1
0
mirror of https://github.com/bitwarden/server.git synced 2024-11-26 12:55:17 +01:00
bitwarden-server/util/Setup/CertBuilder.cs
2018-03-30 09:40:14 -04:00

63 lines
2.7 KiB
C#

using System;
using System.IO;
namespace Bit.Setup
{
public class CertBuilder
{
public CertBuilder(string domain, string identityCertPassword, bool letsEncrypt, bool ssl)
{
Domain = domain;
IdentityCertPassword = identityCertPassword;
LetsEncrypt = letsEncrypt;
Ssl = ssl;
}
public string Domain { get; private set; }
public bool LetsEncrypt { get; private set; }
public bool Ssl { get; private set; }
public string IdentityCertPassword { get; private set; }
public bool BuildForInstall()
{
var selfSignedSsl = false;
if(!Ssl)
{
if(Helpers.ReadQuestion("Do you want to generate a self-signed SSL certificate?"))
{
Directory.CreateDirectory($"/bitwarden/ssl/self/{Domain}/");
Console.WriteLine("Generating self signed SSL certificate.");
Ssl = selfSignedSsl = true;
Helpers.Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -days 365 " +
$"-keyout /bitwarden/ssl/self/{Domain}/private.key " +
$"-out /bitwarden/ssl/self/{Domain}/certificate.crt " +
$"-subj \"/C=US/ST=New York/L=New York/O=8bit Solutions LLC/OU=Bitwarden/CN={Domain}\"");
}
else
{
var message = "You are not using an SSL certificate. Bitwarden requires HTTPS to operate. " +
"You must front your installation with a HTTPS proxy. The web vault (and other Bitwarden " +
"apps) will not work properly without HTTPS.";
Helpers.ShowBanner("WARNING", message, ConsoleColor.Yellow);
}
}
if(LetsEncrypt)
{
Directory.CreateDirectory($"/bitwarden/letsencrypt/live/{Domain}/");
Helpers.Exec($"openssl dhparam -out /bitwarden/letsencrypt/live/{Domain}/dhparam.pem 2048");
}
Console.WriteLine("Generating key for IdentityServer.");
Directory.CreateDirectory("/bitwarden/identity/");
Helpers.Exec("openssl req -x509 -newkey rsa:4096 -sha256 -nodes -keyout identity.key " +
"-out identity.crt -subj \"/CN=Bitwarden IdentityServer\" -days 10950");
Helpers.Exec("openssl pkcs12 -export -out /bitwarden/identity/identity.pfx -inkey identity.key " +
$"-in identity.crt -certfile identity.crt -passout pass:{IdentityCertPassword}");
Console.WriteLine();
return selfSignedSsl;
}
}
}