Papers, CursedScreech, and Portal Auth Updates (#5)

Papers/includes/scripts/buildCert.sh

@@ -23,7 +23,7 @@ help() {
 	echo -e '\t-o,--orgnaization:\t\tOrganization';
 	echo -e '\t-ou,--organizationalUnit:\tOrganizational Unit';
 	echo -e '\t-cn,--commonName:\t\tCommon Name';
-	echo -e '\t-email,--emailAddress:\t\tEmail Address';
+	echo -e '\t--config:\t\t\tOpenSSL config file';
 	echo '';
 }
 
@@ -41,37 +41,37 @@ while [ "$#" -gt 0 ]
 do
 
 if [[ "$1" == "-d" || "$1" == "--days" ]]; then
-        DAYS="$2";
+	DAYS="$2";
 fi
 if [[ "$1" == "-b" || "$1" == "--bitSize" ]]; then
-        BITSIZE="$2";
+	BITSIZE="$2";
 fi
 if [[ "$1" == "-k" || "$1" == "--keyName" ]]; then
-        KEYNAME="$2";
+	KEYNAME="$2";
 fi
 if [[ "$1" == "-sa" || "$1" == "--sigAlgo" ]]; then
-        SIGALGO="$2";
+	SIGALGO="$2";
 fi
 if [[ "$1" == "-c" || "$1" == "--country" ]]; then
 	COUNTRY="$2"
 fi
 if [[ "$1" == "-st" || "$1" == "--state" ]]; then
-        STATE="$2"
+	STATE="$2"
 fi
 if [[ "$1" == "-l" || "$1" == "--locality" ]]; then
-        LOCALITY="$2"
+	LOCALITY="$2"
 fi
 if [[ "$1" == "-o" || "$1" == "--organization" ]]; then
-        ORGANIZATION="$2"
+	ORGANIZATION="$2"
 fi
 if [[ "$1" == "-ou" || "$1" == "--organizationalUnit" ]]; then
-        OU="$2"
+	OU="$2"
 fi
 if [[ "$1" == "-cn" || "$1" == "--commonName" ]]; then
-        CN="$2"
+	CN="$2"
 fi
-if [[ "$1" == "-email" || "$1" == "--emailAddress" ]]; then
-        EMAIL="$2"
+if [[ "$1" == "--config" ]]; then
+	CONF="$2"
 fi
 
 shift
@@ -104,14 +104,11 @@ fi
 if [ -n "$CN" ]; then
 	subj="$subj/CN=$CN";
 fi
-if [ -n "$EMAIL" ]; then
-        subj="$subj/emailAddress=$EMAIL";
-fi
 
 if [ -n "$subj" ]; then
-	openssl req -x509 -nodes -batch -days $DAYS -newkey rsa:$BITSIZE -$SIGALGO -keyout $ssl_store$KEYNAME.pem -out $ssl_store$KEYNAME.cer -subj "$subj";
+	openssl req -x509 -nodes -batch -days $DAYS -newkey rsa:$BITSIZE -$SIGALGO -keyout $ssl_store$KEYNAME.key -out $ssl_store$KEYNAME.cer -subj "$subj";
 else
-	openssl req -x509 -nodes -batch -days $DAYS -newkey rsa:$BITSIZE -$SIGALGO -keyout $ssl_store$KEYNAME.pem -out $ssl_store$KEYNAME.cer;
+	openssl req -x509 -nodes -batch -days $DAYS -newkey rsa:$BITSIZE -$SIGALGO -keyout $ssl_store$KEYNAME.key -out $ssl_store$KEYNAME.cer -config $CONF;
 fi
 
 echo "Complete";

