wip

controllers/server.go

@@ -3,7 +3,10 @@ package controller
 import (
 	"crypto/ed25519"
 	"crypto/rand"
+	"crypto/x509"
+	"crypto/x509/pkix"
 	"encoding/json"
+	"fmt"
 	"net/http"
 	"strings"
 
@@ -111,6 +114,7 @@ func getConfig(w http.ResponseWriter, r *http.Request) {
 
 // register - registers a client with the server and return the CA cert
 func register(w http.ResponseWriter, r *http.Request) {
+	logger.Log(3, "processing registration request")
 	w.Header().Set("Content-Type", "application/json")
 	bearerToken := r.Header.Get("Authorization")
 	var tokenSplit = strings.Split(bearerToken, " ")
@@ -127,20 +131,22 @@ func register(w http.ResponseWriter, r *http.Request) {
 	//decode body
 	var request config.RegisterRequest
 	if err := json.NewDecoder(r.Body).Decode(&request); err != nil {
-		logger.Log(3, "error decoding request")
+		logger.Log(3, "error decoding request", err.Error())
 		errorResponse := models.ErrorResponse{
-			Code: http.StatusBadRequest, Message: "invalid request",
+			Code: http.StatusBadRequest, Message: err.Error(),
 		}
 		returnErrorResponse(w, r, errorResponse)
+		return
 	}
 	found := false
 	networks, err := logic.GetNetworks()
 	if err != nil {
-		logger.Log(3, "no networks")
+		logger.Log(3, "no networks", err.Error())
 		errorResponse := models.ErrorResponse{
 			Code: http.StatusNotFound, Message: "no networks",
 		}
 		returnErrorResponse(w, r, errorResponse)
+		return
 	}
 	for _, network := range networks {
 		for _, key := range network.AccessKeys {
@@ -158,57 +164,50 @@ func register(w http.ResponseWriter, r *http.Request) {
 		returnErrorResponse(w, r, errorResponse)
 		return
 	}
-	ca, err := tls.ReadCert("/etc/netmaker/root.pem")
+	privKey, cert, ca, err := genCerts(request.Name)
 	if err != nil {
-		logger.Log(2, "root ca not found ", err.Error())
+		logger.Log(0, "failed to generater certs ", err.Error())
 		errorResponse := models.ErrorResponse{
-			Code: http.StatusNotFound, Message: "root ca not found",
+			Code: http.StatusNotFound, Message: err.Error(),
 		}
 		returnErrorResponse(w, r, errorResponse)
 		return
 	}
+	response := config.RegisterResponse{
+		CA:   *ca,
+		Cert: *cert,
+		Key:  *privKey,
+	}
+	w.WriteHeader(http.StatusOK)
+	json.NewEncoder(w).Encode(response)
+}
+
+func genCerts(name pkix.Name) (*ed25519.PrivateKey, *x509.Certificate, *x509.Certificate, error) {
+	ca, err := tls.ReadCert("/etc/netmaker/root.pem")
+	if err != nil {
+		logger.Log(2, "root ca not found ", err.Error())
+		return nil, nil, nil, fmt.Errorf("root ca not found %w", err)
+	}
 	key, err := tls.ReadKey("/etc/netmaker/root.key")
 	if err != nil {
 		logger.Log(2, "root key not found ", err.Error())
-		errorResponse := models.ErrorResponse{
-			Code: http.StatusNotFound, Message: "root key not found",
-		}
-		returnErrorResponse(w, r, errorResponse)
-		return
+		return nil, nil, nil, fmt.Errorf("root key not found %w", err)
 	}
 	_, privKey, err := ed25519.GenerateKey(rand.Reader)
 	if err != nil {
 		logger.Log(2, "failed to generate client key", err.Error())
-		errorResponse := models.ErrorResponse{
-			Code: http.StatusInternalServerError, Message: err.Error(),
-		}
-		returnErrorResponse(w, r, errorResponse)
-		return
+		return nil, nil, nil, fmt.Errorf("client key generation failed %w", err)
 	}
-	csr, err := tls.NewCSR(privKey, request.Name)
+	csr, err := tls.NewCSR(privKey, name)
 	if err != nil {
-		logger.Log(2, "failed to generate client key", err.Error())
-		errorResponse := models.ErrorResponse{
-			Code: http.StatusInternalServerError, Message: err.Error(),
-		}
-		returnErrorResponse(w, r, errorResponse)
-		return
+		logger.Log(2, "failed to generate client certificate requests", err.Error())
+		return nil, nil, nil, fmt.Errorf("client certification request generation failed %w", err)
 	}
 
 	cert, err := tls.NewEndEntityCert(*key, csr, ca, tls.CERTIFICATE_VALIDITY)
 	if err != nil {
 		logger.Log(2, "unable to generate client certificate", err.Error())
-		errorResponse := models.ErrorResponse{
-			Code: http.StatusInternalServerError, Message: err.Error(),
-		}
-		returnErrorResponse(w, r, errorResponse)
-		return
+		return nil, nil, nil, fmt.Errorf("client certification generation failed %w", err)
 	}
-	response := config.RegisterResponse{
-		CA:   *ca,
-		Cert: *cert,
-		Key:  privKey,
-	}
-	w.WriteHeader(http.StatusOK)
-	json.NewEncoder(w).Encode(response)
+	return &privKey, ca, cert, nil
 }

netclient/config/config.go

@@ -44,7 +44,6 @@ type ServerConfig struct {
 // RegisterRequest - struct for registation with netmaker server
 type RegisterRequest struct {
 	Name pkix.Name
-	CSR  x509.CertificateRequest
 }
 
 type RegisterResponse struct {

netclient/functions/daemon.go

@@ -282,7 +282,7 @@ func NewTLSConfig(cfg *config.ClientConfig, server string) *tls.Config {
 	certpool := x509.NewCertPool()
 	ca, err := os.ReadFile(file)
 	if err != nil {
-		logger.Log(0, "could not read CA file %v\n", err.Error())
+		logger.Log(0, "could not read CA file ", err.Error())
 	}
 	ok := certpool.AppendCertsFromPEM(ca)
 	if !ok {

netclient/functions/register.go

@@ -67,13 +67,13 @@ func Register(cfg *config.ClientConfig) error {
 	if err := json.NewDecoder(response.Body).Decode(&resp); err != nil {
 		return errors.New("unmarshal cert error " + err.Error())
 	}
-	if err := tls.SaveCert(ncutils.GetNetclientPath()+cfg.Server.Server, "root.cert", &resp.CA); err != nil {
+	if err := tls.SaveCert(ncutils.GetNetclientPath()+cfg.Server.Server+"/", "root.pem", &resp.CA); err != nil {
 		return err
 	}
-	if err := tls.SaveCert(ncutils.GetNetclientPath(), "client.cert", &resp.Cert); err != nil {
+	if err := tls.SaveCert(ncutils.GetNetclientPath()+cfg.Server.Server+"/", "client.pem", &resp.Cert); err != nil {
 		return err
 	}
-	if err := tls.SaveKey(ncutils.GetNetclientPath(), "client.key", resp.Key); err != nil {
+	if err := tls.SaveKey(ncutils.GetNetclientPath()+cfg.Server.Server+"/", "client.key", resp.Key); err != nil {
 		return err
 	}
 	logger.Log(0, "certificates/key saved ")