diff options
author | joe <joe@jerkface.net> | 2014-08-01 03:56:28 -0400 |
---|---|---|
committer | joe <joe@jerkface.net> | 2014-08-01 03:56:28 -0400 |
commit | ff8a280a96669a59ed842b251db59fa116f50a52 (patch) | |
tree | de776028b0000e67900f2a7b6e89793bb09ae3cb /kiki.hs | |
parent | 188a2ea85a2b72b4f793e31e82a2d24f59dd7717 (diff) |
export public ipsec key to /etc/ipsec.d/certs/
Diffstat (limited to 'kiki.hs')
-rw-r--r-- | kiki.hs | 38 |
1 files changed, 23 insertions, 15 deletions
@@ -289,15 +289,17 @@ show_whose_key input_key db = | |||
289 | (_:_) -> error "ambiguous" | 289 | (_:_) -> error "ambiguous" |
290 | [] -> return () | 290 | [] -> return () |
291 | 291 | ||
292 | show_pem keyspec wkgrip db = do | 292 | show_pem keyspec wkgrip db = either warn putStrLn $ show_pem' keyspec wkgrip db |
293 | |||
294 | show_pem' keyspec wkgrip db = do | ||
293 | let s = parseSpec wkgrip keyspec | 295 | let s = parseSpec wkgrip keyspec |
294 | flip (maybe . void $ warn (keyspec ++ ": not found")) | 296 | flip (maybe . Left $ keyspec ++ ": not found") |
295 | (selectPublicKey s db) | 297 | (selectPublicKey s db) |
296 | $ \k -> do | 298 | $ \k -> do |
297 | let rsa = pkcs8 . fromJust $ rsaKeyFromPacket k | 299 | let rsa = pkcs8 . fromJust $ rsaKeyFromPacket k |
298 | der = encodeASN1 DER (toASN1 rsa []) | 300 | der = encodeASN1 DER (toASN1 rsa []) |
299 | qq = Base64.encode (L.unpack der) | 301 | qq = Base64.encode (L.unpack der) |
300 | putStrLn $ | 302 | return $ |
301 | writePEM "PUBLIC KEY" qq -- ("TODO "++show keyspec) | 303 | writePEM "PUBLIC KEY" qq -- ("TODO "++show keyspec) |
302 | 304 | ||
303 | show_ssh keyspec wkgrip db = either warn putStrLn $ show_ssh' keyspec wkgrip db | 305 | show_ssh keyspec wkgrip db = either warn putStrLn $ show_ssh' keyspec wkgrip db |
@@ -1141,11 +1143,11 @@ kiki "init-key" args = do | |||
1141 | , show size ] | 1143 | , show size ] |
1142 | mkdirFor path = do | 1144 | mkdirFor path = do |
1143 | let dir = takeDirectory path | 1145 | let dir = takeDirectory path |
1144 | putStrLn $ "mkdirFor " ++ show dir | 1146 | -- putStrLn $ "mkdirFor " ++ show dir |
1145 | createDirectoryIfMissing True dir | 1147 | createDirectoryIfMissing True dir |
1146 | -- ssl = Just "mkdir -p \"$(dirname $file)\" && openssl genrsa -out $file 1024" | 1148 | -- ssl = Just "mkdir -p \"$(dirname $file)\" && openssl genrsa -out $file 1024" |
1147 | (home,secring,pubring,mbwk) <- unconditionally $ getHomeDir homespec | 1149 | (home,secring,pubring,mbwk) <- unconditionally $ getHomeDir homespec |
1148 | putStrLn $ "home = " ++ show (home,secring,pubring,mbwk) | 1150 | -- putStrLn $ "home = " ++ show (home,secring,pubring,mbwk) |
1149 | gotsec <- doesFileExist secring | 1151 | gotsec <- doesFileExist secring |
1150 | when (not gotsec) $ do | 1152 | when (not gotsec) $ do |
1151 | let mkpath = home ++ "/master-key" | 1153 | let mkpath = home ++ "/master-key" |
@@ -1164,7 +1166,8 @@ kiki "init-key" args = do | |||
1164 | HomePub | 1166 | HomePub |
1165 | ( encode $ Message [] ) | 1167 | ( encode $ Message [] ) |
1166 | 1168 | ||
1167 | -- TODO: These should be read from a configuration file | 1169 | -- TODO: These should be read from a configuration file. |
1170 | -- (use SimpleConfig) | ||
1168 | let torpath = fromMaybe "" rootdir ++ "/var/lib/tor/samizdat/private_key" | 1171 | let torpath = fromMaybe "" rootdir ++ "/var/lib/tor/samizdat/private_key" |
1169 | sshcpath0 = fromMaybe "" rootdir ++ "/root/.ssh/id_rsa" | 1172 | sshcpath0 = fromMaybe "" rootdir ++ "/root/.ssh/id_rsa" |
