client/configurators/openvpn_configurator.cpp

#include "openvpn_configurator.h"
#include <QApplication>
#include <QProcess>
#include <QString>
#include <QTemporaryDir>
#include <QDebug>
#include <QTemporaryFile>
#include <QJsonObject>
#include <QJsonDocument>

#include "containers/containers_defs.h"
#include "core/server_defs.h"
#include "core/servercontroller.h"
#include "core/scripts_registry.h"
#include "utilities.h"
#include "settings.h"

#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/pem.h>

OpenVpnConfigurator::OpenVpnConfigurator(std::shared_ptr<Settings> settings, std::shared_ptr<ServerController> serverController, QObject *parent):
    ConfiguratorBase(settings, serverController, parent)
{

}

OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::prepareOpenVpnConfig(const ServerCredentials &credentials,
    DockerContainer container, ErrorCode *errorCode)
{
    OpenVpnConfigurator::ConnectionData connData = OpenVpnConfigurator::createCertRequest();
    connData.host = credentials.hostName;

    if (connData.privKey.isEmpty() || connData.request.isEmpty()) {
        if (errorCode) *errorCode = ErrorCode::OpenSslFailed;
        return connData;
    }

    QString reqFileName = QString("%1/%2.req").
            arg(amnezia::protocols::openvpn::clientsDirPath).
            arg(connData.clientId);

    ErrorCode e = m_serverController->uploadTextFileToContainer(container, credentials, connData.request, reqFileName);
    if (e) {
        if (errorCode) *errorCode = e;
        return connData;
    }

    e = signCert(container, credentials, connData.clientId);
    if (e) {
        if (errorCode) *errorCode = e;
        return connData;
    }

    connData.caCert = m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::openvpn::caCertPath, &e);
    connData.clientCert = m_serverController->getTextFileFromContainer(container, credentials,
        QString("%1/%2.crt").arg(amnezia::protocols::openvpn::clientCertPath).arg(connData.clientId), &e);

    if (e) {
        if (errorCode) *errorCode = e;
        return connData;
    }

    connData.taKey = m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::openvpn::taKeyPath, &e);

    if (connData.caCert.isEmpty() || connData.clientCert.isEmpty() || connData.taKey.isEmpty()) {
        if (errorCode) *errorCode = ErrorCode::RemoteProcessCrashError;
    }

    return connData;
}

QString OpenVpnConfigurator::genOpenVpnConfig(const ServerCredentials &credentials,
    DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)
{
    QString config = m_serverController->replaceVars(amnezia::scriptData(ProtocolScriptType::openvpn_template, container),
            m_serverController->genVarsForScript(credentials, container, containerConfig));

    ConnectionData connData = prepareOpenVpnConfig(credentials, container, errorCode);
    if (errorCode && *errorCode) {
        return "";
    }

    config.replace("$OPENVPN_CA_CERT", connData.caCert);
    config.replace("$OPENVPN_CLIENT_CERT", connData.clientCert);
    config.replace("$OPENVPN_PRIV_KEY", connData.privKey);

    if (config.contains("$OPENVPN_TA_KEY")) {
        config.replace("$OPENVPN_TA_KEY", connData.taKey);
    }
    else {
        config.replace("<tls-auth>", "");
        config.replace("</tls-auth>", "");
    }

#if defined Q_OS_MAC || defined(Q_OS_LINUX)
    config.replace("block-outside-dns", "");
#endif

    QJsonObject jConfig;
    jConfig[config_key::config] = config;

    return QJsonDocument(jConfig).toJson();
}

QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig)
{
    QJsonObject json = QJsonDocument::fromJson(jsonConfig.toUtf8()).object();
    QString config = json[config_key::config].toString();

    if (m_settings->routeMode() != Settings::VpnAllSites) {
        config.replace("redirect-gateway def1 bypass-dhcp", "");
    }
    else {
        if(!config.contains("redirect-gateway def1 bypass-dhcp")) {
            config.append("redirect-gateway def1 bypass-dhcp\n");
        }
    }

