aboutsummaryrefslogtreecommitdiff
path: root/lib/_ak_ns
diff options
context:
space:
mode:
Diffstat (limited to 'lib/_ak_ns')
-rwxr-xr-xlib/_ak_ns214
1 files changed, 183 insertions, 31 deletions
diff --git a/lib/_ak_ns b/lib/_ak_ns
index c391d51..24c0761 100755
--- a/lib/_ak_ns
+++ b/lib/_ak_ns
@@ -21,6 +21,7 @@ source $AK_LIBDIR/_ak_lib_load
_ak_lib_load _ak_log
_ak_lib_load _ak_script
_ak_lib_load _ak_gpg
+_ak_lib_load _ak_fs
_ak_lib_load _ak_zchain
AK_NS_DIR="${AK_WORKDIR}/akns"
@@ -56,33 +57,32 @@ function _ak_ns_list(){
}
function _ak_ns_list_long(){
- _ak_gpg_list_secret_keys_long | grep '@keynames.kaos.kaos'
+ _ak_gpg_list_secret_keys_long \
+ | grep '@keynames.kaos.kaos' \
+ | while read key name
+ do
+ printf '%s %s %s\n' "${key}" "$(_ak_ns_encode_key ${key})" "${name}"
+ done
}
-function _ak_ns_resolve_from_name(){
+function _ak_ns_resolve_from_key(){
# $1; exit;;
if [ -z $1 ] || [ ! -n "$1" ]
then
- _ak_log_error "No name was given"
+ _ak_log_error "No key was given"
exit 1
fi
- key_name="$1"
- _ak_log_info "${key_name} was given"
- if [ "${key_name}" == "zchain" ] || [ "${key_name}" == "zconfig" ]
+ key="$1"
+ _ak_log_info "${key} was given"
+ if [ ! -f ${AK_NS_DIR}/${key} ]
then
- _ak_log_info "${key_name} search on local secret keychain"
- key="$(_ak_gpg_list_secret_keys_long | grep ${key_name}'@keynames.kaos.kaos' | cut -d ' ' -f 1)"
- if [ ! -n "${key}" ]
- then
- _ak_log_error "${key_name} was not found locally"
- exit 1
- fi
- _ak_ns_resolve_from_key ${key}
+ _ak_log_error "${key} was not found"
+ exit 1
fi
- _ak_not_implemented "${FUNCNAME}"
+ _ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key}
}
-function _ak_ns_resolve_from_key(){
+function _ak_ns_resolve_from_key_with_proof(){
# $1; exit;;
if [ -z $1 ] || [ ! -n "$1" ]
then
@@ -91,17 +91,80 @@ function _ak_ns_resolve_from_key(){
fi
key="$1"
_ak_log_info "${key} was given"
- if [ ! -f ${AK_NS_DIR}/${key} ]
+ if [ ! -f ${AK_NS_DIR}/${key}.map ]
then
_ak_log_error "${key} was not found"
exit 1
fi
- _ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key}
- _ak_not_implemented "${FUNCNAME}"
+ cat ${AK_NS_DIR}/${key}.map
+}
+
+function _ak_ns_resolve_from_key_with_proof_json(){
+ # $1; exit;;
+ if [ -z $1 ] || [ ! -n "$1" ]
+ then
+ _ak_log_error "No key was given"
+ exit 1
+ fi
+ key="$1"
+ json=$(_ak_ns_resolve_from_key_with_proof $key | while read proof resolved; do printf '{"fingerprint":"%s","proof":"%s","resolved":"%s"}' "$1" "$proof" "$resolved"; done)
+ if [ $? -ne 0 ]
+ then
+ _ak_log_error "Something happened"
+ exit 1
+ fi
+ echo $json
+}
+
+function _ak_ns_encode_key(){
+ # $1; exit;;
+ if [ -z $1 ] || [ ! -n "$1" ]
+ then
+ _ak_log_error "No key was given"
+ exit 1
+ fi
+ key="$1"
+ _ak_log_info "${key} was given"
+ printf '%s' "$(echo -n ${key}|xxd -r -p|base64)"
+}
+
+function _ak_ns_decode_key(){
+ # $1; exit;;
+ if [ -z $1 ] || [ ! -n "$1" ]
+ then
+ _ak_log_error "No key was given"
+ exit 1
+ fi
+ key="$1"
+ _ak_log_info "${key} was given"
+ printf '%s' "$(echo -n ${key}|base64 -d|xxd -p|tr '[:lower:]' '[:upper:]')"
