-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfos-new
executable file
·52 lines (42 loc) · 2.4 KB
/
fos-new
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/usr/bin/env bash
set -euo pipefail
for var in "name" "email"; do
if ! git config user.${var} >/dev/null; then
echo "No ${var} set in git config! aborting..."
exit
fi
done
read -rp "Enter full name of the employee: " name
read -rp "Enter email localpart of the employee: " localpart
fos_working_dir=$(fos-working-directory)
fos_tmp_dir="/tmp/fos"
fos_key_file="${fos_tmp_dir}/${localpart}.asc"
mkdir -p "${fos_tmp_dir}"
oca -d ${fos_tmp_dir}/famedly.oca user add \
--name "${name}" \
--email "${localpart}@famedly.com" \
--validity 2y \
--cipher-suite cv25519 \
--encryption true \
--signing true \
--authentication true \
--password-file "${fos_tmp_dir}/primary-secret" \
> "${fos_key_file}"
mkdir "${fos_working_dir}/archive/employee-keys/${localpart}@famedly.com/"
cp "${fos_key_file}" "${fos_working_dir}/archive/employee-keys/${localpart}@famedly.com/secret.asc"
sq toolbox extract-cert --output "${fos_working_dir}/archive/employee-keys/${localpart}@famedly.com/public.asc" "${fos_key_file}"
cd "${fos_working_dir}/archive"
git add .
git commit -m "add new employee ${name}"
echo "123456" >${fos_tmp_dir}/user-pin-default
echo "12345678" >${fos_tmp_dir}/admin-pin-default
# TODO: Write encrypted pins into ${fos_working_dir}/archive/employee-keys/${localpart}@famedly.com/
diceware -l reinhold -n 4 | xargs -I{} printf '%s' "{}" > "${fos_tmp_dir}/${localpart}-user-pin"
diceware -l reinhold -n 6 | xargs -I{} printf '%s' "{}" > "${fos_tmp_dir}/${localpart}-admin-pin"
while read -rp "Insert the next yubikey, remove any previous ones. 'y' to flash the connected yubikey, 'n' for terminating. (Y/N): " confirm && [[ $confirm == [yY] || $confirm == [yY][eE][sS] ]]; do
card_identifier="$(oct --output-format json list | jq '.idents.[0]' -r)"
oct admin --admin-pin ${fos_tmp_dir}/admin-pin-default --card "${card_identifier}" import --key-passphrase ${fos_tmp_dir}/primary-secret "${fos_working_dir}/archive/employee-keys/${localpart}@famedly.com/secret.asc"
oct admin --admin-pin ${fos_tmp_dir}/admin-pin-default --card "${card_identifier}" name "${name}"
oct pin --card "${card_identifier}" set-user --user-pin-old ${fos_tmp_dir}/user-pin-default --user-pin-new "${fos_tmp_dir}/${localpart}-user-pin"
oct pin --card "${card_identifier}" set-admin --admin-pin-old ${fos_tmp_dir}/admin-pin-default --admin-pin-new "${fos_tmp_dir}/${localpart}-admin-pin"
done