From 7885aa340c8ec05b87bd8bcd201f50af091586fc Mon Sep 17 00:00:00 2001 From: Georg Date: Sun, 26 Sep 2021 09:11:47 +0200 Subject: Certificate Manager and other improvements Signed-off-by: Georg --- pounceman.sh | 161 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 155 insertions(+), 6 deletions(-) diff --git a/pounceman.sh b/pounceman.sh index 4c32ecd..f79f8fc 100755 --- a/pounceman.sh +++ b/pounceman.sh @@ -13,11 +13,12 @@ menu() { --clear \ --cancel-label "Exit" \ --menu "Configure your IRC bouncer:" 0 0 8 \ - "1" "Display active networks" \ - "2" "Display disabled networks" \ + "1" "Edit active networks" \ + "2" "Edit disabled networks" \ "3" "Add new network" \ - "4" "Enable network" \ - "5" "Disable network" \ + "4" "Enable network (deprecated)" \ + "5" "Disable network (deprecated)" \ + "6" "Manage client certificates" \ 2>&1 1>&3) exit_status=$? exec 3>&- @@ -29,7 +30,8 @@ get_networks() { exit fi pouncedir="/var/lib/pounce" - if ! $(find $pouncedir/users/$USER/$1 -mindepth 0 -maxdepth 0 -empty | grep -q .); then + #if ! $(find $pouncedir/users/$USER/$1 -mindepth 0 -maxdepth 0 -empty | grep -q .); then + if [ "$(ls -A $pouncedir/users/$USER/$1)" ]; then COUNTER=1 RADIOLIST="" user_choice="" @@ -52,7 +54,7 @@ get_networks() { ;; 3) set_network "enabled" ;; - esac + esac fi if [ $1 = "disabled" ]; then user_choice=$(dialog --ok-label "Edit" \ @@ -157,6 +159,7 @@ set_network() { if [ $1 = "enabled" ]; then mv $pouncedir/users/$USER/enabled/$user_choice $pouncedir/users/$USER/disabled/$user_choice fi + $user_choice="" } remove_network() { @@ -205,6 +208,149 @@ add_network() { fi } +certman() { + exec 3>&1 + certmansel=$(dialog \ + --backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \ + --title "Certificate Manager" \ + --clear \ + --cancel-label "Exit" \ + --menu "" 0 0 8 \ + "1" "Manage Certificate Authority" \ + "2" "Manage Client Certificates" \ + 2>&1 1>&3) + exec 3>&- + case $certmansel in + 1 ) + get_ca + ;; + 2 ) + get_certs + ;; + esac +} + +get_ca() { + sha1=$(openssl x509 -noout -fingerprint -sha1 -in $pouncedir/users/$USER/ca.pem) + sha256=$(openssl x509 -noout -fingerprint -sha256 -in $pouncedir/users/$USER/ca.pem) +# exec 3>&1 + dialog \ + --backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \ + --title "Fingerprints" \ + --extra-button \ + --extra-label "New CA" \ + --msgbox "$sha1\n\n$sha256" 10 90 + exit_status=$? + case $exit_status in + 0 ) + certman + ;; + 3 ) + new_ca + ;; + esac +# exec 3>&1- +} + +new_ca() { + dialog --title "Re-generate Certificate Authority" \ + --backtitle "LibertaCasa Pounce Configurator" \ + --yes-label "Proceed" \ + --no-label "Cancel" \ + --yesno "!WARNING!\nThis will REMOVE your existing CA certificate and generate a new one.\nALL existing client certificates will be INVALIDATED immediately.\nYou will need to generate and deploy new client certificates if you decide to continue." 10 90 + exit_status=$? + case $exit_status in + 0 ) + rm -f $pouncedir/users/$USER/ca.pem + /usr/local/bin/pounce -g $pouncedir/users/$USER/ca.pem + get_ca + ;; + 1 ) + get_ca + ;; + esac +} + +get_certs() { + exec 3>&1 + #if ! $(find $pouncedir/users/$USER/certs -mindepth 0 -maxdepth 0 -empty -type f | grep -q -); then + if [ "$(ls -A $pouncedir/users/$USER/certs)" ]; then + CRTCOUNTER=1 + CRTRADIOLIST="" + crt_choice="" + for crt in $pouncedir/users/$USER/certs/*; do + CRTFILENAME=$(basename "$crt") + CRTRADIOLIST="$CRTRADIOLIST $CRTFILENAME $CRTFILENAME off" + let CRTCOUNTER=CRTCOUNTER+1 + done + crt_choice=$(dialog --ok-label "Delete" \ + --cancel-label "Back" \ + --extra-button \ + --extra-label "New Certificate" \ + --title "Client Certificates" \ + --backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \ + --radiolist "Manage your client certificates:" 0 0 $CRTCOUNTER \ + $CRTRADIOLIST \ + 2>&1 1>&3) + exit_status=$? + case $exit_status in + 0) remove_cert "$crt_choice" + ;; + 3) add_cert + ;; + esac + exec 3>&- + echo $crt_choice > /tmp/crtchoice + else + dialog --title "No certificates found" \ + --backtitle "LibertaCasa Pounce Configurator" \ + --yesno "There seem to be no client certificates in your account. Create your first one?" \ + 10 60 + exit_status=$? + case $exit_status in + 0 ) + add_cert + ;; + 1 ) + get_certs + ;; + esac + crt_choice="" + fi + exec 3>&- +} + +add_cert() { + exec 3>&1 + crt_input=$(dialog --ok-label "Submit" \ + --backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \ + --title "New Client Certificate" \ + --inputbox "Certificate name:" \ + 10 60 \ + 2>&1 1>&3) + echo $crt_input > /tmp/crtinput + /usr/local/bin/pounce -a $pouncedir/users/$USER/certs/ca.pem -g $pouncedir/users/$USER/certs/$crt_input.pem + crt_input = "" + exec 3>&- + get_certs +} + +remove_cert() { + dialog --title "Delete Certificate" \ + --backtitle "LibertaCasa Pounce Configurator" \ + --yesno "This will permanently delete the client certificate $USER/$1.\nThis will BREAK all IRC connections utilizing it.\nAre you sure?" 10 50 + exit_status=$? + case $exit_status in + 0) + rm -f $pouncedir/users/$USER/certs/$1 + get_certs + ;; + 1) + get_certs + ;; + esac +} + while true; do menu case $exit_status in @@ -253,5 +399,8 @@ while true; do set_network "enabled" fi ;; + 6 ) + certman + ;; esac done -- cgit v1.2.3