From a5dc38245e1e76d4bf8b321aac488b76ad399b43 Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@jerkface.net>
Date: Sun, 10 Oct 2021 05:30:56 -0400
Subject: cryptonomic-vpn calls out to ./get-host-keys

cryptonomic-vpn calls out to ./get-host-keys to get host keys.

That path has to be changed.  OK for here since both need to be merged
into selfpublish.sh.
---
 cryptonomic-vpn | 68 ++++++++++++++++++++-------------------------------------
 1 file changed, 24 insertions(+), 44 deletions(-)

diff --git a/cryptonomic-vpn b/cryptonomic-vpn
index 855793b..2ca1fc0 100755
--- a/cryptonomic-vpn
+++ b/cryptonomic-vpn
@@ -268,48 +268,6 @@ install_local_private_key()
     rm -f "$private_key_tmp"
 }
 
-b16_to_b32()
-{
-    printf %s "$1" | basez -x -d | basez -j -l | tr -d =
-}
-
-key_to_domain_suffix()
-{
-    [ -f "$1" ] || return
-    local keytype=1 hashtype=2 sshfp_b16 sshfp_b32
-    sshfp_b16=$(ssh-keygen -r . -f "$1" | sed -ne "s/^. IN SSHFP $keytype $hashtype //p") &&
-        [ "$sshfp_b16" ] || die "could not determine ssh client fingerprint"
-    sshfp_b32=$(b16_to_b32 "$sshfp_b16")
-
-    printf %s.%s.%s "$sshfp_b32" "$REMOTE_KEY_TYPE" cryptonomic.net | tail -c64
-}
-
-validate_public_key_name()
-{
-    local suffix keyfile="$1" name="$2"
-    case "$name" in
-        *.cryptonomic.net) validate_cryptonomic_public_key_name "$@" ;;
-        *) validate_generic_public_key_name "$@" ;;
-    esac
-}
-
-validate_cryptonomic_public_key_name()
-{
-    [ "$keyfile" ]
-    [ "$name" ]
-    suffix=$(key_to_domain_suffix "$keyfile")
-    case "$name" in
-        *."$suffix" | "$suffix" ) true  ;;
-        *                       ) false ;;
-    esac
-}
-
-validate_generic_public_key_name()
-{
-    read expected < "$1"
-    scan_knownhosts_files "$2" | grep -q -F -e "$expected"
-}
-
 scan_knownhosts_files()
 {
     local host="$1" f files
@@ -325,16 +283,38 @@ scan_knownhosts_files()
     done
 }
 
+find_known_ssh_host_rsa_key_by_name()
+{
+    local target="$1" name="$2" keytype_wanted='ssh-rsa'
+    scan_knownhosts_files "$name" | (
+        while read keytype key
+        do
+            [ "$keytype" = "$keytype_wanted" ] || continue
+            echo "Notice: found $name $keytype $key" >&2
+            echo "$keytype $key" > "$target"
+            exit
+        done
+        false
+    )
+}
+
 install_remote_public_key()
 {
     trap 'rm -f "$t"' EXIT
     t=$(mktemp)
-    keyscan "$REMOTE_IP" | match_and_drop_first_word "$REMOTE_IP" > "$t"
-    validate_public_key_name "$t" "$REMOTE_NAME" || die 'cannot authenticate remote public key'
 
+    if find_known_ssh_host_rsa_key_by_name "$t" "$REMOTE_NAME"
+    then
+        echo "Notice: using host key from OpenSSH KnownHostsFiles for $REMOTE_NAME" >&2
+    else
+        echo "Notice: scanning the network for host keys for $REMOTE_NAME" >&2
+        ./get-host-keys "$REMOTE_NAME" || die 'get-host-keys'
+        find_known_ssh_host_rsa_key_by_name "$t" "$REMOTE_NAME" || die "could not find host rsa key for $REMOTE_NAME"
+    fi
 
     REMOTE_PUBLIC_KEY_DEST=/etc/swanctl/pubkey/$(sshfp_rsa_filename_string "$t").pub
     write_successfully "$REMOTE_PUBLIC_KEY_DEST" -- write_remote_key "$t"
+
     trap - EXIT
     rm -f "$t"
 }
-- 
cgit v1.2.3