public ApiCACert(string FileName)
{
data = File.ReadAllText(FileName);
var Cert = CertStore.GetCert(data);
hash = Cert.Thumbprint;
name = CertStore.GetName(data);
pubkey = CertCommands.GetPubKey(data, true);
start = Cert.NotBefore;
end = Cert.NotAfter;
}
public ApiCert(string FileName, string[] ParentFiles)
{
data = File.ReadAllText(FileName);
var Cert = CertStore.GetCert(data);
hash = Cert.Thumbprint;
san = CertStore.GetSan(data);
domain = CertStore.GetName(data);
name = Cert.Subject;
pubkey = CertCommands.GetPubKey(data, true);
issuer = CertStore.GetSignerCertHash(data, ParentFiles);
start = Cert.NotBefore;
end = Cert.NotAfter;
}
private void GenCA(HttpListenerContext ctx)
{
if (ctx.Request.HasEntityBody)
{
var Req = ctx.Request.InputStream.ReadAllText(ctx.Request.ContentEncoding).FromJson <ApiCaCreate>();
if (Req != null && Req.Valid())
{
string Key = null;
var KeyFileName = Path.Combine(Base, Req.id.ToString() + ".key");
if (File.Exists(KeyFileName))
{
try
{
Key = File.ReadAllText(KeyFileName);
}
catch (Exception ex)
{
Logger.Error("HTTP: Unable to read file {0}. Reason: {1}", KeyFileName, ex.Message);
SendJson(ctx, "Unable to read key file", false);
return;
}
try
{
var Cert = CertCommands.GenerateRootCert(Key, Req.exp, Req.sha256, Req.cc, Req.st, Req.l, Req.o, Req.ou, Req.cn, Req.e);
var Id = CertStore.GetThumb(Cert);
var CertFileName = Path.Combine(Base, Id + ".ca.crt");
File.WriteAllText(CertFileName, Cert);
SendJson(ctx, new ApiCACert(CertFileName), true);
return;
}
catch (Exception ex)
{
SendJson(ctx, string.Format("CA creation error: {0}", ex.Message), false);
return;
}
}
SendJson(ctx, "Invalid Key file ID", false);
return;
}
SendJson(ctx, "Invalid Request Content", false);
return;
}
SendJson(ctx, "Invalid Request Method", false);
}
private void GenCert(HttpListenerContext ctx)
{
if (ctx.Request.HasEntityBody)
{
var Req = ctx.Request.InputStream.ReadAllText(ctx.Request.ContentEncoding).FromJson <ApiCertCreate>();
if (Req != null && Req.Valid())
{
string Key = null;
string RootCert = null;
string RootKey = null;
var KeyFileName = Path.Combine(Base, Req.id.ToString() + ".key");
var RootFileName = Path.Combine(Base, Req.parent.ToString() + ".ca.crt");
if (File.Exists(KeyFileName))
{
if (File.Exists(RootFileName))
{
try
{
Key = File.ReadAllText(KeyFileName);
}
catch (Exception ex)
{
Logger.Error("HTTP: Unable to read file {0}. Reason: {1}", KeyFileName, ex.Message);
SendJson(ctx, "Unable to read key file", false);
return;
}
try
{
RootCert = File.ReadAllText(RootFileName);
}
catch (Exception ex)
{
Logger.Error("HTTP: Unable to read file {0}. Reason: {1}", RootFileName, ex.Message);
SendJson(ctx, "Unable to read CA file", false);
return;
}
//Figure out the matching private key for the given root certificate
var RootPub = CertCommands.GetPubKey(RootCert, true);
RootKey = Directory.GetFiles(Base, "*.key")
.Select(m => File.ReadAllText(m))
.FirstOrDefault(m => CertCommands.GetPubKey(m, false) == RootPub);
if (!string.IsNullOrEmpty(RootKey))
{
try
{
var Cert = CertCommands.GenerateCertificate(RootKey, RootCert, Key, Req.cn, Req.san, Req.exp, Req.sha256, Req.cc, Req.st, Req.l, Req.o, Req.ou, Req.e);
var Id = CertStore.GetThumb(Cert);
