refactor logic for client.key generation

netclient/command/commands.go

@@ -92,19 +92,25 @@ func Pull(cfg *config.ClientConfig) error {
 
 		currentServers[currCfg.Server.Server] = *currCfg
 	}
-
+	//generate new client key if one doesn' exist
+	var private *ed25519.PrivateKey
+	private, err = tls.ReadKey(ncutils.GetNetclientPath() + ncutils.GetSeparator() + "client.key")
+	if err != nil {
+		_, newKey, err := ed25519.GenerateKey(rand.Reader)
+		if err != nil {
+			return err
+		}
+		if err := tls.SaveKey(ncutils.GetNetclientPath(), ncutils.GetSeparator()+"client.key", newKey); err != nil {
+			return err
+		}
+		private = &newKey
+	}
+	// re-register with server -- get new certs for broker
 	for _, clientCfg := range currentServers {
-		_, newKey, kerr := ed25519.GenerateKey(rand.Reader)
-		if kerr == nil && err == nil {
-			if kerr := tls.SaveKey(ncutils.GetNetclientPath(), ncutils.GetSeparator()+"client.key", newKey); kerr != nil {
-				logger.Log(0, "error saving key", kerr.Error())
-			} else {
-				if kerr = functions.RegisterWithServer(&newKey, &clientCfg); err != nil {
-					logger.Log(0, "registration error", kerr.Error())
-				} else {
-					daemon.Restart()
-				}
-			}
+		if err = functions.RegisterWithServer(private, &clientCfg); err != nil {
+			logger.Log(0, "registration error", err.Error())
+		} else {
+			daemon.Restart()
 		}
 	}
 	logger.Log(1, "reset network and peer configs")

netclient/functions/daemon.go

@@ -170,7 +170,7 @@ func messageQueue(ctx context.Context, cfg *config.ClientConfig) {
 	logger.Log(0, "netclient daemon started for server: ", cfg.Server.Server)
 	client, err := setupMQTT(cfg, false)
 	if err != nil {
-		logger.Log(0, "unable to connect to broker", err.Error())
+		logger.Log(0, "unable to connect to broker", cfg.Server.Server, err.Error())
 		return
 	}
 	defer client.Disconnect(250)
@@ -179,7 +179,7 @@ func messageQueue(ctx context.Context, cfg *config.ClientConfig) {
 }
 
 // NewTLSConf sets up tls configuration to connect to broker securely
-func NewTLSConfig(server string) *tls.Config {
+func NewTLSConfig(server string) (*tls.Config, error) {
 	file := ncutils.GetNetclientServerPath(server) + ncutils.GetSeparator() + "root.pem"
 	certpool := x509.NewCertPool()
 	ca, err := os.ReadFile(file)
@@ -192,7 +192,8 @@ func NewTLSConfig(server string) *tls.Config {
 	}
 	clientKeyPair, err := tls.LoadX509KeyPair(ncutils.GetNetclientServerPath(server)+ncutils.GetSeparator()+"client.pem", ncutils.GetNetclientPath()+ncutils.GetSeparator()+"client.key")
 	if err != nil {
-		log.Fatalf("could not read client cert/key %v \n", err)
+		logger.Log(0, "could not read client cert/key ", err.Error())
+		return nil, err
 	}
 	certs := []tls.Certificate{clientKeyPair}
 	return &tls.Config{
@@ -201,7 +202,8 @@ func NewTLSConfig(server string) *tls.Config {
 		ClientCAs:          nil,
 		Certificates:       certs,
 		InsecureSkipVerify: false,
-	}
+	}, nil
+
 }
 
 // setupMQTT creates a connection to broker and returns client
@@ -211,7 +213,12 @@ func setupMQTT(cfg *config.ClientConfig, publish bool) (mqtt.Client, error) {
 	server := cfg.Server.Server
 	port := cfg.Server.MQPort
 	opts.AddBroker("ssl://" + server + ":" + port)
-	opts.SetTLSConfig(NewTLSConfig(server))
+	tlsConfig, err := NewTLSConfig(server)
+	if err != nil {
+		logger.Log(0, "failed to get TLS config for", server, err.Error())
+		return nil, err
+	}
+	opts.SetTLSConfig(tlsConfig)
 	opts.SetClientID(ncutils.MakeRandomString(23))
 	opts.SetDefaultPublishHandler(All)
 	opts.SetAutoReconnect(true)

netclient/functions/join.go

@@ -188,7 +188,7 @@ func JoinNetwork(cfg *config.ClientConfig, privateKey string) error {
 	if err != nil {
 		return err
 	}
-	if err := Register(cfg, privateKey); err != nil {
+	if err := Register(cfg); err != nil {
 		return err
 	}
 	if cfg.Server.Server == "" {

netclient/functions/mqpublish.go

@@ -15,7 +15,6 @@ import (
 	"github.com/gravitl/netmaker/logger"
 	"github.com/gravitl/netmaker/netclient/auth"
 	"github.com/gravitl/netmaker/netclient/config"
-	"github.com/gravitl/netmaker/netclient/daemon"
 	"github.com/gravitl/netmaker/netclient/ncutils"
 	"github.com/gravitl/netmaker/tls"
 )
@@ -108,11 +107,10 @@ func Hello(nodeCfg *config.ClientConfig) {
 		_, err := Pull(nodeCfg.Node.Network, true)
 		if err != nil {
 			logger.Log(0, "could not run pull on "+nodeCfg.Node.Network+", error: "+err.Error())
-		} else {
-			daemon.Restart()
 		}
+	} else {
+		logger.Log(3, "checkin for", nodeCfg.Network, "complete")
 	}
-	logger.Log(3, "checkin for", nodeCfg.Network, "complete")
 }
 
 // node cfg is required  in order to fetch the traffic keys of that node for encryption

netclient/functions/register.go

@@ -15,7 +15,7 @@ import (
 )
 
 // Register - the function responsible for registering with the server and acquiring certs
-func Register(cfg *config.ClientConfig, key string) error {
+func Register(cfg *config.ClientConfig) error {
 
 	//generate new key if one doesn' exist
 	var private *ed25519.PrivateKey