break out a bunch of common functions in monkeysphere-host:
authorJameson Graef Rollins <jrollins@finestructure.net>
Thu, 12 Feb 2009 18:25:35 +0000 (13:25 -0500)
committerJameson Graef Rollins <jrollins@finestructure.net>
Thu, 12 Feb 2009 18:25:35 +0000 (13:25 -0500)
- create_*_*_file to create the key files
- load_*fingerprint to load the host fingerprint into an exported
  variable (HOST_FINGERPRINT)
- check_host_*key to check for the presence of a host key
modified {import,gen}_key to use these new functions.

src/monkeysphere-host
src/share/mh/gen_key
src/share/mh/import_key

index be398b159dfe22f5789157c795cad849ba280b45..4aab995950e89ed1323275431594023810503da8 100755 (executable)
@@ -32,6 +32,10 @@ MHSHAREDIR="${SYSSHAREDIR}/mh"
 # datadir for host functions
 MHDATADIR="${SYSDATADIR}/host"
 
+# host pub key files
+HOST_KEY_PUB="${SYSDATADIR}/ssh_host_rsa_key.pub"
+HOST_KEY_PUB_GPG="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+
 # UTC date in ISO 8601 format if needed
 DATE=$(date -u '+%FT%T')
 
@@ -93,22 +97,71 @@ gpg_host_export() {
        "0x${HOST_FINGERPRINT}!"
 }
 
-# export the host key to the monkeysphere host file key
-gpg_host_export_to_ssh_file() {
-    log debug "exporting openpgp public key..."
+# export the host secret key to the monkeysphere ssh sec key file
+# NOTE: assumes that the primary key is the proper key to use
+create_ssh_sec_file() {
+    log debug "creating ssh secret key file..."
+    (umask 077 && \
+       gpg_host --export-secret-key "$HOST_FINGERPRINT" | \
+       openpgp2ssh "$HOST_FINGERPRINT" > "${MHDATADIR}/ssh_host_rsa_key")
+    log info "SSH host secret key file: ${MHDATADIR}/ssh_host_rsa_key"
+}
+
+# export the host public key to the monkeysphere ssh pub key file
+create_ssh_pub_file() {
+    log debug "creating ssh public key file..."
+    ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "$HOST_KEY_PUB"
+    log info "SSH host public key file: $HOST_KEY_PUB"
+}
 
+# export the host public key to the monkeysphere gpg pub key file
+create_gpg_pub_file() {
+    log debug "creating openpgp public key file..."
     gpg_host_export > "$HOST_KEY_PUB_GPG"
-    log info "SSH host public key in OpenPGP form: $HOST_KEY_PUB_GPG"
+    log info "GPG host public key file: $HOST_KEY_PUB_GPG"
+}
+
+# load the host fingerprint into the fingerprint variable, using the
+# export gpg pub key file
+load_fingerprint() {
+    if [ -f "$HOST_KEY_PUB_GPG" ] ; then
+       HOST_FINGERPRINT=$( \
+           (FUBAR=$(mktemp -d) && export GNUPGHOME="$FUBAR" \
+           && gpg --quiet --import \
+           && gpg --quiet --list-keys --with-colons --with-fingerprint \
+           && rm -rf "$FUBAR") <"$HOST_KEY_PUB_GPG" \
+           | grep '^fpr:' | cut -d: -f10 )
+    else
+       HOST_FINGERPRINT=
+    fi
+}
+
+# load the host fingerprint into the fingerprint variable, using the
+# gpg host secret key
+load_fingerprint_secret() {
+    HOST_FINGERPRINT=$( \
+       gpg_host --quiet --list-secret-key \
+       --with-colons --with-fingerprint \
+       | grep '^fpr:' | cut -d: -f10 )
 }
 
