client/configurators/ikev2_configurator.cpp

#include "ikev2_configurator.h"
#include <QApplication>
#include <QProcess>
#include <QString>
#include <QTemporaryDir>
#include <QDebug>
#include <QTemporaryFile>
#include <QJsonDocument>
#include <QUuid>

#include "containers/containers_defs.h"
#include "core/server_defs.h"
#include "core/scripts_registry.h"
#include "utilities.h"
#include "core/servercontroller.h"


Ikev2Configurator::Ikev2Configurator(std::shared_ptr<Settings> settings, QObject *parent):
    ConfiguratorBase(settings, parent)
{

}

Ikev2Configurator::ConnectionData Ikev2Configurator::prepareIkev2Config(const ServerCredentials &credentials,
    DockerContainer container, ErrorCode *errorCode)
{
    Ikev2Configurator::ConnectionData connData;
    connData.host = credentials.hostName;
    connData.clientId = Utils::getRandomString(16);
    connData.password = Utils::getRandomString(16);
    connData.password = "";

    QString certFileName = "/opt/amnezia/ikev2/clients/" + connData.clientId + ".p12";

    QString scriptCreateCert = QString("certutil -z <(head -c 1024 /dev/urandom) "\
                             "-S -c \"IKEv2 VPN CA\" -n \"%1\" "\
                             "-s \"O=IKEv2 VPN,CN=%1\" "\
                             "-k rsa -g 3072 -v 120 "\
                             "-d sql:/etc/ipsec.d -t \",,\" "\
                             "--keyUsage digitalSignature,keyEncipherment "\
                             "--extKeyUsage serverAuth,clientAuth -8 \"%1\"")
            .arg(connData.clientId);

    ServerController serverController(m_settings);
    ErrorCode e = serverController.runContainerScript(credentials, container, scriptCreateCert);

    QString scriptExportCert = QString("pk12util -W \"%1\" -d sql:/etc/ipsec.d -n \"%2\" -o \"%3\"")
            .arg(connData.password)
            .arg(connData.clientId)
            .arg(certFileName);
    e = serverController.runContainerScript(credentials, container, scriptExportCert);

    connData.clientCert = serverController.getTextFileFromContainer(container, credentials, certFileName, &e);
    connData.caCert = serverController.getTextFileFromContainer(container, credentials, "/etc/ipsec.d/ca_cert_base64.p12", &e);

    qDebug() << "Ikev2Configurator::ConnectionData client cert size:" << connData.clientCert.size();
    qDebug() << "Ikev2Configurator::ConnectionData ca cert size:" << connData.caCert.size();

    return connData;
}

QString Ikev2Configurator::genIkev2Config(const ServerCredentials &credentials,
    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
{
    Q_UNUSED(containerConfig)

    ConnectionData connData = prepareIkev2Config(credentials, container, errorCode);
    if (errorCode && *errorCode) {
        return "";
    }

    return genIkev2Config(connData);
}

QString Ikev2Configurator::genIkev2Config(const ConnectionData &connData)
{
    QJsonObject config;
    config[config_key::hostName] = connData.host;
    config[config_key::userName] = connData.clientId;
    config[config_key::cert] = QString(connData.clientCert.toBase64());
    config[config_key::password] = connData.password;

    return QJsonDocument(config).toJson();
}

QString Ikev2Configurator::genMobileConfig(const ConnectionData &connData)
{
    QFile file(":/server_scripts/ipsec/mobileconfig.plist");
    file.open(QIODevice::ReadOnly);
    QString config = QString(file.readAll());

    config.replace("$CLIENT_NAME", connData.clientId);
    config.replace("$UUID1", QUuid::createUuid().toString());
    config.replace("$SERVER_ADDR", connData.host);