Papers/includes/scripts/cfgHelper.py

@@ -1,121 +1,121 @@
-#  Author: sud0nick
-#  Date:   Apr 2016
-
-from subprocess import call
-import os
-
-class ConfigHelper:
-
-	def __init__(self, sslDir = "/etc/nginx/ssl/"):
-		self.nginxConf = "/etc/nginx/nginx.conf"
-		self.lines = [f for f in open(self.nginxConf)]
-		self.ssl_dir = sslDir
-		self.serverBlockIndex = self.getServerBlockIndex()
-		self.currentSSLCerts = self.getCurrentSSLCerts()
-		
-
-	def checkSSLCertsExist(self):
-		flags = [".pem", ".cer"]
-		if os.path.isdir(self.ssl_dir):
-			for file in os.listdir(self.ssl_dir):
-				for flag in flags:
-					if flag in file:
-						flags.remove(flag)
-		if flags:
-			return False
-		else:
-			return True
-			
-	def getCurrentSSLCerts(self):
-		certs = []
-		index = self.serverBlockIndex
-		for line in self.lines[index:]:
-			if "ssl_certificate" in line:
-				i = line.rfind("/")
-				certs.append(line[i+1:].strip(";\n"))
-
-		return certs
-		
-		
-	def getServerBlockIndex(self):
-		index = 0
-		for line in self.lines:
-			if ("listen" in line) and not ("80" in line or "443" in line):
-					return index
-			index = index + 1
-
-		return False
-
-	
-	def checkSSLConfigStatus(self):
-		index = self.serverBlockIndex
-		for line in self.lines[index:]:
-			if "1471 ssl;" in line:
-				return True
-
-		return False
-		
-		
-	def addSSLConfig(self, keyName):
-
-		# Check if SSL has already been configured for port 1471
-		if self.checkSSLConfigStatus():
-			return True
-
-		index = 0
-		cert = keyName + ".cer"
-		key = keyName + ".pem"
-
-		with open(self.nginxConf, "w") as out:
-			for line in self.lines:
-				if index == self.serverBlockIndex:
-					line = "\t\tlisten\t1471 ssl;\n"
-				
-				if index > self.serverBlockIndex:
-					if "root   /pineapple/;" in line:
-						self.lines.insert(index + 1, "\t\tssl_certificate /etc/nginx/ssl/" + cert + ";\n"
-													"\t\tssl_certificate_key /etc/nginx/ssl/" + key + ";\n"
-													"\t\tssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n")
-				index = index + 1
-				out.write(line)
-		call(["/etc/init.d/nginx", "reload"])
-		
-		return True
-	
-	def replaceSSLConfig(self, newKey):
-		cert = newKey + ".cer"
-		key = newKey + ".pem"
-		currentKey = self.currentSSLCerts[0].rsplit(".")[0]
-		index = 0
-
-		with open(self.nginxConf, "w") as out:
-			for line in self.lines:
-				if index > self.serverBlockIndex:
-					if (currentKey + ".cer") in line:
-						line = "\t\tssl_certificate /etc/nginx/ssl/" + cert + ";\n"
-					
-					if (currentKey + ".pem") in line:
-						line = "\t\tssl_certificate_key /etc/nginx/ssl/" + key + ";\n"
-					
-				index = index + 1
-				out.write(line)
-				
-		call(["/etc/init.d/nginx", "reload"])
-	
-	
-	def removeSSLConfig(self):
-		index = 0
-		with open(self.nginxConf, "w") as out:
-			for line in self.lines:
-				if index == self.serverBlockIndex:
-					line = "\t\tlisten\t1471;\n"
-				
-				if index > self.serverBlockIndex:
-					if "ssl_certificate" in line or "ssl_protocols" in line:
-						continue
-				
-				index = index + 1
-				out.write(line)
-				
