From 9e1160b74fed5851cf87b9fa379e33beb70dfcfe Mon Sep 17 00:00:00 2001
From: Bram Matthys <syzop@vulnscan.org>
Date: Mon, 9 Oct 2017 14:59:19 +0200
Subject: [PATCH] Add './unrealircd spkifp' which will output the SPKI
 fingerprint along with the exact password section to use in the link block on
 the other side of the link. Also used in tutorial now at
 https://www.unrealircd.org/docs/Tutorial:_Linking_servers

---
 unrealircd.in | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/unrealircd.in b/unrealircd.in
index 315f7fd27..fabcdaf9a 100644
--- a/unrealircd.in
+++ b/unrealircd.in
@@ -205,6 +205,30 @@ __EOF__
 	echo '   all the time so your bug might as well be fixed already.'
 	echo ""
 	echo "Thanks!"
+elif [ "$1" = "spki" -o "$1" = "spkifp" ] ; then
+	cd @TMPDIR@ || exit 1
+	CERT="@CONFDIR@/ssl/server.cert.pem"
+	if [ "$2" != "" ]; then
+		CERT="$2"
+	fi
+	if [ ! -f "$CERT" ]; then
+		echo "Could not open certificate: $CERT"
+		exit 1
+	fi
+	openssl x509 -noout -in "$CERT" -pubkey | openssl asn1parse -noout -inform pem -out tmp.public.key
+	HASH="`openssl dgst -sha256 -binary tmp.public.key | openssl enc -base64`"
+	rm -f tmp.public.key
+	if [ "$HASH" = "" ]; then
+		echo "Sorry, something went wrong when generating the SPKI fingerprint."
+		echo "Is the 'openssl' tool properly installed?"
+		exit 1
+	fi
+	echo "The SPKI fingerprint for certificate $CERT is:"
+	echo "$HASH"
+	echo ""
+	echo "You normally add this password on the other side of the link as:"
+	echo "password \"$HASH\" { spkifp; };"
+	echo ""
 else
-	echo "Usage: unrealircd start|stop|rehash|restart|mkpasswd|version|croncheck|gencloak|reloadtls|upgrade-conf"
+	echo "Usage: unrealircd start|stop|rehash|restart|mkpasswd|version|croncheck|gencloak|reloadtls|spkifp|upgrade-conf"
 fi