diff options
| author | joe <joe@jerkface.net> | 2016-04-24 03:41:20 -0400 |
|---|---|---|
| committer | joe <joe@jerkface.net> | 2016-04-24 03:41:20 -0400 |
| commit | 51bc655f4b0acb30ff873c8c32c9aacb1408258e (patch) | |
| tree | cb06e8bd7b190de4c9d7ab3722c48aa676b127bf /kiki.hs | |
| parent | 9baaf54aa426416e23fe79dee1d6812d1635f9a2 (diff) | |
init-key now checks cross-certification before exporting ipsec keys.
Diffstat (limited to 'kiki.hs')
| -rw-r--r-- | kiki.hs | 20 |
1 files changed, 13 insertions, 7 deletions
| @@ -1573,6 +1573,7 @@ kiki "init-key" args = do | |||
| 1573 | let writeFileWARNING fname bs = do | 1573 | let writeFileWARNING fname bs = do |
| 1574 | --TODO | 1574 | --TODO |
| 1575 | hPutStrLn stderr $ fname ++ ": DID NOT CHECK TRUST (TODO)" | 1575 | hPutStrLn stderr $ fname ++ ": DID NOT CHECK TRUST (TODO)" |
| 1576 | writeFile fname bs | ||
| 1576 | flip (maybe $ warn "missing working key?") (rtGrip rt) $ \grip -> do | 1577 | flip (maybe $ warn "missing working key?") (rtGrip rt) $ \grip -> do |
| 1577 | gotc <- doesFileExist (sshcpathpub) | 1578 | gotc <- doesFileExist (sshcpathpub) |
| 1578 | when (not gotc) $ do | 1579 | when (not gotc) $ do |
| @@ -1596,18 +1597,21 @@ kiki "init-key" args = do | |||
| 1596 | notme kd = keykey (keyPacket kd) /= kk | 1597 | notme kd = keykey (keyPacket kd) /= kk |
| 1597 | 1598 | ||
| 1598 | installConctact kd = do | 1599 | installConctact kd = do |
| 1600 | -- The getHostnames command requires a valid cross-signed tor key | ||
| 1601 | -- for each onion name returned in (_,(ns,_)). | ||
| 1599 | let (_,(ns,_)) = getHostnames kd | 1602 | let (_,(ns,_)) = getHostnames kd |
| 1600 | contactname = fmap Char8.unpack $ listToMaybe ns | 1603 | contactname = fmap Char8.unpack $ listToMaybe ns -- only first onion name. |
| 1601 | flip (maybe $ return ()) contactname $ \contactname -> do | 1604 | flip (maybe $ return ()) contactname $ \contactname -> do |
| 1605 | |||
| 1602 | let cpath = interp (Map.singleton "onion" contactname) contactipsec0 | 1606 | let cpath = interp (Map.singleton "onion" contactname) contactipsec0 |
| 1603 | kspec = ( KeyGrip $ fingerprint $ keyPacket kd | 1607 | their_master = packet $ keyMappedPacket kd |
| 1604 | , Just "strongswan" ) | 1608 | -- We find all cross-certified ipsec keys for the given cross-certified onion name. |
| 1605 | mbk = selectPublicKey kspec $ Map.singleton (keykey $ keyPacket kd) kd | 1609 | ipsecs = sortOn (Down . timestamp) |
| 1606 | flip (maybe $ return ()) mbk $ \k -> do | 1610 | $ getCrossSignedSubkeys their_master (keySubKeys kd) "strongswan" |
| 1611 | forM_ (take 1 ipsecs) $ \k -> do | ||
| 1607 | goti <- doesFileExist (cpath) | 1612 | goti <- doesFileExist (cpath) |
| 1608 | when (not goti) $ do | 1613 | when (not goti) $ do |
| 1609 | either warn (writeFileWARNING $ cpath) | 1614 | either warn (writeFile cpath) $ pemFromPacket k |
| 1610 | $ pemFromPacket k | ||
| 1611 | 1615 | ||
| 1612 | mapM_ installConctact cs | 1616 | mapM_ installConctact cs |
| 1613 | 1617 | ||
| @@ -1850,6 +1854,8 @@ commands = | |||
| 1850 | , ( "tar", "import or export system key files in tar format" ) | 1854 | , ( "tar", "import or export system key files in tar format" ) |
| 1851 | ] | 1855 | ] |
| 1852 | 1856 | ||
| 1857 | -- | | ||
| 1858 | -- interpolate %var patterns in a string. | ||
| 1853 | interp vars raw = es >>= interp1 | 1859 | interp vars raw = es >>= interp1 |
| 1854 | where | 1860 | where |
| 1855 | gs = groupBy (\_ c -> c/='%') raw | 1861 | gs = groupBy (\_ c -> c/='%') raw |