2017-10-24 14:45:48 +02:00
|
|
|
|
using System;
|
|
|
|
|
using System.IO;
|
|
|
|
|
|
|
|
|
|
namespace Bit.Setup
|
|
|
|
|
{
|
|
|
|
|
public class CertBuilder
|
|
|
|
|
{
|
|
|
|
|
public CertBuilder(string domain, string identityCertPassword, bool letsEncrypt, bool ssl)
|
|
|
|
|
{
|
|
|
|
|
Domain = domain;
|
|
|
|
|
IdentityCertPassword = identityCertPassword;
|
|
|
|
|
LetsEncrypt = letsEncrypt;
|
|
|
|
|
Ssl = ssl;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public string Domain { get; private set; }
|
|
|
|
|
public bool LetsEncrypt { get; private set; }
|
|
|
|
|
public bool Ssl { get; private set; }
|
|
|
|
|
public string IdentityCertPassword { get; private set; }
|
|
|
|
|
|
|
|
|
|
public bool BuildForInstall()
|
|
|
|
|
{
|
|
|
|
|
var selfSignedSsl = false;
|
|
|
|
|
if(!Ssl)
|
|
|
|
|
{
|
2018-03-08 23:31:51 +01:00
|
|
|
|
Console.Write("(!) Do you want to generate a self-signed SSL certificate? (y/n): ");
|
|
|
|
|
if(Console.ReadLine().ToLowerInvariant() == "y")
|
|
|
|
|
{
|
|
|
|
|
Directory.CreateDirectory($"/bitwarden/ssl/self/{Domain}/");
|
|
|
|
|
Console.WriteLine("Generating self signed SSL certificate.");
|
|
|
|
|
Ssl = selfSignedSsl = true;
|
|
|
|
|
Helpers.Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 365 " +
|
|
|
|
|
$"-keyout /bitwarden/ssl/self/{Domain}/private.key " +
|
|
|
|
|
$"-out /bitwarden/ssl/self/{Domain}/certificate.crt " +
|
|
|
|
|
$"-subj \"/C=US/ST=New York/L=New York/O=8bit Solutions LLC/OU=Bitwarden/CN={Domain}\"");
|
|
|
|
|
}
|
2018-03-18 02:54:01 +01:00
|
|
|
|
else
|
|
|
|
|
{
|
2018-03-28 18:25:14 +02:00
|
|
|
|
Console.WriteLine("\n!!!!!!!!!! WARNING !!!!!!!!!!");
|
2018-03-18 02:54:01 +01:00
|
|
|
|
Console.WriteLine("You are not using an SSL certificate. Bitwarden requires HTTPS to operate. " +
|
|
|
|
|
"You must front your installation with a HTTPS proxy. The web vault (and other Bitwarden " +
|
|
|
|
|
"apps) will not work properly without HTTPS.");
|
2018-03-28 18:23:51 +02:00
|
|
|
|
Console.WriteLine("!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\n");
|
2018-03-18 02:54:01 +01:00
|
|
|
|
}
|
2017-10-24 14:45:48 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(LetsEncrypt)
|
|
|
|
|
{
|
|
|
|
|
Directory.CreateDirectory($"/bitwarden/letsencrypt/live/{Domain}/");
|
2017-12-21 04:31:30 +01:00
|
|
|
|
Helpers.Exec($"openssl dhparam -out /bitwarden/letsencrypt/live/{Domain}/dhparam.pem 2048");
|
2017-10-24 14:45:48 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Console.WriteLine("Generating key for IdentityServer.");
|
|
|
|
|
Directory.CreateDirectory("/bitwarden/identity/");
|
2017-12-21 04:31:30 +01:00
|
|
|
|
Helpers.Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity.key " +
|
2018-02-27 20:16:19 +01:00
|
|
|
|
"-out identity.crt -subj \"/CN=Bitwarden IdentityServer\" -days 10950");
|
2017-12-21 04:31:30 +01:00
|
|
|
|
Helpers.Exec("openssl pkcs12 -export -out /bitwarden/identity/identity.pfx -inkey identity.key " +
|
2017-10-24 14:45:48 +02:00
|
|
|
|
$"-in identity.crt -certfile identity.crt -passout pass:{IdentityCertPassword}");
|
|
|
|
|
|
|
|
|
|
return selfSignedSsl;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|