+# extend the lifetime of a host key:
+extend_key() {
+ local fpr=$(fingerprint_server_key)
+ local extendTo="$1"
+
+ if [ -z "$fpr" ] ; then
+ failure "You don't appear to have a MonkeySphere host key on this server. Try 'monkeysphere-server gen-key' first."
+ fi
+
+ # get the new expiration date
+ extendTo=$(get_gpg_expiration "$extendTo")
+
+ gpg_host --quiet --command-fd 0 --edit-key "$fpr" <<EOF
+expire
+$extendTo
+save
+EOF
+
+ echo
+ echo "NOTE: Host key expiration date adjusted, but not yet published."
+ echo "Run '$PGRM publish-key' to publish the new expiration date."
+}
+
+# add hostname user ID to server key
+add_hostname() {
+ local userID
+ local fingerprint
+ local tmpuidMatch
+ local line
+ local adduidCommand
+
+ if [ -z "$1" ] ; then
+ failure "You must specify a hostname to add."
+ fi
+
+ userID="ssh://${1}"
+
+ fingerprint=$(fingerprint_server_key)
+
+ # match to only ultimately trusted user IDs
+ tmpuidMatch="u:$(echo $userID | gpg_escape)"
+
+ # find the index of the requsted user ID
+ # NOTE: this is based on circumstantial evidence that the order of
+ # this output is the appropriate index
+ if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \
+ | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
+ failure "Host userID '$userID' already exists."
+ fi
+
+ echo "The following user ID will be added to the host key:"
+ echo " $userID"
+ read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
+ if [ ${OK/y/Y} != 'Y' ] ; then
+ failure "User ID not added."
+ fi
+
+ # edit-key script command to add user ID
+ adduidCommand=$(cat <<EOF
+adduid
+$userID
+
+
+save
+EOF
+ )
+
+ # execute edit-key script
+ if echo "$adduidCommand" | \
+ gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
+
+ # update the trustdb for the authentication keyring
+ gpg_authentication "--check-trustdb"
+
+ show_server_key
+
+ echo
+ echo "NOTE: User ID added to key, but key not published."
+ echo "Run '$PGRM publish-key' to publish the new user ID."
+ else
+ failure "Problem adding user ID."
+ fi
+}
+
+# revoke hostname user ID to server key
+revoke_hostname() {
+ local userID
+ local fingerprint
+ local tmpuidMatch
+ local line
+ local uidIndex
+ local message
+ local revuidCommand
+
+ if [ -z "$1" ] ; then
+ failure "You must specify a hostname to revoke."
+ fi
+
+ echo "WARNING: There is a known bug in this function."
+ echo "This function has been known to occasionally revoke the wrong user ID."
+ echo "Please see the following bug report for more information:"
+ echo "http://web.monkeysphere.info/bugs/revoke-hostname-revoking-wrong-userid/"
+ read -p "Are you sure you would like to proceed? (y/N) " OK; OK=${OK:=N}
+ if [ ${OK/y/Y} != 'Y' ] ; then
+ failure "aborting."
+ fi
+
+ userID="ssh://${1}"
+
+ fingerprint=$(fingerprint_server_key)
+
+ # match to only ultimately trusted user IDs
+ tmpuidMatch="u:$(echo $userID | gpg_escape)"
+
+ # find the index of the requsted user ID
+ # NOTE: this is based on circumstantial evidence that the order of
+ # this output is the appropriate index
+ if line=$(gpg_host --list-keys --with-colons --fixed-list-mode "0x${fingerprint}!" \
+ | egrep '^(uid|uat):' | cut -f2,10 -d: | grep -n -x -F "$tmpuidMatch") ; then
+ uidIndex=${line%%:*}
+ else
+ failure "No non-revoked user ID '$userID' is found."
+ fi
+
+ echo "The following host key user ID will be revoked:"
+ echo " $userID"
+ read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
+ if [ ${OK/y/Y} != 'Y' ] ; then
+ failure "User ID not revoked."
+ fi
+
+ message="Hostname removed by monkeysphere-server $DATE"
+
+ # edit-key script command to revoke user ID
+ revuidCommand=$(cat <<EOF
+$uidIndex
+revuid
+y
+4
+$message
+
+y
+save
+EOF
+ )
+
+ # execute edit-key script
+ if echo "$revuidCommand" | \
+ gpg_host --quiet --command-fd 0 --edit-key "0x${fingerprint}!" ; then
+
+ # update the trustdb for the authentication keyring
+ gpg_authentication "--check-trustdb"
+
+ show_server_key
+
+ echo
+ echo "NOTE: User ID revoked, but revocation not published."
+ echo "Run '$PGRM publish-key' to publish the revocation."
+ else
+ failure "Problem revoking user ID."
+ fi