Rename handleServiceCreateNetwork to handleServiceNetworkCreate

This renames handleServiceCreateNetwork for consistency with other
service commands.
This commit is contained in:
delthas 2020-06-07 01:19:25 +02:00 committed by Simon Ser
parent 998546cdc3
commit 17fe033adc

View File

@ -120,7 +120,7 @@ func init() {
"create": { "create": {
usage: "-addr <addr> [-name name] [-username username] [-pass pass] [-realname realname] [-nick nick] [-connect-command command]...", usage: "-addr <addr> [-name name] [-username username] [-pass pass] [-realname realname] [-nick nick] [-connect-command command]...",
desc: "add a new network", desc: "add a new network",
handle: handleServiceCreateNetwork, handle: handleServiceNetworkCreate,
}, },
"status": { "status": {
desc: "show a list of saved networks and their current status", desc: "show a list of saved networks and their current status",
@ -165,137 +165,6 @@ func init() {
} }
} }
func handleServiceCertfpGenerate(dc *downstreamConn, params []string) error {
fs := newFlagSet()
keyType := fs.String("key-type", "rsa", "key type to generate (rsa, ecdsa, ed25519)")
bits := fs.Int("bits", 3072, "size of key to generate, meaningful only for RSA")
if err := fs.Parse(params); err != nil {
return err
}
if len(fs.Args()) != 1 {
return errors.New("exactly one argument is required")
}
net := dc.user.getNetwork(fs.Arg(0))
if net == nil {
return fmt.Errorf("unknown network %q", fs.Arg(0))
}
var (
privKey crypto.PrivateKey
pubKey crypto.PublicKey
)
switch *keyType {
case "rsa":
key, err := rsa.GenerateKey(rand.Reader, *bits)
if err != nil {
return err
}
privKey = key
pubKey = key.Public()
case "ecdsa":
key, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
if err != nil {
return err
}
privKey = key
pubKey = key.Public()
case "ed25519":
var err error
pubKey, privKey, err = ed25519.GenerateKey(rand.Reader)
if err != nil {
return err
}
}
// Using PKCS#8 allows easier extension for new key types.
privKeyBytes, err := x509.MarshalPKCS8PrivateKey(privKey)
if err != nil {
return err
}
notBefore := time.Now()
// Lets make a fair assumption nobody will use the same cert for more than 20 years...
notAfter := notBefore.Add(24 * time.Hour * 365 * 20)
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return err
}
cert := &x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{CommonName: "soju auto-generated certificate"},
NotBefore: notBefore,
NotAfter: notAfter,
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
}
derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, pubKey, privKey)
if err != nil {
return err
}
net.SASL.External.CertBlob = derBytes
net.SASL.External.PrivKeyBlob = privKeyBytes
net.SASL.Mechanism = "EXTERNAL"
if err := dc.srv.db.StoreNetwork(net.Username, &net.Network); err != nil {
return err
}
sendServicePRIVMSG(dc, "certificate generated")
sha1Sum := sha1.Sum(derBytes)
sendServicePRIVMSG(dc, "SHA-1 fingerprint: "+hex.EncodeToString(sha1Sum[:]))
sha256Sum := sha256.Sum256(derBytes)
sendServicePRIVMSG(dc, "SHA-256 fingerprint: "+hex.EncodeToString(sha256Sum[:]))
return nil
}
func handleServiceCertfpFingerprints(dc *downstreamConn, params []string) error {
if len(params) != 1 {
return fmt.Errorf("expected exactly one argument")
}
net := dc.user.getNetwork(params[0])
if net == nil {
return fmt.Errorf("unknown network %q", params[0])
}
sha1Sum := sha1.Sum(net.SASL.External.CertBlob)
sendServicePRIVMSG(dc, "SHA-1 fingerprint: "+hex.EncodeToString(sha1Sum[:]))
sha256Sum := sha256.Sum256(net.SASL.External.CertBlob)
sendServicePRIVMSG(dc, "SHA-256 fingerprint: "+hex.EncodeToString(sha256Sum[:]))
return nil
}
func handleServiceCertfpReset(dc *downstreamConn, params []string) error {
if len(params) != 1 {
return fmt.Errorf("expected exactly one argument")
}
net := dc.user.getNetwork(params[0])
if net == nil {
return fmt.Errorf("unknown network %q", params[0])
}
net.SASL.External.CertBlob = nil
net.SASL.External.PrivKeyBlob = nil
if net.SASL.Mechanism == "EXTERNAL" {
net.SASL.Mechanism = ""
}
if err := dc.srv.db.StoreNetwork(dc.user.Username, &net.Network); err != nil {
return err
}
sendServicePRIVMSG(dc, "certificate reset")
return nil
}
func appendServiceCommandSetHelp(cmds serviceCommandSet, prefix []string, l *[]string) { func appendServiceCommandSetHelp(cmds serviceCommandSet, prefix []string, l *[]string) {
