From d546f22c6ee3d88eca6b01b4e7debae56cfda649 Mon Sep 17 00:00:00 2001
From: joe <joe@jerkface.net>
Date: Fri, 1 Aug 2014 20:56:47 -0400
Subject: init-key now export public ipsec keys for contacts.

---
 kiki.hs | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

(limited to 'kiki.hs')

diff --git a/kiki.hs b/kiki.hs
index 42e1515..9619971 100644
--- a/kiki.hs
+++ b/kiki.hs
@@ -295,7 +295,9 @@ show_pem' keyspec wkgrip db = do
     let s = parseSpec wkgrip keyspec
     flip (maybe . Left $ keyspec ++ ": not found")
          (selectPublicKey s db)
-         $ \k -> do
+         pemFromPacket
+
+pemFromPacket k = do
     let rsa = pkcs8 . fromJust $ rsaKeyFromPacket k
         der = encodeASN1 DER (toASN1 rsa [])
         qq  = Base64.encode (L.unpack der)
@@ -1175,6 +1177,8 @@ kiki "init-key" args = do
         sshcpathpub0 = fromMaybe "" rootdir ++ "/root/.ssh/id_rsa.pub"
         sshspathpub0 = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key.pub"
         ipsecpathpub0 = fromMaybe "" rootdir ++ "/etc/ipsec.d/certs/%(onion).pem"
+        contactipsec0 = fromMaybe "" rootdir ++ "/etc/ipsec.d/certs/%(onion).pem"
+
     
     -- First, we ensure that the tor key exists and is imported
     -- so that we know where to put the strongswan key.
@@ -1250,7 +1254,25 @@ kiki "init-key" args = do
         either warn (writeFile $ ipsecpathpub)
             $ show_pem' "strongswan" grip (rtKeyDB rt)
 
-    return ()
+    let cs = filter notme (Map.elems $ rtKeyDB rt)
+        kk = keykey (fromJust $ rtWorkingKey rt)
+        notme kd = keykey (keyPacket kd) /= kk
+
+        installConctact kd = do
+            let (_,(ns,_)) = getHostnames kd
+                contactname = fmap Char8.unpack $ listToMaybe ns
+            flip (maybe $ return ()) contactname $ \contactname -> do
+            let cpath = interp (Map.singleton "onion" contactname) contactipsec0
+                kspec = ( KeyGrip $ fingerprint $ keyPacket kd
+                        , Just "strongswan" )
+                mbk = selectPublicKey kspec $ Map.singleton (keykey $ keyPacket kd) kd
+            flip (maybe $ return ()) mbk $ \k -> do
+            goti <- doesFileExist (cpath)
+            when (not goti) $ do
+                either warn (writeFile $ cpath)
+                    $ pemFromPacket k
+
+    mapM_ installConctact cs
 
 splitArg :: String -> Either (String,Maybe String) String
 splitArg arg =
-- 
cgit v1.2.3