-# output just key fingerprint
-# FIXME: should not have to be priviledged user to get host
-# fingerprint.  should be taken from publicly accessible key files,
-# instead of the keyring.
-get_host_fingerprint() {
-    gpg_host --list-secret-keys --fingerprint \
-       --with-colons --fixed-list-mode 2> /dev/null | \
-       grep '^fpr:' | head -1 | cut -d: -f10 2>/dev/null || true
+# output host key ssh fingerprint
+load_ssh_fingerprint() {
+    [ -f "$HOST_KEY_PUB" ] || return 0
+    HOST_FINGERPRINT_SSH=$(ssh-keygen -l -f "$HOST_KEY_PUB" \
+       | awk '{ print $1, $2, $4 }')
+}
+
+# fail if host key present
+check_host_key() {
+    [ -z "$HOST_FINGERPRINT" ] \
+       || failure "An OpenPGP host key already exists."
+}
+
+# fail if host key not present
+check_host_no_key() {
+    [ "$HOST_FINGERPRINT" ] \
+       || failure "You don't appear to have a Monkeysphere host key on this server.  Please run 'monkeysphere-host expert import-key' first."
 }
 
 # output the index of a user ID on the host key
@@ -135,27 +188,18 @@ find_host_userid() {
     fi
 }
 
-# function to check for host secret key
-check_host_fail() {
-    [ "$HOST_FINGERPRINT" ] || \
-       failure "You don't appear to have a Monkeysphere host key on this server.  Please run 'monkeysphere-host expert import-key' first."
-}
-
 # show info about the host key
 show_key() {
-    local fingerprintSSH
-
     gpg_host --fingerprint --list-key --list-options show-unusable-uids \
        "0x${HOST_FINGERPRINT}!" 2>/dev/null
     # FIXME: make sure expiration date is shown
 
     echo "OpenPGP fingerprint: $HOST_FINGERPRINT"
 
-    if [ -f "$HOST_KEY_PUB" ] ; then
-       fingerprintSSH=$(ssh-keygen -l -f "$HOST_KEY_PUB" | \
-           awk '{ print $1, $2, $4 }')
+    load_ssh_fingerprint
 
-       echo "ssh fingerprint: $fingerprintSSH"
+    if [ "$HOST_FINGERPRINT_SSH" ] ; then
+       echo "ssh fingerprint: $HOST_FINGERPRINT_SSH"
     else
        log error "SSH host key not found."
     fi
@@ -186,13 +230,6 @@ MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkey
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
 GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"}
 
-# host key fingerprint
-HOST_FINGERPRINT=$(get_host_fingerprint)
-
-# host pub key files
-HOST_KEY_PUB="${SYSDATADIR}/ssh_host_rsa_key.pub"
-HOST_KEY_PUB_GPG="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
-
 # export variables needed in su invocation
 export DATE
 export MODE
@@ -201,52 +238,59 @@ export MONKEYSPHERE_USER
 export KEYSERVER
 export GNUPGHOME_HOST
 export GNUPGHOME
-export HOST_FINGERPRINT
+export HOST_FINGERPRINT=
+export HOST_FINGERPRINT_SSH=
 
 # get subcommand
 COMMAND="$1"
 [ "$COMMAND" ] || failure "Type '$PGRM help' for usage."
 shift
 
-
 case $COMMAND in
     'show-key'|'show'|'s')
-       check_host_fail
+       load_fingerprint
+       check_host_no_key
        show_key
        ;;
 
     'set-expire'|'extend-key'|'e')
-       check_host_fail
+       load_fingerprint
+       check_host_no_key
        source "${MHSHAREDIR}/set_expire"
        set_expire "$@"
        ;;
 
     'add-hostname'|'add-name'|'n+')
-       check_host_fail
+       load_fingerprint
+       check_host_no_key
        source "${MHSHAREDIR}/add_hostname"
        add_hostname "$@"
        ;;
 
     'revoke-hostname'|'revoke-name'|'n-')
-       check_host_fail
+       load_fingerprint
+       check_host_no_key
        source "${MHSHAREDIR}/revoke_hostname"
        revoke_hostname "$@"
        ;;
 
