zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2025-10-05 00:43:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

wip

Browse Source
This commit is contained in:
Matthew R. Kasun
2022-04-14 14:14:37 -04:00
parent 38cf8b0ceb
commit fb6059e4a1
4 changed files with 47 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
controllers/server.go
View File

@@ -3,7 +3,10 @@ package controller
import ( import (
"crypto/ed25519" "crypto/ed25519"
"crypto/rand" "crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"encoding/json" "encoding/json"
"fmt"
"net/http" "net/http"
"strings" "strings"
@@ -111,6 +114,7 @@ func getConfig(w http.ResponseWriter, r *http.Request) {
// register - registers a client with the server and return the CA cert // register - registers a client with the server and return the CA cert
func register(w http.ResponseWriter, r *http.Request) { func register(w http.ResponseWriter, r *http.Request) {
logger.Log(3, "processing registration request")
w.Header().Set("Content-Type", "application/json") w.Header().Set("Content-Type", "application/json")
bearerToken := r.Header.Get("Authorization") bearerToken := r.Header.Get("Authorization")
var tokenSplit = strings.Split(bearerToken, " ") var tokenSplit = strings.Split(bearerToken, " ")
@@ -127,20 +131,22 @@ func register(w http.ResponseWriter, r *http.Request) {
//decode body //decode body
var request config.RegisterRequest var request config.RegisterRequest
if err := json.NewDecoder(r.Body).Decode(&request); err != nil { if err := json.NewDecoder(r.Body).Decode(&request); err != nil {
logger.Log(3, "error decoding request") logger.Log(3, "error decoding request", err.Error())
errorResponse := models.ErrorResponse{ errorResponse := models.ErrorResponse{
Code: http.StatusBadRequest, Message: "invalid request", Code: http.StatusBadRequest, Message: err.Error(),
} }
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return
} }
found := false found := false
networks, err := logic.GetNetworks() networks, err := logic.GetNetworks()
if err != nil { if err != nil {
logger.Log(3, "no networks") logger.Log(3, "no networks", err.Error())
errorResponse := models.ErrorResponse{ errorResponse := models.ErrorResponse{
Code: http.StatusNotFound, Message: "no networks", Code: http.StatusNotFound, Message: "no networks",
} }
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return
} }
for _, network := range networks { for _, network := range networks {
for _, key := range network.AccessKeys { for _, key := range network.AccessKeys {
@@ -158,48 +164,11 @@ func register(w http.ResponseWriter, r *http.Request) {
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return return
} }
ca, err := tls.ReadCert("/etc/netmaker/root.pem") privKey, cert, ca, err := genCerts(request.Name)
if err != nil { if err != nil {
logger.Log(2, "root ca not found ", err.Error()) logger.Log(0, "failed to generater certs ", err.Error())
errorResponse := models.ErrorResponse{ errorResponse := models.ErrorResponse{
Code: http.StatusNotFound, Message: "root ca not found", Code: http.StatusNotFound, Message: err.Error(),
}
returnErrorResponse(w, r, errorResponse)
return
}
key, err := tls.ReadKey("/etc/netmaker/root.key")
if err != nil {
logger.Log(2, "root key not found ", err.Error())
errorResponse := models.ErrorResponse{
Code: http.StatusNotFound, Message: "root key not found",
}
returnErrorResponse(w, r, errorResponse)
return
}
_, privKey, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
logger.Log(2, "failed to generate client key", err.Error())
errorResponse := models.ErrorResponse{
Code: http.StatusInternalServerError, Message: err.Error(),
}
returnErrorResponse(w, r, errorResponse)
return
}
csr, err := tls.NewCSR(privKey, request.Name)
if err != nil {
logger.Log(2, "failed to generate client key", err.Error())
errorResponse := models.ErrorResponse{
Code: http.StatusInternalServerError, Message: err.Error(),
}
returnErrorResponse(w, r, errorResponse)
return
}
cert, err := tls.NewEndEntityCert(*key, csr, ca, tls.CERTIFICATE_VALIDITY)
if err != nil {
logger.Log(2, "unable to generate client certificate", err.Error())
errorResponse := models.ErrorResponse{
Code: http.StatusInternalServerError, Message: err.Error(),
} }
returnErrorResponse(w, r, errorResponse) returnErrorResponse(w, r, errorResponse)
return return
@@ -207,8 +176,38 @@ func register(w http.ResponseWriter, r *http.Request) {
response := config.RegisterResponse{ response := config.RegisterResponse{
CA: *ca, CA: *ca,
Cert: *cert, Cert: *cert,
Key: privKey, Key: *privKey,
} }
w.WriteHeader(http.StatusOK) w.WriteHeader(http.StatusOK)
json.NewEncoder(w).Encode(response) json.NewEncoder(w).Encode(response)
} }
func genCerts(name pkix.Name) (*ed25519.PrivateKey, *x509.Certificate, *x509.Certificate, error) {
ca, err := tls.ReadCert("/etc/netmaker/root.pem")
if err != nil {
logger.Log(2, "root ca not found ", err.Error())
return nil, nil, nil, fmt.Errorf("root ca not found %w", err)
}
key, err := tls.ReadKey("/etc/netmaker/root.key")
if err != nil {
logger.Log(2, "root key not found ", err.Error())
return nil, nil, nil, fmt.Errorf("root key not found %w", err)
}
_, privKey, err := ed25519.GenerateKey(rand.Reader)
if err != nil {
logger.Log(2, "failed to generate client key", err.Error())
return nil, nil, nil, fmt.Errorf("client key generation failed %w", err)
}
csr, err := tls.NewCSR(privKey, name)
if err != nil {
logger.Log(2, "failed to generate client certificate requests", err.Error())
return nil, nil, nil, fmt.Errorf("client certification request generation failed %w", err)
}
cert, err := tls.NewEndEntityCert(*key, csr, ca, tls.CERTIFICATE_VALIDITY)
if err != nil {
logger.Log(2, "unable to generate client certificate", err.Error())
return nil, nil, nil, fmt.Errorf("client certification generation failed %w", err)
}
return &privKey, ca, cert, nil
}

