mirror of
https://github.com/gravitl/netmaker.git
synced 2025-10-05 08:47:35 +08:00
refactor logic for client.key generation
This commit is contained in:
Matthew R. Kasun
@@ -92,19 +92,25 @@ func Pull(cfg *config.ClientConfig) error {
|
||||
|
||||
currentServers[currCfg.Server.Server] = *currCfg
|
||||
}
|
||||
|
||||
//generate new client key if one doesn' exist
|
||||
var private *ed25519.PrivateKey
|
||||
private, err = tls.ReadKey(ncutils.GetNetclientPath() + ncutils.GetSeparator() + "client.key")
|
||||
if err != nil {
|
||||
_, newKey, err := ed25519.GenerateKey(rand.Reader)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := tls.SaveKey(ncutils.GetNetclientPath(), ncutils.GetSeparator()+"client.key", newKey); err != nil {
|
||||
return err
|
||||
}
|
||||
private = &newKey
|
||||
}
|
||||
// re-register with server -- get new certs for broker
|
||||
for _, clientCfg := range currentServers {
|
||||
_, newKey, kerr := ed25519.GenerateKey(rand.Reader)
|
||||
if kerr == nil && err == nil {
|
||||
if kerr := tls.SaveKey(ncutils.GetNetclientPath(), ncutils.GetSeparator()+"client.key", newKey); kerr != nil {
|
||||
logger.Log(0, "error saving key", kerr.Error())
|
||||
} else {
|
||||
if kerr = functions.RegisterWithServer(&newKey, &clientCfg); err != nil {
|
||||
logger.Log(0, "registration error", kerr.Error())
|
||||
} else {
|
||||
daemon.Restart()
|
||||
}
|
||||
}
|
||||
if err = functions.RegisterWithServer(private, &clientCfg); err != nil {
|
||||
logger.Log(0, "registration error", err.Error())
|
||||
} else {
|
||||
daemon.Restart()
|
||||
}
|
||||
}
|
||||
logger.Log(1, "reset network and peer configs")
|
||||
|
||||
@@ -170,7 +170,7 @@ func messageQueue(ctx context.Context, cfg *config.ClientConfig) {
|
||||
logger.Log(0, "netclient daemon started for server: ", cfg.Server.Server)
|
||||
client, err := setupMQTT(cfg, false)
|
||||
if err != nil {
|
||||
logger.Log(0, "unable to connect to broker", err.Error())
|
||||
logger.Log(0, "unable to connect to broker", cfg.Server.Server, err.Error())
|
||||
return
|
||||
}
|
||||
defer client.Disconnect(250)
|
||||
@@ -179,7 +179,7 @@ func messageQueue(ctx context.Context, cfg *config.ClientConfig) {
|
||||
}
|
||||
|
||||
// NewTLSConf sets up tls configuration to connect to broker securely
|
||||
func NewTLSConfig(server string) *tls.Config {
|
||||
func NewTLSConfig(server string) (*tls.Config, error) {
|
||||
file := ncutils.GetNetclientServerPath(server) + ncutils.GetSeparator() + "root.pem"
|
||||
certpool := x509.NewCertPool()
|
||||
ca, err := os.ReadFile(file)
|
||||
@@ -192,7 +192,8 @@ func NewTLSConfig(server string) *tls.Config {
|
||||
}
|
||||
clientKeyPair, err := tls.LoadX509KeyPair(ncutils.GetNetclientServerPath(server)+ncutils.GetSeparator()+"client.pem", ncutils.GetNetclientPath()+ncutils.GetSeparator()+"client.key")
|
||||
if err != nil {
|
||||
log.Fatalf("could not read client cert/key %v \n", err)
|
||||
logger.Log(0, "could not read client cert/key ", err.Error())
|
||||
return nil, err
|
||||
}
|
||||
certs := []tls.Certificate{clientKeyPair}
|
||||
return &tls.Config{
|
||||
@@ -201,7 +202,8 @@ func NewTLSConfig(server string) *tls.Config {
|
||||
ClientCAs: nil,
|
||||
Certificates: certs,
|
||||
InsecureSkipVerify: false,
|
||||
}
|
||||
}, nil
|
||||
|
||||
}
|
||||
|
||||
// setupMQTT creates a connection to broker and returns client
|
||||
@@ -211,7 +213,12 @@ func setupMQTT(cfg *config.ClientConfig, publish bool) (mqtt.Client, error) {
|
||||
server := cfg.Server.Server
|
||||
port := cfg.Server.MQPort
|
||||
opts.AddBroker("ssl://" + server + ":" + port)
|
||||
opts.SetTLSConfig(NewTLSConfig(server))
|
||||
tlsConfig, err := NewTLSConfig(server)
|
||||
if err != nil {
|
||||
logger.Log(0, "failed to get TLS config for", server, err.Error())
|
||||
return nil, err
|
||||
}
|
||||
opts.SetTLSConfig(tlsConfig)
|
||||
opts.SetClientID(ncutils.MakeRandomString(23))
|
||||
opts.SetDefaultPublishHandler(All)
|
||||
opts.SetAutoReconnect(true)
|
||||
|
||||
@@ -188,7 +188,7 @@ func JoinNetwork(cfg *config.ClientConfig, privateKey string) error {
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if err := Register(cfg, privateKey); err != nil {
|
||||
if err := Register(cfg); err != nil {
|
||||
return err
|
||||
}
|
||||
if cfg.Server.Server == "" {
|
||||
|
||||
@@ -15,7 +15,6 @@ import (
|
||||
"github.com/gravitl/netmaker/logger"
|
||||
"github.com/gravitl/netmaker/netclient/auth"
|
||||
"github.com/gravitl/netmaker/netclient/config"
|
||||
"github.com/gravitl/netmaker/netclient/daemon"
|
||||
"github.com/gravitl/netmaker/netclient/ncutils"
|
||||
"github.com/gravitl/netmaker/tls"
|
||||
)
|
||||
@@ -108,11 +107,10 @@ func Hello(nodeCfg *config.ClientConfig) {
|
||||
_, err := Pull(nodeCfg.Node.Network, true)
|
||||
if err != nil {
|
||||
logger.Log(0, "could not run pull on "+nodeCfg.Node.Network+", error: "+err.Error())
|
||||
} else {
|
||||
daemon.Restart()
|
||||
}
|
||||
} else {
|
||||
logger.Log(3, "checkin for", nodeCfg.Network, "complete")
|
||||
}
|
||||
logger.Log(3, "checkin for", nodeCfg.Network, "complete")
|
||||
}
|
||||
|
||||
// node cfg is required in order to fetch the traffic keys of that node for encryption
|
||||
|
||||
@@ -15,7 +15,7 @@ import (
|
||||
)
|
||||
|
||||
// Register - the function responsible for registering with the server and acquiring certs
|
||||
func Register(cfg *config.ClientConfig, key string) error {
|
||||
func Register(cfg *config.ClientConfig) error {
|
||||
|
||||
//generate new key if one doesn' exist
|
||||
var private *ed25519.PrivateKey
|
||||
|
||||
Reference in New Issue
Block a user