-		call(["/etc/init.d/nginx", "reload"])
+#  Author: sud0nick
+#  Date:   Apr 2016
+
+from subprocess import call
+import os
+
+class ConfigHelper:
+
+	def __init__(self, sslDir = "/etc/nginx/ssl/"):
+		self.nginxConf = "/etc/nginx/nginx.conf"
+		self.lines = [f for f in open(self.nginxConf)]
+		self.ssl_dir = sslDir
+		self.serverBlockIndex = self.getServerBlockIndex()
+		self.currentSSLCerts = self.getCurrentSSLCerts()
+		
+
+	def checkSSLCertsExist(self):
+		flags = [".key", ".cer"]
+		if os.path.isdir(self.ssl_dir):
+			for file in os.listdir(self.ssl_dir):
+				for flag in flags:
+					if flag in file:
+						flags.remove(flag)
+		if flags:
+			return False
+		else:
+			return True
+			
+	def getCurrentSSLCerts(self):
+		certs = []
+		index = self.serverBlockIndex
+		for line in self.lines[index:]:
+			if "ssl_certificate" in line:
+				i = line.rfind("/")
+				certs.append(line[i+1:].strip(";\n"))
+
+		return certs
+		
+		
+	def getServerBlockIndex(self):
+		index = 0
+		for line in self.lines:
+			if ("listen" in line) and not ("80" in line or "443" in line):
+					return index
+			index = index + 1
+
+		return False
+
+	
+	def checkSSLConfigStatus(self):
+		index = self.serverBlockIndex
+		for line in self.lines[index:]:
+			if "1471 ssl;" in line:
+				return True
+
+		return False
+		
+		
+	def addSSLConfig(self, keyName):
+
+		# Check if SSL has already been configured for port 1471
+		if self.checkSSLConfigStatus():
+			return True
+
+		index = 0
+		cert = keyName + ".cer"
+		key = keyName + ".key"
+
+		with open(self.nginxConf, "w") as out:
+			for line in self.lines:
+				if index == self.serverBlockIndex:
+					line = "\t\tlisten\t1471 ssl;\n"
+				
+				if index > self.serverBlockIndex:
+					if "root   /pineapple/;" in line:
+						self.lines.insert(index + 1, "\t\tssl_certificate /etc/nginx/ssl/" + cert + ";\n"
+													"\t\tssl_certificate_key /etc/nginx/ssl/" + key + ";\n"
+													"\t\tssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n")
+				index = index + 1
+				out.write(line)
+		call(["/etc/init.d/nginx", "reload"])
+		
+		return True
+	
+	def replaceSSLConfig(self, newKey):
+		cert = newKey + ".cer"
+		key = newKey + ".key"
+		currentKey = self.currentSSLCerts[0].rsplit(".")[0]
+		index = 0
+
+		with open(self.nginxConf, "w") as out:
+			for line in self.lines:
+				if index > self.serverBlockIndex:
+					if (currentKey + ".cer") in line:
+						line = "\t\tssl_certificate /etc/nginx/ssl/" + cert + ";\n"
+					
+					if (currentKey + ".key") in line:
+						line = "\t\tssl_certificate_key /etc/nginx/ssl/" + key + ";\n"
+					
+				index = index + 1
+				out.write(line)
+				
+		call(["/etc/init.d/nginx", "reload"])
+	
+	
+	def removeSSLConfig(self):
+		index = 0
+		with open(self.nginxConf, "w") as out:
+			for line in self.lines:
+				if index == self.serverBlockIndex:
+					line = "\t\tlisten\t1471;\n"
+				
+				if index > self.serverBlockIndex:
+					if "ssl_certificate" in line or "ssl_protocols" in line:
+						continue
+				
+				index = index + 1
+				out.write(line)
+				
+		call(["/etc/init.d/nginx", "reload"])
 		

