From fbbf97ca75280077b3c00436b89d33817d711baf Mon Sep 17 00:00:00 2001 From: Richard Bonhomme Date: Fri, 22 Jan 2021 01:19:57 +0000 Subject: [PATCH] Introduce interactive menu system for build and inline (V1.0) Signed-off-by: Richard Bonhomme --- easytls | 432 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 432 insertions(+) diff --git a/easytls b/easytls index b462467..1d36de0 100755 --- a/easytls +++ b/easytls @@ -314,12 +314,14 @@ opt_abbreviations () Easy-TLS abbreviations: init-tls - init + build - No abbreviation build-tls-auth - bta build-tls-crypt - btc build-tls-crypt-v2-server - btv2s | btcv2s build-tls-crypt-v2-client - btv2c | btcv2c save-id - sid status - s + inline - No abbreviation inline-tls-auth - ita inline-tls-crypt - itc inline-tls-crypt-v2 - itv2 | itcv2 @@ -2679,6 +2681,428 @@ disabled_list_save_hash () return 1 } + +############################################################################ +# +# Interactive Section +# + +interactive_question () +{ + unset EASYTLS_ANSWER + print "$EASYTLS_QTEXT" + read input + EASYTLS_ANSWER="$input" +} + +interactive_build () +{ + EASYTLS_QTITLE="Easy-TLS Interactive TLS key builder:" + print "$EASYTLS_QTITLE" + cmd_head=' +* Easy-TLS command:' + cmd_line='build' + + # Choose Key + EASYTLS_QTEXT=' +Available key types: +[1] TLS Auth key +[2] TLS Crypt V1 key +[3] TLS Crypt V2 key for Server +[4] TLS Crypt V2 key for Client + +Select the type of key to build:' + interactive_question + + case $EASYTLS_ANSWER in + 1) # Build TLS Auth + cmd_line="${cmd_line}-tls-auth" + print "$cmd_head" + print " ./easytls $cmd_line" + # Build key + build_tls_auth + ;; + 2) # Build TLS Crypt v1 + cmd_line="${cmd_line}-tls-crypt" + print "$cmd_head" + print " ./easytls $cmd_line" + # Build key + build_tls_crypt_v1 + ;; + 3) # Build TLS Crypt v2 Server + # Set Server name + cmd_line="${cmd_line}-tls-crypt-v2-server" + EASYTLS_QTEXT=' +Enter the commonName of your Server certificate:' + interactive_question + opt_server_name="$EASYTLS_ANSWER" + cmd_line="${cmd_line} $opt_server_name" + print "$cmd_head" + print " ./easytls $cmd_line" + # Build key + build_tls_crypt_v2_server "$opt_server_name" + ;; + 4) # Build TLS Crypt v2 Client + + # Set Server name + cmd_line="${cmd_line}-tls-crypt-v2-client" + EASYTLS_QTEXT=' +Enter the commonName of your *Server* certificate:' + interactive_question + opt_server_name="$EASYTLS_ANSWER" + cmd_line="${cmd_line} $opt_server_name" + + # Set Client name + EASYTLS_QTEXT=' +Enter the commonName of your *Client* certificate:' + interactive_question + opt_client_name="$EASYTLS_ANSWER" + cmd_line="${cmd_line} $opt_client_name" + + # Set custom.group name + EASYTLS_QTEXT=" +All client TLS-Crypt-V2 keys must use the same Custom Group. + +You should configure your Custom Group like so: + ./easytls config custom.group NAME + +If you have configured your Custom Group or do not require a Custom Group +then leave this field blank. + +Your current custom group is: ${EASYTLS_TLSCV2_CG} + +Enter your Custom Group name:" + interactive_question + opt_customg="$EASYTLS_ANSWER" + [ -n "$opt_customg" ] && { + cmd_line="--custom-group=${opt_customg} ${cmd_line}" + export EASYTLS_TLSCV2_CG="${opt_customg}" + } + + # Set Sub-key name + EASYTLS_QTEXT=' +Each X509 Client certificate can have multiple TLS-Crypt-V2 keys, +these keys are referred to as Sub-keys. + +If you do not require a Sub-key then leave this field blank. + +Enter your Sub-key name:' + interactive_question + sub_key_name="$EASYTLS_ANSWER" + [ -n "$sub_key_name" ] && { + cmd_line="--sub-key-name=${sub_key_name} ${cmd_line}" + export EASYTLS_TLSCV2_SUBKNAME="${sub_key_name}" + } + + # Set hardware addresses + print ' +You can lock this key to specific MAC hardware addresses. + +Hardware addresses can be in the form of: +* 0123456789ab or 01-23-45-67-89-AB or 01:23:45:67:89:AB + +Leave this field blank to continue. +' + EASYTLS_QTEXT='Enter a single MAC hardware address:' + while : + do + interactive_question + [ -z "$EASYTLS_ANSWER" ] && break + opt_hardware="$opt_hardware $EASYTLS_ANSWER" + done + + cmd_line="${cmd_line} ${opt_hardware}" + print "$cmd_head" + print " ./easytls $cmd_line" + + # Build key + build_tls_crypt_v2_client \ + "$opt_server_name" "$opt_client_name" ${opt_hardware} + ;; + *) die "Aborted." ;; + esac +} + +interactive_inline () +{ + EASYTLS_QTITLE="Easy-TLS Interactive Inline builder:" + print "$EASYTLS_QTITLE" + cmd_head=' +* Easy-TLS command:' + cmd_line='inline' + + # Choose Key + EASYTLS_QTEXT=' +[1] Inline with TLS Auth key +[2] Inline with TLS Crypt v1 key +[3] Inline with TLS Crypt v2 key +[4] Inline renewal +[5] Inline removal + +Select the type of key to inline:' + + interactive_question + + case $EASYTLS_ANSWER in + 1) # Inline TLS Auth + cmd_line="${cmd_line}-tls-auth" + + # Set commonName + interactive_common_name + + # Set key_dir + interactive_key_direction + + # Set opt_nokey + interactive_opt_nokey + + # Set opt_add_dh + interactive_opt_add_dh + + # Set option --dh + interactive_custom_dh + + print "$cmd_head" + print " ./easytls $cmd_line" + + # Build .inline + inline_tls_auth \ + ${common_name} ${key_direction} ${opt_nokey} ${opt_add_dh} + ;; + 2) # Inline TLS Crypt v1 + cmd_line="${cmd_line}-tls-crypt" + + # Set commonName + interactive_common_name + + # Set opt_nokey + interactive_opt_nokey + + # Set opt_add_dh + interactive_opt_add_dh + + # Set option --dh + interactive_custom_dh + + print "$cmd_head" + print " ./easytls $cmd_line" + + # Build .inline + inline_tls_crypt_v1 \ + ${common_name} ${opt_nokey} ${opt_add_dh} + ;; + 3) # Inline TLS Crypt v2 + cmd_line="${cmd_line}-tls-crypt-v2" + + # Set commonName + interactive_common_name + + # Set option --sub-key-name + interactive_sub_key_name + + # Set opt_nokey + interactive_opt_nokey + + # Set opt_add_dh + interactive_opt_add_dh + + # Set option --dh + interactive_custom_dh + + # Set opt_no_md + interactive_opt_no_md + + # Set opt_add_hw + interactive_opt_add_hw + + print "$cmd_head" + print " ./easytls $cmd_line" + + # Build .inline + inline_tls_crypt_v2 \ + ${common_name} ${opt_nokey} ${opt_add_dh} ${opt_no_md} ${opt_add_hw} + ;; + 4) # Inline renew + print "Coming soon .." + ;; + 5) # Inline remove + print "Coming soon .." + ;; + *) die "Aborted." ;; + esac +} + +# Set commonName +interactive_common_name () +{ + unset common_name + EASYTLS_QTEXT=' +Enter the commonName of your certificate:' + interactive_question + common_name="$EASYTLS_ANSWER" + cmd_line="${cmd_line} $common_name" +} + +# Set