bool GenerateCertificates(LogWindow log)
{
//
// Don't regenerate the certificates. They might be copying the folder
// over to another computer or some shit.
//
if (System.IO.File.Exists($"Certs/{Constants.ComposerCertName}") &&
System.IO.File.Exists($"Certs/composer.p12") &&
System.IO.File.Exists($"Certs/private.key") &&
System.IO.File.Exists($"Certs/public.pem"))
{
log.WriteSuccess($"\nThe certificates already exist - so we're going to use them.\n");
System.Threading.Thread.Sleep(1000);
log.WriteSuccess($"If you want to generate new certificates delete the Certs folder.\n\n");
System.Threading.Thread.Sleep(1000);
return(true);
}
if (!System.IO.File.Exists(Constants.OpenSslExe))
{
log.WriteError($"Couldn't find {Constants.OpenSslExe} - do you have composer installed?");
return(false);
}
if (!System.IO.File.Exists(Constants.OpenSslConfig))
{
log.WriteError($"Couldn't find {Constants.OpenSslConfig} - do you have composer installed?");
return(false);
}
if (!System.IO.Directory.Exists("Certs"))
{
log.WriteTrace("Creating Certs Folder\n");
System.IO.Directory.CreateDirectory("Certs");
}
//
// generate a self signed private and public key
//
log.WriteNormal("\nGenerating private + public keys\n");
var exitCode = RunProcessPrintOutput(log, Constants.OpenSslExe, $"req -new -x509 -sha256 -nodes -days {Constants.CertificateExpireDays} -newkey rsa:1024 -keyout \"Certs/private.key\" -subj \"/C=US/ST=Utah/L=Draper/O=Control4/OU=Controller Certificates/CN={Constants.CertificateCN}/\" -out \"Certs/public.pem\" -config \"{Constants.OpenSslConfig}\"");
if (exitCode != 0)
{
log.WriteError($"Failed.");
return(false);
}
//
// Create the composer.p12 (public key) which sits in your composer config folder
//
log.WriteNormal("Creating composer.p12\n");
exitCode = RunProcessPrintOutput(log, Constants.OpenSslExe, $"pkcs12 -export -out \"Certs/composer.p12\" -inkey \"Certs/private.key\" -in \"Certs/public.pem\" -passout pass:{Constants.CertPassword}");
if (exitCode != 0)
{
log.WriteError($"Failed.");
return(false);
}
//
// Get the text for the composer cacert-*.pem
//
log.WriteNormal($"Creating {Constants.ComposerCertName}\n");
var output = RunProcessGetOutput(Constants.OpenSslExe, $"x509 -in \"Certs/public.pem\" -text");
System.IO.File.WriteAllText($"Certs/{Constants.ComposerCertName}", output);
return(true);
}
bool PatchDirector(LogWindow log)
{
using (var ssh = MainWindow.ConnectedDirector.ScpClient)
{
log.WriteNormal($"Connecting to director via SCP.. ");
ssh.Connect();
log.WriteSuccess($" .. connected!\n");
// Get the existing certificate
using (var stream = new MemoryStream())
{
log.WriteNormal($"Downloading /etc/openvpn/clientca-prod.pem\n");
ssh.Download("/etc/openvpn/clientca-prod.pem", stream);
log.WriteSuccess($"Done - got {stream.Length} bytes\n\n");
stream.Position = 0;
var backupName = $"/etc/openvpn/clientca-prod.{DateTime.Now.ToString( "yyyy-dd-M--HH-mm-ss" )}.backup";
log.WriteNormal($"Uploading {backupName}\n");
ssh.Upload(stream, backupName);
log.WriteSuccess($"Done!\n\n");
log.WriteNormal($"Constructing new clientca-prod.pem\n");
using (StreamReader reader = new StreamReader(stream))
{
stream.Position = 0;
var certificate = reader.ReadToEnd();
certificate += "\n";
log.WriteNormal($" Reading Certs/public.pem\n");
var localCert = System.IO.File.ReadAllText("Certs/public.pem");
if (certificate.Contains(localCert))
{
log.WriteError($"The certificate on the director already contains our public key!\n");
}
else
{
//
// We just add our public key to the end
//
certificate += localCert;
}
//
// This serves no purpose but it doesn't hurt to have it hanging around
//
log.WriteNormal($" Writing to Certs/clientca-prod.pem\n");
System.IO.File.WriteAllText("Certs/clientca-prod.pem", certificate);
//
// Upload the modded certificates to the director
//
log.WriteNormal($"Uploading New Certificate..\n");
using (var wstream = new MemoryStream())
{
using (StreamWriter writer = new StreamWriter(wstream))
{
writer.Write(certificate);
writer.Flush();
wstream.Position = 0;
ssh.Upload(wstream, "/etc/openvpn/clientca-prod.pem");
}
}
log.WriteSuccess($"Done!\n");
}
}
}
return(true);
}
