VPN: API server returnes config template while client app merges private key into it
diff --git a/core/client/cmd/pcloud/client.go b/core/client/cmd/pcloud/client.go
index aa1a3c3..b48db76 100644
--- a/core/client/cmd/pcloud/client.go
+++ b/core/client/cmd/pcloud/client.go
@@ -4,18 +4,22 @@
"bytes"
"crypto/rand"
"crypto/tls"
+ "encoding/base64"
"encoding/json"
"errors"
+ "fmt"
"io"
"net/http"
+ "github.com/slackhq/nebula/cert"
"golang.org/x/crypto/curve25519"
+ "sigs.k8s.io/yaml"
)
type VPNClient interface {
Address() string
Sign(message []byte) ([]byte, error)
- Join(apiAddr string, message, signature []byte) (interface{}, error)
+ Join(apiAddr string, message, signature []byte) ([]byte, error)
}
type directVPNClient struct {
@@ -69,14 +73,14 @@
}
type joinResp struct {
+ cfgYamlB64 string
}
-func (c *directVPNClient) Join(apiAddr string, message, signature []byte) (interface{}, error) {
+func (c *directVPNClient) Join(apiAddr string, message, signature []byte) ([]byte, error) {
if c.addr != "" {
return nil, errors.New("Already joined")
}
- c.addr = apiAddr
- pubKey, _, err := x25519Keypair()
+ pubKey, privKey, err := x25519Keypair()
if err != nil {
return nil, err
}
@@ -84,7 +88,7 @@
message,
signature,
"test",
- pubKey,
+ cert.MarshalX25519PublicKey(pubKey),
"111.0.0.13/24",
}
var data bytes.Buffer
@@ -97,15 +101,30 @@
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
},
}
- r, err := client.Post(c.addr+"/api/join", "application/json", &data)
+ r, err := client.Post(apiAddr+"/api/join", "application/json", &data)
if err != nil {
return nil, err
}
- resp := &joinResp{}
- if err := json.NewDecoder(r.Body).Decode(resp); err != nil {
+ var cfgYamlB bytes.Buffer
+ _, err = io.Copy(&cfgYamlB,
+ base64.NewDecoder(base64.StdEncoding, r.Body))
+ if err != nil {
return nil, err
}
- return nil, nil
+ cfgYaml := cfgYamlB.Bytes()
+ fmt.Println(string(cfgYaml))
+ var cfgMap map[string]interface{}
+ if err := yaml.Unmarshal(cfgYaml, &cfgMap); err != nil {
+ return nil, err
+ }
+ var pki map[string]interface{}
+ var ok bool
+ if pki, ok = cfgMap["pki"].(map[string]interface{}); !ok {
+ panic("Must not reach")
+ }
+ pki["key"] = string(cert.MarshalX25519PrivateKey(privKey))
+ c.addr = apiAddr
+ return yaml.Marshal(cfgMap)
}
func x25519Keypair() ([]byte, []byte, error) {
@@ -114,5 +133,6 @@
return nil, nil, err
}
curve25519.ScalarBaseMult(&pubkey, &privkey)
+ fmt.Println()
return pubkey[:], privkey[:], nil
}
diff --git a/core/client/cmd/pcloud/main.go b/core/client/cmd/pcloud/main.go
index e85fc42..1d70e03 100644
--- a/core/client/cmd/pcloud/main.go
+++ b/core/client/cmd/pcloud/main.go
@@ -148,7 +148,7 @@
if err != nil {
panic(err)
}
- fmt.Printf("-- VPN CONFIG %#v\n", config)
+ fmt.Printf("-- VPN CONFIG %s\n", string(config))
}
@@ -162,3 +162,11 @@
}()
app.Main()
}
+
+// fmt.Println(m["pki"])
+// c := nc.NewC(logrus.StandardLogger())
+// if err := c.LoadString(string(tmpl)); err != nil {
+// return nil, err
+// }
+// fmt.Println(c.Settings["pki"])
+// return c, nil