From 1dba01dd8267011eae1ae705faced2858173bf95 Mon Sep 17 00:00:00 2001
From: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
Date: Thu, 28 Dec 2017 18:28:49 +0200
Subject: setup script

---
 dmvpn-pfx-decode | 94 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)
 create mode 100755 dmvpn-pfx-decode

(limited to 'dmvpn-pfx-decode')

diff --git a/dmvpn-pfx-decode b/dmvpn-pfx-decode
new file mode 100755
index 0000000..2ec13a9
--- /dev/null
+++ b/dmvpn-pfx-decode
@@ -0,0 +1,94 @@
+#!/usr/bin/lua5.2
+
+--[[
+Copyright (c) 2017-2018 Kaarle Ritvanen
+See LICENSE file for license details
+]]--
+
+dmvpn = require('dmvpn')
+pkcs12 = require('openssl.pkcs12')
+
+name = arg[1]
+file = io.open(name)
+data = file:read('*a')
+file:close()
+
+name = name:match('/([^/]+)$') or name
+password = name:match('^%w*_%d+%.(%w+)%.pfx$')
+if password then
+	success, key, cert, chain = pcall(pkcs12.parse, data, password)
+end
+if not success then
+	io.stderr:write('Password: ')
+	os.execute('stty -echo')
+	password = io.read()
+	os.execute('stty echo')
+	io.stderr:write('\n')
+	key, cert, chain = pkcs12.parse(data, password)
+end
+
+function write_pem_file(dir, data)
+	local file = io.open('/etc/swanctl/'..dir..'/dmvpn.pem', 'w')
+	file:write(data)
+	file:close()
+end
+
+write_pem_file('private', key:toPEM('private'))
+write_pem_file('x509', tostring(cert))
+for i, ca_cert in pairs(chain) do
+	assert(i == 1)
+	write_pem_file('x509ca', tostring(ca_cert))
+end
+
+function print_var(name, value)
+	print(name.."='"..value:gsub("'", "'\\''").."'")
+end
+
+for tpe, value in pairs(cert:getSubjectAlt()) do
+	if tpe == 'IP' then
+		if value:match('^[%d%.]+$') then
+			print_var('GRE_IPV4_ADDRESS', value)
+		elseif value:match('^[%x:]+$') then
+			print_var('GRE_IPV6_ADDRESS', value)
+		else assert(false) end
+	end
+end
+
+EXTENSIONS = {
+	basicConstraints=true,
+	['sbgp-ipAddrBlock']={
+		IPV4_PREFIXES=function(v) return v[1] end,
+		IPV6_PREFIXES=function(v) return v[2] end
+	},
+	['sbgp-autonomousSysNum']='AS_NUMBER',
+	[dmvpn.OID_IS_HUB]={
+		VPNC_TYPE=function(v) return v and 'hub' or 'spoke' end
+	},
+	[dmvpn.OID_HUB_HOSTS]='HUBS'
+}
+
+
+for i=1,cert:getExtensionCount() do
+	ext = cert:getExtension(i)
+	k = ext:getName()
+	v = EXTENSIONS[k]
+	if v then
+		if type(v) == 'string' then
+			v = {[v]=function(v) return v end}
+		end
+		if type(v) == 'table' then
+			local data = dmvpn.decode_ext(k, ext)
+			for var, func in pairs(v) do
+				local d = func(data)
+				print_var(
+					var,
+					type(d) == 'table' and
+						table.concat(d, ' ') or
+						tostring(d)
+				)
+			end
+		end
+	elseif ext:getCritical() then
+		error('Unrecognized critical extension: '..k)
+	end
+end
-- 
cgit v1.2.3