|
|
@ -79,13 +79,20 @@ function _machines-regenKey { |
|
|
|
openssl genrsa -out $MACHINES_CONFIG/machines.key 4096 |
|
|
|
chmod 600 $MACHINES_CONFIG/machines.key |
|
|
|
openssl req -key $MACHINES_CONFIG/machines.key -new -out $MACHINES_CONFIG/machines.csr |
|
|
|
openssl x509 -req -in $MACHINES_CONFIG/machines.csr -signkey $MACHINES_CONFIG/machines.key -out $MACHINES_CONFIG/machines.crt |
|
|
|
openssl x509 -req -days 1826 -in $MACHINES_CONFIG/machines.csr -signkey $MACHINES_CONFIG/machines.key -out $MACHINES_CONFIG/machines.crt |
|
|
|
_machines-pubFromCrt |
|
|
|
fi |
|
|
|
} |
|
|
|
|
|
|
|
function _machines-verifyCertificate { |
|
|
|
if openssl verify $MACHINES_CONFIG/machines.crt | grep -v 'error18' | grep 'error' --quiet; then |
|
|
|
echo "Invalid certificate" |
|
|
|
exit 1 |
|
|
|
fi |
|
|
|
} |
|
|
|
|
|
|
|
function _machines-ensurePub { |
|
|
|
if [ ! -f $MACHINES_CONFIG/machines.pub ]; then |
|
|
|
if [ ! -f $MACHINES_CONFIG/machines.crt ]; then |
|
|
|
CERT_FILE=$(mktemp) |
|
|
|
echo "[INFO] Downloading certificate..." |
|
|
|
_machines-api cert > $CERT_FILE |
|
|
@ -93,14 +100,15 @@ function _machines-ensurePub { |
|
|
|
prompt "Is this correct ?" |
|
|
|
if [ $? == 1 ]; then |
|
|
|
mv $CERT_FILE $MACHINES_CONFIG/machines.crt &> /dev/null |
|
|
|
_machines-pubFromCrt |
|
|
|
return 0 |
|
|
|
else |
|
|
|
echo "Certificate rejected." |
|
|
|
return 1 |
|
|
|
exit |
|
|
|
exit 1 |
|
|
|
fi |
|
|
|
fi |
|
|
|
_machines-verifyCertificate |
|
|
|
if [ ! -f $MACHINES_CONFIG/machines.pub ]; then |
|
|
|
_machines-pubFromCrt |
|
|
|
fi |
|
|
|
} |
|
|
|
|
|
|
|
# SSH ACCESS KEYS |
|
|
@ -115,6 +123,7 @@ function _machines-signAkey { # network |
|
|
|
} |
|
|
|
|
|
|
|
function _machines-getAkey { # network |
|
|
|
_machines-ensurePub |
|
|
|
KEY_FILE=$(mktemp) |
|
|
|
SIGN_FILE=$(mktemp) |
|
|
|
_machines-api akey/$1 > $KEY_FILE |
|
|
@ -275,9 +284,6 @@ function machines-setup { |
|
|
|
fi |
|
|
|
|
|
|
|
_machines-ensurePub |
|
|
|
if [ $? != 0 ]; then |
|
|
|
return 2 |
|
|
|
fi |
|
|
|
|
|
|
|
# Variables |
|
|
|
read -p 'Machine name? ' name |
|
|
|