summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGeorg2021-09-26 09:11:47 +0200
committerGeorg2021-09-26 09:11:47 +0200
commit7885aa340c8ec05b87bd8bcd201f50af091586fc (patch)
tree58fa9fe52d5559f2cfff41a154be030f649c71a0
parentb8a9f8377e5778d96814c0a3ed5b46773fa0d205 (diff)
downloadpounce-7885aa340c8ec05b87bd8bcd201f50af091586fc.tar.gz
pounce-7885aa340c8ec05b87bd8bcd201f50af091586fc.tar.bz2
pounce-7885aa340c8ec05b87bd8bcd201f50af091586fc.zip
Certificate Manager and other improvements
Signed-off-by: Georg <georg@lysergic.dev>
-rwxr-xr-xpounceman.sh161
1 files changed, 155 insertions, 6 deletions
diff --git a/pounceman.sh b/pounceman.sh
index 4c32ecd..f79f8fc 100755
--- a/pounceman.sh
+++ b/pounceman.sh
@@ -13,11 +13,12 @@ menu() {
--clear \
--cancel-label "Exit" \
--menu "Configure your IRC bouncer:" 0 0 8 \
- "1" "Display active networks" \
- "2" "Display disabled networks" \
+ "1" "Edit active networks" \
+ "2" "Edit disabled networks" \
"3" "Add new network" \
- "4" "Enable network" \
- "5" "Disable network" \
+ "4" "Enable network (deprecated)" \
+ "5" "Disable network (deprecated)" \
+ "6" "Manage client certificates" \
2>&1 1>&3)
exit_status=$?
exec 3>&-
@@ -29,7 +30,8 @@ get_networks() {
exit
fi
pouncedir="/var/lib/pounce"
- if ! $(find $pouncedir/users/$USER/$1 -mindepth 0 -maxdepth 0 -empty | grep -q .); then
+ #if ! $(find $pouncedir/users/$USER/$1 -mindepth 0 -maxdepth 0 -empty | grep -q .); then
+ if [ "$(ls -A $pouncedir/users/$USER/$1)" ]; then
COUNTER=1
RADIOLIST=""
user_choice=""
@@ -52,7 +54,7 @@ get_networks() {
;;
3) set_network "enabled"
;;
- esac
+ esac
fi
if [ $1 = "disabled" ]; then
user_choice=$(dialog --ok-label "Edit" \
@@ -157,6 +159,7 @@ set_network() {
if [ $1 = "enabled" ]; then
mv $pouncedir/users/$USER/enabled/$user_choice $pouncedir/users/$USER/disabled/$user_choice
fi
+ $user_choice=""
}
remove_network() {
@@ -205,6 +208,149 @@ add_network() {
fi
}
+certman() {
+ exec 3>&1
+ certmansel=$(dialog \
+ --backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \
+ --title "Certificate Manager" \
+ --clear \
+ --cancel-label "Exit" \
+ --menu "" 0 0 8 \
+ "1" "Manage Certificate Authority" \
+ "2" "Manage Client Certificates" \
+ 2>&1 1>&3)
+ exec 3>&-
+ case $certmansel in
+ 1 )
+ get_ca
+ ;;
+ 2 )
+ get_certs
+ ;;
+ esac
+}
+
+get_ca() {
+ sha1=$(openssl x509 -noout -fingerprint -sha1 -in $pouncedir/users/$USER/ca.pem)
+ sha256=$(openssl x509 -noout -fingerprint -sha256 -in $pouncedir/users/$USER/ca.pem)
+# exec 3>&1
+ dialog \
+ --backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \
+ --title "Fingerprints" \
+ --extra-button \
+ --extra-label "New CA" \
+ --msgbox "$sha1\n\n$sha256" 10 90
+ exit_status=$?
+ case $exit_status in
+ 0 )
+ certman
+ ;;
+ 3 )
+ new_ca
+ ;;
+ esac
+# exec 3>&1-
+}
+
+new_ca() {
+ dialog --title "Re-generate Certificate Authority" \
+ --backtitle "LibertaCasa Pounce Configurator" \
+ --yes-label "Proceed" \
+ --no-label "Cancel" \
+ --yesno "!WARNING!\nThis will REMOVE your existing CA certificate and generate a new one.\nALL existing client certificates will be INVALIDATED immediately.\nYou will need to generate and deploy new client certificates if you decide to continue." 10 90
+ exit_status=$?
+ case $exit_status in
+ 0 )
+ rm -f $pouncedir/users/$USER/ca.pem
+ /usr/local/bin/pounce -g $pouncedir/users/$USER/ca.pem
+ get_ca
+ ;;
+ 1 )
+ get_ca
+ ;;
+ esac
+}
+
+get_certs() {
+ exec 3>&1
+ #if ! $(find $pouncedir/users/$USER/certs -mindepth 0 -maxdepth 0 -empty -type f | grep -q -); then
+ if [ "$(ls -A $pouncedir/users/$USER/certs)" ]; then
+ CRTCOUNTER=1
+ CRTRADIOLIST=""
+ crt_choice=""
+ for crt in $pouncedir/users/$USER/certs/*; do
+ CRTFILENAME=$(basename "$crt")
+ CRTRADIOLIST="$CRTRADIOLIST $CRTFILENAME $CRTFILENAME off"
+ let CRTCOUNTER=CRTCOUNTER+1
+ done
+ crt_choice=$(dialog --ok-label "Delete" \
+ --cancel-label "Back" \
+ --extra-button \
+ --extra-label "New Certificate" \
+ --title "Client Certificates" \
+ --backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \
+ --radiolist "Manage your client certificates:" 0 0 $CRTCOUNTER \
+ $CRTRADIOLIST \
+ 2>&1 1>&3)
+ exit_status=$?
+ case $exit_status in
+ 0) remove_cert "$crt_choice"
+ ;;
+ 3) add_cert
+ ;;
+ esac
+ exec 3>&-
+ echo $crt_choice > /tmp/crtchoice
+ else
+ dialog --title "No certificates found" \
+ --backtitle "LibertaCasa Pounce Configurator" \
+ --yesno "There seem to be no client certificates in your account. Create your first one?" \
+ 10 60
+ exit_status=$?
+ case $exit_status in
+ 0 )
+ add_cert
+ ;;
+ 1 )
+ get_certs
+ ;;
+ esac
+ crt_choice=""
+ fi
+ exec 3>&-
+}
+
+add_cert() {
+ exec 3>&1
+ crt_input=$(dialog --ok-label "Submit" \
+ --backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \
+ --title "New Client Certificate" \
+ --inputbox "Certificate name:" \
+ 10 60 \
+ 2>&1 1>&3)
+ echo $crt_input > /tmp/crtinput
+ /usr/local/bin/pounce -a $pouncedir/users/$USER/certs/ca.pem -g $pouncedir/users/$USER/certs/$crt_input.pem
+ crt_input = ""
+ exec 3>&-
+ get_certs
+}
+
+remove_cert() {
+ dialog --title "Delete Certificate" \
+ --backtitle "LibertaCasa Pounce Configurator" \
+ --yesno "This will permanently delete the client certificate $USER/$1.\nThis will BREAK all IRC connections utilizing it.\nAre you sure?" 10 50
+ exit_status=$?
+ case $exit_status in
+ 0)
+ rm -f $pouncedir/users/$USER/certs/$1
+ get_certs
+ ;;
+ 1)
+ get_certs
+ ;;
+ esac
+}
+
while true; do
menu
case $exit_status in
@@ -253,5 +399,8 @@ while true; do
set_network "enabled"
fi
;;
+ 6 )
+ certman
+ ;;
esac
done