2023-08-27 14:09:03 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
2024-07-13 14:08:13 +00:00
|
|
|
"errors"
|
2023-08-27 14:09:03 +00:00
|
|
|
"fmt"
|
2024-07-13 14:08:13 +00:00
|
|
|
"isle/daemon"
|
2024-06-10 16:56:36 +00:00
|
|
|
"isle/jsonutil"
|
2024-07-12 14:11:42 +00:00
|
|
|
"isle/nebula"
|
2023-08-27 14:09:03 +00:00
|
|
|
"os"
|
|
|
|
|
)
|
|
|
|
|
|
2024-07-13 14:08:13 +00:00
|
|
|
var subCmdNebulaCreateCert = subCmd{
|
|
|
|
|
name: "create-cert",
|
|
|
|
|
descr: "Creates a signed nebula certificate file for an existing host and writes it to stdout",
|
|
|
|
|
do: func(subCmdCtx subCmdCtx) error {
|
|
|
|
|
var (
|
|
|
|
|
flags = subCmdCtx.flagSet(false)
|
2024-07-22 08:42:25 +00:00
|
|
|
hostName hostNameFlag
|
2024-07-13 14:08:13 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
hostNameF := flags.VarPF(
|
2024-07-22 08:42:25 +00:00
|
|
|
&hostName,
|
2024-07-22 14:37:22 +00:00
|
|
|
"hostname", "n",
|
2024-07-13 14:08:13 +00:00
|
|
|
"Name of the host to generate a certificate for",
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
pubKeyPath := flags.StringP(
|
|
|
|
|
"public-key-path", "p", "",
|
|
|
|
|
`Path to PEM file containing public key which will be embedded in the cert.`,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
if err := flags.Parse(subCmdCtx.args); err != nil {
|
|
|
|
|
return fmt.Errorf("parsing flags: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-14 11:11:18 +00:00
|
|
|
if !hostNameF.Changed || *pubKeyPath == "" {
|
2024-07-14 12:28:01 +00:00
|
|
|
return errors.New("--hostname and --pub-key-path are required")
|
2024-07-13 14:08:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
hostPubPEM, err := os.ReadFile(*pubKeyPath)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("reading public key from %q: %w", *pubKeyPath, err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var hostPub nebula.EncryptingPublicKey
|
|
|
|
|
if err := hostPub.UnmarshalNebulaPEM(hostPubPEM); err != nil {
|
|
|
|
|
return fmt.Errorf("unmarshaling public key as PEM: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var res daemon.CreateNebulaCertificateResult
|
|
|
|
|
err = subCmdCtx.daemonRCPClient.Call(
|
|
|
|
|
subCmdCtx.ctx,
|
|
|
|
|
&res,
|
|
|
|
|
"CreateNebulaCertificate",
|
|
|
|
|
daemon.CreateNebulaCertificateRequest{
|
2024-07-22 08:42:25 +00:00
|
|
|
HostName: hostName.V,
|
2024-07-13 14:08:13 +00:00
|
|
|
HostEncryptingPublicKey: hostPub,
|
|
|
|
|
},
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("calling CreateNebulaCertificate: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nebulaHostCertPEM, err := res.HostNebulaCertifcate.Unwrap().MarshalToPEM()
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("marshaling cert to PEM: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if _, err := os.Stdout.Write([]byte(nebulaHostCertPEM)); err != nil {
|
|
|
|
|
return fmt.Errorf("writing to stdout: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-27 14:09:03 +00:00
|
|
|
var subCmdNebulaShow = subCmd{
|
|
|
|
|
name: "show",
