key rotation script
This commit is contained in:
parent
e6f7ffe8f5
commit
a739df85a3
File diff suppressed because it is too large
Load Diff
16
package.json
16
package.json
|
@ -25,15 +25,17 @@
|
||||||
},
|
},
|
||||||
"homepage": "https://github.com/keeweb/keeweb-plugins#readme",
|
"homepage": "https://github.com/keeweb/keeweb-plugins#readme",
|
||||||
"devDependencies": {
|
"devDependencies": {
|
||||||
"eslint": "^6.1.0",
|
"eslint": "^6.8.0",
|
||||||
"eslint-config-standard": "^13.0.1",
|
"eslint-config-standard": "^14.1.0",
|
||||||
"eslint-plugin-import": "^2.18.2",
|
"eslint-plugin-import": "^2.20.1",
|
||||||
"eslint-plugin-node": "^9.1.0",
|
"eslint-plugin-node": "^11.0.0",
|
||||||
"eslint-plugin-promise": "^4.2.1",
|
"eslint-plugin-promise": "^4.2.1",
|
||||||
"eslint-plugin-standard": "^4.0.0"
|
"eslint-plugin-standard": "^4.0.1"
|
||||||
},
|
},
|
||||||
"optionalDependencies": {
|
"optionalDependencies": {
|
||||||
"keytar": "^4.13.0",
|
"keytar": "^5.4.0"
|
||||||
"pkcs15-smartcard-sign": "^1.0.0"
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"pkcs11-smartcard-sign": "^1.0.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,37 @@
|
||||||
|
/* eslint-disable no-console */
|
||||||
|
const fs = require('fs');
|
||||||
|
const path = require('path');
|
||||||
|
const ps = require('child_process');
|
||||||
|
|
||||||
|
const oldKey = fs.readFileSync('keys/public-key-old.pem', 'utf8')
|
||||||
|
.match(/-+BEGIN PUBLIC KEY-+([\s\S]+?)-+END PUBLIC KEY-+/)[1]
|
||||||
|
.replace(/\s+/g, '');
|
||||||
|
const newKey = fs.readFileSync('keys/public-key.pem', 'utf8')
|
||||||
|
.match(/-+BEGIN PUBLIC KEY-+([\s\S]+?)-+END PUBLIC KEY-+/)[1]
|
||||||
|
.replace(/\s+/g, '');
|
||||||
|
|
||||||
|
const pluginDirs = ['docs/plugins', 'docs/translations'];
|
||||||
|
for (const pluginDir of pluginDirs) {
|
||||||
|
for (const pluginName of fs.readdirSync(pluginDir).filter(dir => /^[\w-]+$/.test(dir))) {
|
||||||
|
console.log(pluginName);
|
||||||
|
const manifestPath = path.join(pluginDir, pluginName, 'manifest.json');
|
||||||
|
const manifest = JSON.parse(fs.readFileSync(manifestPath, 'utf8'));
|
||||||
|
if (manifest.publicKey !== oldKey) {
|
||||||
|
throw `Bad key in ${manifestPath}`;
|
||||||
|
}
|
||||||
|
manifest.publicKey = newKey;
|
||||||
|
fs.writeFileSync(manifestPath, JSON.stringify(manifest, null, 2));
|
||||||
|
const result = ps.spawnSync('node', [
|
||||||
|
'../keeweb/plugins/keeweb-plugin/keeweb-plugin.js',
|
||||||
|
'sign',
|
||||||
|
path.join(pluginDir, pluginName),
|
||||||
|
'--signer-module=../../../keeweb-plugins/scripts/sign',
|
||||||
|
'--bump-version=true'
|
||||||
|
], {
|
||||||
|
stdio: 'inherit'
|
||||||
|
});
|
||||||
|
if (result.status) {
|
||||||
|
throw 'Sign error';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,9 +1,9 @@
|
||||||
const fs = require('fs');
|
const fs = require('fs');
|
||||||
const signer = require('pkcs15-smartcard-sign');
|
const signer = require('pkcs11-smartcard-sign');
|
||||||
const keytar = require('keytar');
|
const keytar = require('keytar');
|
||||||
|
|
||||||
const verifyKey = fs.readFileSync('keys/public-key.pem');
|
const verifyKey = fs.readFileSync('keys/public-key.pem');
|
||||||
const key = '02';
|
const signerOptions = JSON.parse(fs.readFileSync('keys/keeweb-sign.json', 'utf8'));
|
||||||
|
|
||||||
function getPin() {
|
function getPin() {
|
||||||
if (getPin.pin) {
|
if (getPin.pin) {
|
||||||
|
@ -20,5 +20,6 @@ function getPin() {
|
||||||
}
|
}
|
||||||
|
|
||||||
module.exports = function sign(data) {
|
module.exports = function sign(data) {
|
||||||
return getPin().then(pin => signer.sign({ data, verifyKey, pin, key }).then(data => data.toString('base64')));
|
return getPin().then(pin => signer.sign({ data, verifyKey, pin, ...signerOptions })
|
||||||
|
.then(data => data.toString('base64')));
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue