1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
#! /usr/bin/env tclsh
lappend auto_path /home/rkeene/devel/tcl-duktape/build/work /home/rkeene/devel/tuapi /home/rkeene/devel/tclpkcs11-fossil/build/work {*}[glob -nocomplain -directory /opt/appfs/rkeene.org/tcllib/platform/latest/lib/ tcllib*]
package provide pki 0.10
catch {
source /home/rkeene/devel/tcllib-pki/pki.tcl
package require duktape
package require tuapi
package require pki::pkcs11
proc pkcs11ModuleHandle {} {
if {![info exists ::pkcs11ModuleHandle]} {
set ::pkcs11ModuleHandle [::pki::pkcs11::loadmodule /home/rkeene/tmp/cackey/build/tcl/softokn3-pkcs11.so]
}
return $::pkcs11ModuleHandle
}
proc pkcs11ModuleUnload {handle} {
if {[info exists ::pkcs11ModuleHandle] && $handle eq $::pkcs11ModuleHandle} {
unset ::pkcs11ModuleHandle
|
>
|
|
|
>
>
|
|
>
|
>
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
#! /usr/bin/env tclsh
if {[info exists ::env(SSH_AGENT_LIB_PATH)]} {
lappend auto_path {*}$::env(SSH_AGENT_LIB_PATH)
}
if {[info exists ::env(SSH_AGENT_PKCS11_MODULE)]} {
set ::pkcs11ModuleFilename $::env(SSH_AGENT_PKCS11_MODULE)
} else {
set ::pkcs11ModuleFilename /home/rkeene/tmp/cackey/build/tcl/softokn3-pkcs11.so
}
package require duktape 0.7
package require tuapi
package require pki 0.6
package require pki::pkcs11 0.9.9
## HACK: Fix up older versions of "pki" to include the raw certificate
## this is needed
apply {{} {
set procToUpdate ::pki::x509::parse_cert
if {![string match "*set ret(raw)*" [info body $procToUpdate]]} {
set body [info body $procToUpdate]
set body [string map {
"::asn::asnGetSequence cert_seq wholething"
"set ret(raw) $cert_seq; binary scan $ret(raw) H* ret(raw); ::asn::asnGetSequence cert_seq wholething"
} $body]
proc $procToUpdate [info args $procToUpdate] $body
}
}}
proc pkcs11ModuleHandle {} {
if {![info exists ::pkcs11ModuleHandle]} {
set ::pkcs11ModuleHandle [::pki::pkcs11::loadmodule $::pkcs11ModuleFilename]
}
return $::pkcs11ModuleHandle
}
proc pkcs11ModuleUnload {handle} {
if {[info exists ::pkcs11ModuleHandle] && $handle eq $::pkcs11ModuleHandle} {
unset ::pkcs11ModuleHandle
|
| ︙ | | | ︙ | |
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
}
}
X509.parseCert = __parseCert;
delete __parseCert;
}
}
proc initSSHAgent {} {
foreach file {chrome-emu.js ssh-agent-noasync.js} {
unset -nocomplain fd
catch {
set fd [open $file]
set js($file) [read $fd]
}
catch {
close $fd
}
}
set jsHandle [::duktape::init -safe true]
::duktape::tcl-function $jsHandle __puts {args} {
if {[llength $args] ni {1 2}} {
return -code error "wrong # args: puts ?{stderr|stdout}? message"
}
if {[llength $args] == 2} {
|
|
|
<
|
|
>
>
>
>
|
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
}
}
X509.parseCert = __parseCert;
delete __parseCert;
}
}
proc readFile {fileName} {
if {![info exists ::readFile($fileName)]} {
catch {
set fd [open $fileName]
set ::readFile($fileName) [read $fd]
}
catch {
close $fd
}
}
return $::readFile($fileName)
}
proc initSSHAgent {} {
set jsHandle [::duktape::init -safe true]
::duktape::tcl-function $jsHandle __puts {args} {
if {[llength $args] ni {1 2}} {
return -code error "wrong # args: puts ?{stderr|stdout}? message"
}
if {[llength $args] == 2} {
|
| ︙ | | | ︙ | |
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
runtime = {};
runtime.puts = __puts;
runtime.stderr = "stderr";
delete __puts;
}
::duktape::eval $jsHandle {var goog = {DEBUG: false};}
::duktape::eval $jsHandle $js(chrome-emu.js)
addRSAToJS $jsHandle
::duktape::eval $jsHandle $js(ssh-agent-noasync.js)
::duktape::eval $jsHandle {cackeySSHAgentFeatures.enabled = true;}
::duktape::eval $jsHandle {cackeySSHAgentFeatures.includeCerts = true;}
::duktape::eval $jsHandle {
function connection(callback) {
this.sender = {
id: "pnhechapfaindjhompbnflcldabbghjo"
};
this.onMessage = {
listeners: [],
|
|
|
|
>
|
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
|
runtime = {};
runtime.puts = __puts;
runtime.stderr = "stderr";
delete __puts;
}
::duktape::eval $jsHandle {var goog = {DEBUG: false};}
::duktape::eval $jsHandle [readFile chrome-emu.js]
addRSAToJS $jsHandle
::duktape::eval $jsHandle [readFile ssh-agent-noasync.js]
::duktape::eval $jsHandle {cackeySSHAgentFeatures.enabled = true;}
::duktape::eval $jsHandle {cackeySSHAgentFeatures.includeCerts = false;}
::duktape::eval $jsHandle {cackeySSHAgentFeatures.legacy = false;}
::duktape::eval $jsHandle {
function connection(callback) {
this.sender = {
id: "pnhechapfaindjhompbnflcldabbghjo"
};
this.onMessage = {
listeners: [],
|
| ︙ | | | ︙ | |
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
|
puts stderr "ERROR: $::errorInfo"
close $sock
}
}
proc incomingConnection {sock args} {
if {[catch {
set jsHandle [initSSHAgent]
::duktape::eval $jsHandle {var socket = new connection(handleDataFromAgent);}
::duktape::eval $jsHandle "socket.handle = \"$sock\";"
::duktape::eval $jsHandle {chrome.runtime.externalConnect(socket);}
fconfigure $sock -translation binary -encoding binary -blocking true
fileevent $sock readable [list handleData $sock $jsHandle]
|
>
|
>
>
|
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
|
puts stderr "ERROR: $::errorInfo"
close $sock
}
}
proc incomingConnection {sock args} {
if {[catch {
if {![info exists ::jsHandle]} {
set ::jsHandle [initSSHAgent]
}
set jsHandle $::jsHandle
::duktape::eval $jsHandle {var socket = new connection(handleDataFromAgent);}
::duktape::eval $jsHandle "socket.handle = \"$sock\";"
::duktape::eval $jsHandle {chrome.runtime.externalConnect(socket);}
fconfigure $sock -translation binary -encoding binary -blocking true
fileevent $sock readable [list handleData $sock $jsHandle]
|
| ︙ | | | ︙ | |