2023-08-27 14:09:03 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
2024-07-13 14:08:13 +00:00
|
|
|
"errors"
|
2023-08-27 14:09:03 +00:00
|
|
|
"fmt"
|
2024-07-12 14:11:42 +00:00
|
|
|
"isle/nebula"
|
2023-08-27 14:09:03 +00:00
|
|
|
"os"
|
|
|
|
)
|
|
|
|
|
2024-12-08 15:59:01 +00:00
|
|
|
var subCmdVPNCreateCert = subCmd{
|
2024-07-13 14:08:13 +00:00
|
|
|
name: "create-cert",
|
|
|
|
descr: "Creates a signed nebula certificate file for an existing host and writes it to stdout",
|
2024-09-04 20:35:29 +00:00
|
|
|
do: func(ctx subCmdCtx) error {
|
2024-07-13 14:08:13 +00:00
|
|
|
|
2024-09-23 18:50:45 +00:00
|
|
|
var hostName hostNameFlag
|
|
|
|
hostNameF := ctx.flags.VarPF(
|
2024-07-22 08:42:25 +00:00
|
|
|
&hostName,
|
2024-07-22 14:37:22 +00:00
|
|
|
"hostname", "n",
|
2024-07-13 14:08:13 +00:00
|
|
|
"Name of the host to generate a certificate for",
|
|
|
|
)
|
|
|
|
|
2024-09-23 18:50:45 +00:00
|
|
|
pubKeyPath := ctx.flags.StringP(
|
2024-07-13 14:08:13 +00:00
|
|
|
"public-key-path", "p", "",
|
|
|
|
`Path to PEM file containing public key which will be embedded in the cert.`,
|
|
|
|
)
|
|
|
|
|
2024-12-10 21:07:25 +00:00
|
|
|
ctx, err := ctx.withParsedFlags(nil)
|
2024-09-23 18:50:45 +00:00
|
|
|
if err != nil {
|
2024-07-13 14:08:13 +00:00
|
|
|
return fmt.Errorf("parsing flags: %w", err)
|
|
|
|
}
|
|
|
|
|
2024-07-14 11:11:18 +00:00
|
|
|
if !hostNameF.Changed || *pubKeyPath == "" {
|
2024-07-14 12:28:01 +00:00
|
|
|
return errors.New("--hostname and --pub-key-path are required")
|
2024-07-13 14:08:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
hostPubPEM, err := os.ReadFile(*pubKeyPath)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("reading public key from %q: %w", *pubKeyPath, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
var hostPub nebula.EncryptingPublicKey
|
|
|
|
if err := hostPub.UnmarshalNebulaPEM(hostPubPEM); err != nil {
|
|
|
|
return fmt.Errorf("unmarshaling public key as PEM: %w", err)
|
|
|
|
}
|
|
|
|
|
2024-12-16 13:59:11 +00:00
|
|
|
daemonRPC, err := ctx.newDaemonRPC()
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("creating daemon RPC client: %w", err)
|
|
|
|
}
|
|
|
|
defer daemonRPC.Close()
|
|
|
|
|
|
|
|
res, err := daemonRPC.CreateNebulaCertificate(
|
2024-09-04 20:46:38 +00:00
|
|
|
ctx, hostName.V, hostPub,
|
2024-07-13 14:08:13 +00:00
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("calling CreateNebulaCertificate: %w", err)
|
|
|
|
}
|
|
|
|
|
2024-09-07 11:52:32 +00:00
|
|
|
nebulaHostCertPEM, err := res.Unwrap().MarshalToPEM()
|
2024-07-13 14:08:13 +00:00
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("marshaling cert to PEM: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if _, err := os.Stdout.Write([]byte(nebulaHostCertPEM)); err != nil {
|
|
|
|
return fmt.Errorf("writing to stdout: %w", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2024-12-08 15:59:01 +00:00
|
|
|
var subCmdVPN = subCmd{
|
|
|
|
name: "vpn",
|
|
|
|
descr: "Sub-commands related to this host's VPN, which connects it to other hosts in the network",
|
2024-09-04 20:35:29 +00:00
|
|
|
do: func(ctx subCmdCtx) error {
|
|
|
|
return ctx.doSubCmd(
|
2024-12-08 15:59:01 +00:00
|
|
|
subCmdVPNCreateCert,
|
|
|
|
subCmdVPNFirewall,
|
2024-12-16 11:19:48 +00:00
|
|
|
subCmdVPNPublicAddress,
|
2023-08-27 14:09:03 +00:00
|
|
|
)
|
|
|
|
},
|
|
|
|
}
|