From 8136cb2963123fe900c6d60b5cf4d5429c4513d3 Mon Sep 17 00:00:00 2001 From: Georg Date: Mon, 27 Sep 2021 00:36:31 +0200 Subject: [PATCH] Certificate exporter/uploader Signed-off-by: Georg --- pounceman.sh | 65 ++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 61 insertions(+), 4 deletions(-) diff --git a/pounceman.sh b/pounceman.sh index 2a97e5b..13284fc 100755 --- a/pounceman.sh +++ b/pounceman.sh @@ -239,6 +239,7 @@ certman() { --menu "" 0 0 8 \ "1" "Manage Certificate Authority" \ "2" "Manage Client Certificates" \ + "3" "Create new client certificate" \ 2>&1 1>&3) exec 3>&- case $certmansel in @@ -248,6 +249,9 @@ certman() { 2 ) get_certs ;; + 3 ) + add_cert + ;; esac } @@ -304,10 +308,10 @@ get_certs() { CRTRADIOLIST="$CRTRADIOLIST $CRTFILENAME $CRTFILENAME off" let CRTCOUNTER=CRTCOUNTER+1 done - crt_choice=$(dialog --ok-label "Delete" \ + crt_choice=$(dialog --ok-label "View" \ --cancel-label "Back" \ --extra-button \ - --extra-label "New Certificate" \ + --extra-label "Delete" \ --title "Client Certificates" \ --backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \ --radiolist "Manage your client certificates:" 0 0 $CRTCOUNTER \ @@ -315,9 +319,21 @@ get_certs() { 2>&1 1>&3) exit_status=$? case $exit_status in - 0) remove_cert "$crt_choice" + 0) + if [ ! $crt_choice = "" ]; then + get_cert "$crt_choice" + else + get_certs + fi ;; - 3) add_cert + 1) certman + ;; + 3) + if [ ! $crt_choice = "" ]; then + remove_cert "$crt_choice" + else + get_certs + fi ;; esac exec 3>&- @@ -341,6 +357,47 @@ get_certs() { exec 3>&- } +get_cert() { + cert=$1 + sha1=$(openssl x509 -noout -fingerprint -sha1 -in $pouncedir/users/$USER/certs/$cert) + sha256=$(openssl x509 -noout -fingerprint -sha256 -in $pouncedir/users/$USER/certs/$cert) + dialog \ + --backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \ + --title "Fingerprints" \ + --ok-label "Back" \ + --extra-button \ + --extra-label "Download" \ + --msgbox "$sha1\n\n$sha256" 10 90 + exit_status=$? + case $exit_status in + 0 ) + get_certs + ;; + 3 ) + if [ ! $cert = "" ]; then + export_cert "$cert" + fi + ;; + esac +} + +export_cert() { + cert=$1 + exec 3>&1 + pbincli send -f $pouncedir/users/$USER/certs/$cert -B -q | grep -o "https://.*" | dialog \ + --backtitle "LibertaCasa IRC Services - Pounce Division - https://liberta.casa/" \ + --title "Certificate Download" \ + --programbox "One-time download for client certificate $cert:" \ + 5 150 + exit_status=$? + case $exit_status in + 0 ) + get_certs + ;; + esac + exec 3>&- +} + add_cert() { exec 3>&1 crt_input=$(dialog --ok-label "Submit" \