#if (defined Q_OS_MAC || defined(Q_OS_LINUX)) && !defined(Q_OS_ANDROID)
    config.replace("block-outside-dns", "");
    QString dnsConf = QString(
                "\nscript-security 2\n"
                "up %1/update-resolv-conf.sh\n"
                "down %1/update-resolv-conf.sh\n").
            arg(qApp->applicationDirPath());

    config.append(dnsConf);
#endif

    json[config_key::config] = config;
    return QJsonDocument(json).toJson();
}

QString OpenVpnConfigurator::processConfigWithExportSettings(QString jsonConfig)
{
    QJsonObject json = QJsonDocument::fromJson(jsonConfig.toUtf8()).object();
    QString config = json[config_key::config].toString();

    if(!config.contains("redirect-gateway def1 bypass-dhcp")) {
        config.append("redirect-gateway def1 bypass-dhcp\n");
    }

#if (defined Q_OS_MAC || defined(Q_OS_LINUX)) && !defined(Q_OS_ANDROID)
    config.replace("block-outside-dns", "");
#endif

    json[config_key::config] = config;
    return QJsonDocument(json).toJson();
}

ErrorCode OpenVpnConfigurator::signCert(DockerContainer container,
    const ServerCredentials &credentials, QString clientId)
{
    QString script_import = QString("sudo docker exec -i %1 bash -c \"cd /opt/amnezia/openvpn && "
                             "easyrsa import-req %2/%3.req %3\"")
            .arg(ContainerProps::containerToString(container))
            .arg(amnezia::protocols::openvpn::clientsDirPath)
            .arg(clientId);

    QString script_sign = QString("sudo docker exec -i %1 bash -c \"export EASYRSA_BATCH=1; cd /opt/amnezia/openvpn && "
                                    "easyrsa sign-req client %2\"")
            .arg(ContainerProps::containerToString(container))
            .arg(clientId);

    QStringList scriptList {script_import, script_sign};
    QString script = m_serverController->replaceVars(scriptList.join("\n"), m_serverController->genVarsForScript(credentials, container));

    return m_serverController->runScript(credentials, script);
}

OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::createCertRequest()
{
    ConnectionData connData;
    connData.clientId = Utils::getRandomString(32);

    int             ret = 0;
    int             nVersion = 1;

    QByteArray clientIdUtf8 = connData.clientId.toUtf8();

    EVP_PKEY * pKey = EVP_PKEY_new();
    q_check_ptr(pKey);
    RSA * rsa = RSA_generate_key(2048, RSA_F4, nullptr, nullptr);
    q_check_ptr(rsa);
    EVP_PKEY_assign_RSA(pKey, rsa);


    // 2. set version of x509 req
    X509_REQ *x509_req = X509_REQ_new();
    ret = X509_REQ_set_version(x509_req, nVersion);
    if (ret != 1) {
        qWarning() << "Could not get X509!";
        X509_REQ_free(x509_req);
        EVP_PKEY_free(pKey);
        return connData;
    }

    // 3. set subject of x509 req
    X509_NAME *x509_name = X509_REQ_get_subject_name(x509_req);

    X509_NAME_add_entry_by_txt(x509_name, "C",  MBSTRING_ASC,
                               (unsigned char *)"ORG", -1, -1, 0);
    X509_NAME_add_entry_by_txt(x509_name, "O",  MBSTRING_ASC,
                               (unsigned char *)"", -1, -1, 0);
    X509_NAME_add_entry_by_txt(x509_name, "CN", MBSTRING_ASC,
                               reinterpret_cast<unsigned char const *>(clientIdUtf8.data()), clientIdUtf8.size(), -1, 0);

    // 4. set public key of x509 req
    ret = X509_REQ_set_pubkey(x509_req, pKey);
    if (ret != 1){
        qWarning() << "Could not set pubkey!";
        X509_REQ_free(x509_req);
        EVP_PKEY_free(pKey);
        return connData;
    }

    // 5. set sign key of x509 req
    ret = X509_REQ_sign(x509_req, pKey, EVP_sha256());    // return x509_req->signature->length
    if (ret <= 0){
        qWarning() << "Could not sign request!";
        X509_REQ_free(x509_req);
        EVP_PKEY_free(pKey);
        return connData;
    }