    QString subStr("$(UUID_GEN)");
    while (config.indexOf(subStr) > 0) {
        config.replace(config.indexOf(subStr), subStr.size(), QUuid::createUuid().toString());
    }

    config.replace("$P12_BASE64", connData.clientCert.toBase64());
    config.replace("$CA_BASE64", connData.caCert.toBase64());

    return config;
}

QString Ikev2Configurator::genStrongSwanConfig(const ConnectionData &connData)
{
    QFile file(":/server_scripts/ipsec/strongswan.profile");
    file.open(QIODevice::ReadOnly);
    QString config = QString(file.readAll());

    config.replace("$CLIENT_NAME", connData.clientId);
    config.replace("$UUID", QUuid::createUuid().toString());
    config.replace("$SERVER_ADDR", connData.host);

    QByteArray cert = connData.clientCert.toBase64();
    cert.replace("\r", "").replace("\n", "");
    config.replace("$P12_BASE64", cert);

    return config;
}
Ikev2 support 2021-10-04 19:07:49 +03:00			`#include "ikev2_configurator.h"`
			`#include <QApplication>`
			`#include <QProcess>`
			`#include <QString>`
			`#include <QTemporaryDir>`
			`#include <QDebug>`
			`#include <QTemporaryFile>`
			`#include <QJsonDocument>`
Share WireGuard page 2021-11-15 18:17:28 +03:00			`#include <QUuid>`
Ikev2 support 2021-10-04 19:07:49 +03:00
			`#include "containers/containers_defs.h"`
App refactoring finished 2022-08-25 17:35:28 +03:00			`#include "core/server_defs.h"`
Ikev2 support 2021-10-04 19:07:49 +03:00			`#include "core/scripts_registry.h"`
migrated the codebase to Qt6 and fixed some compatibility issues 2022-08-29 12:21:09 +04:30			`#include "utilities.h"`
App refactoring finished 2022-08-25 17:35:28 +03:00			`#include "core/servercontroller.h"`
Merge branch 'dev' into qt_migration 2022-10-15 19:46:26 +03:00
Ikev2 support 2021-10-04 19:07:49 +03:00
now an instance of the serverController class is created at the place of use 2023-04-04 10:22:25 +03:00			`Ikev2Configurator::Ikev2Configurator(std::shared_ptr<Settings> settings, QObject *parent):`
			`ConfiguratorBase(settings, parent)`
App refactoring finished 2022-08-25 17:35:28 +03:00			`{`

			`}`
Ikev2 support 2021-10-04 19:07:49 +03:00
			`Ikev2Configurator::ConnectionData Ikev2Configurator::prepareIkev2Config(const ServerCredentials &credentials,`
			`DockerContainer container, ErrorCode *errorCode)`
			`{`
			`Ikev2Configurator::ConnectionData connData;`
			`connData.host = credentials.hostName;`
			`connData.clientId = Utils::getRandomString(16);`
			`connData.password = Utils::getRandomString(16);`
Share WireGuard page 2021-11-15 18:17:28 +03:00			`connData.password = "";`
Ikev2 support 2021-10-04 19:07:49 +03:00
			`QString certFileName = "/opt/amnezia/ikev2/clients/" + connData.clientId + ".p12";`

			`QString scriptCreateCert = QString("certutil -z <(head -c 1024 /dev/urandom) "\`
			`"-S -c \"IKEv2 VPN CA\" -n \"%1\" "\`
			`"-s \"O=IKEv2 VPN,CN=%1\" "\`
			`"-k rsa -g 3072 -v 120 "\`
			`"-d sql:/etc/ipsec.d -t \",,\" "\`
			`"--keyUsage digitalSignature,keyEncipherment "\`
			`"--extKeyUsage serverAuth,clientAuth -8 \"%1\"")`
			`.arg(connData.clientId);`

