Certificate Manager and other improvements

Signed-off-by: Georg <georg@lysergic.dev>
This commit is contained in:
Georg Pfuetzenreuter 2021-09-26 09:11:47 +02:00
parent b8a9f8377e
commit 7885aa340c
Signed by: Georg
GPG Key ID: 1DAF57F49F8E8F22

View File

@ -13,11 +13,12 @@ menu() {
--clear \ --clear \
--cancel-label "Exit" \ --cancel-label "Exit" \
--menu "Configure your IRC bouncer:" 0 0 8 \ --menu "Configure your IRC bouncer:" 0 0 8 \
"1" "Display active networks" \ "1" "Edit active networks" \
"2" "Display disabled networks" \ "2" "Edit disabled networks" \
"3" "Add new network" \ "3" "Add new network" \
"4" "Enable network" \ "4" "Enable network (deprecated)" \
"5" "Disable network" \ "5" "Disable network (deprecated)" \
"6" "Manage client certificates" \
2>&1 1>&3) 2>&1 1>&3)
exit_status=$? exit_status=$?
exec 3>&- exec 3>&-
@ -29,7 +30,8 @@ get_networks() {
exit exit
fi fi
pouncedir="/var/lib/pounce" pouncedir="/var/lib/pounce"
if ! $(find $pouncedir/users/$USER/$1 -mindepth 0 -maxdepth 0 -empty | grep -q .); then #if ! $(find $pouncedir/users/$USER/$1 -mindepth 0 -maxdepth 0 -empty | grep -q .); then
if [ "$(ls -A $pouncedir/users/$USER/$1)" ]; then
COUNTER=1 COUNTER=1
RADIOLIST="" RADIOLIST=""
user_choice="" user_choice=""
@ -157,6 +159,7 @@ set_network() {
if [ $1 = "enabled" ]; then if [ $1 = "enabled" ]; then
mv $pouncedir/users/$USER/enabled/$user_choice $pouncedir/users/$USER/disabled/$user_choice mv $pouncedir/users/$USER/enabled/$user_choice $pouncedir/users/$USER/disabled/$user_choice
fi fi
$user_choice=""
} }
remove_network() { remove_network() {
@ -205,6 +208,149 @@ add_network() {
fi fi
} }
certman() {
exec 3>&1
certmansel=$(dialog \
--backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \
--title "Certificate Manager" \
--clear \
--cancel-label "Exit" \
--menu "" 0 0 8 \
"1" "Manage Certificate Authority" \
"2" "Manage Client Certificates" \
2>&1 1>&3)
exec 3>&-
case $certmansel in
1 )
get_ca
;;
2 )
get_certs
;;
esac
}
get_ca() {
sha1=$(openssl x509 -noout -fingerprint -sha1 -in $pouncedir/users/$USER/ca.pem)
sha256=$(openssl x509 -noout -fingerprint -sha256 -in $pouncedir/users/$USER/ca.pem)
# exec 3>&1
dialog \
--backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \
--title "Fingerprints" \
--extra-button \
--extra-label "New CA" \
--msgbox "$sha1\n\n$sha256" 10 90
exit_status=$?
case $exit_status in
0 )
certman
;;
3 )
new_ca
;;
esac
# exec 3>&1-
}
new_ca() {
dialog --title "Re-generate Certificate Authority" \
--backtitle "LibertaCasa Pounce Configurator" \
--yes-label "Proceed" \
--no-label "Cancel" \
--yesno "!WARNING!\nThis will REMOVE your existing CA certificate and generate a new one.\nALL existing client certificates will be INVALIDATED immediately.\nYou will need to generate and deploy new client certificates if you decide to continue." 10 90
exit_status=$?
case $exit_status in
0 )
rm -f $pouncedir/users/$USER/ca.pem
/usr/local/bin/pounce -g $pouncedir/users/$USER/ca.pem
get_ca
;;
1 )
get_ca
;;
esac
}
get_certs() {
exec 3>&1
#if ! $(find $pouncedir/users/$USER/certs -mindepth 0 -maxdepth 0 -empty -type f | grep -q -); then
if [ "$(ls -A $pouncedir/users/$USER/certs)" ]; then
CRTCOUNTER=1
CRTRADIOLIST=""
crt_choice=""
for crt in $pouncedir/users/$USER/certs/*; do
CRTFILENAME=$(basename "$crt")
CRTRADIOLIST="$CRTRADIOLIST $CRTFILENAME $CRTFILENAME off"
let CRTCOUNTER=CRTCOUNTER+1
done
crt_choice=$(dialog --ok-label "Delete" \
--cancel-label "Back" \
--extra-button \
--extra-label "New Certificate" \
--title "Client Certificates" \
--backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \
--radiolist "Manage your client certificates:" 0 0 $CRTCOUNTER \
$CRTRADIOLIST \
2>&1 1>&3)
exit_status=$?
case $exit_status in
0) remove_cert "$crt_choice"
;;
3) add_cert
;;
esac
exec 3>&-
echo $crt_choice > /tmp/crtchoice
else
dialog --title "No certificates found" \
--backtitle "LibertaCasa Pounce Configurator" \
--yesno "There seem to be no client certificates in your account. Create your first one?" \
10 60
exit_status=$?
case $exit_status in
0 )
add_cert
;;
1 )
get_certs
;;
esac
crt_choice=""
fi
exec 3>&-
}
add_cert() {
exec 3>&1
crt_input=$(dialog --ok-label "Submit" \
--backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \
--title "New Client Certificate" \
--inputbox "Certificate name:" \
10 60 \
2>&1 1>&3)
echo $crt_input > /tmp/crtinput
/usr/local/bin/pounce -a $pouncedir/users/$USER/certs/ca.pem -g $pouncedir/users/$USER/certs/$crt_input.pem
crt_input = ""
exec 3>&-
get_certs
}
remove_cert() {
dialog --title "Delete Certificate" \
--backtitle "LibertaCasa Pounce Configurator" \
--yesno "This will permanently delete the client certificate $USER/$1.\nThis will BREAK all IRC connections utilizing it.\nAre you sure?" 10 50
exit_status=$?
case $exit_status in
0)
rm -f $pouncedir/users/$USER/certs/$1
get_certs
;;
1)
get_certs
;;
esac
}
while true; do while true; do
menu menu
case $exit_status in case $exit_status in
@ -253,5 +399,8 @@ while true; do
set_network "enabled" set_network "enabled"
fi fi
;; ;;
6 )
certman
;;
esac esac
done done