    // save private key
    BIO * bp_private = BIO_new(BIO_s_mem());
    q_check_ptr(bp_private);
    if (PEM_write_bio_PrivateKey(bp_private, pKey, nullptr, nullptr, 0, nullptr, nullptr) != 1)
    {
        qFatal("PEM_write_bio_PrivateKey");
        EVP_PKEY_free(pKey);
        BIO_free_all(bp_private);
        X509_REQ_free(x509_req);
        return connData;
    }

    const char * buffer = nullptr;
    size_t size = BIO_get_mem_data(bp_private, &buffer);
    q_check_ptr(buffer);
    connData.privKey = QByteArray(buffer, size);
    if (connData.privKey.isEmpty()) {
        qFatal("Failed to generate a random private key");
        EVP_PKEY_free(pKey);
        BIO_free_all(bp_private);
        X509_REQ_free(x509_req);
        return connData;
    }
    BIO_free_all(bp_private);

    // save req
    BIO * bio_req = BIO_new(BIO_s_mem());
    PEM_write_bio_X509_REQ(bio_req, x509_req);

    BUF_MEM *bio_buf;
    BIO_get_mem_ptr(bio_req, &bio_buf);
    connData.request = QByteArray(bio_buf->data, bio_buf->length);
    BIO_free(bio_req);


    EVP_PKEY_free(pKey); // this will also free the rsa key

    return connData;
}
- no dockerhub 2021-04-04 23:12:36 +03:00			`#include "openvpn_configurator.h"`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`#include <QApplication>`
			`#include <QProcess>`
			`#include <QString>`
			`#include <QTemporaryDir>`
			`#include <QDebug>`
Ssh key auth support added 2021-03-14 21:19:11 +03:00			`#include <QTemporaryFile>`
Refactoring 2021-10-05 12:22:13 +03:00			`#include <QJsonObject>`
App refactoring finished 2022-08-25 17:35:28 +03:00			`#include <QJsonDocument>`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
NewServerSettings qml rework 2021-09-09 20:15:44 +03:00			`#include "containers/containers_defs.h"`
App refactoring finished 2022-08-25 17:35:28 +03:00			`#include "core/server_defs.h"`
			`#include "core/servercontroller.h"`
- no dockerhub 2021-04-04 23:12:36 +03:00			`#include "core/scripts_registry.h"`
migrated the codebase to Qt6 and fixed some compatibility issues 2022-08-29 12:21:09 +04:30			`#include "utilities.h"`
App refactoring finished 2022-08-25 17:35:28 +03:00			`#include "settings.h"`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
Easyrsa removed 2021-10-17 13:03:03 +03:00			`#include <openssl/rsa.h>`
			`#include <openssl/x509.h>`
			`#include <openssl/pem.h>`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
App refactoring finished 2022-08-25 17:35:28 +03:00			`OpenVpnConfigurator::OpenVpnConfigurator(std::shared_ptr<Settings> settings, std::shared_ptr<ServerController> serverController, QObject *parent):`
			`ConfiguratorBase(settings, serverController, parent)`
			`{`

			`}`

shadowsocks impl 2021-01-15 23:36:35 +03:00			`OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::prepareOpenVpnConfig(const ServerCredentials &credentials,`
refactoring 2021-04-26 23:19:19 +03:00			`DockerContainer container, ErrorCode *errorCode)`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`{`
			`OpenVpnConfigurator::ConnectionData connData = OpenVpnConfigurator::createCertRequest();`
Refactoring 2021-01-06 17:12:24 +03:00			`connData.host = credentials.hostName;`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
Openvpn scripts fixes 2021-01-07 20:53:42 +03:00			`if (connData.privKey.isEmpty() \|\| connData.request.isEmpty()) {`
OpenSSL libs added for Linux 2021-10-17 07:00:00 -07:00			`if (errorCode) *errorCode = ErrorCode::OpenSslFailed;`
Openvpn scripts fixes 2021-01-07 20:53:42 +03:00			`return connData;`
			`}`

