public static int Main(string[] args) { DhtNodeParameters parameters = new DhtNodeParameters(); if (parameters.Parse(args) != 0) { Console.WriteLine(parameters.ErrorMessage); parameters.ShowHelp(); return(-1); } else if (parameters.Help) { parameters.ShowHelp(); return(0); } DHCPConfig dhcp_config = parameters.DhcpConfig; IpopConfig ipop_config = parameters.IpopConfig; NodeConfig node_config = parameters.NodeConfig; NodeConfig.SecurityPolicy security = parameters.Security; if (node_config.NodeAddress == null) { node_config.NodeAddress = (Utils.GenerateAHAddress()).ToString(); node_config.WriteConfig(); } if (parameters.GroupVPN) { // check to see if we have a valid private key RSACryptoServiceProvider public_key = new RSACryptoServiceProvider(); bool create = true; // If this succeeds, the key is good, if it fails, we need to create a new one... if (File.Exists(security.KeyPath)) { try { using (FileStream fs = File.Open(security.KeyPath, FileMode.Open)) { byte[] blob = new byte[fs.Length]; fs.Read(blob, 0, blob.Length); public_key.ImportCspBlob(blob); public_key.ImportCspBlob(public_key.ExportCspBlob(false)); } create = false; } catch { } } // we don't, let's create one if (create) { using (FileStream fs = File.Open(security.KeyPath, FileMode.Create)) { RSACryptoServiceProvider private_key = new RSACryptoServiceProvider(2048); byte[] blob = private_key.ExportCspBlob(true); fs.Write(blob, 0, blob.Length); public_key.ImportCspBlob(private_key.ExportCspBlob(false)); } } // verify we have a cacert string cacert_path = Path.Combine(security.CertificatePath, "cacert"); if (!File.Exists(cacert_path)) { Console.WriteLine("Missing CACert: " + cacert_path); parameters.ShowHelp(); return(-1); } // do we already have a certificate that matches our node id? string cert_path = Path.Combine(security.CertificatePath, "lc." + node_config.NodeAddress.Substring(12)); // no, let's create one if (create || !File.Exists(cert_path)) { // prepare access to the groupvpn site string webcert_path = Path.Combine(security.CertificatePath, "webcert"); if (!File.Exists(webcert_path)) { Console.WriteLine("Missing Servers signed cert: " + webcert_path); parameters.ShowHelp(); return(-1); } X509Certificate webcert = X509Certificate.CreateFromCertFile(webcert_path); CertificatePolicy.Register(webcert); // get certificate and store it to file GroupVPNClient gvc = new GroupVPNClient(ipop_config.GroupVPN.UserName, ipop_config.GroupVPN.Group, ipop_config.GroupVPN.Secret, ipop_config.GroupVPN.ServerURI, node_config.NodeAddress, public_key); gvc.Start(); if (gvc.State != GroupVPNClient.States.Finished) { Console.WriteLine("Failure attempting to use GroupVPN"); parameters.ShowHelp(); return(-1); } using (FileStream fs = File.Open(cert_path, FileMode.Create)) { byte[] blob = gvc.Certificate.X509.RawData; fs.Write(blob, 0, blob.Length); } } } if (dhcp_config != null) { _current_node = new DhtIpopNode(node_config, ipop_config, dhcp_config); } else { _current_node = new DhtIpopNode(node_config, ipop_config); } if (parameters.GroupVPN) { // hack until I can come up with a cleaner solution to add features // that don't break config files on previous IPOP string cacert_path = Path.Combine(security.CertificatePath, "cacert"); string revocation_url = ipop_config.GroupVPN.ServerURI.Replace("mono/GroupVPN.rem", "data/" + ipop_config.GroupVPN.Group + "/revocation_list"); revocation_url = revocation_url.Replace("https", "http"); var icv = new GroupCertificateVerification(revocation_url, cacert_path); _current_node.AppNode.SecurityOverlord.CertificateHandler.AddCertificateVerification(icv); icv.RevocationUpdate += _current_node.AppNode.SecurityOverlord.VerifySAs; } Console.WriteLine("Starting IPOP: " + DateTime.UtcNow); _current_node.Run(); return(0); }
