aboutsummaryrefslogtreecommitdiff
path: root/lib/_ak_ns
diff options
context:
space:
mode:
Diffstat (limited to 'lib/_ak_ns')
-rwxr-xr-xlib/_ak_ns168
1 files changed, 165 insertions, 3 deletions
diff --git a/lib/_ak_ns b/lib/_ak_ns
index 683f572..24c0761 100755
--- a/lib/_ak_ns
+++ b/lib/_ak_ns
@@ -21,6 +21,7 @@ source $AK_LIBDIR/_ak_lib_load
_ak_lib_load _ak_log
_ak_lib_load _ak_script
_ak_lib_load _ak_gpg
+_ak_lib_load _ak_fs
_ak_lib_load _ak_zchain
AK_NS_DIR="${AK_WORKDIR}/akns"
@@ -56,7 +57,12 @@ function _ak_ns_list(){
}
function _ak_ns_list_long(){
- _ak_gpg_list_secret_keys_long | grep '@keynames.kaos.kaos'
+ _ak_gpg_list_secret_keys_long \
+ | grep '@keynames.kaos.kaos' \
+ | while read key name
+ do
+ printf '%s %s %s\n' "${key}" "$(_ak_ns_encode_key ${key})" "${name}"
+ done
}
function _ak_ns_resolve_from_key(){
@@ -76,6 +82,64 @@ function _ak_ns_resolve_from_key(){
_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key}
}
+function _ak_ns_resolve_from_key_with_proof(){
+ # $1; exit;;
+ if [ -z $1 ] || [ ! -n "$1" ]
+ then
+ _ak_log_error "No key was given"
+ exit 1
+ fi
+ key="$1"
+ _ak_log_info "${key} was given"
+ if [ ! -f ${AK_NS_DIR}/${key}.map ]
+ then
+ _ak_log_error "${key} was not found"
+ exit 1
+ fi
+ cat ${AK_NS_DIR}/${key}.map
+}
+
+function _ak_ns_resolve_from_key_with_proof_json(){
+ # $1; exit;;
+ if [ -z $1 ] || [ ! -n "$1" ]
+ then
+ _ak_log_error "No key was given"
+ exit 1
+ fi
+ key="$1"
+ json=$(_ak_ns_resolve_from_key_with_proof $key | while read proof resolved; do printf '{"fingerprint":"%s","proof":"%s","resolved":"%s"}' "$1" "$proof" "$resolved"; done)
+ if [ $? -ne 0 ]
+ then
+ _ak_log_error "Something happened"
+ exit 1
+ fi
+ echo $json
+}
+
+function _ak_ns_encode_key(){
+ # $1; exit;;
+ if [ -z $1 ] || [ ! -n "$1" ]
+ then
+ _ak_log_error "No key was given"
+ exit 1
+ fi
+ key="$1"
+ _ak_log_info "${key} was given"
+ printf '%s' "$(echo -n ${key}|xxd -r -p|base64)"
+}
+
+function _ak_ns_decode_key(){
+ # $1; exit;;
+ if [ -z $1 ] || [ ! -n "$1" ]
+ then
+ _ak_log_error "No key was given"
+ exit 1
+ fi
+ key="$1"
+ _ak_log_info "${key} was given"
+ printf '%s' "$(echo -n ${key}|base64 -d|xxd -p|tr '[:lower:]' '[:upper:]')"
+}
+
function _ak_ns_resolve_from_name(){
# $1; exit;;
if [ -z $1 ] || [ ! -n "$1" ]
@@ -170,12 +234,22 @@ function _ak_ns_publish_zchain(){
zlatest_file="$(_ak_make_temp_file)"
echo -n ${zlatest} > ${zlatest_file}
zlatest_csigned_file="$(_ak_make_temp_file)"
- _ak_gpg_sign_clear_with_key ${zlatest_csigned_file} ${zlatest_file} ${zchain_key}
+ _ak_gpg_sign_clear_with_key ${zlatest_csigned_file} ${zlatest_file} ${zchain_key}
if [ -f ${AK_NS_DIR}/${zchain_key} ]
then
_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zchain_key} >> ${AK_NS_DIR}/${zchain_key}.history
fi
+ signed_akfs_map=$(_ak_fs_import ${zlatest_csigned_file})
+ if [ -f ${AK_NS_DIR}/${zchain_key}.map ]
+ then
+ printf '%s %s\n' "$(echo -n $signed_akfs_map)" \
+ "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zchain_key})" \
+ >> ${AK_NS_DIR}/${zchain_key}.history_map
+ fi
mv ${zlatest_csigned_file} ${AK_NS_DIR}/${zchain_key}
+ printf '%s %s\n' "$(echo -n $signed_akfs_map)" \
+ "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zchain_key})" \
+ > ${AK_NS_DIR}/${zchain_key}.map
}