var CertFileName = Path.Combine(Base, Id + ".cli.crt");
File.WriteAllText(CertFileName, Cert);
SendJson(ctx, new ApiCert(CertFileName, new string[] { RootCert }), true);
return;
}
catch (Exception ex)
{
SendJson(ctx, string.Format("CA creation error: {0}", ex.Message), false);
return;
}
}
SendJson(ctx, "Unable to locate private key of the give nroot certificate", false);
return;
}
SendJson(ctx, "Invalid root Thumbprint", false);
return;
}
SendJson(ctx, "Invalid Key ID", false);
return;
}
SendJson(ctx, "Invalid Request Content", false);
return;
}
SendJson(ctx, "Invalid Request Method", false);
}
static int Main(string[] args)
{
int RET = SUCCESS;
DateTime Start = DateTime.UtcNow;
Logger.Info("Application Start at {0}", Start);
if (CertCommands.ValidateOpenSSL(true))
{
//Launch Webserver if user double clicked the application
if (Proc.GetConsoleProcCount() == 1 && args.Length == 0)
{
Logger.Warn("This is a console application but you did not start it from a console");
Logger.Warn("We simulate that you passed these arguments: /http 29431 /b");
args = new string[] { "/http", "29431", "/b" };
}
var A = ParseArgs(args);
//Run Webserver
//var A = ParseArgs("/http 55555 /b".Split(' '));
//Generate RSA
//var A = ParseArgs(@"/rsa 2048 /out Data\Cert.key".Split(' '));
//Generate CA
//var A = ParseArgs(@"/ca /key C:\temp\rsa.txt /out C:\temp\CA.crt".Split(' '));
//Install CA
//var A = ParseArgs(@"/ca /install C:\temp\CA.crt".Split(' '));
//Check if CA installed
//var A = ParseArgs(@"/ca /query C:\temp\CA.crt /F".Split(' '));
//Uninstall CA
//var A = ParseArgs(@"/ca /uninstall C:\temp\CA.crt /F".Split(' '));
//Create Certificate with CA
//var A = ParseArgs(@"/cert /key Data\01b72657-c0fb-4738-ae1d-b9a1736f14e9.key /CAC Data\DF74671747C7CBC421005CFD87E915E5751ABBDC.ca.crt /CAK Data\8a7f4b5a-fe00-4212-ac7e-9fb1aa1f3347.key /CN test.com /DN *.test.com /IP 1.1.1.1 /IP ::1 /out Data\Cert.crt".Split(' '));
if (A.Mode == Mode.help)
{
Help();
RET = SUCCESS;
}
else if (A.Valid)
{
#region Webserver
if (A.Mode == Mode.server)
{
using (Server S = new Server(A.Port, A.OpenBrowser))
{
if (S.IsListening)
{
do
{
Logger.Info("Press [ESC] to exit");
} while (WaitForKey() != ConsoleKey.Escape);
}
else
{
RET = GENERIC_ERROR;
}
}
}
#endregion
#region RSA
else if (A.Mode == Mode.rsa)
{
var Key = CertCommands.GenerateKey(A.RsaSize);
if (A.Output != null)
{
try
{
File.WriteAllText(A.Output, Key);
}
catch (Exception ex)
{
Logger.Error("Unable to write key to {0}. Reason: {1}", A.Output, ex.Message);
//Log the key to console so it's not lost
Console.WriteLine(Key);
RET = GENERIC_ERROR;
}
}
else
{
Console.WriteLine(Key);
}
}
#endregion
#region CA
else if (A.Mode == Mode.ca)
{
if (A.IsFile && (A.Action == Action.query || A.Action == Action.uninstall))
{
A.Thumbprint = ReadAll(A.Thumbprint);
if (A.Thumbprint != null)
{
try
{
A.Thumbprint = CertStore.GetThumb(A.Thumbprint);
}
catch (Exception ex)
{
Logger.Error("Unable to read certificate {0}. Reason: {1}", A.Thumbprint, ex.Message);
RET = GENERIC_ERROR;
}
}
else
{
RET = GENERIC_ERROR;
}
}
else
{
switch (A.Action)
{
case Action.create:
A.Key = ReadAll(A.Key);
if (A.Key == null)
{
RET = GENERIC_ERROR;
}
else
{
string CACert = null;
