aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2017-09-18 23:13:31 +0200
committerKarel Kočí <cynerd@email.cz>2017-09-18 23:13:31 +0200
commitdd30417fdba18a97945459b29e88cbbedb07874c (patch)
treea87b8dc76ab4b7ea5298bb55dc9abb9b6cc7fb25
parent3370e45b1c4a6c476827e9467fb1d313bb9a2319 (diff)
downloadmyconfigs-dd30417fdba18a97945459b29e88cbbedb07874c.tar.gz
myconfigs-dd30417fdba18a97945459b29e88cbbedb07874c.tar.bz2
myconfigs-dd30417fdba18a97945459b29e88cbbedb07874c.zip
Add openvpn to usbkey
-rw-r--r--bash_completions/usbkey11
-rwxr-xr-xlocal/bin/usbkey63
-rw-r--r--zsh_completions/usbkey17
3 files changed, 72 insertions, 19 deletions
diff --git a/bash_completions/usbkey b/bash_completions/usbkey
index 10cb0b9..acd6877 100644
--- a/bash_completions/usbkey
+++ b/bash_completions/usbkey
@@ -22,11 +22,20 @@ _usbkey() {
done
COMPREPLY+=($(compgen -W "${keys}" -- ${cur}))
;;
+ openvpn-get)
+ [ -d "/media/usbkey/openvpn" ] || return
+ local certs
+ for F in $(find "/media/usbkey/openvpn" -name 'ca.crt' -o -name '*.crt' -print); do
+ F="${F#/media/usbkey/openvpn/}"
+ certs="$certs ${F%.crt}"
+ done
+ COMPREPLY+=($(compgen -W "${certs}" -- ${cur}))
+ ;;
esac
else
local ops="-h --help mount sync"
if _usbkey_mounted; then
- ops="$ops unmount ssh-list ssh-generate ssh-import"
+ ops="$ops unmount gpg-import ssh-list ssh-generate ssh-import openvpn-list openvpn-get openvpn-generate"
fi
COMPREPLY+=($(compgen -W "${ops}" -- ${cur}))
fi
diff --git a/local/bin/usbkey b/local/bin/usbkey
index 3fe7336..85eff7f 100755
--- a/local/bin/usbkey
+++ b/local/bin/usbkey
@@ -97,7 +97,7 @@ ssh_list() {
done
}
-check_ssh_nane() {
+check_name() {
if [ -z "$NAME" ]; then
echo "You have to specify key name!" >&2
exit 1
@@ -105,8 +105,8 @@ check_ssh_nane() {
}
op_ssh_generate() {
+ check_name
check_mount || op_mount
- check_ssh_nane
if [ -f "$MOUNT_PATH/ssh/$NAME" ]; then
echo "Key $NAME seems to already exists." >&2
exit 1
@@ -119,8 +119,8 @@ op_ssh_generate() {
}
op_ssh_import() {
+ check_name
check_mount || op_mount
- check_ssh_nane
if [ -f "$MOUNT_PATH/ssh/$NAME" ] && [ -f "$MOUNT_PATH/ssh/$NAME.pub" ]; then
echo "There is no key named $NAME" >&2
exit 1
@@ -131,19 +131,51 @@ op_ssh_import() {
echo "SSH key $NAME copied to local .ssh directory." >&2
}
+# Note OpenVPN: CA generated using following command
+# openssl req -nodes -new -x509 -keyout ca.key -out ca.crt -config openssl.cnf
+
op_openvpn_list() {
check_mount || op_mount
- # TODO
+ for KEY in $(find "$MOUNT_PATH/openvpn" -name 'ca.crt' -o -name '*.crt' -print); do
+ local N="${KEY#$MOUNT_PATH/openvpn/}"
+ echo "${N%.crt}"
+ done
}
op_openvpn_get() {
+ check_name
check_mount || op_mount
- # TODO
+ if [ ! -f "$MOUNT_PATH/openvpn/$NAME.key" ] || [ ! -f "$MOUNT_PATH/openvpn/$NAME.crt" ]; then
+ echo "There is no OpenVPN key $NAME" >&2
+ exit 1
+ fi
+ mkdir "openvpn-$NAME"
+ cp "$MOUNT_PATH/openvpn/$NAME.key" "openvpn-$NAME/"
+ cp "$MOUNT_PATH/openvpn/$NAME.crl" "openvpn-$NAME/"
+ cp "$MOUNT_PATH/openvpn/ca.crt" "openvpn-$NAME/"
+ cp "$MOUNT_PATH/openvpn/ta.key" "openvpn-$NAME/"
