From a81ca7551992485759188e6f40cebd8623436aa8 Mon Sep 17 00:00:00 2001
From: Ken Moore <moorekou@gmail.com>
Date: Tue, 17 May 2016 12:42:14 -0400
Subject: [PATCH] Add a new CLI option to the sysadm server: "-import_ssl_key
 <user> <key> <nickname> [<email>]": This will add the designated key (file
 path or raw text) to the SSL keys available for authentication to the server.

---
 src/server/AuthorizationManager.cpp |  7 +++++++
 src/server/AuthorizationManager.h   |  1 +
 src/server/main.cpp                 | 16 ++++++++++++++++
 3 files changed, 24 insertions(+)

diff --git a/src/server/AuthorizationManager.cpp b/src/server/AuthorizationManager.cpp
index 8336c2e..edffeeb 100644
--- a/src/server/AuthorizationManager.cpp
+++ b/src/server/AuthorizationManager.cpp
@@ -86,6 +86,13 @@ bool AuthorizationManager::RegisterCertificate(QString token, QString pubkey, QS
   CONFIG->setValue("RegisteredCerts/"+user+"/"+pubkey, "Nickname: "+nickname+"\nEmail: "+email+"\nDate Registered: "+QDateTime::currentDateTime().toString(Qt::ISODate) );
   return true;
 }
+//
+bool AuthorizationManager::RegisterCertificateInternal(QString user, QByteArray pubkey, QString nickname, QString email){
+  pubkey = pubkey.toBase64();
+  //NOTE: The public key should be saved as a base64 encoded string
+  CONFIG->setValue("RegisteredCerts/"+user+"/"+pubkey, "Nickname: "+nickname+"\nEmail: "+email+"\nDate Registered: "+QDateTime::currentDateTime().toString(Qt::ISODate) );
+  return true;
+}
 
 bool AuthorizationManager::RevokeCertificate(QString token, QString key, QString user){
   //user will be the current user if not empty - cannot touch other user's certs without full perms on current session
diff --git a/src/server/AuthorizationManager.h b/src/server/AuthorizationManager.h
index bcbcca2..1bdc8aa 100644
--- a/src/server/AuthorizationManager.h
+++ b/src/server/AuthorizationManager.h
@@ -21,6 +21,7 @@ public:
 
 	//SSL Certificate register/revoke/list (should only run if the current token is valid)
 	bool RegisterCertificate(QString token, QString pubkey, QString nickname, QString email); //if token is valid, register the given cert for future logins
+	static bool RegisterCertificateInternal(QString user, QByteArray pubkey, QString nickname, QString email); //INTERNAL ONLY
 	bool RevokeCertificate(QString token, QString key, QString user=""); //user will be the current user if not empty - cannot touch other user's certs without full perms on current session
 	void ListCertificates(QString token, QJsonObject *out);
 	void ListCertificateChecksums(QJsonObject *out);
diff --git a/src/server/main.cpp b/src/server/main.cpp
index f12e880..2c63cc3 100644
--- a/src/server/main.cpp
+++ b/src/server/main.cpp
@@ -107,6 +107,22 @@ int main( int argc, char ** argv )
           qDebug() << "Unknown option:" << argv[i];
           return 1;
         }
+      }else if(QString(argv[i])=="-import_ssl_key" && i+3>argc){
+        i++; QString user(argv[i]);
+        i++; QByteArray key(argv[i]);
+        i++; QString nickname(argv[i]);
+        QString email;
+        if(i+1<argc){ i++; email = QString(argv[i]); }
+	//See if the key is a file instead - then read it
+        bool ok = true;
+	if(QFile::exists(key)){ 
+	  QFile file(key);
+          if(file.open(QIODevice::ReadOnly)){ key = file.readAll(); file.close(); }
+          else{ qDebug() << "Could not open file:" << file.fileName(); ok = false; }
+        }	
+	if(ok){ ok = AuthorizationManager::RegisterCertificateInternal(user, key, nickname, email); }
+	if(ok){ qDebug() << "Key Added" << user << nickname; }
+        else{ qDebug() << "Could not add key"; }
       }else{
         qDebug() << "Unknown option:" << argv[1];
         return 1;