Пример #1
0
        private void GenCert(HttpListenerContext ctx)
        {
            if (ctx.Request.HasEntityBody)
            {
                var Req = ctx.Request.InputStream.ReadAllText(ctx.Request.ContentEncoding).FromJson <ApiCertCreate>();
                if (Req != null && Req.Valid())
                {
                    string Key          = null;
                    string RootCert     = null;
                    string RootKey      = null;
                    var    KeyFileName  = Path.Combine(Base, Req.id.ToString() + ".key");
                    var    RootFileName = Path.Combine(Base, Req.parent.ToString() + ".ca.crt");
                    if (File.Exists(KeyFileName))
                    {
                        if (File.Exists(RootFileName))
                        {
                            try
                            {
                                Key = File.ReadAllText(KeyFileName);
                            }
                            catch (Exception ex)
                            {
                                Logger.Error("HTTP: Unable to read file {0}. Reason: {1}", KeyFileName, ex.Message);
                                SendJson(ctx, "Unable to read key file", false);
                                return;
                            }
                            try
                            {
                                RootCert = File.ReadAllText(RootFileName);
                            }
                            catch (Exception ex)
                            {
                                Logger.Error("HTTP: Unable to read file {0}. Reason: {1}", RootFileName, ex.Message);
                                SendJson(ctx, "Unable to read CA file", false);
                                return;
                            }

                            //Figure out the matching private key for the given root certificate
                            var RootPub = CertCommands.GetPubKey(RootCert, true);
                            RootKey = Directory.GetFiles(Base, "*.key")
                                      .Select(m => File.ReadAllText(m))
                                      .FirstOrDefault(m => CertCommands.GetPubKey(m, false) == RootPub);

                            if (!string.IsNullOrEmpty(RootKey))
                            {
                                try
                                {
                                    var Cert         = CertCommands.GenerateCertificate(RootKey, RootCert, Key, Req.cn, Req.san, Req.exp, Req.sha256, Req.cc, Req.st, Req.l, Req.o, Req.ou, Req.e);
                                    var Id           = CertStore.GetThumb(Cert);
                                    var CertFileName = Path.Combine(Base, Id + ".cli.crt");
                                    File.WriteAllText(CertFileName, Cert);
                                    SendJson(ctx, new ApiCert(CertFileName, new string[] { RootCert }), true);
                                    return;
                                }
                                catch (Exception ex)
                                {
                                    SendJson(ctx, string.Format("CA creation error: {0}", ex.Message), false);
                                    return;
                                }
                            }
                            SendJson(ctx, "Unable to locate private key of the give nroot certificate", false);
                            return;
                        }
                        SendJson(ctx, "Invalid root Thumbprint", false);
                        return;
                    }
                    SendJson(ctx, "Invalid Key ID", false);
                    return;
                }
                SendJson(ctx, "Invalid Request Content", false);
                return;
            }
            SendJson(ctx, "Invalid Request Method", false);
        }
Пример #2
0
        static int Main(string[] args)
        {
            int      RET   = SUCCESS;
            DateTime Start = DateTime.UtcNow;

            Logger.Info("Application Start at {0}", Start);

            if (CertCommands.ValidateOpenSSL(true))
            {
                //Launch Webserver if user double clicked the application
                if (Proc.GetConsoleProcCount() == 1 && args.Length == 0)
                {
                    Logger.Warn("This is a console application but you did not start it from a console");
                    Logger.Warn("We simulate that you passed these arguments: /http 29431 /b");
                    args = new string[] { "/http", "29431", "/b" };
                }

                var A = ParseArgs(args);

                //Run Webserver
                //var A = ParseArgs("/http 55555 /b".Split(' '));
                //Generate RSA
                //var A = ParseArgs(@"/rsa 2048 /out Data\Cert.key".Split(' '));
                //Generate CA
                //var A = ParseArgs(@"/ca /key C:\temp\rsa.txt /out C:\temp\CA.crt".Split(' '));
                //Install CA
                //var A = ParseArgs(@"/ca /install C:\temp\CA.crt".Split(' '));
                //Check if CA installed
                //var A = ParseArgs(@"/ca /query C:\temp\CA.crt /F".Split(' '));
                //Uninstall CA
                //var A = ParseArgs(@"/ca /uninstall C:\temp\CA.crt /F".Split(' '));
                //Create Certificate with CA
                //var A = ParseArgs(@"/cert /key Data\01b72657-c0fb-4738-ae1d-b9a1736f14e9.key /CAC Data\DF74671747C7CBC421005CFD87E915E5751ABBDC.ca.crt /CAK Data\8a7f4b5a-fe00-4212-ac7e-9fb1aa1f3347.key /CN test.com /DN *.test.com /IP 1.1.1.1 /IP ::1 /out Data\Cert.crt".Split(' '));

                if (A.Mode == Mode.help)
                {
                    Help();
                    RET = SUCCESS;
                }
                else if (A.Valid)
                {
                    #region Webserver
                    if (A.Mode == Mode.server)
                    {
                        using (Server S = new Server(A.Port, A.OpenBrowser))
                        {
                            if (S.IsListening)
                            {
                                do
                                {
                                    Logger.Info("Press [ESC] to exit");
                                } while (WaitForKey() != ConsoleKey.Escape);
                            }
                            else
                            {
                                RET = GENERIC_ERROR;
                            }
                        }
                    }
                    #endregion
                    #region RSA
                    else if (A.Mode == Mode.rsa)
                    {
                        var Key = CertCommands.GenerateKey(A.RsaSize);
                        if (A.Output != null)
                        {
                            try
                            {
                                File.WriteAllText(A.Output, Key);
                            }
                            catch (Exception ex)
                            {
                                Logger.Error("Unable to write key to {0}. Reason: {1}", A.Output, ex.Message);
                                //Log the key to console so it's not lost
                                Console.WriteLine(Key);
                                RET = GENERIC_ERROR;
                            }
                        }
                        else
                        {
                            Console.WriteLine(Key);
                        }
                    }
                    #endregion
                    #region CA
                    else if (A.Mode == Mode.ca)
                    {
                        if (A.IsFile && (A.Action == Action.query || A.Action == Action.uninstall))
                        {
                            A.Thumbprint = ReadAll(A.Thumbprint);
                            if (A.Thumbprint != null)
                            {
                                try
                                {
                                    A.Thumbprint = CertStore.GetThumb(A.Thumbprint);
                                }
                                catch (Exception ex)
                                {
                                    Logger.Error("Unable to read certificate {0}. Reason: {1}", A.Thumbprint, ex.Message);
                                    RET = GENERIC_ERROR;
                                }
                            }
                            else
                            {
                                RET = GENERIC_ERROR;
                            }
                        }
                        else
                        {
                            switch (A.Action)
                            {
                            case Action.create:
                                A.Key = ReadAll(A.Key);
                                if (A.Key == null)
                                {
                                    RET = GENERIC_ERROR;
                                }
                                else
                                {
                                    string CACert = null;
                                    try
                                    {
                                        CACert = CertCommands.GenerateRootCert(A.Key, A.Expiration, A.Sha256, A.CC, A.ST, A.L, A.O, A.OU, A.CN, A.E);
                                        if (string.IsNullOrEmpty(CACert))
                                        {
                                            throw new Exception("Openssl did not return a result");
                                        }
                                    }
                                    catch (Exception ex)
                                    {
                                        Logger.Error("Unable to create CA certificate. Reason: {0}", ex.Message);
                                        RET = GENERIC_ERROR;
                                    }
                                    if (CACert != null)
                                    {
                                        if (A.Output != null)
                                        {
                                            try
                                            {
                                                File.WriteAllText(A.Output, CACert);
                                            }
                                            catch (Exception ex)
                                            {
                                                Logger.Error("Unable to write cert to {0}. Reason: {1}", A.Output, ex.Message);
                                                //Log the key to console so it's not lost
                                                Console.WriteLine(CACert);
                                                RET = GENERIC_ERROR;
                                            }
                                        }
                                        else
                                        {
                                            Console.WriteLine(CACert);
                                        }
                                    }
                                }
                                break;