+}
+
+function _ak_ns_resolve_from_name(){
+ # $1; exit;;
+ if [ -z $1 ] || [ ! -n "$1" ]
+ then
+ _ak_log_error "No name was given"
+ exit 1
+ fi
+ key_name="$1"
+ _ak_log_info "${key_name} was given"
+ if [ "${key_name}" == "zchain" ] || [ "${key_name}" == "zconfig" ]
+ then
+ _ak_log_info "${key_name} search on local secret keychain"
+ key="$(_ak_gpg_list_secret_keys_long | grep ${key_name}'@keynames.kaos.kaos' | cut -d ' ' -f 1)"
+ if [ ! -n "${key}" ]
+ then
+ _ak_log_error "${key_name} was not found locally"
+ exit 1
+ fi
+ _ak_ns_resolve_from_key ${key}
+ fi
}
function _ak_ns_publish(){
# $1 $2; exit;;
+ _ak_not_implemented "${FUNCNAME}"
if [ -z $1 ] || [ ! -n "$1" ]
then
_ak_log_error "No key was given"
@@ -134,11 +197,11 @@ function _ak_ns_publish(){
then
_ak_gpg_sign_clear_with_key $key
fi
- _ak_not_implemented "${FUNCNAME}"
}
function _ak_ns_publish2name(){
# $1 $2; exit;;
+ _ak_not_implemented "${FUNCNAME}"
if [ -z $1 ] || [ ! -n "$1" ]
then
_ak_log_error "No key name was given"
@@ -156,7 +219,6 @@ function _ak_ns_publish2name(){
exit 1
fi
_ak_ns_publish ${key} $2
- _ak_not_implemented "${FUNCNAME}"
}
function _ak_ns_publish_zchain(){
@@ -169,19 +231,25 @@ function _ak_ns_publish_zchain(){
_ak_ns_create zchain
fi
zchain_key="$(_ak_gpg_list_secret_keys_long | grep 'zchain@keynames.kaos.kaos' | cut -d ' ' -f 1)"
- # We need to prepare the file now to be signed
- # Put the zlatest into a file
zlatest_file="$(_ak_make_temp_file)"
echo -n ${zlatest} > ${zlatest_file}
zlatest_csigned_file="$(_ak_make_temp_file)"
- _ak_gpg_sign_clear_with_key ${zlatest_csigned_file} ${zlatest_file} ${zchain_key}
- # What to do now with the clear signed file?
+ _ak_gpg_sign_clear_with_key ${zlatest_csigned_file} ${zlatest_file} ${zchain_key}
if [ -f ${AK_NS_DIR}/${zchain_key} ]
then
_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zchain_key} >> ${AK_NS_DIR}/${zchain_key}.history
fi
+ signed_akfs_map=$(_ak_fs_import ${zlatest_csigned_file})
+ if [ -f ${AK_NS_DIR}/${zchain_key}.map ]
+ then
+ printf '%s %s\n' "$(echo -n $signed_akfs_map)" \
+ "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zchain_key})" \
+ >> ${AK_NS_DIR}/${zchain_key}.history_map
+ fi
mv ${zlatest_csigned_file} ${AK_NS_DIR}/${zchain_key}
- # _ak_not_implemented "${FUNCNAME}"
+ printf '%s %s\n' "$(echo -n $signed_akfs_map)" \
+ "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zchain_key})" \
+ > ${AK_NS_DIR}/${zchain_key}.map
}
function _ak_ns_publish_config(){
@@ -194,19 +262,103 @@ function _ak_ns_publish_config(){
_ak_ns_create zconfig
fi
zconfig_key="$(_ak_gpg_list_secret_keys_long | grep 'zconfig@keynames.kaos.kaos' | cut -d ' ' -f 1)"
- # We need to prepare the file now to be signed
- # Put the zlatest into a file
zconfig_file="$(_ak_make_temp_file)"
echo -n ${zconfig} > ${zconfig_file}
zconfig_csigned_file="$(_ak_make_temp_file)"
- _ak_gpg_sign_clear_with_key ${zconfig_csigned_file} ${zconfig_file} ${zconfig_key}
- # What to do now with the clear signed file?
