key rotation script
This commit is contained in:
parent
e6f7ffe8f5
commit
a739df85a3
File diff suppressed because it is too large
Load Diff
16
package.json
16
package.json
|
@ -25,15 +25,17 @@
|
|||
},
|
||||
"homepage": "https://github.com/keeweb/keeweb-plugins#readme",
|
||||
"devDependencies": {
|
||||
"eslint": "^6.1.0",
|
||||
"eslint-config-standard": "^13.0.1",
|
||||
"eslint-plugin-import": "^2.18.2",
|
||||
"eslint-plugin-node": "^9.1.0",
|
||||
"eslint": "^6.8.0",
|
||||
"eslint-config-standard": "^14.1.0",
|
||||
"eslint-plugin-import": "^2.20.1",
|
||||
"eslint-plugin-node": "^11.0.0",
|
||||
"eslint-plugin-promise": "^4.2.1",
|
||||
"eslint-plugin-standard": "^4.0.0"
|
||||
"eslint-plugin-standard": "^4.0.1"
|
||||
},
|
||||
"optionalDependencies": {
|
||||
"keytar": "^4.13.0",
|
||||
"pkcs15-smartcard-sign": "^1.0.0"
|
||||
"keytar": "^5.4.0"
|
||||
},
|
||||
"dependencies": {
|
||||
"pkcs11-smartcard-sign": "^1.0.0"
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
/* eslint-disable no-console */
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
const ps = require('child_process');
|
||||
|
||||
const oldKey = fs.readFileSync('keys/public-key-old.pem', 'utf8')
|
||||
.match(/-+BEGIN PUBLIC KEY-+([\s\S]+?)-+END PUBLIC KEY-+/)[1]
|
||||
.replace(/\s+/g, '');
|
||||
const newKey = fs.readFileSync('keys/public-key.pem', 'utf8')
|
||||
.match(/-+BEGIN PUBLIC KEY-+([\s\S]+?)-+END PUBLIC KEY-+/)[1]
|
||||
.replace(/\s+/g, '');
|
||||
|
||||
const pluginDirs = ['docs/plugins', 'docs/translations'];
|
||||
for (const pluginDir of pluginDirs) {
|
||||
for (const pluginName of fs.readdirSync(pluginDir).filter(dir => /^[\w-]+$/.test(dir))) {
|
||||
console.log(pluginName);
|
||||
const manifestPath = path.join(pluginDir, pluginName, 'manifest.json');
|
||||
const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf8'));
|
||||
if (manifest.publicKey !== oldKey) {
|
||||
throw `Bad key in ${manifestPath}`;
|
||||
}
|
||||
manifest.publicKey = newKey;
|
||||
fs.writeFileSync(manifestPath, JSON.stringify(manifest, null, 2));
|
||||
const result = ps.spawnSync('node', [
|
||||
'../keeweb/plugins/keeweb-plugin/keeweb-plugin.js',
|
||||
'sign',
|
||||
path.join(pluginDir, pluginName),
|
||||
'--signer-module=../../../keeweb-plugins/scripts/sign',
|
||||
'--bump-version=true'
|
||||
], {
|
||||
stdio: 'inherit'
|
||||
});
|
||||
if (result.status) {
|
||||
throw 'Sign error';
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,9 +1,9 @@
|
|||
const fs = require('fs');
|
||||
const signer = require('pkcs15-smartcard-sign');
|
||||
const signer = require('pkcs11-smartcard-sign');
|
||||
const keytar = require('keytar');
|
||||
|
||||
const verifyKey = fs.readFileSync('keys/public-key.pem');
|
||||
const key = '02';
|
||||
const signerOptions = JSON.parse(fs.readFileSync('keys/keeweb-sign.json', 'utf8'));
|
||||
|
||||
function getPin() {
|
||||
if (getPin.pin) {
|
||||
|
@ -20,5 +20,6 @@ function getPin() {
|
|||
}
|
||||
|
||||
module.exports = function sign(data) {
|
||||
return getPin().then(pin => signer.sign({ data, verifyKey, pin, key }).then(data => data.toString('base64')));
|
||||
return getPin().then(pin => signer.sign({ data, verifyKey, pin, ...signerOptions })
|
||||
.then(data => data.toString('base64')));
|
||||
};
|
||||
|
|
Loading…
Reference in New Issue