- no dockerhub 2021-04-04 23:12:36 +03:00			`QString reqFileName = QString("%1/%2.req").`
refactoring 2021-04-26 22:54:31 +03:00			`arg(amnezia::protocols::openvpn::clientsDirPath).`
- no dockerhub 2021-04-04 23:12:36 +03:00			`arg(connData.clientId);`
shadowsocks impl 2021-01-15 23:36:35 +03:00
App refactoring finished 2022-08-25 17:35:28 +03:00			`ErrorCode e = m_serverController->uploadTextFileToContainer(container, credentials, connData.request, reqFileName);`
Refactoring 2021-01-06 17:12:24 +03:00			`if (e) {`
shadowsocks impl 2021-01-15 23:36:35 +03:00			`if (errorCode) *errorCode = e;`
Refactoring 2021-01-06 17:12:24 +03:00			`return connData;`
			`}`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
- no dockerhub 2021-04-04 23:12:36 +03:00			`e = signCert(container, credentials, connData.clientId);`
shadowsocks impl 2021-01-15 23:36:35 +03:00			`if (e) {`
			`if (errorCode) *errorCode = e;`
			`return connData;`
			`}`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
App refactoring finished 2022-08-25 17:35:28 +03:00			`connData.caCert = m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::openvpn::caCertPath, &e);`
			`connData.clientCert = m_serverController->getTextFileFromContainer(container, credentials,`
refactoring 2021-04-26 22:54:31 +03:00			`QString("%1/%2.crt").arg(amnezia::protocols::openvpn::clientCertPath).arg(connData.clientId), &e);`
- no dockerhub 2021-04-04 23:12:36 +03:00
Refactoring 2021-01-06 17:12:24 +03:00			`if (e) {`
shadowsocks impl 2021-01-15 23:36:35 +03:00			`if (errorCode) *errorCode = e;`
Refactoring 2021-01-06 17:12:24 +03:00			`return connData;`
			`}`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
App refactoring finished 2022-08-25 17:35:28 +03:00			`connData.taKey = m_serverController->getTextFileFromContainer(container, credentials, amnezia::protocols::openvpn::taKeyPath, &e);`
shadowsocks impl 2021-01-15 23:36:35 +03:00
			`if (connData.caCert.isEmpty() \|\| connData.clientCert.isEmpty() \|\| connData.taKey.isEmpty()) {`
			`if (errorCode) *errorCode = ErrorCode::RemoteProcessCrashError;`
			`}`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
			`return connData;`
			`}`

shadowsocks impl 2021-01-15 23:36:35 +03:00			`QString OpenVpnConfigurator::genOpenVpnConfig(const ServerCredentials &credentials,`
Multiprotocol support 2021-05-07 23:28:37 +03:00			`DockerContainer container, const QJsonObject &containerConfig, ErrorCode *errorCode)`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`{`
App refactoring finished 2022-08-25 17:35:28 +03:00			`QString config = m_serverController->replaceVars(amnezia::scriptData(ProtocolScriptType::openvpn_template, container),`
			`m_serverController->genVarsForScript(credentials, container, containerConfig));`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
refactoring 2021-04-26 23:19:19 +03:00			`ConnectionData connData = prepareOpenVpnConfig(credentials, container, errorCode);`
- no dockerhub 2021-04-04 23:12:36 +03:00			`if (errorCode && *errorCode) {`
			`return "";`
			`}`
shadowsocks impl 2021-01-15 23:36:35 +03:00
Multiprotocol support 2021-05-07 23:28:37 +03:00			`config.replace("$OPENVPN_CA_CERT", connData.caCert);`
			`config.replace("$OPENVPN_CLIENT_CERT", connData.clientCert);`
			`config.replace("$OPENVPN_PRIV_KEY", connData.privKey);`
win7 support fixes 2021-05-18 15:50:52 +03:00
			`if (config.contains("$OPENVPN_TA_KEY")) {`
			`config.replace("$OPENVPN_TA_KEY", connData.taKey);`
			`}`
			`else {`
			`config.replace("<tls-auth>", "");`
			`config.replace("</tls-auth>", "");`
			`}`
openvpnconfigurator 2020-12-18 14:57:22 +03:00
updated linux build 2021-08-04 10:08:00 -07:00			`#if defined Q_OS_MAC \|\| defined(Q_OS_LINUX)`
ShadowSocks fixes for MacOS 2021-02-21 09:44:53 -08:00			`config.replace("block-outside-dns", "");`
			`#endif`
Config export 2021-05-10 02:33:31 +03:00
Refactoring 2021-10-05 12:22:13 +03:00			`QJsonObject jConfig;`
			`jConfig[config_key::config] = config;`