+ _ak_gpg_sign_clear_with_key ${zconfig_csigned_file} ${zconfig_file} ${zconfig_key}
if [ -f ${AK_NS_DIR}/${zconfig_key} ]
then
_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zconfig_key} >> ${AK_NS_DIR}/${zconfig_key}.history
fi
+ signed_akfs_map=$(_ak_fs_import ${zconfig_csigned_file})
+ if [ -f ${AK_NS_DIR}/${zconfig_key}.map ]
+ then
+ printf '%s %s\n' "$(echo -n $signed_akfs_map)" \
+ "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zconfig_key})" \
+ >> ${AK_NS_DIR}/${zconfig_key}.history_map
+
+ fi
mv ${zconfig_csigned_file} ${AK_NS_DIR}/${zconfig_key}
- # _ak_not_implemented "${FUNCNAME}"
+ printf '%s %s\n' "$(echo -n $signed_akfs_map)" \
+ "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zconfig_key})" \
+ > ${AK_NS_DIR}/${zconfig_key}.map
+}
+
+function _ak_ns_resolve_all_keys(){
+ tmpdir="$(_ak_make_temp_directory)"
+ cd $tmpdir
+ _ak_log_info "Looking at local IPs..."
+ ip a | grep inet6 | sed 's/ *inet6 //g' | cut -d '/' -f 1 > ip_list
+ ak network -p incoming 2>/dev/null| jq -r '.[].incoming.ip' | while read ip
+ do
+ if [ $ip != "null" ]
+ then
+ echo $ip
+ fi
+ done > peer_list
+ _ak_log_info "Filtering IPs out of locals..."
+ cat ip_list | while read ip
+ do
+ sed -i 's/^'$ip'$//g' peer_list
+ done
+ if [ $(cat peer_list | wc -l) -eq 0 ]
+ then
+ _ak_log_error "No IPs to scan from"
+ exit 1
+ fi
+ cat peer_list | while read ip
+ do
+ _ak_log_info "Extracing keys from $ip..."
+ ak network -p incoming \
+ | jq --arg ip "$ip" '.[] | select(.incoming.ip == $ip )' \
+ | jq '.node_info.keymaps.[]'> keymaps_list.$ip
+ done
+ cat peer_list | while read ip
+ do
+ if [ "$ip" != "null" ] && [ ! -z "$ip" ]
+ then
+ _ak_log_info "Looking at peer $ip"
+ if [ -f "keymaps_list.$ip" ]
+ then
+ cat keymaps_list.$ip | jq -r '.fingerprint' | while read key
+ do
+ map="$(cat keymaps_list.$ip | jq -r 'select(.fingerprint == "'$key'")|.map')"
+ ak fs --net-cat-from-map $map > $key
+ ak fs --import $key
+ ak gpg -r --import $key
+ curl -s http://[$ip]:8610/v0/ns_get/$key > $key.reply
+ proof="$(cat $key.reply | jq -r '.proof')"
+ resolved="$(cat $key.reply | jq -r '.resolved')"
+ key="$(cat $key.reply | jq -r '.key')"
+ ak fs --net-cat-from-map $proof > $key.proof
+ _ak_gpg_verify_clear_signature $key.proof
+ if [ $? -ne 0 ]
+ then
+ _ak_log_error "Couldn't verify"
+ exit 1
+ fi
+ if [ -f ${AK_NS_DIR}/${key} ]
+ then
+ _ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key} >> ${AK_NS_DIR}/${key}.history
+ fi
+ signed_akfs_map=$(_ak_fs_import ${key}.proof)
+ if [ -f ${AK_NS_DIR}/${key}.map ]
+ then
+ printf '%s %s\n' "$(echo -n $signed_akfs_map)" \
+ "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key})" \
+ >> ${AK_NS_DIR}/${key}.history_map
+
+ fi
+ mv ${key}.proof ${AK_NS_DIR}/${key}
+ printf '%s %s\n' "$(echo -n $proof)" \
+ "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key})" \
+ > ${AK_NS_DIR}/${key}.map
+ done
+ _ak_log_info "Finished peer $ip"
+ fi
+ fi
+ done
+ _ak_log_info "Finished resolving"
}
_ak_log_debug "_ak_ns loaded $(caller)"
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 02:35:41 +0000