1
netclient/config/config.go
View File

@@ -44,7 +44,6 @@ type ServerConfig struct {
// RegisterRequest - struct for registation with netmaker server // RegisterRequest - struct for registation with netmaker server
type RegisterRequest struct { type RegisterRequest struct {
Name pkix.Name Name pkix.Name
CSR x509.CertificateRequest
} }
type RegisterResponse struct { type RegisterResponse struct {

2
netclient/functions/daemon.go
View File

@@ -282,7 +282,7 @@ func NewTLSConfig(cfg *config.ClientConfig, server string) *tls.Config {
certpool := x509.NewCertPool() certpool := x509.NewCertPool()
ca, err := os.ReadFile(file) ca, err := os.ReadFile(file)
if err != nil { if err != nil {
logger.Log(0, "could not read CA file %v\n", err.Error()) logger.Log(0, "could not read CA file ", err.Error())
} }
ok := certpool.AppendCertsFromPEM(ca) ok := certpool.AppendCertsFromPEM(ca)
if !ok { if !ok {

6
netclient/functions/register.go
View File

@@ -67,13 +67,13 @@ func Register(cfg *config.ClientConfig) error {
if err := json.NewDecoder(response.Body).Decode(&resp); err != nil { if err := json.NewDecoder(response.Body).Decode(&resp); err != nil {
return errors.New("unmarshal cert error " + err.Error()) return errors.New("unmarshal cert error " + err.Error())
} }
if err := tls.SaveCert(ncutils.GetNetclientPath()+cfg.Server.Server, "root.cert", &resp.CA); err != nil { if err := tls.SaveCert(ncutils.GetNetclientPath()+cfg.Server.Server+"/", "root.pem", &resp.CA); err != nil {
return err return err
} }
if err := tls.SaveCert(ncutils.GetNetclientPath(), "client.cert", &resp.Cert); err != nil { if err := tls.SaveCert(ncutils.GetNetclientPath()+cfg.Server.Server+"/", "client.pem", &resp.Cert); err != nil {
return err return err
} }
if err := tls.SaveKey(ncutils.GetNetclientPath(), "client.key", resp.Key); err != nil { if err := tls.SaveKey(ncutils.GetNetclientPath()+cfg.Server.Server+"/", "client.key", resp.Key); err != nil {
return err return err
} }
logger.Log(0, "certificates/key saved ") logger.Log(0, "certificates/key saved ")