for name, cmd := range cmds { for name, cmd := range cmds {
words := append(prefix, name) words := append(prefix, name)
@ -434,7 +303,7 @@ func (fs *networkFlagSet) update(network *Network) error {
return nil return nil
} }
func handleServiceCreateNetwork(dc *downstreamConn, params []string) error { func handleServiceNetworkCreate(dc *downstreamConn, params []string) error {
fs := newNetworkFlagSet() fs := newNetworkFlagSet()
if err := fs.Parse(params); err != nil { if err := fs.Parse(params); err != nil {
return err return err
@ -543,6 +412,137 @@ func handleServiceNetworkDelete(dc *downstreamConn, params []string) error {
return nil return nil
} }
func handleServiceCertfpGenerate(dc *downstreamConn, params []string) error {
fs := newFlagSet()
keyType := fs.String("key-type", "rsa", "key type to generate (rsa, ecdsa, ed25519)")
bits := fs.Int("bits", 3072, "size of key to generate, meaningful only for RSA")
if err := fs.Parse(params); err != nil {
return err
}
if len(fs.Args()) != 1 {
return errors.New("exactly one argument is required")
}
net := dc.user.getNetwork(fs.Arg(0))
if net == nil {
return fmt.Errorf("unknown network %q", fs.Arg(0))
}
var (
privKey crypto.PrivateKey
pubKey crypto.PublicKey
)
switch *keyType {
case "rsa":
key, err := rsa.GenerateKey(rand.Reader, *bits)
if err != nil {
return err
}
privKey = key
pubKey = key.Public()
case "ecdsa":
key, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
if err != nil {
return err
}
privKey = key
pubKey = key.Public()
case "ed25519":
var err error
pubKey, privKey, err = ed25519.GenerateKey(rand.Reader)
if err != nil {
return err
}
}
// Using PKCS#8 allows easier extension for new key types.
privKeyBytes, err := x509.MarshalPKCS8PrivateKey(privKey)
if err != nil {
return err
}
notBefore := time.Now()
// Lets make a fair assumption nobody will use the same cert for more than 20 years...
notAfter := notBefore.Add(24 * time.Hour * 365 * 20)
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return err
}
cert := &x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{CommonName: "soju auto-generated certificate"},
NotBefore: notBefore,
NotAfter: notAfter,
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
}
derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, pubKey, privKey)
if err != nil {
return err
}
net.SASL.External.CertBlob = derBytes
net.SASL.External.PrivKeyBlob = privKeyBytes
net.SASL.Mechanism = "EXTERNAL"
if err := dc.srv.db.StoreNetwork(net.Username, &net.Network); err != nil {
return err
}
sendServicePRIVMSG(dc, "certificate generated")
sha1Sum := sha1.Sum(derBytes)
sendServicePRIVMSG(dc, "SHA-1 fingerprint: "+hex.EncodeToString(sha1Sum[:]))
sha256Sum := sha256.Sum256(derBytes)
sendServicePRIVMSG(dc, "SHA-256 fingerprint: "+hex.EncodeToString(sha256Sum[:]))
return nil
}
func handleServiceCertfpFingerprints(dc *downstreamConn, params []string) error {
if len(params) != 1 {
return fmt.Errorf("expected exactly one argument")
}
net := dc.user.getNetwork(params[0])
if net == nil {
return fmt.Errorf("unknown network %q", params[0])
}
sha1Sum := sha1.Sum(net.SASL.External.CertBlob)
sendServicePRIVMSG(dc, "SHA-1 fingerprint: "+hex.EncodeToString(sha1Sum[:]))
sha256Sum := sha256.Sum256(net.SASL.External.CertBlob)
sendServicePRIVMSG(dc, "SHA-256 fingerprint: "+hex.EncodeToString(sha256Sum[:]))
return nil
}
func handleServiceCertfpReset(dc *downstreamConn, params []string) error {
if len(params) != 1 {
return fmt.Errorf("expected exactly one argument")
}
net := dc.user.getNetwork(params[0])
if net == nil {
return fmt.Errorf("unknown network %q", params[0])
}
net.SASL.External.CertBlob = nil
net.SASL.External.PrivKeyBlob = nil
if net.SASL.Mechanism == "EXTERNAL" {
net.SASL.Mechanism = ""
}
if err := dc.srv.db.StoreNetwork(dc.user.Username, &net.Network); err != nil {
return err
}
sendServicePRIVMSG(dc, "certificate reset")
return nil
}
func handlePasswordChange(dc *downstreamConn, params []string) error { func handlePasswordChange(dc *downstreamConn, params []string) error {
if len(params) != 1 { if len(params) != 1 {
return fmt.Errorf("expected exactly one argument") return fmt.Errorf("expected exactly one argument")