option --sub-key-name +interactive_sub_key_name () +{ + unset sub_key_name + EASYTLS_QTEXT=' +Do not set Sub-key for a Server file, Only Clients can use Sub-keys + +Enter the Sub-key Name for your key:' + interactive_question + [ -n "$EASYTLS_ANSWER" ] && { + sub_key_name="$EASYTLS_ANSWER" + cmd_line="--dh=${sub_key_name} ${cmd_line}" + export EASYTLS_TLSCV2_SUBKNAME="${sub_key_name}" + } +} + +# Set key direction +interactive_key_direction () +{ + unset key_direction + print ' +Enter Key direction [Server=0 or Client=1] +' + while : + do + EASYTLS_QTEXT='Enter 0 or 1:' + interactive_question + case "$EASYTLS_ANSWER" in + 0) + key_direction=0 + break + ;; + 1) + key_direction=1 + break + ;; + esac + done + cmd_line="${cmd_line} $key_direction" +} + +# Set option nokey +interactive_opt_nokey () +{ + unset opt_nokey + print " +Do you have the private key for certificate: $common_name ? +" + while : + do + EASYTLS_QTEXT='Enter (y)es or (n)o:' + interactive_question + case "$EASYTLS_ANSWER" in + Y|y|Yes|yes) + break + ;; + N|n|No|no) + opt_nokey='nokey' + cmd_line="${cmd_line} nokey" + break + ;; + esac + done +} + +# Set option add-dh +interactive_opt_add_dh () +{ + print ' +Do you want to inline the Diffy-Hellman parameter file ? +' + unset opt_add_dh + while : + do + EASYTLS_QTEXT='Enter (y)es or (n)o:' + interactive_question + case "$EASYTLS_ANSWER" in + Y|y|Yes|yes) + opt_add_dh='add-dh' + cmd_line="${cmd_line} add-dh" + break + ;; + N|n|No|no) + break + ;; + esac + done +} + +# Set custom dh file +interactive_custom_dh () +{ + [ -z "$opt_add_dh" ] && return 0 + unset opt_custom_dh + EASYTLS_QTEXT=' +If you need to use a custom Diffy-Hellman parameters file then +enter the file location and name. + +Leave this blank to use the default Easy-TLS DH file. + +Enter the DH file name:' + interactive_question + [ -n "$EASYTLS_ANSWER" ] && { + opt_custom_dh="$EASYTLS_ANSWER" + cmd_line="--dh=${opt_custom_dh} ${cmd_line}" + export EASYRSA_DH_FILE="${opt_custom_dh}" + } +} + +# Set option no-md +interactive_opt_no_md () +{ + unset opt_no_md + print " +Do you want to include the client metadata for certificate: $common_name ? +(For Server inline files, this is ignored) +" + while : + do + EASYTLS_QTEXT='Enter (y)es or (n)o:' + interactive_question + case "$EASYTLS_ANSWER" in + Y|y|Yes|yes) + break + ;; + N|n|No|no) + opt_no_md='no-md' + cmd_line="${cmd_line} no-md" + break + ;; + esac + done +} + +# Set option add-hw +interactive_opt_add_hw () +{ + [ -n "$opt_no_md" ] && return 0 + unset opt_add_hw + print ' +Do you want to include the hardware addresses in the client metadata ? +' + while : + do + EASYTLS_QTEXT='Enter (y)es or (n)o:' + interactive_question + case "$EASYTLS_ANSWER" in + Y|y|Yes|yes) + opt_add_hw='add-hw' + cmd_line="${cmd_line} add-hw" + break + ;; + N|n|No|no) + break + ;; + esac + done +} + + ############################################################################ # # IMPORT Section @@ -2935,6 +3359,14 @@ case "$cmd" in init_tls "$@" || \ die "Error: init_tls" ;; + build) + interactive_build || \ + die "Error: build" + ;; + inline) + interactive_inline || \ + die "Error: inline" + ;; bta|build-tls-auth) build_tls_auth "$@" || \ die "Error: build_tls_auth"