1170 | sshspath0 = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key" | 1173 | sshspath0 = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key" |
@@ -1210,9 +1213,11 @@ kiki "init-key" args = do | |||
1210 | let oname = do wk <- rtWorkingKey rt | 1213 | let oname = do wk <- rtWorkingKey rt |
1211 | onionNameForContact (keykey wk) (rtKeyDB rt) | 1214 | onionNameForContact (keykey wk) (rtKeyDB rt) |
1212 | flip (maybe $ error "Missing tor key") oname $ \oname -> do | 1215 | flip (maybe $ error "Missing tor key") oname $ \oname -> do |
1213 | let [ sshcpath , sshspath , ipsecpath ] | 1216 | let [ sshcpath , sshspath , ipsecpath, |
1217 | sshcpathpub, sshspathpub, ipsecpathpub ] | ||
1214 | = map (interp (Map.fromList [("onion",oname)])) | 1218 | = map (interp (Map.fromList [("onion",oname)])) |
1215 | [ sshcpath0, sshspath0, ipsecpath0 ] | 1219 | [ sshcpath0, sshspath0, ipsecpath0 |
1220 | , sshcpathpub0, sshspathpub0, ipsecpathpub0 ] | ||
1216 | let op2 = op | 1221 | let op2 = op |
1217 | { opFiles = Map.fromList $ | 1222 | { opFiles = Map.fromList $ |
1218 | [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) | 1223 | [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) |
@@ -1222,7 +1227,8 @@ kiki "init-key" args = do | |||
1222 | , ( ArgFile sshspath, peminfo 2048 "ssh-server" ) ] | 1227 | , ( ArgFile sshspath, peminfo 2048 "ssh-server" ) ] |
1223 | , opPassphrases = [ PassphraseMemoizer (rtPassphrases rt) ] | 1228 | , opPassphrases = [ PassphraseMemoizer (rtPassphrases rt) ] |
1224 | } | 1229 | } |
1225 | forM_ [sshcpath,sshspath,ipsecpath] mkdirFor | 1230 | forM_ [sshcpath,sshspath,ipsecpath |
1231 | ,sshcpathpub,sshspathpub,ipsecpathpub] mkdirFor | ||
1226 | KikiResult rt report <- runKeyRing op2 | 1232 | KikiResult rt report <- runKeyRing op2 |
1227 | forM_ report $ \(fname,act) -> do | 1233 | forM_ report $ \(fname,act) -> do |
1228 | putStrLn $ fname ++ ": " ++ reportString act | 1234 | putStrLn $ fname ++ ": " ++ reportString act |
@@ -1230,17 +1236,19 @@ kiki "init-key" args = do | |||
1230 | 1236 | ||
1231 | -- Finally, export public keys if they do not exist. | 1237 | -- Finally, export public keys if they do not exist. |
1232 | flip (maybe $ warn "missing working key?") (rtGrip rt) $ \grip -> do | 1238 | flip (maybe $ warn "missing working key?") (rtGrip rt) $ \grip -> do |
1233 | -- TODO: the .pub file paths should be read from config also | 1239 | gotc <- doesFileExist (sshcpathpub) |
1234 | gotc <- doesFileExist (sshcpath++".pub") | ||
1235 | when (not gotc) $ do | 1240 | when (not gotc) $ do |
1236 | either warn (writeFile $ sshcpath++".pub") | 1241 | either warn (writeFile sshcpathpub) |
1237 | $ show_ssh' "ssh-client" grip (rtKeyDB rt) | 1242 | $ show_ssh' "ssh-client" grip (rtKeyDB rt) |
1238 | goth <- doesFileExist (sshspath++".pub") | 1243 | goth <- doesFileExist (sshspathpub) |
1239 | when (not goth) $ do | 1244 | when (not goth) $ do |
1240 | either warn (writeFile $ sshspath++".pub") | 1245 | either warn (writeFile $ sshspathpub) |
1241 | $ show_ssh' "ssh-host" grip (rtKeyDB rt) | 1246 | $ show_ssh' "ssh-host" grip (rtKeyDB rt) |
1242 | 1247 | ||
1243 | -- TODO: strongswan public /etc/ipsec.d/certs/%(onion).pem | 1248 | goti <- doesFileExist (ipsecpathpub) |
1249 | when (not goti) $ do | ||
1250 | either warn (writeFile $ ipsecpathpub) | ||
1251 | $ show_pem' "strongswan" grip (rtKeyDB rt) | ||
1244 | 1252 | ||
1245 | return () | 1253 | return () |
1246 | 1254 | ||