diff options
| author | joe <joe@jerkface.net> | 2014-08-01 03:56:28 -0400 |
|---|---|---|
| committer | joe <joe@jerkface.net> | 2014-08-01 03:56:28 -0400 |
| commit | ff8a280a96669a59ed842b251db59fa116f50a52 (patch) | |
| tree | de776028b0000e67900f2a7b6e89793bb09ae3cb /kiki.hs | |
| parent | 188a2ea85a2b72b4f793e31e82a2d24f59dd7717 (diff) | |
export public ipsec key to /etc/ipsec.d/certs/
Diffstat (limited to 'kiki.hs')
| -rw-r--r-- | kiki.hs | 38 |
1 files changed, 23 insertions, 15 deletions
| @@ -289,15 +289,17 @@ show_whose_key input_key db = | |||
| 289 | (_:_) -> error "ambiguous" | 289 | (_:_) -> error "ambiguous" |
| 290 | [] -> return () | 290 | [] -> return () |
| 291 | 291 | ||
| 292 | show_pem keyspec wkgrip db = do | 292 | show_pem keyspec wkgrip db = either warn putStrLn $ show_pem' keyspec wkgrip db |
| 293 | |||
| 294 | show_pem' keyspec wkgrip db = do | ||
| 293 | let s = parseSpec wkgrip keyspec | 295 | let s = parseSpec wkgrip keyspec |
| 294 | flip (maybe . void $ warn (keyspec ++ ": not found")) | 296 | flip (maybe . Left $ keyspec ++ ": not found") |
| 295 | (selectPublicKey s db) | 297 | (selectPublicKey s db) |
| 296 | $ \k -> do | 298 | $ \k -> do |
| 297 | let rsa = pkcs8 . fromJust $ rsaKeyFromPacket k | 299 | let rsa = pkcs8 . fromJust $ rsaKeyFromPacket k |
| 298 | der = encodeASN1 DER (toASN1 rsa []) | 300 | der = encodeASN1 DER (toASN1 rsa []) |
| 299 | qq = Base64.encode (L.unpack der) | 301 | qq = Base64.encode (L.unpack der) |
| 300 | putStrLn $ | 302 | return $ |
| 301 | writePEM "PUBLIC KEY" qq -- ("TODO "++show keyspec) | 303 | writePEM "PUBLIC KEY" qq -- ("TODO "++show keyspec) |
| 302 | 304 | ||
| 303 | show_ssh keyspec wkgrip db = either warn putStrLn $ show_ssh' keyspec wkgrip db | 305 | show_ssh keyspec wkgrip db = either warn putStrLn $ show_ssh' keyspec wkgrip db |
| @@ -1141,11 +1143,11 @@ kiki "init-key" args = do | |||
| 1141 | , show size ] | 1143 | , show size ] |
| 1142 | mkdirFor path = do | 1144 | mkdirFor path = do |
| 1143 | let dir = takeDirectory path | 1145 | let dir = takeDirectory path |
| 1144 | putStrLn $ "mkdirFor " ++ show dir | 1146 | -- putStrLn $ "mkdirFor " ++ show dir |
| 1145 | createDirectoryIfMissing True dir | 1147 | createDirectoryIfMissing True dir |
| 1146 | -- ssl = Just "mkdir -p \"$(dirname $file)\" && openssl genrsa -out $file 1024" | 1148 | -- ssl = Just "mkdir -p \"$(dirname $file)\" && openssl genrsa -out $file 1024" |
| 1147 | (home,secring,pubring,mbwk) <- unconditionally $ getHomeDir homespec | 1149 | (home,secring,pubring,mbwk) <- unconditionally $ getHomeDir homespec |
| 1148 | putStrLn $ "home = " ++ show (home,secring,pubring,mbwk) | 1150 | -- putStrLn $ "home = " ++ show (home,secring,pubring,mbwk) |
| 1149 | gotsec <- doesFileExist secring | 1151 | gotsec <- doesFileExist secring |
| 1150 | when (not gotsec) $ do | 1152 | when (not gotsec) $ do |
| 1151 | let mkpath = home ++ "/master-key" | 1153 | let mkpath = home ++ "/master-key" |
| @@ -1164,7 +1166,8 @@ kiki "init-key" args = do | |||
| 1164 | HomePub | 1166 | HomePub |
| 1165 | ( encode $ Message [] ) | 1167 | ( encode $ Message [] ) |
| 1166 | 1168 | ||
| 1167 | -- TODO: These should be read from a configuration file | 1169 | -- TODO: These should be read from a configuration file. |
| 1170 | -- (use SimpleConfig) | ||
| 1168 | let torpath = fromMaybe "" rootdir ++ "/var/lib/tor/samizdat/private_key" | 1171 | let torpath = fromMaybe "" rootdir ++ "/var/lib/tor/samizdat/private_key" |
| 1169 | sshcpath0 = fromMaybe "" rootdir ++ "/root/.ssh/id_rsa" | 1172 | sshcpath0 = fromMaybe "" rootdir ++ "/root/.ssh/id_rsa" |