function _ak_ns_publish_config(){
@@ -191,12 +265,100 @@ function _ak_ns_publish_config(){
zconfig_file="$(_ak_make_temp_file)"
echo -n ${zconfig} > ${zconfig_file}
zconfig_csigned_file="$(_ak_make_temp_file)"
- _ak_gpg_sign_clear_with_key ${zconfig_csigned_file} ${zconfig_file} ${zconfig_key}
+ _ak_gpg_sign_clear_with_key ${zconfig_csigned_file} ${zconfig_file} ${zconfig_key}
if [ -f ${AK_NS_DIR}/${zconfig_key} ]
then
_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zconfig_key} >> ${AK_NS_DIR}/${zconfig_key}.history
fi
+ signed_akfs_map=$(_ak_fs_import ${zconfig_csigned_file})
+ if [ -f ${AK_NS_DIR}/${zconfig_key}.map ]
+ then
+ printf '%s %s\n' "$(echo -n $signed_akfs_map)" \
+ "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zconfig_key})" \
+ >> ${AK_NS_DIR}/${zconfig_key}.history_map
+
+ fi
mv ${zconfig_csigned_file} ${AK_NS_DIR}/${zconfig_key}
+ printf '%s %s\n' "$(echo -n $signed_akfs_map)" \
+ "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${zconfig_key})" \
+ > ${AK_NS_DIR}/${zconfig_key}.map
+}
+
+function _ak_ns_resolve_all_keys(){
+ tmpdir="$(_ak_make_temp_directory)"
+ cd $tmpdir
+ _ak_log_info "Looking at local IPs..."
+ ip a | grep inet6 | sed 's/ *inet6 //g' | cut -d '/' -f 1 > ip_list
+ ak network -p incoming 2>/dev/null| jq -r '.[].incoming.ip' | while read ip
+ do
+ if [ $ip != "null" ]
+ then
+ echo $ip
+ fi
+ done > peer_list
+ _ak_log_info "Filtering IPs out of locals..."
+ cat ip_list | while read ip
+ do
+ sed -i 's/^'$ip'$//g' peer_list
+ done
+ if [ $(cat peer_list | wc -l) -eq 0 ]
+ then
+ _ak_log_error "No IPs to scan from"
+ exit 1
+ fi
+ cat peer_list | while read ip
+ do
+ _ak_log_info "Extracing keys from $ip..."
+ ak network -p incoming \
+ | jq --arg ip "$ip" '.[] | select(.incoming.ip == $ip )' \
+ | jq '.node_info.keymaps.[]'> keymaps_list.$ip
+ done
+ cat peer_list | while read ip
+ do
+ if [ "$ip" != "null" ] && [ ! -z "$ip" ]
+ then
+ _ak_log_info "Looking at peer $ip"
+ if [ -f "keymaps_list.$ip" ]
+ then
+ cat keymaps_list.$ip | jq -r '.fingerprint' | while read key
+ do
+ map="$(cat keymaps_list.$ip | jq -r 'select(.fingerprint == "'$key'")|.map')"
+ ak fs --net-cat-from-map $map > $key
+ ak fs --import $key
+ ak gpg -r --import $key
+ curl -s http://[$ip]:8610/v0/ns_get/$key > $key.reply
+ proof="$(cat $key.reply | jq -r '.proof')"
+ resolved="$(cat $key.reply | jq -r '.resolved')"
+ key="$(cat $key.reply | jq -r '.key')"
+ ak fs --net-cat-from-map $proof > $key.proof
+ _ak_gpg_verify_clear_signature $key.proof
+ if [ $? -ne 0 ]
+ then
+ _ak_log_error "Couldn't verify"
+ exit 1
+ fi
+ if [ -f ${AK_NS_DIR}/${key} ]
+ then
+ _ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key} >> ${AK_NS_DIR}/${key}.history
+ fi
+ signed_akfs_map=$(_ak_fs_import ${key}.proof)
+ if [ -f ${AK_NS_DIR}/${key}.map ]
+ then
+ printf '%s %s\n' "$(echo -n $signed_akfs_map)" \
+ "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key})" \
+ >> ${AK_NS_DIR}/${key}.history_map
+
+ fi
+ mv ${key}.proof ${AK_NS_DIR}/${key}
+ printf '%s %s\n' "$(echo -n $proof)" \
+ "$(_ak_gpg_verify_clear_signature ${AK_NS_DIR}/${key})" \
+ > ${AK_NS_DIR}/${key}.map
+ done
+ _ak_log_info "Finished peer $ip"
+ fi
+ fi
+ done
+ _ak_log_info "Finished resolving"
}
_ak_log_debug "_ak_ns loaded $(caller)"