summaryrefslogtreecommitdiff
path: root/kiki.hs
diff options
context:
space:
mode:
authorjoe <joe@jerkface.net>2016-04-24 15:07:25 -0400
committerjoe <joe@jerkface.net>2016-04-24 15:07:25 -0400
commitc725029f61f75b1a6be3ce9c258b4f244853532b (patch)
tree09677dc2c99b7163ea4faa7073511755a96d9969 /kiki.hs
parent51bc655f4b0acb30ff873c8c32c9aacb1408258e (diff)
Renamed usage tag strongswan -> ipsec.
Diffstat (limited to 'kiki.hs')
-rw-r--r--kiki.hs16
1 files changed, 8 insertions, 8 deletions
diff --git a/kiki.hs b/kiki.hs
index 4aa5885..cf4089a 100644
--- a/kiki.hs
+++ b/kiki.hs
@@ -1547,7 +1547,7 @@ kiki "init-key" args = do
1547 { opFiles = Map.fromList $ 1547 { opFiles = Map.fromList $
1548 [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) 1548 [ ( HomeSec, buildStreamInfo KF_All KeyRingFile )
1549 , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } ) 1549 , ( HomePub, (buildStreamInfo KF_All KeyRingFile) { access = Pub } )
1550 , ( ArgFile ipsecpath, peminfo 1024 "strongswan" ) 1550 , ( ArgFile ipsecpath, peminfo 1024 "ipsec" )
1551 , ( ArgFile sshcpath, peminfo 2048 "ssh-client" ) 1551 , ( ArgFile sshcpath, peminfo 2048 "ssh-client" )
1552 , ( ArgFile sshspath, peminfo 2048 "ssh-server" ) ] 1552 , ( ArgFile sshspath, peminfo 2048 "ssh-server" ) ]
1553 , opPassphrases = [ PassphraseMemoizer (rtPassphrases rt) ] 1553 , opPassphrases = [ PassphraseMemoizer (rtPassphrases rt) ]
@@ -1571,9 +1571,9 @@ kiki "init-key" args = do
1571 1571
1572 -- Finally, export public keys if they do not exist. 1572 -- Finally, export public keys if they do not exist.
1573 let writeFileWARNING fname bs = do 1573 let writeFileWARNING fname bs = do
1574 --TODO 1574 --TODO
1575 hPutStrLn stderr $ fname ++ ": DID NOT CHECK TRUST (TODO)" 1575 hPutStrLn stderr $ fname ++ ": DID NOT CHECK TRUST (TODO)"
1576 writeFile fname bs 1576 writeFile fname bs
1577 flip (maybe $ warn "missing working key?") (rtGrip rt) $ \grip -> do 1577 flip (maybe $ warn "missing working key?") (rtGrip rt) $ \grip -> do
1578 gotc <- doesFileExist (sshcpathpub) 1578 gotc <- doesFileExist (sshcpathpub)
1579 when (not gotc) $ do 1579 when (not gotc) $ do
@@ -1588,7 +1588,7 @@ kiki "init-key" args = do
1588 goti <- doesFileExist (ipsecpathpub) 1588 goti <- doesFileExist (ipsecpathpub)
1589 when (not goti) $ do 1589 when (not goti) $ do
1590 either warn (writeFile $ ipsecpathpub) 1590 either warn (writeFile $ ipsecpathpub)
1591 $ show_pem' "strongswan" grip (rtKeyDB rt) pemFromPacket 1591 $ show_pem' "ipsec" grip (rtKeyDB rt) pemFromPacket
1592 else return () 1592 else return ()
1593 1593
1594 1594
@@ -1607,7 +1607,7 @@ kiki "init-key" args = do
1607 their_master = packet $ keyMappedPacket kd 1607 their_master = packet $ keyMappedPacket kd
1608 -- We find all cross-certified ipsec keys for the given cross-certified onion name. 1608 -- We find all cross-certified ipsec keys for the given cross-certified onion name.
1609 ipsecs = sortOn (Down . timestamp) 1609 ipsecs = sortOn (Down . timestamp)
1610 $ getCrossSignedSubkeys their_master (keySubKeys kd) "strongswan" 1610 $ getCrossSignedSubkeys their_master (keySubKeys kd) "ipsec"
1611 forM_ (take 1 ipsecs) $ \k -> do 1611 forM_ (take 1 ipsecs) $ \k -> do
1612 goti <- doesFileExist (cpath) 1612 goti <- doesFileExist (cpath)
1613 when (not goti) $ do 1613 when (not goti) $ do
@@ -1693,7 +1693,7 @@ kiki "tar" args = do
1693tarContent rt spec pubpem knownhosts secpem = ipsecs ++ sshs ++ secrets "root" 1693tarContent rt spec pubpem knownhosts secpem = ipsecs ++ sshs ++ secrets "root"
1694 where 1694 where
1695 ipsecs = do 1695 ipsecs = do
1696 (kk,ipsec,sigs) <- selectPublicKeyAndSigs (KeyUidMatch "",Just "strongswan") (rtKeyDB rt) 1696 (kk,ipsec,sigs) <- selectPublicKeyAndSigs (KeyUidMatch "",Just "ipsec") (rtKeyDB rt)
1697 let kd = (rtKeyDB rt Map.! kk) 1697 let kd = (rtKeyDB rt Map.! kk)
1698 k = packet $ keyMappedPacket kd 1698 k = packet $ keyMappedPacket kd
1699 (addr,(onames,ns)) = getHostnames kd 1699 (addr,(onames,ns)) = getHostnames kd
@@ -1729,7 +1729,7 @@ tarContent rt spec pubpem knownhosts secpem = ipsecs ++ sshs ++ secrets "root"
1729 return $ spem (dir $ homedir ++ "/.ssh/" ++ sshkeyname k) k 1729 return $ spem (dir $ homedir ++ "/.ssh/" ++ sshkeyname k) k
1730 sshsvr = spem (dir "etc/ssh/ssh_host_rsa_key") <$> lookupSecret "ssh-host" kd 1730 sshsvr = spem (dir "etc/ssh/ssh_host_rsa_key") <$> lookupSecret "ssh-host" kd
1731 ipseckey = do 1731 ipseckey = do
1732 k <- lookupSecret "strongswan" kd 1732 k <- lookupSecret "ipsec" kd
1733 oname <- fst . snd $ getHostnames kd 1733 oname <- fst . snd $ getHostnames kd
1734 return $ spem (dir $ "etc/ipsec.d/private/"++Char8.unpack oname++".pem") k 1734 return $ spem (dir $ "etc/ipsec.d/private/"++Char8.unpack oname++".pem") k
1735 torkey ++ sshcli ++ sshsvr ++ ipseckey 1735 torkey ++ sshcli ++ sshsvr ++ ipseckey