mirror of
https://github.com/gravitl/netmaker.git
synced 2025-10-05 16:57:51 +08:00
refactor logic for client.key generation
This commit is contained in:
Matthew R. Kasun
@@ -92,21 +92,27 @@ func Pull(cfg *config.ClientConfig) error {
|
|||||||
|
|
||||||
currentServers[currCfg.Server.Server] = *currCfg
|
currentServers[currCfg.Server.Server] = *currCfg
|
||||||
}
|
}
|
||||||
|
//generate new client key if one doesn' exist
|
||||||
|
var private *ed25519.PrivateKey
|
||||||
|
private, err = tls.ReadKey(ncutils.GetNetclientPath() + ncutils.GetSeparator() + "client.key")
|
||||||
|
if err != nil {
|
||||||
|
_, newKey, err := ed25519.GenerateKey(rand.Reader)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := tls.SaveKey(ncutils.GetNetclientPath(), ncutils.GetSeparator()+"client.key", newKey); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
private = &newKey
|
||||||
|
}
|
||||||
|
// re-register with server -- get new certs for broker
|
||||||
for _, clientCfg := range currentServers {
|
for _, clientCfg := range currentServers {
|
||||||
_, newKey, kerr := ed25519.GenerateKey(rand.Reader)
|
if err = functions.RegisterWithServer(private, &clientCfg); err != nil {
|
||||||
if kerr == nil && err == nil {
|
logger.Log(0, "registration error", err.Error())
|
||||||
if kerr := tls.SaveKey(ncutils.GetNetclientPath(), ncutils.GetSeparator()+"client.key", newKey); kerr != nil {
|
|
||||||
logger.Log(0, "error saving key", kerr.Error())
|
|
||||||
} else {
|
|
||||||
if kerr = functions.RegisterWithServer(&newKey, &clientCfg); err != nil {
|
|
||||||
logger.Log(0, "registration error", kerr.Error())
|
|
||||||
} else {
|
} else {
|
||||||
daemon.Restart()
|
daemon.Restart()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
logger.Log(1, "reset network and peer configs")
|
logger.Log(1, "reset network and peer configs")
|
||||||
|
|
||||||
return err
|
return err
|
||||||
|
|||||||
@@ -170,7 +170,7 @@ func messageQueue(ctx context.Context, cfg *config.ClientConfig) {
|
|||||||
logger.Log(0, "netclient daemon started for server: ", cfg.Server.Server)
|
logger.Log(0, "netclient daemon started for server: ", cfg.Server.Server)
|
||||||
client, err := setupMQTT(cfg, false)
|
client, err := setupMQTT(cfg, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Log(0, "unable to connect to broker", err.Error())
|
logger.Log(0, "unable to connect to broker", cfg.Server.Server, err.Error())
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
defer client.Disconnect(250)
|
defer client.Disconnect(250)
|
||||||
@@ -179,7 +179,7 @@ func messageQueue(ctx context.Context, cfg *config.ClientConfig) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// NewTLSConf sets up tls configuration to connect to broker securely
|
// NewTLSConf sets up tls configuration to connect to broker securely
|
||||||
func NewTLSConfig(server string) *tls.Config {
|
func NewTLSConfig(server string) (*tls.Config, error) {
|
||||||
file := ncutils.GetNetclientServerPath(server) + ncutils.GetSeparator() + "root.pem"
|
file := ncutils.GetNetclientServerPath(server) + ncutils.GetSeparator() + "root.pem"
|
||||||
certpool := x509.NewCertPool()
|
certpool := x509.NewCertPool()
|
||||||
ca, err := os.ReadFile(file)
|
ca, err := os.ReadFile(file)
|
||||||
@@ -192,7 +192,8 @@ func NewTLSConfig(server string) *tls.Config {
|
|||||||
}
|
}
|
||||||
clientKeyPair, err := tls.LoadX509KeyPair(ncutils.GetNetclientServerPath(server)+ncutils.GetSeparator()+"client.pem", ncutils.GetNetclientPath()+ncutils.GetSeparator()+"client.key")
|
clientKeyPair, err := tls.LoadX509KeyPair(ncutils.GetNetclientServerPath(server)+ncutils.GetSeparator()+"client.pem", ncutils.GetNetclientPath()+ncutils.GetSeparator()+"client.key")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("could not read client cert/key %v \n", err)
|
logger.Log(0, "could not read client cert/key ", err.Error())
|
||||||
