github.com/microsoft/moc@v0.17.1/pkg/auth/utils.go (about)

     1  // Copyright (c) Microsoft Corporation.
     2  // Licensed under the Apache v2.0 license.
     3  
     4  package auth
     5  
     6  import (
     7  	"net"
     8  	"os"
     9  
    10  	"github.com/microsoft/moc/pkg/certs"
    11  	"github.com/microsoft/moc/pkg/marshal"
    12  	wssdnet "github.com/microsoft/moc/pkg/net"
    13  )
    14  
    15  func readAccessFile(accessFileLocation string) (WssdConfig, error) {
    16  	accessFile := WssdConfig{}
    17  	err := marshal.FromJSONFile(accessFileLocation, &accessFile)
    18  	if err != nil {
    19  		return WssdConfig{}, err
    20  	}
    21  
    22  	return accessFile, nil
    23  }
    24  
    25  // GenerateClientKey generates key and self-signed cert if the file does not exist in WssdConfigLocation
    26  // If the file exists the values from the fie is returned
    27  func GenerateClientKey(loginconfig LoginConfig) (string, WssdConfig, error) {
    28  	certBytes, err := marshal.FromBase64(loginconfig.Certificate)
    29  	if err != nil {
    30  		return "", WssdConfig{}, err
    31  	}
    32  	accessFile, err := readAccessFile(GetWssdConfigLocation())
    33  	if err != nil {
    34  		x509CertClient, keyClient, err := certs.GenerateClientCertificate(loginconfig.Name)
    35  		if err != nil {
    36  			return "", WssdConfig{}, err
    37  		}
    38  
    39  		certBytesClient := certs.EncodeCertPEM(x509CertClient)
    40  		keyBytesClient := certs.EncodePrivateKeyPEM(keyClient)
    41  
    42  		accessFile = WssdConfig{
    43  			CloudCertificate:  "",
    44  			ClientCertificate: marshal.ToBase64(string(certBytesClient)),
    45  			ClientKey:         marshal.ToBase64(string(keyBytesClient)),
    46  		}
    47  	}
    48  
    49  	if accessFile.CloudCertificate != "" {
    50  		serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
    51  		if err != nil {
    52  			return "", WssdConfig{}, err
    53  		}
    54  
    55  		if string(certBytes) != string(serverPem) {
    56  			certBytes = append(certBytes, serverPem...)
    57  		}
    58  	}
    59  
    60  	accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
    61  	return accessFile.ClientCertificate, accessFile, nil
    62  }
    63  
    64  func GenerateClientCsr(loginconfig LoginConfig) (string, WssdConfig, error) {
    65  	certBytes, err := marshal.FromBase64(loginconfig.Certificate)
    66  	if err != nil {
    67  		return "", WssdConfig{}, err
    68  	}
    69  	accessFile, err := readAccessFile(GetWssdConfigLocation())
    70  	cloudAgentIpAddress, err := wssdnet.GetIPAddress()
    71  	if err != nil {
    72  		return "", WssdConfig{}, err
    73  	}
    74  
    75  	localHostName, err := os.Hostname()
    76  	if err != nil {
    77  		return "", WssdConfig{}, err
    78  	}
    79  
    80  	cloudAgentIPAddress := wssdnet.StringToNetIPAddress(cloudAgentIpAddress)
    81  	ipAddresses := []net.IP{wssdnet.StringToNetIPAddress(wssdnet.LOOPBACK_ADDRESS), cloudAgentIPAddress}
    82  	dnsNames := []string{"localhost", localHostName}
    83  
    84  	conf := &certs.Config{
    85  		CommonName: loginconfig.Name,
    86  		AltNames: certs.AltNames{
    87  			DNSNames: dnsNames,
    88  			IPs:      ipAddresses,
    89  		},
    90  	}
    91  	x509Csr, keyClient, err := certs.GenerateCertificateRequest(conf, nil)
    92  	if err != nil {
    93  		return "", WssdConfig{}, err
    94  	}
    95  
    96  	accessFile = WssdConfig{
    97  		CloudCertificate:  "",
    98  		ClientCertificate: "",
    99  		ClientKey:         marshal.ToBase64(string(keyClient)),
   100  	}
   101  
   102  	if accessFile.CloudCertificate != "" {
   103  		serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
   104  		if err != nil {
   105  			return "", WssdConfig{}, err
   106  		}
   107  
   108  		if string(certBytes) != string(serverPem) {
   109  			certBytes = append(certBytes, serverPem...)
   110  		}
   111  	}
   112  
   113  	accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
   114  	return string(x509Csr), accessFile, nil
   115  }
   116  
   117  // GenerateClientKeyWithName generates key and self-signed cert if the file does not exist in GetWssdConfigLocationName
   118  // If the file exists the values from the fie is returned
   119  func GenerateClientKeyWithName(loginconfig LoginConfig, subfolder, filename string) (string, WssdConfig, error) {
   120  	certBytes, err := marshal.FromBase64(loginconfig.Certificate)
   121  	if err != nil {
   122  		return "", WssdConfig{}, err
   123  	}
   124  	accessFile, err := readAccessFile(GetMocConfigLocationName(subfolder, filename))
   125  	if err != nil {
   126  		x509CertClient, keyClient, err := certs.GenerateClientCertificate(loginconfig.Name)
   127  		if err != nil {
   128  			return "", WssdConfig{}, err
   129  		}
   130  
   131  		certBytesClient := certs.EncodeCertPEM(x509CertClient)
   132  		keyBytesClient := certs.EncodePrivateKeyPEM(keyClient)
   133  
   134  		accessFile = WssdConfig{
   135  			CloudCertificate:  "",
   136  			ClientCertificate: marshal.ToBase64(string(certBytesClient)),
   137  			ClientKey:         marshal.ToBase64(string(keyBytesClient)),
   138  		}
   139  	}
   140  
   141  	if accessFile.CloudCertificate != "" {
   142  		serverPem, err := marshal.FromBase64(accessFile.CloudCertificate)
   143  		if err != nil {
   144  			return "", WssdConfig{}, err
   145  		}
   146  
   147  		if string(certBytes) != string(serverPem) {
   148  			certBytes = append(certBytes, serverPem...)
   149  		}
   150  	}
   151  
   152  	accessFile.CloudCertificate = marshal.ToBase64(string(certBytes))
   153  	return accessFile.ClientCertificate, accessFile, nil
   154  }