     'add-revoker'|'o')
-       check_host_fail
+       load_fingerprint
+       check_host_no_key
        source "${MHSHAREDIR}/add_revoker"
        add_revoker "$@"
        ;;
 
     'revoke-key'|'r')
-       check_host_fail
+       load_fingerprint
+       check_host_no_key
        source "${MHSHAREDIR}/revoke_key"
        revoke_key "$@"
        ;;
 
     'publish-key'|'publish'|'p')
-       check_host_fail
+       load_fingerprint
+       check_host_no_key
        source "${MHSHAREDIR}/publish_key"
        publish_key
        ;;
@@ -269,11 +313,15 @@ EOF
                ;;
 
            'import-key'|'i')
+               load_fingerprint
+               check_host_key
                source "${MHSHAREDIR}/import_key"
                import_key "$@"
                ;;
 
            'gen-key'|'g')
+               load_fingerprint
+               check_host_key
                source "${MHSHAREDIR}/gen_key"
                gen_key "$@"
                ;;
index 7b427e4cf628d69b9b661ffbc8a0abc567560d9d..873ed0298d24ae1e7a02e34359878eae73ee5967 100644 (file)
@@ -20,10 +20,6 @@ local keyUsage="auth"
 local keyExpire="0"
 local userID
 
-# check for presense of a key
-[ "$HOST_FINGERPRINT" ] && \
-    failure "An OpenPGP host key already exists."
-
 # get options
 while true ; do
        case "$1" in
@@ -61,25 +57,17 @@ Expire-Date: $keyExpire
 
 EOF
 
-# find the key fingerprint of the newly converted key
-HOST_FINGERPRINT=$(get_host_fingerprint)
-export HOST_FINGERPRINT
+# load the new host fpr into the fpr variable
+load_fingerprint_secret
 
-# translate the private key to ssh format, and export to a file
-# for sshs usage.
-# NOTE: assumes that the primary key is the proper key to use
-log debug "exporting ssh secret key..."
-(umask 077 && \
-       gpg_host --export-secret-key "$HOST_FINGERPRINT" | \
-       openpgp2ssh "$HOST_FINGERPRINT" > "${MHDATADIR}/ssh_host_rsa_key")
-log info "SSH host private key output to file: ${MHDATADIR}/ssh_host_rsa_key"
+# export to ssh secret key file
+create_ssh_sec_file
 
-log debug "creating ssh public key..."
-ssh-keygen -y -f "${MHDATADIR}/ssh_host_rsa_key" > "$HOST_KEY_PUB"
-log info "SSH host public key output to file: $HOST_KEY_PUB"
+# export to ssh public key file
+create_ssh_pub_file
 
-# export public key to file
-gpg_host_export_to_ssh_file
+# export to gpg public key to file
+create_gpg_pub_file
 
 # show info about new key
 show_key
index 99511a86095ef9f806a6aaa8b58052867c0f047a..9be8dce5ba9256d5355ecba07e348a3bf4d3ac59 100644 (file)
@@ -16,10 +16,6 @@ import_key() {
 local hostName
 local userID
 
-# check for presense of a key
-[ "$HOST_FINGERPRINT" ] && \
-    failure "An OpenPGP host key already exists."
-
 hostName=${1:-$(hostname -f)}
 
 userID="ssh://${hostName}"
@@ -33,12 +29,11 @@ log verbose "importing ssh key..."
 PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "$userID" | \
     gpg_host --import
 
-# find the key fingerprint of the newly converted key
-HOST_FINGERPRINT=$(get_host_fingerprint)
-export HOST_FINGERPRINT
+# load the new host fpr into the fpr variable
+load_fingerprint_secret
 
-# export public key to file
-gpg_host_export_to_ssh_file
+# export to gpg public key to file
+create_gpg_pub_file
 
 # show info about new key
 show_key