| 1170 | sshspath0 = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key" | 1173 | sshspath0 = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key" |
| @@ -1210,9 +1213,11 @@ kiki "init-key" args = do | |||
| 1210 | let oname = do wk <- rtWorkingKey rt | 1213 | let oname = do wk <- rtWorkingKey rt |
| 1211 | onionNameForContact (keykey wk) (rtKeyDB rt) | 1214 | onionNameForContact (keykey wk) (rtKeyDB rt) |
| 1212 | flip (maybe $ error "Missing tor key") oname $ \oname -> do | 1215 | flip (maybe $ error "Missing tor key") oname $ \oname -> do |
| 1213 | let [ sshcpath , sshspath , ipsecpath ] | 1216 | let [ sshcpath , sshspath , ipsecpath, |
| 1217 | sshcpathpub, sshspathpub, ipsecpathpub ] | ||
| 1214 | = map (interp (Map.fromList [("onion",oname)])) | 1218 | = map (interp (Map.fromList [("onion",oname)])) |
| 1215 | [ sshcpath0, sshspath0, ipsecpath0 ] | 1219 | [ sshcpath0, sshspath0, ipsecpath0 |
| 1220 | , sshcpathpub0, sshspathpub0, ipsecpathpub0 ] | ||
| 1216 | let op2 = op | 1221 | let op2 = op |
| 1217 | { opFiles = Map.fromList $ | 1222 | { opFiles = Map.fromList $ |
| 1218 | [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) | 1223 | [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) |
| @@ -1222,7 +1227,8 @@ kiki "init-key" args = do | |||
| 1222 | , ( ArgFile sshspath, peminfo 2048 "ssh-server" ) ] | 1227 | , ( ArgFile sshspath, peminfo 2048 "ssh-server" ) ] |
| 1223 | , opPassphrases = [ PassphraseMemoizer (rtPassphrases rt) ] | 1228 | , opPassphrases = [ PassphraseMemoizer (rtPassphrases rt) ] |
| 1224 | } | 1229 | } |
| 1225 | forM_ [sshcpath,sshspath,ipsecpath] mkdirFor | 1230 | forM_ [sshcpath,sshspath,ipsecpath |
| 1231 | ,sshcpathpub,sshspathpub,ipsecpathpub] mkdirFor | ||
| 1226 | KikiResult rt report <- runKeyRing op2 | 1232 | KikiResult rt report <- runKeyRing op2 |
| 1227 | forM_ report $ \(fname,act) -> do | 1233 | forM_ report $ \(fname,act) -> do |
| 1228 | putStrLn $ fname ++ ": " ++ reportString act | 1234 | putStrLn $ fname ++ ": " ++ reportString act |
| @@ -1230,17 +1236,19 @@ kiki "init-key" args = do | |||
| 1230 | 1236 | ||
| 1231 | -- Finally, export public keys if they do not exist. | 1237 | -- Finally, export public keys if they do not exist. |
| 1232 | flip (maybe $ warn "missing working key?") (rtGrip rt) $ \grip -> do | 1238 | flip (maybe $ warn "missing working key?") (rtGrip rt) $ \grip -> do |
| 1233 | -- TODO: the .pub file paths should be read from config also | 1239 | gotc <- doesFileExist (sshcpathpub) |
| 1234 | gotc <- doesFileExist (sshcpath++".pub") | ||
| 1235 | when (not gotc) $ do | 1240 | when (not gotc) $ do |
| 1236 | either warn (writeFile $ sshcpath++".pub") | 1241 | either warn (writeFile sshcpathpub) |
| 1237 | $ show_ssh' "ssh-client" grip (rtKeyDB rt) | 1242 | $ show_ssh' "ssh-client" grip (rtKeyDB rt) |
| 1238 | goth <- doesFileExist (sshspath++".pub") | 1243 | goth <- doesFileExist (sshspathpub) |
| 1239 | when (not goth) $ do | 1244 | when (not goth) $ do |
| 1240 | either warn (writeFile $ sshspath++".pub") | 1245 | either warn (writeFile $ sshspathpub) |
| 1241 | $ show_ssh' "ssh-host" grip (rtKeyDB rt) | 1246 | $ show_ssh' "ssh-host" grip (rtKeyDB rt) |
| 1242 | 1247 | ||
| 1243 | -- TODO: strongswan public /etc/ipsec.d/certs/%(onion).pem | 1248 | goti <- doesFileExist (ipsecpathpub) |
| 1249 | when (not goti) $ do | ||
| 1250 | either warn (writeFile $ ipsecpathpub) | ||
| 1251 | $ show_pem' "strongswan" grip (rtKeyDB rt) | ||
| 1244 | 1252 | ||
| 1245 | return () | 1253 | return () |
| 1246 | 1254 | ||