Papers/includes/scripts/copyKeys.sh

@@ -3,8 +3,8 @@
 #  Author: sud0nick
 #  Date:   Jan 2016
 
-if ! cp $1.pem /etc/nginx/ssl/; then
-	echo "Failed to copy $1.pem to /etc/nginx/ssl/";
+if ! cp $1.key /etc/nginx/ssl/; then
+	echo "Failed to copy $1.key to /etc/nginx/ssl/";
 fi
 
 if ! cp $1.cer /etc/nginx/ssl/; then

Papers/includes/scripts/encryptKeys.sh

@@ -90,7 +90,7 @@ done;
 
 # Generate a password on the private key
 if [ $ENCRYPT_KEYS = true ]; then
-	openssl rsa -$ALGO -in $ssl_store$KEY.pem -out $ssl_store$KEY.pem -passout pass:"$PASS";
+	openssl rsa -$ALGO -in $ssl_store$KEY.key -out $ssl_store$KEY.key -passout pass:"$PASS";
 fi
 
 # If a container type is present but not an algo or pass then use
@@ -104,7 +104,7 @@ if [ -n "$CONTAINER" ]; then
 	fi
 
 	# Generate a container for the public and private keys
-	openssl $CONTAINER -$CALGO -export -nodes -out $ssl_store$KEY.pfx -inkey $ssl_store$KEY.pem -in $ssl_store$KEY.cer -passin pass:"$PASS" -passout pass:"$CPASS";
+	openssl $CONTAINER -$CALGO -export -nodes -out $ssl_store$KEY.pfx -inkey $ssl_store$KEY.key -in $ssl_store$KEY.cer -passin pass:"$PASS" -passout pass:"$CPASS";
 fi
 
 echo "Complete"

Papers/includes/scripts/genSSHKeys.sh

@@ -55,5 +55,5 @@ if [[ -z $KEYNAME ]]; then
         exit;
 fi
 
-ssh-keygen -q -b $BITSIZE -t rsa -N "$PASSWORD" -f $SSH_STORE$KEYNAME.pem -C $COMMENT
-mv $SSH_STORE$KEYNAME.pem.pub $SSH_STORE$KEYNAME.pub
+ssh-keygen -q -b $BITSIZE -t rsa -N "$PASSWORD" -f $SSH_STORE$KEYNAME.key -C $COMMENT
+mv $SSH_STORE$KEYNAME.key.pub $SSH_STORE$KEYNAME.pub

Papers/includes/scripts/readKeys.sh

@@ -11,7 +11,7 @@ while read p; do
 			IN_SERVER_BLOCK=true;
 		fi
 	else
-		if [[ $p == *".cer;" || $p == *".pem;" ]]; then
+		if [[ $p == *".cer;" || $p == *".key;" ]]; then
 			echo $p | cut -d '/' -f 5 | tr -d ';';
 		fi
 	fi

Papers/includes/scripts/ssl.cnf

@@ -0,0 +1,17 @@
+[req]
+prompt				= no
+distinguished_name	= req_distinguished_name
+x509_extensions		= req_ext
+
+[req_distinguished_name]
+organizationName        = :ORG:
+organizationalUnitName  = :OU:
+localityName            = :LOC:
+stateOrProvinceName     = :ST:
+countryName             = :C:
+commonName              = :COM:
+
+[req_ext]
+subjectAltName = @alt_names
+
+[alt_names]

Papers/includes/scripts/testEncrypt.sh

@@ -23,7 +23,7 @@ while [ "$#" -gt 0 ]
 do
 
 if [[ "$1" == "-k" ]]; then
-	KEY="$2.pem"
+	KEY="$2.key"
 fi
 if [[ "$1" == "-d" ]]; then
         KEYDIR="$2"

Papers/includes/scripts/unpackKeyArchive.sh

@@ -39,14 +39,14 @@ output=$(unzip $FILE.zip -d $DL_DIR);
 # keys are destined for the SSH directory
 if [[ $output == *".pub"* ]]; then
 	mv $FILE.pub /pineapple/modules/Papers/includes/ssh/
-	mv $FILE.pem /pineapple/modules/Papers/includes/ssh/
+	mv $FILE.key /pineapple/modules/Papers/includes/ssh/
 fi
 
 # If the archive contained a .cer these
 # keys are destined for the SSL directory
 if [[ $output == *".cer"* ]]; then
 	mv $FILE.cer /pineapple/modules/Papers/includes/ssl/
-	mv $FILE.pem /pineapple/modules/Papers/includes/ssl/
+	mv $FILE.key /pineapple/modules/Papers/includes/ssl/
 fi
 
 # Clear the download directory