diff options
author | joe <joe@jerkface.net> | 2014-08-01 20:56:47 -0400 |
---|---|---|
committer | joe <joe@jerkface.net> | 2014-08-01 20:56:47 -0400 |
commit | d546f22c6ee3d88eca6b01b4e7debae56cfda649 (patch) | |
tree | ac5b910f8250923de3dec3c2c8af0dc16bb50dd5 | |
parent | ff8a280a96669a59ed842b251db59fa116f50a52 (diff) |
init-key now export public ipsec keys for contacts.
-rw-r--r-- | KeyRing.hs | 3 | ||||
-rw-r--r-- | kiki.hs | 26 |
2 files changed, 27 insertions, 2 deletions
@@ -94,6 +94,9 @@ module KeyRing | |||
94 | , InputFileContext(..) | 94 | , InputFileContext(..) |
95 | , onionNameForContact | 95 | , onionNameForContact |
96 | , keykey | 96 | , keykey |
97 | , keyPacket | ||
98 | , KeySpec(..) | ||
99 | , getHostnames | ||
97 | ) where | 100 | ) where |
98 | 101 | ||
99 | import System.Environment | 102 | import System.Environment |
@@ -295,7 +295,9 @@ show_pem' keyspec wkgrip db = do | |||
295 | let s = parseSpec wkgrip keyspec | 295 | let s = parseSpec wkgrip keyspec |
296 | flip (maybe . Left $ keyspec ++ ": not found") | 296 | flip (maybe . Left $ keyspec ++ ": not found") |
297 | (selectPublicKey s db) | 297 | (selectPublicKey s db) |
298 | $ \k -> do | 298 | pemFromPacket |
299 | |||
300 | pemFromPacket k = do | ||
299 | let rsa = pkcs8 . fromJust $ rsaKeyFromPacket k | 301 | let rsa = pkcs8 . fromJust $ rsaKeyFromPacket k |
300 | der = encodeASN1 DER (toASN1 rsa []) | 302 | der = encodeASN1 DER (toASN1 rsa []) |
301 | qq = Base64.encode (L.unpack der) | 303 | qq = Base64.encode (L.unpack der) |
@@ -1175,6 +1177,8 @@ kiki "init-key" args = do | |||
1175 | sshcpathpub0 = fromMaybe "" rootdir ++ "/root/.ssh/id_rsa.pub" | 1177 | sshcpathpub0 = fromMaybe "" rootdir ++ "/root/.ssh/id_rsa.pub" |
1176 | sshspathpub0 = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key.pub" | 1178 | sshspathpub0 = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key.pub" |
1177 | ipsecpathpub0 = fromMaybe "" rootdir ++ "/etc/ipsec.d/certs/%(onion).pem" | 1179 | ipsecpathpub0 = fromMaybe "" rootdir ++ "/etc/ipsec.d/certs/%(onion).pem" |
1180 | contactipsec0 = fromMaybe "" rootdir ++ "/etc/ipsec.d/certs/%(onion).pem" | ||
1181 | |||
1178 | 1182 | ||
1179 | -- First, we ensure that the tor key exists and is imported | 1183 | -- First, we ensure that the tor key exists and is imported |
1180 | -- so that we know where to put the strongswan key. | 1184 | -- so that we know where to put the strongswan key. |
@@ -1250,7 +1254,25 @@ kiki "init-key" args = do | |||
1250 | either warn (writeFile $ ipsecpathpub) | 1254 | either warn (writeFile $ ipsecpathpub) |
1251 | $ show_pem' "strongswan" grip (rtKeyDB rt) | 1255 | $ show_pem' "strongswan" grip (rtKeyDB rt) |
1252 | 1256 | ||
1253 | return () | 1257 | let cs = filter notme (Map.elems $ rtKeyDB rt) |
1258 | kk = keykey (fromJust $ rtWorkingKey rt) | ||
1259 | notme kd = keykey (keyPacket kd) /= kk | ||
1260 | |||
1261 | installConctact kd = do | ||
1262 | let (_,(ns,_)) = getHostnames kd | ||
1263 | contactname = fmap Char8.unpack $ listToMaybe ns | ||
1264 | flip (maybe $ return ()) contactname $ \contactname -> do | ||
1265 | let cpath = interp (Map.singleton "onion" contactname) contactipsec0 | ||
1266 | kspec = ( KeyGrip $ fingerprint $ keyPacket kd | ||
1267 | , Just "strongswan" ) | ||
1268 | mbk = selectPublicKey kspec $ Map.singleton (keykey $ keyPacket kd) kd | ||
1269 | flip (maybe $ return ()) mbk $ \k -> do | ||
1270 | goti <- doesFileExist (cpath) | ||
1271 | when (not goti) $ do | ||
1272 | either warn (writeFile $ cpath) | ||
1273 | $ pemFromPacket k | ||
1274 | |||
1275 | mapM_ installConctact cs | ||
1254 | 1276 | ||
1255 | splitArg :: String -> Either (String,Maybe String) String | 1277 | splitArg :: String -> Either (String,Maybe String) String |
1256 | splitArg arg = | 1278 | splitArg arg = |