|
return nil, err
|
||||||
}
|
}
|
||||||
certs := []tls.Certificate{clientKeyPair}
|
certs := []tls.Certificate{clientKeyPair}
|
||||||
return &tls.Config{
|
return &tls.Config{
|
||||||
@@ -201,7 +202,8 @@ func NewTLSConfig(server string) *tls.Config {
|
|||||||
ClientCAs: nil,
|
ClientCAs: nil,
|
||||||
Certificates: certs,
|
Certificates: certs,
|
||||||
InsecureSkipVerify: false,
|
InsecureSkipVerify: false,
|
||||||
}
|
}, nil
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// setupMQTT creates a connection to broker and returns client
|
// setupMQTT creates a connection to broker and returns client
|
||||||
@@ -211,7 +213,12 @@ func setupMQTT(cfg *config.ClientConfig, publish bool) (mqtt.Client, error) {
|
|||||||
server := cfg.Server.Server
|
server := cfg.Server.Server
|
||||||
port := cfg.Server.MQPort
|
port := cfg.Server.MQPort
|
||||||
opts.AddBroker("ssl://" + server + ":" + port)
|
opts.AddBroker("ssl://" + server + ":" + port)
|
||||||
opts.SetTLSConfig(NewTLSConfig(server))
|
tlsConfig, err := NewTLSConfig(server)
|
||||||
|
if err != nil {
|
||||||
|
logger.Log(0, "failed to get TLS config for", server, err.Error())
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
opts.SetTLSConfig(tlsConfig)
|
||||||
opts.SetClientID(ncutils.MakeRandomString(23))
|
opts.SetClientID(ncutils.MakeRandomString(23))
|
||||||
opts.SetDefaultPublishHandler(All)
|
opts.SetDefaultPublishHandler(All)
|
||||||
opts.SetAutoReconnect(true)
|
opts.SetAutoReconnect(true)
|
||||||
|
|||||||
@@ -188,7 +188,7 @@ func JoinNetwork(cfg *config.ClientConfig, privateKey string) error {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if err := Register(cfg, privateKey); err != nil {
|
if err := Register(cfg); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if cfg.Server.Server == "" {
|
if cfg.Server.Server == "" {
|
||||||
|
|||||||
@@ -15,7 +15,6 @@ import (
|
|||||||
"github.com/gravitl/netmaker/logger"
|
"github.com/gravitl/netmaker/logger"
|
||||||
"github.com/gravitl/netmaker/netclient/auth"
|
"github.com/gravitl/netmaker/netclient/auth"
|
||||||
"github.com/gravitl/netmaker/netclient/config"
|
"github.com/gravitl/netmaker/netclient/config"
|
||||||
"github.com/gravitl/netmaker/netclient/daemon"
|
|
||||||
"github.com/gravitl/netmaker/netclient/ncutils"
|
"github.com/gravitl/netmaker/netclient/ncutils"
|
||||||
"github.com/gravitl/netmaker/tls"
|
"github.com/gravitl/netmaker/tls"
|
||||||
)
|
)
|
||||||
@@ -108,11 +107,10 @@ func Hello(nodeCfg *config.ClientConfig) {
|
|||||||
_, err := Pull(nodeCfg.Node.Network, true)
|
_, err := Pull(nodeCfg.Node.Network, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Log(0, "could not run pull on "+nodeCfg.Node.Network+", error: "+err.Error())
|
logger.Log(0, "could not run pull on "+nodeCfg.Node.Network+", error: "+err.Error())
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
daemon.Restart()
|
|
||||||
}
|
|
||||||
}
|
|
||||||
logger.Log(3, "checkin for", nodeCfg.Network, "complete")
|
logger.Log(3, "checkin for", nodeCfg.Network, "complete")
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// node cfg is required in order to fetch the traffic keys of that node for encryption
|
// node cfg is required in order to fetch the traffic keys of that node for encryption
|
||||||
|
|||||||
@@ -15,7 +15,7 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// Register - the function responsible for registering with the server and acquiring certs
|
// Register - the function responsible for registering with the server and acquiring certs
|
||||||
func Register(cfg *config.ClientConfig, key string) error {
|
func Register(cfg *config.ClientConfig) error {
|
||||||
|
|
||||||
//generate new key if one doesn' exist
|
//generate new key if one doesn' exist
|
||||||
var private *ed25519.PrivateKey
|
var private *ed25519.PrivateKey
|
||||||
|
|||||||
Reference in New Issue
Block a user