#!/bin/bash -x # vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80: # # Copyright (c) 2016 Red Hat, Inc. # Author: Nathaniel McCallum # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # function on_exit() { if [ "$PID" ]; then kill $PID; wait $PID || true; fi [ -d "$TMP" ] && rm -rf "$TMP" } trap 'on_exit' EXIT trap 'exit' ERR TMP="$(mktemp -d)" mkdir -p "$TMP"/db mkdir -p "$TMP"/cache # Generate the server keys tangd-keygen "$TMP"/db sig exc tangd-update "$TMP"/db "$TMP"/cache # Start the server port="$(shuf -i 1024-65536 -n 1)" $SD_ACTIVATE --inetd -l 127.0.0.1:$port -a tangd "$TMP"/cache & PID=$! sleep 0.25 thp="$(jose jwk thp -i "$TMP/db/sig.jwk")" adv="$TMP/cache/default.jws" url="http://localhost:${port}" cfg="$(printf '{"url":"%s","adv":"%s"}' "$url" "$adv")" enc="$(echo -n "hi" | clevis encrypt tang "$cfg")" dec="$(echo -n "$enc" | clevis decrypt)" test "$dec" == "hi" cfg="$(printf '{"url":"%s","thp":"%s"}' "$url" "$thp")" enc="$(echo -n "hi" | clevis encrypt tang "$cfg")" dec="$(echo -n "$enc" | clevis decrypt)" test "$dec" == "hi" kill -9 $PID ! wait $PID unset PID ! echo "$enc" | clevis decrypt