public static int Main(string[] args) { DhtNodeParameters parameters= new DhtNodeParameters(); if(parameters.Parse(args) != 0) { Console.WriteLine(parameters.ErrorMessage); parameters.ShowHelp(); return -1; } else if(parameters.Help) { parameters.ShowHelp(); return 0; } DHCPConfig dhcp_config = parameters.DhcpConfig; IpopConfig ipop_config = parameters.IpopConfig; NodeConfig node_config = parameters.NodeConfig; if(node_config.NodeAddress == null) { node_config.NodeAddress = (Utils.GenerateAHAddress()).ToString(); node_config.WriteConfig(); } if(parameters.GroupVPN) { // check to see if we have a valid private key RSACryptoServiceProvider public_key = new RSACryptoServiceProvider(); bool create = true; // If this succeeds, the key is good, if it fails, we need to create a new one... if(File.Exists(node_config.Security.KeyPath)) { try { using(FileStream fs = File.Open(node_config.Security.KeyPath, FileMode.Open)) { byte[] blob = new byte[fs.Length]; fs.Read(blob, 0, blob.Length); public_key.ImportCspBlob(blob); public_key.ImportCspBlob(public_key.ExportCspBlob(false)); } create = false; } catch { } } // we don't, let's create one if(create) { using(FileStream fs = File.Open(node_config.Security.KeyPath, FileMode.Create)) { RSACryptoServiceProvider private_key = new RSACryptoServiceProvider(2048); byte[] blob = private_key.ExportCspBlob(true); fs.Write(blob, 0, blob.Length); public_key.ImportCspBlob(private_key.ExportCspBlob(false)); } } // verify we have a cacert string cacert_path = Path.Combine(node_config.Security.CertificatePath, "cacert"); if(!File.Exists(cacert_path)) { Console.WriteLine("Missing CACert: " + cacert_path); parameters.ShowHelp(); return -1; } // do we already have a certificate that matches our node id? string cert_path = Path.Combine(node_config.Security.CertificatePath, "lc." + node_config.NodeAddress.Substring(12)); // no, let's create one if(create || !File.Exists(cert_path)) { // prepare access to the groupvpn site string webcert_path = Path.Combine(node_config.Security.CertificatePath, "webcert"); if(!File.Exists(webcert_path)) { Console.WriteLine("Missing Servers signed cert: " + webcert_path); parameters.ShowHelp(); return -1; } X509Certificate webcert = X509Certificate.CreateFromCertFile(webcert_path); CertificatePolicy.Register(webcert); // get certificate and store it to file GroupVPNClient gvc = new GroupVPNClient(ipop_config.GroupVPN.UserName, ipop_config.GroupVPN.Group, ipop_config.GroupVPN.Secret, ipop_config.GroupVPN.ServerURI, node_config.NodeAddress, public_key); gvc.Start(); if(gvc.State != GroupVPNClient.States.Finished) { Console.WriteLine("Failure attempting to use GroupVPN"); parameters.ShowHelp(); return -1; } using(FileStream fs = File.Open(cert_path, FileMode.Create)) { byte[] blob = gvc.Certificate.X509.RawData; fs.Write(blob, 0, blob.Length); } } } if(dhcp_config != null) { _current_node = new DhtIpopNode(node_config, ipop_config, dhcp_config); } else { _current_node = new DhtIpopNode(node_config, ipop_config); } if(parameters.GroupVPN) { // hack until I can come up with a cleaner solution to add features // that don't break config files on previous IPOP string cacert_path = Path.Combine(node_config.Security.CertificatePath, "cacert"); string revocation_url = ipop_config.GroupVPN.ServerURI.Replace("mono/GroupVPN.rem", "data/" + ipop_config.GroupVPN.Group + "/revocation_list"); revocation_url = revocation_url.Replace("https", "http"); var icv = new GroupCertificateVerification(revocation_url, cacert_path); _current_node.AppNode.SecurityOverlord.CertificateHandler.AddCertificateVerification(icv); icv.RevocationUpdate += _current_node.AppNode.SecurityOverlord.VerifySAs; } Console.WriteLine("Starting IPOP: " + DateTime.UtcNow); _current_node.Run(); return 0; }
public static int Main(String[] args) { string node_config_path = string.Empty; string ipop_config_path = string.Empty; string dhcp_config_path = string.Empty; bool show_help = false; OptionSet opts = new OptionSet() { { "n|NodeConfig=", "Path to a NodeConfig file.", v => node_config_path = v }, { "i|IpopConfig=", "Path to an IpopConfig file.", v => ipop_config_path = v }, { "d|DhcpConfig=", "Path to a DHCPConfig file.", v => dhcp_config_path = v }, { "h|help", "Display this help and exit.", v => show_help = v != null }, }; try { opts.Parse(args); } catch (OptionException e) { PrintError(e.Message); return -1; } if(show_help) { ShowHelp(opts); return -1; } if(node_config_path == string.Empty || !File.Exists(node_config_path)) { PrintError("Missing NodeConfig"); return -1; } if(ipop_config_path == string.Empty || !File.Exists(ipop_config_path)) { PrintError("Missing IpopConfig"); return -1; } ConfigurationValidator cv = new ConfigurationValidator(); NodeConfig node_config = null; try { cv.Validate(node_config_path, "Node.xsd"); node_config = Utils.ReadConfig<NodeConfig>(node_config_path); node_config.Path = node_config_path; } catch (Exception e) { Console.WriteLine("Invalid NodeConfig file:"); Console.WriteLine("\t" + e.Message); return -1; } if(node_config.NodeAddress == null) { node_config.NodeAddress = (Utils.GenerateAHAddress()).ToString(); node_config.WriteConfig(); } IpopConfig ipop_config = null; try { cv.Validate(ipop_config_path, "Ipop.xsd"); ipop_config = Utils.ReadConfig<IpopConfig>(ipop_config_path); ipop_config.Path = ipop_config_path; } catch (Exception e) { Console.WriteLine("Invalid IpopConfig file:"); Console.WriteLine("\t" + e.Message); return -1; } DHCPConfig dhcp_config = null; if(dhcp_config_path != string.Empty) { if(!File.Exists(dhcp_config_path)) { PrintError("No such DhtIpop file"); return -1; } try { cv.Validate(dhcp_config_path, "Dhcp.xsd"); dhcp_config = Utils.ReadConfig<DHCPConfig>(dhcp_config_path); } catch(Exception e) { Console.WriteLine("Invalid DhcpConfig file:"); Console.WriteLine("\t" + e.Message); return -1; } if(!dhcp_config.Namespace.Equals(ipop_config.IpopNamespace)) { PrintError("IpopConfig.Namespace isn't the same as DHCPConfig.Namespace"); return -1; } } bool groupvpn = node_config.Security.Enabled && ipop_config.GroupVPN.Enabled && ipop_config.EndToEndSecurity; // enable GroupVPN! if(groupvpn) { // check to see if we have a valid private key RSACryptoServiceProvider public_key = new RSACryptoServiceProvider(); bool create = true; if(File.Exists(node_config.Security.KeyPath)) { try { using(FileStream fs = File.Open(node_config.Security.KeyPath, FileMode.Open)) { byte[] blob = new byte[fs.Length]; fs.Read(blob, 0, blob.Length); public_key.ImportCspBlob(blob); public_key.ImportCspBlob(public_key.ExportCspBlob(false)); } create = false; } catch { } } // we don't, let's create one if(create) { using(FileStream fs = File.Open(node_config.Security.KeyPath, FileMode.Create)) { RSACryptoServiceProvider private_key = new RSACryptoServiceProvider(2048); byte[] blob = private_key.ExportCspBlob(true); fs.Write(blob, 0, blob.Length); public_key.ImportCspBlob(private_key.ExportCspBlob(false)); } } // verify we have a cacert string cacert_path = Path.Combine(node_config.Security.CertificatePath, "cacert"); if(!File.Exists(cacert_path)) { Console.WriteLine("DhtIpop: "); Console.WriteLine("\tMissing CACert: " + cacert_path); } // do we already have a certificate that matches our node id? string cert_path = Path.Combine(node_config.Security.CertificatePath, "lc." + node_config.NodeAddress.Substring(12)); // no, let's create one if(create || !File.Exists(cert_path)) { // prepare access to the groupvpn site string webcert_path = Path.Combine(node_config.Security.CertificatePath, "webcert"); if(!File.Exists(webcert_path)) { Console.WriteLine("DhtIpop: "); Console.WriteLine("\tMissing Servers signed cert: " + webcert_path); } X509Certificate webcert = X509Certificate.CreateFromCertFile(webcert_path); CertificatePolicy.Register(webcert); // get certificate and store it to file GroupVPNClient gvc = new GroupVPNClient(ipop_config.GroupVPN.UserName, ipop_config.GroupVPN.Group, ipop_config.GroupVPN.Secret, ipop_config.GroupVPN.ServerURI, node_config.NodeAddress, public_key); gvc.Start(); if(gvc.State != GroupVPNClient.States.Finished) { Console.WriteLine("DhtIpop: "); Console.WriteLine("\tFailure attempting to use GroupVPN"); return -1; } using(FileStream fs = File.Open(cert_path, FileMode.Create)) { byte[] blob = gvc.Certificate.X509.RawData; fs.Write(blob, 0, blob.Length); } } } if(dhcp_config != null) { _current_node = new DhtIpopNode(node_config, ipop_config, dhcp_config); } else { _current_node = new DhtIpopNode(node_config, ipop_config); } if(groupvpn) { // hack until I can come up with a cleaner solution to add features // that don't break config files on previous IPOP string cacert_path = Path.Combine(node_config.Security.CertificatePath, "cacert"); string revocation_url = ipop_config.GroupVPN.ServerURI.Replace("mono/GroupVPN.rem", "data/" + ipop_config.GroupVPN.Group + "/revocation_list"); revocation_url = revocation_url.Replace("https", "http"); var icv = new GroupCertificateVerification(revocation_url, cacert_path); _current_node.Bso.CertificateHandler.AddCertificateVerification(icv); icv.RevocationUpdate += _current_node.Bso.CheckSAs; } Console.WriteLine("Starting IPOP: " + DateTime.UtcNow); _current_node.Run(); return 0; }