diff options
| author | mh <mh@immerda.ch> | 2016-11-04 18:52:39 +0100 |
|---|---|---|
| committer | mh <mh@immerda.ch> | 2016-11-04 18:52:39 +0100 |
| commit | d91d70dd378a4a91c740b03b0852432ef128b24a (patch) | |
| tree | 35f503702086f85a96bfd5fca73d70c701323908 | |
| parent | bf16597ec2c0ad155527742fe07e655f555d7f62 (diff) | |
store key & hostname
| -rw-r--r-- | lib/puppet/parser/functions/generate_onion_key.rb | 22 | ||||
| -rw-r--r-- | manifests/daemon/onion_service.pp (renamed from manifests/daemon/onions_service.pp) | 0 | ||||
| -rw-r--r-- | spec/functions/generate_onion_key_spec.rb | 10 | ||||
| -rw-r--r-- | templates/torrc.onion_service.erb (renamed from templates/torrc.hidden_service.erb) | 0 |
4 files changed, 20 insertions, 12 deletions
diff --git a/lib/puppet/parser/functions/generate_onion_key.rb b/lib/puppet/parser/functions/generate_onion_key.rb index 2964268..9ee5351 100644 --- a/lib/puppet/parser/functions/generate_onion_key.rb +++ b/lib/puppet/parser/functions/generate_onion_key.rb @@ -7,12 +7,13 @@ Requires a location to load and store the private key, as well an identifier, wh Example: - res = generate_onion_key('/tmp','my_secrect_key') + res = generate_onion_key('/tmp','my_secret_key') notice "Onion Address: \${res[0]" notice "Priavte Key: \${res[1]" -If /tmp/my_secrect_key.key exists, it will be loaded and the onion address will be generated from it. +It will also store the onion address under /tmp/my_secret_key.hostname. +If /tmp/my_secret_key.key exists, but not the hostname file. Then the function will be loaded and the onion address will be generated from it. EOS ) do |args| @@ -24,17 +25,24 @@ If /tmp/my_secrect_key.key exists, it will be loaded and the onion address will raise(Puppet::ParseError, "generate_onion_key(): requires location (#{location}) to be a directory") unless File.directory?(location) path = File.join(location,identifier) - private_key = if File.exists?(path) - pk = OpenSSL::PKey::RSA.new(File.read(path)) - raise(Puppet::ParseError, "generate_onion_key(): key in path #{path} must have a length of 1024bit") unless (pk.n.num_bytes * 8) == 1024 + private_key = if File.exists?(kf="#{path}.key") + pk = OpenSSL::PKey::RSA.new(File.read(kf)) + raise(Puppet::ParseError, "generate_onion_key(): key in path #{kf} must have a length of 1024bit") unless (pk.n.num_bytes * 8) == 1024 pk else # 1024 is hardcoded by tor pk = OpenSSL::PKey::RSA.generate(1024) - File.open(path,'w'){|f| f << pk.to_s } + File.open(kf,'w'){|f| f << pk.to_s } pk end + onion_address = if File.exists?(hf="#{path}.hostname") + File.read(hf) + else + oa = function_onion_address([private_key]) + File.open(hf,'w'){|f| f << oa.to_s } + oa + end - [ function_onion_address([private_key]), private_key.to_s ] + [ onion_address, private_key.to_s ] end end diff --git a/manifests/daemon/onions_service.pp b/manifests/daemon/onion_service.pp index 2625521..2625521 100644 --- a/manifests/daemon/onions_service.pp +++ b/manifests/daemon/onion_service.pp diff --git a/spec/functions/generate_onion_key_spec.rb b/spec/functions/generate_onion_key_spec.rb index 07a9f91..355f862 100644 --- a/spec/functions/generate_onion_key_spec.rb +++ b/spec/functions/generate_onion_key_spec.rb @@ -4,7 +4,7 @@ require 'fileutils' describe 'generate_onion_key' do before(:all) do @tmp_path = File.expand_path(File.join(File.dirname(__FILE__),'..','fixtures','tmp')) - @test_path = File.join(@tmp_path,'test') + @test_path = File.join(@tmp_path,'test.key') @drpsyff5srkctr7h_str = "-----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQC9OUBOkL73n43ogC/Jma54/ZZDEpoisqpkGJHgbcRGJIxcqqfL PbnT3hD5SUCVXxLnzWDCTwTe2VOzIUlBXmslwVXnCJh/XGZg9NHiNU3EAZTwu1g9 @@ -51,10 +51,10 @@ znq+qT/KbJlwy/27X/auCAzD5rJ9VVzyWiu8nnwICS8= expect(return_value.size).to be(2) end it 'creates and stores the key' do - expect(return_value.last).to be_eql(File.read(File.join(@tmp_path,'test'))) + expect(return_value.last).to be_eql(File.read(File.join(@tmp_path,'test.key'))) end it 'returns a proper onion address' do - expect(return_value.first).to be_eql(scope.function_onion_address([File.read(File.join(@tmp_path,'test'))])) + expect(return_value.first).to be_eql(scope.function_onion_address([File.read(File.join(@tmp_path,'test.key'))])) end it 'does not recreate a key once created' do expect(scope.function_generate_onion_key([@tmp_path,'test'])).to be_eql(scope.function_generate_onion_key([@tmp_path,'test'])) @@ -65,9 +65,9 @@ znq+qT/KbJlwy/27X/auCAzD5rJ9VVzyWiu8nnwICS8= end context 'with an existing key' do before(:all) do - File.open(@test_path,'w'){|f| f << @drpsyff5srkctr7h_str } + File.open(File.join(@tmp_path,'test3.key'),'w'){|f| f << @drpsyff5srkctr7h_str } end - it { is_expected.to run.with_params(@tmp_path,'test').and_return(['drpsyff5srkctr7h',@drpsyff5srkctr7h_str]) } + it { is_expected.to run.with_params(@tmp_path,'test3').and_return(['drpsyff5srkctr7h',@drpsyff5srkctr7h_str]) } end end end diff --git a/templates/torrc.hidden_service.erb b/templates/torrc.onion_service.erb index 77168d8..77168d8 100644 --- a/templates/torrc.hidden_service.erb +++ b/templates/torrc.onion_service.erb |