diff options
Diffstat (limited to 'lib/_ak_ns')
| -rwxr-xr-x | lib/_ak_ns | 168 |
1 files changed, 165 insertions, 3 deletions
@@ -21,6 +21,7 @@ source $AK_LIBDIR/_ak_lib_load _ak_lib_load _ak_log _ak_lib_load _ak_script _ak_lib_load _ak_gpg +_ak_lib_load _ak_fs _ak_lib_load _ak_zchain AK_NS_DIR="${AK_WORKDIR}/akns" @@ -56,7 +57,12 @@ function _ak_ns_list(){ } function _ak_ns_list_long(){ - _ak_gpg_list_secret_keys_long | grep '@keynames.kaos.kaos' + _ak_gpg_list_secret_keys_long \ + | grep '@keynames.kaos.kaos' \ + | while read key name + do + printf '%s %s %s\n' "${key}" "$(_ak_ns_encode_key ${key})" "${name}" + done } function _ak_ns_resolve_from_key(){ @@ -76,6 +82,64 @@ function _ak_ns_resolve_from_key(){ _ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key} } +function _ak_ns_resolve_from_key_with_proof(){ + # $1; exit;; + if [ -z $1 ] || [ ! -n "$1" ] + then + _ak_log_error "No key was given" + exit 1 + fi + key="$1" + _ak_log_info "${key} was given" + if [ ! -f ${AK_NS_DIR}/${key}.map ] + then + _ak_log_error "${key} was not found" + exit 1 + fi + cat ${AK_NS_DIR}/${key}.map +} + +function _ak_ns_resolve_from_key_with_proof_json(){ + # $1; exit;; + if [ -z $1 ] || [ ! -n "$1" ] + then + _ak_log_error "No key was given" + exit 1 + fi + key="$1" + json=$(_ak_ns_resolve_from_key_with_proof $key | while read proof resolved; do printf '{"fingerprint":"%s","proof":"%s","resolved":"%s"}' "$1" "$proof" "$resolved"; done) + if [ $? -ne 0 ] + then + _ak_log_error "Something happened" + exit 1 + fi + echo $json +} + +function _ak_ns_encode_key(){ + # $1; exit;; + if [ -z $1 ] || [ ! -n "$1" ] + then + _ak_log_error "No key was given" + exit 1 + fi + key="$1" + _ak_log_info "${key} was given" + printf '%s' "$(echo -n ${key}|xxd -r -p|base64)" +} + +function _ak_ns_decode_key(){ + # $1; exit;; + if [ -z $1 ] || [ ! -n "$1" ] + then + _ak_log_error "No key was given" + exit 1 + fi + key="$1" + _ak_log_info "${key} was given" + printf '%s' "$(echo -n ${key}|base64 -d|xxd -p|tr '[:lower:]' '[:upper:]')" +} + function _ak_ns_resolve_from_name(){ # $1; exit;; if [ -z $1 ] || [ ! -n "$1" ] @@ -170,12 +234,22 @@ function _ak_ns_publish_zchain(){ zlatest_file="$(_ak_make_temp_file)" echo -n ${zlatest} > ${zlatest_file} zlatest_csigned_file="$(_ak_make_temp_file)" - _ak_gpg_sign_clear_with_key ${zlatest_csigned_file} ${zlatest_file} ${zchain_key} + _ak_gpg_sign_clear_with_key ${zlatest_csigned_file} ${zlatest_file} ${zchain_key} if [ -f ${AK_NS_DIR}/${zchain_key} ] then _ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zchain_key} >> ${AK_NS_DIR}/${zchain_key}.history fi + signed_akfs_map=$(_ak_fs_import ${zlatest_csigned_file}) + if [ -f ${AK_NS_DIR}/${zchain_key}.map ] + then + printf '%s %s\n' "$(echo -n $signed_akfs_map)" \ + "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zchain_key})" \ + >> ${AK_NS_DIR}/${zchain_key}.history_map + fi mv ${zlatest_csigned_file} ${AK_NS_DIR}/${zchain_key} + printf '%s %s\n' "$(echo -n $signed_akfs_map)" \ + "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zchain_key})" \ + > ${AK_NS_DIR}/${zchain_key}.map } function _ak_ns_publish_config(){ @@ -191,12 +265,100 @@ function _ak_ns_publish_config(){ zconfig_file="$(_ak_make_temp_file)" echo -n ${zconfig} > ${zconfig_file} zconfig_csigned_file="$(_ak_make_temp_file)" - _ak_gpg_sign_clear_with_key ${zconfig_csigned_file} ${zconfig_file} ${zconfig_key} + _ak_gpg_sign_clear_with_key ${zconfig_csigned_file} ${zconfig_file} ${zconfig_key} if [ -f ${AK_NS_DIR}/${zconfig_key} ] then _ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zconfig_key} >> ${AK_NS_DIR}/${zconfig_key}.history fi + signed_akfs_map=$(_ak_fs_import ${zconfig_csigned_file}) + if [ -f ${AK_NS_DIR}/${zconfig_key}.map ] + then + printf '%s %s\n' "$(echo -n $signed_akfs_map)" \ + "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zconfig_key})" \ + >> ${AK_NS_DIR}/${zconfig_key}.history_map + + fi mv ${zconfig_csigned_file} ${AK_NS_DIR}/${zconfig_key} + printf '%s %s\n' "$(echo -n $signed_akfs_map)" \ + "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zconfig_key})" \ + > ${AK_NS_DIR}/${zconfig_key}.map +} + +function _ak_ns_resolve_all_keys(){ + tmpdir="$(_ak_make_temp_directory)" + cd $tmpdir + _ak_log_info "Looking at local IPs..." + ip a | grep inet6 | sed 's/ *inet6 //g' | cut -d '/' -f 1 > ip_list + ak network -p incoming 2>/dev/null| jq -r '.[].incoming.ip' | while read ip + do + if [ $ip != "null" ] + then + echo $ip + fi + done > peer_list + _ak_log_info "Filtering IPs out of locals..." + cat ip_list | while read ip + do + sed -i 's/^'$ip'$//g' peer_list + done + if [ $(cat peer_list | wc -l) -eq 0 ] + then + _ak_log_error "No IPs to scan from" + exit 1 + fi + cat peer_list | while read ip + do + _ak_log_info "Extracing keys from $ip..." + ak network -p incoming \ + | jq --arg ip "$ip" '.[] | select(.incoming.ip == $ip )' \ + | jq '.node_info.keymaps.[]'> keymaps_list.$ip + done + cat peer_list | while read ip + do + if [ "$ip" != "null" ] && [ ! -z "$ip" ] + then + _ak_log_info "Looking at peer $ip" + if [ -f "keymaps_list.$ip" ] + then + cat keymaps_list.$ip | jq -r '.fingerprint' | while read key + do + map="$(cat keymaps_list.$ip | jq -r 'select(.fingerprint == "'$key'")|.map')" + ak fs --net-cat-from-map $map > $key + ak fs --import $key + ak gpg -r --import $key + curl -s http://[$ip]:8610/v0/ns_get/$key > $key.reply + proof="$(cat $key.reply | jq -r '.proof')" + resolved="$(cat $key.reply | jq -r '.resolved')" + key="$(cat $key.reply | jq -r '.key')" + ak fs --net-cat-from-map $proof > $key.proof + _ak_gpg_verify_clear_signature $key.proof + if [ $? -ne 0 ] + then + _ak_log_error "Couldn't verify" + exit 1 + fi + if [ -f ${AK_NS_DIR}/${key} ] + then + _ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key} >> ${AK_NS_DIR}/${key}.history + fi + signed_akfs_map=$(_ak_fs_import ${key}.proof) + if [ -f ${AK_NS_DIR}/${key}.map ] + then + printf '%s %s\n' "$(echo -n $signed_akfs_map)" \ + "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key})" \ + >> ${AK_NS_DIR}/${key}.history_map + + fi + mv ${key}.proof ${AK_NS_DIR}/${key} + printf '%s %s\n' "$(echo -n $proof)" \ + "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key})" \ + > ${AK_NS_DIR}/${key}.map + done + _ak_log_info "Finished peer $ip" + fi + fi + done + _ak_log_info "Finished resolving" } _ak_log_debug "_ak_ns loaded $(caller)" |