Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-04-20 15:35:55 -04:00
Code Issues Packages Projects Releases Wiki Activity

joinservice: prepared host key generation

Browse Source
This commit is contained in:
miampf 2025-04-03 15:07:22 +02:00
parent 3489b6d772
commit 2f9c29d884
No known key found for this signature in database
GPG Key ID: EF039364B5B6886C
1 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
joinservice/internal/server/server.go
View File

@ -10,6 +10,7 @@ package server
import (
"context"
"crypto/ed25519"
"crypto/rand"
"fmt"
"log/slog"
"net"
@ -26,6 +27,7 @@ import (
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/credentials"
"google.golang.org/grpc/peer"
"google.golang.org/grpc/status"
kubeadmv1 "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm/v1beta3"
@ -114,6 +116,41 @@ func (s *Server) IssueJoinTicket(ctx context.Context, req *joinproto.IssueJoinTi
return nil, status.Errorf(codes.Internal, "generating ssh emergency CA key: %s", err)
}
p, _ := peer.FromContext(ctx)
nodeIP := p.Addr.String()
hostKey, _, err := ed25519.GenerateKey(nil)
if err != nil {
log.With(slog.Any("error", err), slog.String("ip", nodeIP)).Error("Failed to generate host key for node")
return nil, status.Errorf(codes.Internal, "generating host key for node: %s", err)
}
hostKeyPub, err := ssh.NewPublicKey(hostKey)
if err != nil {
log.With(slog.Any("error", err), slog.String("ip", nodeIP)).Error("Failed to create public host key")
return nil, status.Errorf(codes.Internal, "generating public host key for node: %s", err)
}
certificate := ssh.Certificate{
CertType: ssh.HostCert,
Nonce: []byte{},
ValidPrincipals: []string{p.Addr.String()},
ValidAfter: uint64(time.Now().Unix()),
ValidBefore: ssh.CertTimeInfinity,
Reserved: []byte{},
Key: hostKeyPub,
KeyId: "host_key",
SignatureKey: ca.PublicKey(),
Permissions: ssh.Permissions{
CriticalOptions: map[string]string{},
Extensions: map[string]string{},
},
}
if certificate.SignCert(rand.Reader, ca) != nil {
log.With(slog.Any("error", err), slog.String("ip", nodeIP)).Error("Failed to sign host key with ssh CA for node")
return nil, status.Errorf(codes.Internal, "signing host key for node with CA: %s", err)
}
log.Info("Generated host key and certificate for node", "ip", nodeIP)
// TODO: send cert and host key to node for installation
log.Info("Creating Kubernetes join token")
kubeArgs, err := s.joinTokenGetter.GetJoinToken(constants.KubernetesJoinTokenTTL)
if err != nil {