try
{
CACert = CertCommands.GenerateRootCert(A.Key, A.Expiration, A.Sha256, A.CC, A.ST, A.L, A.O, A.OU, A.CN, A.E);
if (string.IsNullOrEmpty(CACert))
{
throw new Exception("Openssl did not return a result");
}
}
catch (Exception ex)
{
Logger.Error("Unable to create CA certificate. Reason: {0}", ex.Message);
RET = GENERIC_ERROR;
}
if (CACert != null)
{
if (A.Output != null)
{
try
{
File.WriteAllText(A.Output, CACert);
}
catch (Exception ex)
{
Logger.Error("Unable to write cert to {0}. Reason: {1}", A.Output, ex.Message);
//Log the key to console so it's not lost
Console.WriteLine(CACert);
RET = GENERIC_ERROR;
}
}
else
{
Console.WriteLine(CACert);
}
}
}
break;
case Action.install:
A.CAC = ReadAll(A.CAC);
if (A.CAC != null)
{
CertStore.InstallRoot(A.CAC, A.LM);
}
else
{
Logger.Error("Unable to read Certificate file");
RET = GENERIC_ERROR;
}
break;
case Action.query:
if (CertStore.HasCert(A.Thumbprint))
{
Logger.Info("Certificate {0} is installed", A.Thumbprint);
}
else
{
Logger.Info("Certificate {0} is NOT installed", A.Thumbprint);
RET = GENERIC_ERROR;
}
break;
case Action.uninstall:
if (CertStore.RemoveRoot(A.Thumbprint, A.LM) > 0)
{
Logger.Info("Certificate {0} uninstalled", A.Thumbprint);
}
else
{
if (!CertStore.HasCert(A.Thumbprint))
{
Logger.Warn("Certificate {0} not found in store", A.Thumbprint);
}
else
{
Logger.Info("Certificate {0} not uninstalled", A.Thumbprint);
}
RET = GENERIC_ERROR;
}
break;
}
}
}
#endregion
#region Cert
else if (A.Mode == Mode.cert)
{
switch (A.Action)
{
case Action.create:
A.Key = ReadAll(A.Key);
A.CAC = ReadAll(A.CAC);
A.CAK = ReadAll(A.CAK);
if (A.Key == null || A.CAC == null || A.CAK == null)
{
RET = GENERIC_ERROR;
}
else
{
string Cert = null;
try
{
Cert = CertCommands.GenerateCertificate(A.CAK, A.CAC, A.Key, A.CN, A.IPs.Concat(A.Domains).ToArray(), A.Expiration, A.Sha256, A.CC, A.ST, A.L, A.O, A.OU, A.E);
if (string.IsNullOrEmpty(Cert))
{
throw new Exception("Openssl did not return a result");
}
}
catch (Exception ex)
{
Logger.Error("Unable to create certificate. Reason: {0}", ex.Message);
RET = GENERIC_ERROR;
}
if (Cert != null)
{
if (A.Output != null)
{
try
{
File.WriteAllText(A.Output, Cert);
}
catch (Exception ex)
{
Logger.Error("Unable to write cert to {0}. Reason: {1}", A.Output, ex.Message);
//Log the key to console so it's not lost
Console.WriteLine(Cert);
RET = GENERIC_ERROR;
}
}
else
{
Console.WriteLine(Cert);
}
}
}
break;
}
}
#endregion
else
{
Logger.Error("Unimplemented Mode: {0}", A.Mode);
}
}
else
{
Logger.Error("Invalid Arguments");
}
}
else
{
Logger.Error("openssl can't be found. Files needed:\r\nopenssl.exe\r\nssleay32.dll\r\nlibeay32.dll");
Logger.Info("Trying to obtain filesn now...");
if (CertCommands.Obtain("<proc>", true))
{
Logger.Info("Files downloaded and ready");
}
else
{
Logger.Warn("Unable to download at least one file. You can try again or put them here manually.");
}
}
Logger.Log("Application Runtime: {0}ms", (ulong)DateTime.UtcNow.Subtract(Start).TotalMilliseconds);
//Wait for a user key press if we are the only process attached to this terminal
if (Proc.GetConsoleProcCount() == 1)
{
Logger.Info("#END - Press any key to exit");
WaitForKey();
}
return(RET);
}