From ff8a280a96669a59ed842b251db59fa116f50a52 Mon Sep 17 00:00:00 2001 From: joe Date: Fri, 1 Aug 2014 03:56:28 -0400 Subject: export public ipsec key to /etc/ipsec.d/certs/ --- kiki.hs | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) (limited to 'kiki.hs') diff --git a/kiki.hs b/kiki.hs index fa45aa1..42e1515 100644 --- a/kiki.hs +++ b/kiki.hs @@ -289,15 +289,17 @@ show_whose_key input_key db = (_:_) -> error "ambiguous" [] -> return () -show_pem keyspec wkgrip db = do +show_pem keyspec wkgrip db = either warn putStrLn $ show_pem' keyspec wkgrip db + +show_pem' keyspec wkgrip db = do let s = parseSpec wkgrip keyspec - flip (maybe . void $ warn (keyspec ++ ": not found")) + flip (maybe . Left $ keyspec ++ ": not found") (selectPublicKey s db) $ \k -> do let rsa = pkcs8 . fromJust $ rsaKeyFromPacket k der = encodeASN1 DER (toASN1 rsa []) qq = Base64.encode (L.unpack der) - putStrLn $ + return $ writePEM "PUBLIC KEY" qq -- ("TODO "++show keyspec) show_ssh keyspec wkgrip db = either warn putStrLn $ show_ssh' keyspec wkgrip db @@ -1141,11 +1143,11 @@ kiki "init-key" args = do , show size ] mkdirFor path = do let dir = takeDirectory path - putStrLn $ "mkdirFor " ++ show dir + -- putStrLn $ "mkdirFor " ++ show dir createDirectoryIfMissing True dir -- ssl = Just "mkdir -p \"$(dirname $file)\" && openssl genrsa -out $file 1024" (home,secring,pubring,mbwk) <- unconditionally $ getHomeDir homespec - putStrLn $ "home = " ++ show (home,secring,pubring,mbwk) + -- putStrLn $ "home = " ++ show (home,secring,pubring,mbwk) gotsec <- doesFileExist secring when (not gotsec) $ do let mkpath = home ++ "/master-key" @@ -1164,7 +1166,8 @@ kiki "init-key" args = do HomePub ( encode $ Message [] ) - -- TODO: These should be read from a configuration file + -- TODO: These should be read from a configuration file. + -- (use SimpleConfig) let torpath = fromMaybe "" rootdir ++ "/var/lib/tor/samizdat/private_key" sshcpath0 = fromMaybe "" rootdir ++ "/root/.ssh/id_rsa" sshspath0 = fromMaybe "" rootdir ++ "/etc/ssh/ssh_host_rsa_key" @@ -1210,9 +1213,11 @@ kiki "init-key" args = do let oname = do wk <- rtWorkingKey rt onionNameForContact (keykey wk) (rtKeyDB rt) flip (maybe $ error "Missing tor key") oname $ \oname -> do - let [ sshcpath , sshspath , ipsecpath ] + let [ sshcpath , sshspath , ipsecpath, + sshcpathpub, sshspathpub, ipsecpathpub ] = map (interp (Map.fromList [("onion",oname)])) - [ sshcpath0, sshspath0, ipsecpath0 ] + [ sshcpath0, sshspath0, ipsecpath0 + , sshcpathpub0, sshspathpub0, ipsecpathpub0 ] let op2 = op { opFiles = Map.fromList $ [ ( HomeSec, buildStreamInfo KF_All KeyRingFile ) @@ -1222,7 +1227,8 @@ kiki "init-key" args = do , ( ArgFile sshspath, peminfo 2048 "ssh-server" ) ] , opPassphrases = [ PassphraseMemoizer (rtPassphrases rt) ] } - forM_ [sshcpath,sshspath,ipsecpath] mkdirFor + forM_ [sshcpath,sshspath,ipsecpath + ,sshcpathpub,sshspathpub,ipsecpathpub] mkdirFor KikiResult rt report <- runKeyRing op2 forM_ report $ \(fname,act) -> do putStrLn $ fname ++ ": " ++ reportString act @@ -1230,17 +1236,19 @@ kiki "init-key" args = do -- Finally, export public keys if they do not exist. flip (maybe $ warn "missing working key?") (rtGrip rt) $ \grip -> do - -- TODO: the .pub file paths should be read from config also - gotc <- doesFileExist (sshcpath++".pub") + gotc <- doesFileExist (sshcpathpub) when (not gotc) $ do - either warn (writeFile $ sshcpath++".pub") + either warn (writeFile sshcpathpub) $ show_ssh' "ssh-client" grip (rtKeyDB rt) - goth <- doesFileExist (sshspath++".pub") + goth <- doesFileExist (sshspathpub) when (not goth) $ do - either warn (writeFile $ sshspath++".pub") + either warn (writeFile $ sshspathpub) $ show_ssh' "ssh-host" grip (rtKeyDB rt) - -- TODO: strongswan public /etc/ipsec.d/certs/%(onion).pem + goti <- doesFileExist (ipsecpathpub) + when (not goti) $ do + either warn (writeFile $ ipsecpathpub) + $ show_pem' "strongswan" grip (rtKeyDB rt) return () -- cgit v1.2.3