| giolekva | 6bb21c2 | 2021-12-29 21:31:08 +0400 | [diff] [blame] | 1 | package controllers |
| 2 | |
| 3 | import ( |
| 4 | "bytes" |
| 5 | "crypto/tls" |
| 6 | "encoding/json" |
| 7 | "net/http" |
| 8 | ) |
| 9 | |
| 10 | type createCAReq struct { |
| 11 | Name string `json:"name"` |
| 12 | } |
| 13 | |
| 14 | type createCAResp struct { |
| 15 | PrivateKey []byte `json:"private_key"` |
| 16 | Certificate []byte `json:"certificate"` |
| 17 | } |
| 18 | |
| 19 | func CreateCertificateAuthority(apiAddr, name string) ([]byte, []byte, error) { |
| 20 | var data bytes.Buffer |
| 21 | if err := json.NewEncoder(&data).Encode(createCAReq{name}); err != nil { |
| 22 | return nil, nil, err |
| 23 | } |
| 24 | client := &http.Client{ |
| 25 | // TODO(giolekva): remove, for some reason valid certificates are not accepted on gioui android. |
| 26 | Transport: &http.Transport{ |
| 27 | TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, |
| 28 | }, |
| 29 | } |
| 30 | resp, err := client.Post(apiAddr+"/api/process/ca", "application/json", &data) |
| 31 | if err != nil { |
| 32 | return nil, nil, err |
| 33 | } |
| 34 | var ret createCAResp |
| 35 | if err := json.NewDecoder(resp.Body).Decode(&ret); err != nil { |
| 36 | return nil, nil, err |
| 37 | } |
| 38 | return ret.PrivateKey, ret.Certificate, nil |
| 39 | } |
| 40 | |
| 41 | type signNodeReq struct { |
| 42 | CAPrivateKey []byte `json:"ca_private_key"` |
| 43 | CACert []byte `json:"ca_certificate"` |
| 44 | NodeName string `json:"node_name"` |
| 45 | NodePublicKey []byte `json:"node_public_key,omitempty"` |
| 46 | NodeIPCidr string `json:"node_ip_cidr"` |
| 47 | } |
| 48 | |
| 49 | type signNodeResp struct { |
| 50 | PrivateKey []byte `json:"private_key,omitempty"` |
| 51 | Certificate []byte `json:"certificate"` |
| 52 | } |
| 53 | |
| 54 | func SignNebulaNode(apiAddr string, caPrivateKey, caCert []byte, nodeName string, nodePublicKey []byte, nodeIp string) ([]byte, []byte, error) { |
| 55 | req := signNodeReq{ |
| 56 | caPrivateKey, |
| 57 | caCert, |
| 58 | nodeName, |
| 59 | nodePublicKey, |
| 60 | nodeIp, |
| 61 | } |
| 62 | var data bytes.Buffer |
| 63 | if err := json.NewEncoder(&data).Encode(req); err != nil { |
| 64 | return nil, nil, err |
| 65 | } |
| 66 | client := &http.Client{ |
| 67 | // TODO(giolekva): remove, for some reason valid certificates are not accepted on gioui android. |
| 68 | Transport: &http.Transport{ |
| 69 | TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, |
| 70 | }, |
| 71 | } |
| 72 | resp, err := client.Post(apiAddr+"/api/process/node", "application/json", &data) |
| 73 | if err != nil { |
| 74 | return nil, nil, err |
| 75 | } |
| 76 | var ret signNodeResp |
| 77 | if err := json.NewDecoder(resp.Body).Decode(&ret); err != nil { |
| 78 | return nil, nil, err |
| 79 | } |
| 80 | return ret.PrivateKey, ret.Certificate, nil |
| 81 | } |