now an instance of the serverController class is created at the place of use 2023-04-04 10:22:25 +03:00			`ServerController serverController(m_settings);`
			`ErrorCode e = serverController.runContainerScript(credentials, container, scriptCreateCert);`
Ikev2 support 2021-10-04 19:07:49 +03:00
			`QString scriptExportCert = QString("pk12util -W \"%1\" -d sql:/etc/ipsec.d -n \"%2\" -o \"%3\"")`
			`.arg(connData.password)`
			`.arg(connData.clientId)`
			`.arg(certFileName);`
now an instance of the serverController class is created at the place of use 2023-04-04 10:22:25 +03:00			`e = serverController.runContainerScript(credentials, container, scriptExportCert);`
Ikev2 support 2021-10-04 19:07:49 +03:00
now an instance of the serverController class is created at the place of use 2023-04-04 10:22:25 +03:00			`connData.clientCert = serverController.getTextFileFromContainer(container, credentials, certFileName, &e);`
			`connData.caCert = serverController.getTextFileFromContainer(container, credentials, "/etc/ipsec.d/ca_cert_base64.p12", &e);`
Share WireGuard page 2021-11-15 18:17:28 +03:00
			`qDebug() << "Ikev2Configurator::ConnectionData client cert size:" << connData.clientCert.size();`
			`qDebug() << "Ikev2Configurator::ConnectionData ca cert size:" << connData.caCert.size();`
Ikev2 support 2021-10-04 19:07:49 +03:00
			`return connData;`
			`}`

			`QString Ikev2Configurator::genIkev2Config(const ServerCredentials &credentials,`
			`DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)`
			`{`
Share WireGuard page 2021-11-15 18:17:28 +03:00			`Q_UNUSED(containerConfig)`

Ikev2 support 2021-10-04 19:07:49 +03:00			`ConnectionData connData = prepareIkev2Config(credentials, container, errorCode);`
			`if (errorCode && *errorCode) {`
			`return "";`
			`}`

Share WireGuard page 2021-11-15 18:17:28 +03:00			`return genIkev2Config(connData);`
			`}`

			`QString Ikev2Configurator::genIkev2Config(const ConnectionData &connData)`
			`{`
Ikev2 support 2021-10-04 19:07:49 +03:00			`QJsonObject config;`
			`config[config_key::hostName] = connData.host;`
			`config[config_key::userName] = connData.clientId;`
Share WireGuard page 2021-11-15 18:17:28 +03:00			`config[config_key::cert] = QString(connData.clientCert.toBase64());`
Ikev2 support 2021-10-04 19:07:49 +03:00			`config[config_key::password] = connData.password;`

			`return QJsonDocument(config).toJson();`
			`}`

Share WireGuard page 2021-11-15 18:17:28 +03:00			`QString Ikev2Configurator::genMobileConfig(const ConnectionData &connData)`
			`{`
			`QFile file(":/server_scripts/ipsec/mobileconfig.plist");`
			`file.open(QIODevice::ReadOnly);`
			`QString config = QString(file.readAll());`

			`config.replace("$CLIENT_NAME", connData.clientId);`
			`config.replace("$UUID1", QUuid::createUuid().toString());`
			`config.replace("$SERVER_ADDR", connData.host);`

			`QString subStr("$(UUID_GEN)");`
			`while (config.indexOf(subStr) > 0) {`
			`config.replace(config.indexOf(subStr), subStr.size(), QUuid::createUuid().toString());`
			`}`

			`config.replace("$P12_BASE64", connData.clientCert.toBase64());`
			`config.replace("$CA_BASE64", connData.caCert.toBase64());`

			`return config;`
			`}`

			`QString Ikev2Configurator::genStrongSwanConfig(const ConnectionData &connData)`
			`{`
			`QFile file(":/server_scripts/ipsec/strongswan.profile");`
			`file.open(QIODevice::ReadOnly);`
			`QString config = QString(file.readAll());`

			`config.replace("$CLIENT_NAME", connData.clientId);`
			`config.replace("$UUID", QUuid::createUuid().toString());`
			`config.replace("$SERVER_ADDR", connData.host);`

			`QByteArray cert = connData.clientCert.toBase64();`
			`cert.replace("\r", "").replace("\n", "");`
			`config.replace("$P12_BASE64", cert);`

			`return config;`
			`}`