+
+ echo "OpenVPN key $NAME copied to openvpn-$NAME directory." >&2
}
op_openvpn_generate() {
+ check_name
check_mount || op_mount
- # TODO
+ if [ -f "$MOUNT_PATH/openvpn/$NAME.key" ] && [ -f "$MOUNT_PATH/openvpn/$NAME.crt" ]; then
+ echo "OpenVPN key $NAME seems to already exists" >&2
+ exit 1
+ fi
+ (
+ cd "$MOUNT_PATH/openvpn"
+ # Build request
+ openssl req -batch -days 3650 -nodes -new -config "openssl.cnf" \
+ -keyout "$NAME.key" -out "$NAME.csr"
+ # Sign request
+ openssl ca -days 3650 -config "openssl.cnf" \
+ -out "$NAME.crt" -in "$NAME.csr"
+ )
+
+ echo "OpenVPN key $NAME was generated." >&2
}
@@ -164,13 +196,13 @@ case "$1" in
echo " gpg-import: Import gpg key"
echo " ssh-import: Import ssh key"
echo " ssh-generate: Generate new ssh key"
- echo " ssh-list: List all keys in store"
- echo " openvpn-list: List all keys"
- echo " openvpn-get: Get keys for some host"
- echo " openvpn-generate: Generate key for new host"
+ echo " ssh-list: List all ssh keys in store"
+ echo " openvpn-list: List all openvpn keys"
+ echo " openvpn-get: Get openvpn keys for some host"
+ echo " openvpn-generate: Generate openvpn key for new host"
exit 0
;;
- mount|unmount|sync|gpg-import|ssh-import|ssh-generate|ssh-list|openvpn-get|openvpn-generate)
+ mount|unmount|sync|gpg-import|ssh-import|ssh-generate|ssh-list|openvpn-list|openvpn-get|openvpn-generate)
OPERATION="$1"
;;
*)
@@ -184,10 +216,10 @@ while [ $# -gt 0 ]; do
-h|--help)
echo "Usb key manager"
case "$OPERATION" in
- mount|unmount|sync)
+ mount|unmount|sync|ssh-list|openvn-list)
echo "Usage: usbkey $OPERATION [-h]"
;;
- ssh-*)
+ ssh-*|openvpn-*)
echo "Usage: usbkey $OPERATION NAME [-h]"
;;
# TODO
@@ -195,7 +227,10 @@ while [ $# -gt 0 ]; do
exit 0
;;
*)
- if [[ "$OPERATION" = ssh-* ]] && [ -z "$NAME" ]; then
+ if [ -z "$NAME" ] && \
+ [ "$OPERATION" = "ssh-import" -o "$OPERATION" = "ssh-generate" -o \
+ "$OPERATION" = "openvpn-get" -o "$OPERATION" = "openvpn-generate" ] \
+ ; then
NAME="$1"
else
unknown_argument "$1"
diff --git a/zsh_completions/usbkey b/zsh_completions/usbkey
index 0de1375..eada8f6 100644
--- a/zsh_completions/usbkey
+++ b/zsh_completions/usbkey
@@ -21,6 +21,15 @@ _usbkey () {
done
_describe -t keys 'usbkey' keys
;;
+ openvpn-get)
+ [ -d "/media/usbkey/openvpn" ] || return
+ local certs=()
+ for F in $(find "/media/usbkey/openvpn" -name 'ca.crt' -o -name '*.crt' -print); do
+ F="${F#/media/usbkey/openvpn/}"
+ certs+=("${F%.crt}")
+ done
+ _describe -t certificates 'usbkey' certs
+ ;;
# TODO
esac
else
@@ -34,10 +43,10 @@ _usbkey () {
"gpg-import:Import gpg key"
"ssh-import:Import ssh key"
"ssh-generate:Generate new ssh key"
- "ssh-list:List all keys in store"
- "openvpn-list:List all keys"
- "openvpn-get:Get keys for some host"
- "openvpn-generate:Generate key for new host"
+ "ssh-list:List all SSH keys in store"
+ "openvpn-list:List all OpenVPN keys"
+ "openvpn-get:Get OpenVPN keys for some host"
+ "openvpn-generate:Generate OpenVPN key for new host"
)
fi
_describe -t operations 'usbkey' operations