                            case Action.install:
                                A.CAC = ReadAll(A.CAC);
                                if (A.CAC != null)
                                {
                                    CertStore.InstallRoot(A.CAC, A.LM);
                                }
                                else
                                {
                                    Logger.Error("Unable to read Certificate file");
                                    RET = GENERIC_ERROR;
                                }
                                break;

                            case Action.query:
                                if (CertStore.HasCert(A.Thumbprint))
                                {
                                    Logger.Info("Certificate {0} is installed", A.Thumbprint);
                                }
                                else
                                {
                                    Logger.Info("Certificate {0} is NOT installed", A.Thumbprint);
                                    RET = GENERIC_ERROR;
                                }
                                break;

                            case Action.uninstall:
                                if (CertStore.RemoveRoot(A.Thumbprint, A.LM) > 0)
                                {
                                    Logger.Info("Certificate {0} uninstalled", A.Thumbprint);
                                }
                                else
                                {
                                    if (!CertStore.HasCert(A.Thumbprint))
                                    {
                                        Logger.Warn("Certificate {0} not found in store", A.Thumbprint);
                                    }
                                    else
                                    {
                                        Logger.Info("Certificate {0} not uninstalled", A.Thumbprint);
                                    }
                                    RET = GENERIC_ERROR;
                                }
                                break;
                            }
                        }
                    }
                    #endregion
                    #region Cert
                    else if (A.Mode == Mode.cert)
                    {
                        switch (A.Action)
                        {
                        case Action.create:
                            A.Key = ReadAll(A.Key);
                            A.CAC = ReadAll(A.CAC);
                            A.CAK = ReadAll(A.CAK);
                            if (A.Key == null || A.CAC == null || A.CAK == null)
                            {
                                RET = GENERIC_ERROR;
                            }
                            else
                            {
                                string Cert = null;
                                try
                                {
                                    Cert = CertCommands.GenerateCertificate(A.CAK, A.CAC, A.Key, A.CN, A.IPs.Concat(A.Domains).ToArray(), A.Expiration, A.Sha256, A.CC, A.ST, A.L, A.O, A.OU, A.E);
                                    if (string.IsNullOrEmpty(Cert))
                                    {
                                        throw new Exception("Openssl did not return a result");
                                    }
                                }
                                catch (Exception ex)
                                {
                                    Logger.Error("Unable to create certificate. Reason: {0}", ex.Message);
                                    RET = GENERIC_ERROR;
                                }
                                if (Cert != null)
                                {
                                    if (A.Output != null)
                                    {
                                        try
                                        {
                                            File.WriteAllText(A.Output, Cert);
                                        }
                                        catch (Exception ex)
                                        {
                                            Logger.Error("Unable to write cert to {0}. Reason: {1}", A.Output, ex.Message);
                                            //Log the key to console so it's not lost
                                            Console.WriteLine(Cert);
                                            RET = GENERIC_ERROR;
                                        }
                                    }
                                    else
                                    {
                                        Console.WriteLine(Cert);
                                    }
                                }
                            }
                            break;
                        }
                    }
                    #endregion
                    else
                    {
                        Logger.Error("Unimplemented Mode: {0}", A.Mode);
                    }
                }
                else
                {
                    Logger.Error("Invalid Arguments");
                }
            }
            else
            {
                Logger.Error("openssl can't be found. Files needed:\r\nopenssl.exe\r\nssleay32.dll\r\nlibeay32.dll");
                Logger.Info("Trying to obtain filesn now...");
                if (CertCommands.Obtain("<proc>", true))
                {
                    Logger.Info("Files downloaded and ready");
                }
                else
                {
                    Logger.Warn("Unable to download at least one file. You can try again or put them here manually.");
                }
            }
            Logger.Log("Application Runtime: {0}ms", (ulong)DateTime.UtcNow.Subtract(Start).TotalMilliseconds);

            //Wait for a user key press if we are the only process attached to this terminal
            if (Proc.GetConsoleProcCount() == 1)
            {
                Logger.Info("#END - Press any key to exit");
                WaitForKey();
            }

            return(RET);
        }