|
2024-06-10 16:56:36 +00:00
|
|
|
descr: "Writes nebula network information to stdout in JSON format",
|
2023-08-27 14:09:03 +00:00
|
|
|
do: func(subCmdCtx subCmdCtx) error {
|
|
|
|
|
|
|
|
|
|
flags := subCmdCtx.flagSet(false)
|
|
|
|
|
if err := flags.Parse(subCmdCtx.args); err != nil {
|
|
|
|
|
return fmt.Errorf("parsing flags: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-12 14:11:42 +00:00
|
|
|
hosts, err := subCmdCtx.getHosts()
|
2023-08-27 14:09:03 +00:00
|
|
|
if err != nil {
|
2024-07-12 14:11:42 +00:00
|
|
|
return fmt.Errorf("getting hosts: %w", err)
|
2023-08-27 14:09:03 +00:00
|
|
|
}
|
|
|
|
|
|
2024-07-12 14:11:42 +00:00
|
|
|
var caPublicCreds nebula.CAPublicCredentials
|
|
|
|
|
err = subCmdCtx.daemonRCPClient.Call(
|
|
|
|
|
subCmdCtx.ctx, &caPublicCreds, "GetNebulaCAPublicCredentials", nil,
|
|
|
|
|
)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return fmt.Errorf("calling GetNebulaCAPublicCredentials: %w", err)
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-13 14:08:13 +00:00
|
|
|
caCert := caPublicCreds.Cert
|
|
|
|
|
caCertDetails := caCert.Unwrap().Details
|
2023-08-27 14:09:03 +00:00
|
|
|
|
2024-07-13 14:08:13 +00:00
|
|
|
if len(caCertDetails.Subnets) != 1 {
|
2023-08-27 14:09:03 +00:00
|
|
|
return fmt.Errorf(
|
|
|
|
|
"malformed ca.crt, contains unexpected subnets %#v",
|
2024-07-13 14:08:13 +00:00
|
|
|
caCertDetails.Subnets,
|
2023-08-27 14:09:03 +00:00
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-13 14:08:13 +00:00
|
|
|
subnet := caCertDetails.Subnets[0]
|
2023-08-27 14:09:03 +00:00
|
|
|
|
|
|
|
|
type outLighthouse struct {
|
2024-06-10 16:56:36 +00:00
|
|
|
PublicAddr string
|
|
|
|
|
IP string
|
2023-08-27 14:09:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
out := struct {
|
2024-07-13 14:08:13 +00:00
|
|
|
CACert nebula.Certificate
|
2024-06-10 16:56:36 +00:00
|
|
|
SubnetCIDR string
|
|
|
|
|
Lighthouses []outLighthouse
|
2023-08-27 14:09:03 +00:00
|
|
|
}{
|
2024-07-13 14:08:13 +00:00
|
|
|
CACert: caCert,
|
2023-08-27 14:09:03 +00:00
|
|
|
SubnetCIDR: subnet.String(),
|
|
|
|
|
}
|
|
|
|
|
|
2024-07-12 14:11:42 +00:00
|
|
|
for _, h := range hosts.Hosts {
|
2023-08-27 14:09:03 +00:00
|
|
|
if h.Nebula.PublicAddr == "" {
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
out.Lighthouses = append(out.Lighthouses, outLighthouse{
|
|
|
|
|
PublicAddr: h.Nebula.PublicAddr,
|
|
|
|
|
IP: h.IP().String(),
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-10 16:56:36 +00:00
|
|
|
if err := jsonutil.WriteIndented(os.Stdout, out); err != nil {
|
|
|
|
|
return fmt.Errorf("encoding to stdout: %w", err)
|
2023-08-27 14:09:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var subCmdNebula = subCmd{
|
|
|
|
|
name: "nebula",
|
|
|
|
|
descr: "Sub-commands related to the nebula VPN",
|
|
|
|
|
do: func(subCmdCtx subCmdCtx) error {
|
|
|
|
|
return subCmdCtx.doSubCmd(
|
2024-07-13 14:08:13 +00:00
|
|
|
subCmdNebulaCreateCert,
|
2023-08-27 14:09:03 +00:00
|
|
|
subCmdNebulaShow,
|
|
|
|
|
)
|
|
|
|
|
},
|
|
|
|
|
}
|
