diff options
Diffstat (limited to 'lib/Kiki.hs')
-rw-r--r-- | lib/Kiki.hs | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/lib/Kiki.hs b/lib/Kiki.hs index 333369f..b1f7ad7 100644 --- a/lib/Kiki.hs +++ b/lib/Kiki.hs | |||
@@ -233,8 +233,22 @@ refreshCache rt rootdir = do | |||
233 | 233 | ||
234 | callCommand ("rm -rf "++ mkpath "*") -- clean up, in case gpg altered the keyring. | 234 | callCommand ("rm -rf "++ mkpath "*") -- clean up, in case gpg altered the keyring. |
235 | 235 | ||
236 | flip (maybe $ warn "missing working key?") (rtWorkingKey rt) $ \wk -> do | ||
237 | |||
238 | let grip = fingerprint wk | ||
239 | wkkd = rtKeyDB rt Map.! keykey wk | ||
240 | |||
241 | either warn (write $ mkpath "ipsec.d/private/" ++ Char8.unpack oname++".pem") $ do | ||
242 | -- Note: no sig check here. That may be incautious... | ||
243 | let my_ipsecs :: [Packet] | ||
244 | my_ipsecs = sortOn (Down . timestamp) | ||
245 | $ getSubkeys Unsigned wk (keySubKeys wkkd) "ipsec" | ||
246 | case my_ipsecs of | ||
247 | ipsec:_ -> maybe (Left "unsupported ipsec key type") Right | ||
248 | $ secretPemFromPacket ipsec | ||
249 | _ -> Left "missing ipsec key?" | ||
250 | |||
236 | -- Finally, export public keys if they do not exist. | 251 | -- Finally, export public keys if they do not exist. |
237 | flip (maybe $ warn "missing working key?") (rtGrip rt) $ \grip -> do | ||
238 | either warn (write $ mkpath "root/.ssh/id_rsa.pub") | 252 | either warn (write $ mkpath "root/.ssh/id_rsa.pub") |
239 | $ show_ssh' "ssh-client" grip (rtKeyDB rt) | 253 | $ show_ssh' "ssh-client" grip (rtKeyDB rt) |
240 | either warn (write $ mkpath "ssh_host_rsa_key.pub") | 254 | either warn (write $ mkpath "ssh_host_rsa_key.pub") |
@@ -259,7 +273,7 @@ refreshCache rt rootdir = do | |||
259 | -- We find all cross-certified ipsec keys for the given cross-certified onion name. | 273 | -- We find all cross-certified ipsec keys for the given cross-certified onion name. |
260 | ipsecs :: [Packet] | 274 | ipsecs :: [Packet] |
261 | ipsecs = sortOn (Down . timestamp) | 275 | ipsecs = sortOn (Down . timestamp) |
262 | $ getCrossSignedSubkeys their_master (keySubKeys kd) "ipsec" | 276 | $ getSubkeys CrossSigned their_master (keySubKeys kd) "ipsec" |
263 | bss <- forM (take 1 ipsecs) $ \k -> do | 277 | bss <- forM (take 1 ipsecs) $ \k -> do |
264 | let warn' x = warn x >> return Char8.empty | 278 | let warn' x = warn x >> return Char8.empty |
265 | flip (either warn') (pemFromPacket k :: Either String String) $ \pem -> do | 279 | flip (either warn') (pemFromPacket k :: Either String String) $ \pem -> do |