Client signing of monkeysphere server keys

This commit is contained in:
Bob Mottram 2016-05-04 13:56:00 +01:00
parent a7745f4cb7
commit 32ed82bd67
No known key found for this signature in database
GPG Key ID: BA68F26108DC9F87
2 changed files with 758 additions and 712 deletions

File diff suppressed because it is too large Load Diff

View File

@ -64,9 +64,6 @@ DH_KEYLENGTH=2048
LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory' LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
MY_USERNAME= MY_USERNAME=
if grep -q "MY_USERNAME" $CONFIGURATION_FILE; then
MY_USERNAME=$(grep "MY_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
function get_protocols_from_website { function get_protocols_from_website {
if [ ! -f $WEBSITES_DIRECTORY/$1 ]; then if [ ! -f $WEBSITES_DIRECTORY/$1 ]; then
@ -614,6 +611,10 @@ function enable_monkeysphere {
esac esac
if [ $monkey ]; then if [ $monkey ]; then
if grep -q "MY_USERNAME" $CONFIGURATION_FILE; then
MY_USERNAME=$(grep "MY_USERNAME" $CONFIGURATION_FILE | awk -F '=' '{print $2}')
fi
if [ ! -f /home/$MY_USERNAME/.monkeysphere/authorized_user_ids ]; then if [ ! -f /home/$MY_USERNAME/.monkeysphere/authorized_user_ids ]; then
dialog --title $"GPG based authentication" \ dialog --title $"GPG based authentication" \
--msgbox $"$MY_USERNAME does not currently have any ids within ~/.monkeysphere/authorized_user_ids" 6 40 --msgbox $"$MY_USERNAME does not currently have any ids within ~/.monkeysphere/authorized_user_ids" 6 40
@ -927,6 +928,33 @@ function refresh_gpg_keys {
exit 0 exit 0
} }
function monkeysphere_sign_server_keys {
server_keys_file=/home/$USER/.monkeysphere/server_keys
if [ ! -f $server_keys_file ]; then
exit 0
fi
keys_signed=
while read line; do
echo $line
if [ ${#line} -gt 2 ]; then
fpr=$(gpg --with-colons --fingerprint "$line" | grep fpr | head -n 1 | awk -F ':' '{print $10}')
if [ ${#fpr} -gt 2 ]; then
gpg --sign-key $fpr
if [ "$?" = "0" ]; then
gpg --update-trustdb
keys_signed=1
fi
fi
fi
done <$server_keys_file
if [ $keys_signed ]; then
rm $server_keys_file
fi
exit 0
}
function show_help { function show_help {
echo '' echo ''
echo "${PROJECT_NAME}-sec" echo "${PROJECT_NAME}-sec"
@ -938,6 +966,7 @@ function show_help {
echo $' -e --export Export security settings to a file' echo $' -e --export Export security settings to a file'
echo $' -i --import Import security settings from a file' echo $' -i --import Import security settings from a file'
echo $' -r --refresh Refresh GPG keys for all users' echo $' -r --refresh Refresh GPG keys for all users'
echo $' -s --sign Sign monkeysphere server keys'
echo $' --register [domain] Register a https domain with monkeysphere' echo $' --register [domain] Register a https domain with monkeysphere'
echo '' echo ''
exit 0 exit 0
@ -973,6 +1002,11 @@ case $key in
shift shift
register_website "$1" register_website "$1"
;; ;;
# user signs monkeysphere server keys
-s|--sign)
shift
monkeysphere_sign_server_keys
;;
*) *)
# unknown option # unknown option
;; ;;