more work on hostname add/revoke

1 files changed, 75 insertions, 14 deletions

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 023ce9b..31bce7d 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -100,17 +100,19 @@ gpg_authentication() {
     su_monkeysphere_user "gpg $@"
 }
 
-# output key information
-show_server_key() {
-    gpg_host --list-secret-keys --fingerprint
-}
-
 # output just key fingerprint
 fingerprint_server_key() {
     gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode | \
 	grep '^fpr:' | head -1 | cut -d: -f10
 }
 
+# output key information
+show_server_key() {
+    local fingerprint
+    fingerprint=$(fingerprint_server_key)
+    gpg_host --fingerprint --list-secret-key "$fingerprint"
+}
+
 # update authorized_keys for users
 update_users() {
     if [ "$1" ] ; then
@@ -371,52 +373,111 @@ EOF
 
 # add hostname user ID to server key
 add_hostname() {
+    local userID
+    local fingerprint
+    local adduidCommand
+
     if [ -z "$1" ] ; then
 	failure "You must specify a hostname to add."
     fi
 
     userID="ssh://${1}"
 
-    if [ "$(gpg_host --list-key "=${userID}")" ] ; then
+    if [ "$(gpg_host --list-key "=${userID}" 2> /dev/null)" ] ; then
 	failure "Host userID '$userID' already exists."
     fi
 
+    echo "The following user ID will be added to the host key:"
+    echo "  '$userID'"
+    read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
+    if [ ${OK/y/Y} != 'Y' ] ; then
+	failure "user ID not added."
+    fi
+
     fingerprint=$(fingerprint_server_key)
 
+    # edit-key script command to add user ID
     adduidCommand=$(cat <<EOF
 adduid
 $userID
 
 
-O
 save
 EOF
 	)
 
-    # add uid
+    # execute edit-key script
     echo "$adduidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
 
-    echo "NOTE: new host userID has not been published."
-    echo "Use '$PGRM publish-key' to publish these changes."
+    # update trust db
+    gpg_host --check-trustdb
+
+    show_server_key
+
+    # publish the key
+    publish_server_key
 }
 
 # revoke hostname user ID to server key
 revoke_hostname() {
+    local userID
+    local uidIndex
+
     if [ -z "$1" ] ; then
 	failure "You must specify a hostname to revoke."
     fi
 
-    failure "Sorry, not yet implemented."
+    userID="ssh://${1}"
+
+    fingerprint=$(fingerprint_server_key)
+
+    # find the index of the requsted user ID
+    # NOTE: this is based on circumstantial evidence that the order of
+    # this output is the appropriate index
+    uidIndex=$(gpg_host --with-colons --fixed-list-mode --list-key "$fingerprint" 2> /dev/null | \
+	egrep "^(uid|uat):" | cut -d: -f10 | gpg_unescape | cat -n | \
+	grep "$userID" | awk '{ print $1 }')
+
+    if [ -z "$uidIndex" ] ; then
+	failure "User ID '$userID' not found in host key."
+    fi
 
-    echo "NOTE: host userID revokation has not been published."
-    echo "Use '$PGRM publish-key' to publish these changes."
+    echo "The following user ID will be revoked from the host key:"
+    echo "  '$userID'"
+    read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
+    if [ ${OK/y/Y} != 'Y' ] ; then
+	failure "user ID not revoked."
+    fi
+
+    # edit-key script command to revoke user ID
+    revuidCommand=$(cat <<EOF
+$uidIndex
+revuid
+y
+4
+
+y
+save
+EOF
+	)	
+
+    # execute edit-key script
+    echo "$revuidCommand" | gpg_host --quiet --command-fd 0 --edit-key "$fingerprint"
+
+    # update trust db
+    gpg_host --check-trustdb
+
+    show_server_key
+
+    # publish the key
+    publish_server_key
 }
 
 # publish server key to keyserver
 publish_server_key() {
     read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N}
     if [ ${OK/y/Y} != 'Y' ] ; then
-	failure "aborting."
+	failure "key not published."
     fi
 
     # find the key fingerprint