summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjoe <joe@jerkface.net>2014-08-01 20:56:47 -0400
committerjoe <joe@jerkface.net>2014-08-01 20:56:47 -0400
commitd546f22c6ee3d88eca6b01b4e7debae56cfda649 (patch)
treeac5b910f8250923de3dec3c2c8af0dc16bb50dd5
parentff8a280a96669a59ed842b251db59fa116f50a52 (diff)
init-key now export public ipsec keys for contacts.
-rw-r--r--KeyRing.hs3
-rw-r--r--kiki.hs26
2 files changed, 27 insertions, 2 deletions
diff --git a/KeyRing.hs b/KeyRing.hs
index 47afb9c..857c755 100644
--- a/KeyRing.hs
+++ b/KeyRing.hs
@@ -94,6 +94,9 @@ module KeyRing
94 , InputFileContext(..) 94 , InputFileContext(..)
95 , onionNameForContact 95 , onionNameForContact
96 , keykey 96 , keykey
97 , keyPacket
98 , KeySpec(..)
99 , getHostnames
97 ) where 100 ) where
98 101
99import System.Environment 102import System.Environment
diff --git a/kiki.hs b/kiki.hs
index 42e1515..9619971 100644
--- a/kiki.hs
+++ b/kiki.hs
@@ -295,7 +295,9 @@ show_pem' keyspec wkgrip db = do
295 let s = parseSpec wkgrip keyspec 295 let s = parseSpec wkgrip keyspec
296 flip (maybe . Left $ keyspec ++ ": not found") 296 flip (maybe . Left $ keyspec ++ ": not found")
297 (selectPublicKey s db) 297 (selectPublicKey s db)
298 $ \k -> do 298 pemFromPacket
299
300pemFromPacket k = do
299 let rsa = pkcs8 . fromJust $ rsaKeyFromPacket k 301 let rsa = pkcs8 . fromJust $ rsaKeyFromPacket k
300 der = encodeASN1 DER (toASN1 rsa []) 302 der = encodeASN1 DER (toASN1 rsa [])
301 qq = Base64.encode (L.unpack der) 303 qq = Base64.encode (L.unpack der)
@@ -1175,6 +1177,8 @@ kiki "init-key" args = do
1175 sshcpathpub0 = fromMaybe "" rootdir ++ "/root/.ssh/id_rsa.pub" 1177 sshcpathpub0 = fromMaybe "" rootdir ++ "/root/.ssh/id_rsa.pub"
1176 sshspathpub0 = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key.pub" 1178 sshspathpub0 = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key.pub"
1177 ipsecpathpub0 = fromMaybe "" rootdir ++ "/etc/ipsec.d/certs/%(onion).pem" 1179 ipsecpathpub0 = fromMaybe "" rootdir ++ "/etc/ipsec.d/certs/%(onion).pem"
1180 contactipsec0 = fromMaybe "" rootdir ++ "/etc/ipsec.d/certs/%(onion).pem"
1181
1178 1182
1179 -- First, we ensure that the tor key exists and is imported 1183 -- First, we ensure that the tor key exists and is imported
1180 -- so that we know where to put the strongswan key. 1184 -- so that we know where to put the strongswan key.
@@ -1250,7 +1254,25 @@ kiki "init-key" args = do
1250 either warn (writeFile $ ipsecpathpub) 1254 either warn (writeFile $ ipsecpathpub)
1251 $ show_pem' "strongswan" grip (rtKeyDB rt) 1255 $ show_pem' "strongswan" grip (rtKeyDB rt)
1252 1256
1253 return () 1257 let cs = filter notme (Map.elems $ rtKeyDB rt)
1258 kk = keykey (fromJust $ rtWorkingKey rt)
1259 notme kd = keykey (keyPacket kd) /= kk
1260
1261 installConctact kd = do
1262 let (_,(ns,_)) = getHostnames kd
1263 contactname = fmap Char8.unpack $ listToMaybe ns
1264 flip (maybe $ return ()) contactname $ \contactname -> do
1265 let cpath = interp (Map.singleton "onion" contactname) contactipsec0
1266 kspec = ( KeyGrip $ fingerprint $ keyPacket kd
1267 , Just "strongswan" )
1268 mbk = selectPublicKey kspec $ Map.singleton (keykey $ keyPacket kd) kd
1269 flip (maybe $ return ()) mbk $ \k -> do
1270 goti <- doesFileExist (cpath)
1271 when (not goti) $ do
1272 either warn (writeFile $ cpath)
1273 $ pemFromPacket k
1274
1275 mapM_ installConctact cs
1254 1276
1255splitArg :: String -> Either (String,Maybe String) String 1277splitArg :: String -> Either (String,Maybe String) String
1256splitArg arg = 1278splitArg arg =