public static void Setup(string directory, string passphrase, string caCountry, string caProvince, string caLocality, string caOrganization, string caOrganizationalUnit, string caCommonName, string caEmail)
{
ConsoleLogger.Log("setting up root ca structure");
if (string.IsNullOrEmpty(directory))
{
ApplicationSetting.SetCaPath(directory);
}
if (string.IsNullOrEmpty(passphrase))
{
ApplicationSetting.SetX509(passphrase);
}
_caCountry = caCountry;
_caProvince = caProvince;
_caLocality = caLocality;
_caOrganization = caOrganization;
_caOrganizationalUnit = caOrganizationalUnit;
_caCommonName = caCommonName;
_caEmail = caEmail;
_caIntermediateCommonName = $"Intermediate {caCommonName}";
Terminal.Terminal.Execute($"mkdir -p {CaDirectory}");
Terminal.Terminal.Execute($"mkdir -p {CaDirectory}/certs");
Terminal.Terminal.Execute($"mkdir -p {CaDirectory}/crl");
Terminal.Terminal.Execute($"mkdir -p {CaDirectory}/newcerts");
Terminal.Terminal.Execute($"mkdir -p {CaDirectory}/private");
Terminal.Terminal.Execute($"chmod 700 {CaDirectory}/private");
Terminal.Terminal.Execute($"touch {CaDirectory}/index.txt");
Terminal.Terminal.Execute($"echo 1000 > {CaDirectory}/serial");
Terminal.Terminal.Execute($"cp {Parameter.Resources}/openssl.cnf {CaRootConfFile}");
Terminal.Terminal.Execute($"openssl genrsa -aes256 -out {CaRootPrivateKey} -passout pass:{passphrase} 4096");
Terminal.Terminal.Execute($"chmod 400 {CaRootPrivateKey}");
Terminal.Terminal.Execute($"openssl req -config {CaRootConfFile} -key {CaRootPrivateKey} -new -x509 -days 10950 -sha256 -extensions v3_ca -out {CaRootCertificate} -passin pass:{passphrase} -subj \"/C={_caCountry}/ST={_caProvince}/L={_caLocality}/O={_caOrganization}/OU={_caOrganizationalUnit}/CN={_caCommonName}/emailAddress={_caEmail}\"");
Terminal.Terminal.Execute($"openssl x509 -noout -text -in {CaRootCertificate}");
ConsoleLogger.Log("setting up intermediate ca structure");
Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}");
Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}/certs");
Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}/crl");
Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}/csr");
Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}/newcerts");
Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}/private");
Terminal.Terminal.Execute($"mkdir -p {CaIntermediateDirectory}/params");
Terminal.Terminal.Execute($"chmod 700 {CaIntermediateDirectory}/private");
Terminal.Terminal.Execute($"touch {CaIntermediateDirectory}/index.txt");
Terminal.Terminal.Execute($"echo 1000 > {CaIntermediateDirectory}/serial");
Terminal.Terminal.Execute($"echo 1000 > {CaIntermediateDirectory}/crlnumber");
Terminal.Terminal.Execute($"cp {Parameter.Resources}/openssl-intermediate.cnf {CaIntermediateConfFile}");
Terminal.Terminal.Execute($"openssl genrsa -aes256 -out {CaIntermediatePrivateKey} -passout pass:{passphrase} 4096");
Terminal.Terminal.Execute($"chmod 400 {CaIntermediatePrivateKey}");
Terminal.Terminal.Execute($"openssl req -config {CaIntermediateConfFile} -key {CaIntermediatePrivateKey} -new -sha256 -out {CaIntermediateCertificateReq} -passin pass:{passphrase} -subj \"/C={_caCountry}/ST={_caProvince}/L={_caLocality}/O={_caOrganization}/OU={_caOrganizationalUnit}/CN={_caIntermediateCommonName}/emailAddress={_caEmail}\"");
Terminal.Terminal.Execute($"openssl ca -batch -config {CaRootConfFile} -extensions v3_intermediate_ca -days 3650 -notext -md sha256 -passin pass:{passphrase} -in {CaIntermediateCertificateReq} -out {CaIntermediateCertificate}");
Terminal.Terminal.Execute($"chmod 444 {CaIntermediateCertificate}");
Terminal.Terminal.Execute($"openssl x509 -noout -text -in {CaIntermediateCertificate}");
Terminal.Terminal.Execute($"openssl verify -CAfile {CaRootCertificate} {CaIntermediateCertificate}");
Terminal.Terminal.Execute($"cat {CaIntermediateCertificate} {CaRootCertificate} > {CaIntermediateChain}");
Terminal.Terminal.Execute($"chmod 444 {CaIntermediateChain}");
ConsoleLogger.Log("setting up crl");
Terminal.Terminal.Execute($"openssl ca -config {CaIntermediateCertificate} -gencrl -batch -passin pass:{passphrase} -out {CaIntermediateRevocationList}");
ConsoleLogger.Log(Terminal.Terminal.Execute($"openssl crl -in {CaIntermediateRevocationList} -noout -text"));
if (File.Exists(SambaCaCert))
{
File.Delete(SambaCaCert);
}
Terminal.Terminal.Execute($"cp {CaIntermediateChain} {SambaCaCert}");
if (File.Exists(SambaCaCrl))
{
File.Delete(SambaCaCrl);
}
Terminal.Terminal.Execute($"cp {CaIntermediateRevocationList} {SambaCaCrl}");
Terminal.Terminal.Execute("systemctl restart samba");
//todo associa path e configurazione di NGINX al distribution point...
//todo salva da qualche parte l'url della possibile crldtrpt
//sambatool CNAME
if (File.Exists(NginxCrl))
{
File.Delete(NginxCrl);
}
Terminal.Terminal.Execute($"cp {CaIntermediateRevocationList} {NginxCrl}");
Terminal.Terminal.Execute("systemctl restart nginx");
ApplicationSetting.EnableCertificateAuthority();
}
