparator() + "client.key") - if err != nil { - _, *key, err = ed25519.GenerateKey(rand.Reader) - if err != nil { - log.Fatal("could not generate new key") - } - } - RegisterWithServer(key, cfg) - daemon.Restart() -} - // publishes a message to server to update peers on this peer's behalf func publishSignal(nodeCfg *config.ClientConfig, signal byte) error { if err := publish(nodeCfg, fmt.Sprintf("signal/%s", nodeCfg.Node.ID), []byte{signal}, 1); err != nil { diff --git a/netclient/functions/mqpublish.go b/netclient/functions/mqpublish.go index 722ba0a3..e2ef7bc9 100644 --- a/netclient/functions/mqpublish.go +++ b/netclient/functions/mqpublish.go @@ -8,7 +8,6 @@ import ( "io" "net" "net/http" - "os" "strconv" "sync" "time" @@ -20,7 +19,6 @@ import ( "github.com/gravitl/netmaker/netclient/auth" "github.com/gravitl/netmaker/netclient/config" "github.com/gravitl/netmaker/netclient/ncutils" - "github.com/gravitl/netmaker/tls" ) var metricsCache = new(sync.Map) @@ -261,22 +259,6 @@ func publish(nodeCfg *config.ClientConfig, dest string, msg []byte, qos byte) er return nil } -func checkCertExpiry(cfg *config.ClientConfig) error { - cert, err := tls.ReadCertFromFile(ncutils.GetNetclientServerPath(cfg.Server.Server) + ncutils.GetSeparator() + "client.pem") - //if cert doesn't exist or will expire within 10 days - if errors.Is(err, os.ErrNotExist) || cert.NotAfter.Before(time.Now().Add(time.Hour*24*10)) { - key, err := tls.ReadKeyFromFile(ncutils.GetNetclientPath() + ncutils.GetSeparator() + "client.key") - if err != nil { - return err - } - return RegisterWithServer(key, cfg) - } - if err != nil { - return err - } - return nil -} - func checkBroker(broker string, port string) error { if broker == "" { return errors.New("error: broker address is blank") diff --git a/netclient/functions/register.go b/netclient/functions/register.go deleted file mode 100644 index b03e9704..00000000 --- a/netclient/functions/register.go +++ /dev/null @@ -1,100 +0,0 @@ -package functions - -import ( - "crypto/ed25519" - "crypto/rand" - "encoding/json" - "errors" - "net/http" - "os" - - "github.com/gravitl/netmaker/logger" - "github.com/gravitl/netmaker/netclient/config" - "github.com/gravitl/netmaker/netclient/ncutils" - "github.com/gravitl/netmaker/tls" -) - -// Register - the function responsible for registering with the server and acquiring certs -func Register(cfg *config.ClientConfig) error { - - //generate new key if one doesn' exist - var private *ed25519.PrivateKey - var err error - private, err = tls.ReadKeyFromFile(ncutils.GetNetclientPath() + ncutils.GetSeparator() + "client.key") - if err != nil { - _, newKey, err := ed25519.GenerateKey(rand.Reader) - if err != nil { - return err - } - if err := tls.SaveKeyToFile(ncutils.GetNetclientPath(), ncutils.GetSeparator()+"client.key", newKey); err != nil { - return err - } - private = &newKey - } - //check if cert exists - _, err = tls.ReadCertFromFile(ncutils.GetNetclientServerPath(cfg.Server.Server) + ncutils.GetSeparator() + "client.pem") - if errors.Is(err, os.ErrNotExist) { - if err := RegisterWithServer(private, cfg); err != nil { - return err - } - } else if err != nil { - return err - } - return nil -} - -// RegisterWithServer calls the register endpoint with privatekey and commonname - api returns ca and client certificate -func RegisterWithServer(private *ed25519.PrivateKey, cfg *config.ClientConfig) error { - data := config.RegisterRequest{ - Key: *private, - CommonName: tls.NewCName(cfg.Node.Name), - } - url := "https://" + cfg.Server.API + "/api/server/register" - logger.Log(1, "register at "+url) - - token, err := Authenticate(cfg) - if err != nil { - return err - } - response, err := API(data, http.MethodPost, url, token) - if err != nil { - return err - } - if response.StatusCode != http.StatusOK { - return errors.New(response.Status) - } - var resp config.RegisterResponse - if err := json.NewDecoder(response.Body).Decode(&resp); err != nil { - return errors.New("unmarshal cert error " + err.Error()) - } - - // set broker information on register - var modServer bool - if resp.Broker != "" && resp.Broker != cfg.Server.Server { - cfg.Server.Server = resp.Broker - modServer = true - } - if resp.Port != "" && resp.Port != cfg.Server.MQPort { - cfg.Server.MQPort = resp.Port - modServer = true - } - if modServer { - if err = config.ModServerConfig(&cfg.Server, cfg.Node.Network); err != nil { - logger.Log(0, "network:", cfg.Node.Network, "error overwriting config with broker information: "+err.Error()) - } - } - - //x509.Certificate.PublicKey is an interface so json encoding/decoding results in a string rather that []byte - //the pubkeys are included in the response so the values in the certificate can be updated appropriately - resp.CA.PublicKey = resp.CAPubKey - resp.Cert.PublicKey = resp.CertPubKey - if err := tls.SaveCertToFile(ncutils.GetNetclientServerPath(cfg.Server.Server)+ncutils.GetSeparator(), tls.ROOT_PEM_NAME, &resp.CA); err != nil { - return err - } - if err := tls.SaveCertToFile(ncutils.GetNetclientServerPath(cfg.Server.Server)+ncutils.GetSeparator(), "client.pem", &resp.Cert); err != nil { - return err - } - logger.Log(0, "network:", cfg.Network, "certificates/key saved ") - //join the network defined in the token - return nil -}