			`return QJsonDocument(jConfig).toJson();`
Config export 2021-05-10 02:33:31 +03:00			`}`

OpenVpnConfigurator fix 2021-10-14 12:01:14 +03:00			`QString OpenVpnConfigurator::processConfigWithLocalSettings(QString jsonConfig)`
Config export 2021-05-10 02:33:31 +03:00			`{`
OpenVpnConfigurator fix 2021-10-14 12:01:14 +03:00			`QJsonObject json = QJsonDocument::fromJson(jsonConfig.toUtf8()).object();`
			`QString config = json[config_key::config].toString();`

App refactoring finished 2022-08-25 17:35:28 +03:00			`if (m_settings->routeMode() != Settings::VpnAllSites) {`
Config export 2021-05-10 02:33:31 +03:00			`config.replace("redirect-gateway def1 bypass-dhcp", "");`
			`}`
win7 support fixes 2021-05-18 15:50:52 +03:00			`else {`
			`if(!config.contains("redirect-gateway def1 bypass-dhcp")) {`
			`config.append("redirect-gateway def1 bypass-dhcp\n");`
			`}`
			`}`
Config export 2021-05-10 02:33:31 +03:00
OpenVpnConfigurator fix 2021-10-14 12:01:14 +03:00			`#if (defined Q_OS_MAC \|\| defined(Q_OS_LINUX)) && !defined(Q_OS_ANDROID)`
macos fix 2021-05-11 09:36:43 -07:00			`config.replace("block-outside-dns", "");`
macos dns setup fixed 2021-05-13 08:23:56 -07:00			`QString dnsConf = QString(`
			`"\nscript-security 2\n"`
			`"up %1/update-resolv-conf.sh\n"`
			`"down %1/update-resolv-conf.sh\n").`
			`arg(qApp->applicationDirPath());`

			`config.append(dnsConf);`
macos fix 2021-05-11 09:36:43 -07:00			`#endif`

OpenVpnConfigurator fix 2021-10-14 12:01:14 +03:00			`json[config_key::config] = config;`
			`return QJsonDocument(json).toJson();`
openvpnconfigurator 2020-12-18 14:57:22 +03:00			`}`
Ssh key auth support added 2021-03-14 21:19:11 +03:00
OpenVpnConfigurator fix 2021-10-14 12:01:14 +03:00			`QString OpenVpnConfigurator::processConfigWithExportSettings(QString jsonConfig)`
- Crash fix if service not connected 2021-05-20 15:59:58 +03:00			`{`
OpenVpnConfigurator fix 2021-10-14 12:01:14 +03:00			`QJsonObject json = QJsonDocument::fromJson(jsonConfig.toUtf8()).object();`
			`QString config = json[config_key::config].toString();`

- Crash fix if service not connected 2021-05-20 15:59:58 +03:00			`if(!config.contains("redirect-gateway def1 bypass-dhcp")) {`
			`config.append("redirect-gateway def1 bypass-dhcp\n");`
			`}`

OpenVpnConfigurator fix 2021-10-14 12:01:14 +03:00			`#if (defined Q_OS_MAC \|\| defined(Q_OS_LINUX)) && !defined(Q_OS_ANDROID)`
- Crash fix if service not connected 2021-05-20 15:59:58 +03:00			`config.replace("block-outside-dns", "");`
			`#endif`

OpenVpnConfigurator fix 2021-10-14 12:01:14 +03:00			`json[config_key::config] = config;`
			`return QJsonDocument(json).toJson();`
- Crash fix if service not connected 2021-05-20 15:59:58 +03:00			`}`

- no dockerhub 2021-04-04 23:12:36 +03:00			`ErrorCode OpenVpnConfigurator::signCert(DockerContainer container,`
			`const ServerCredentials &credentials, QString clientId)`
			`{`
			`QString script_import = QString("sudo docker exec -i %1 bash -c \"cd /opt/amnezia/openvpn && "`
			`"easyrsa import-req %2/%3.req %3\"")`
Various types containers support 2021-09-20 21:51:28 +03:00			`.arg(ContainerProps::containerToString(container))`
refactoring 2021-04-26 22:54:31 +03:00			`.arg(amnezia::protocols::openvpn::clientsDirPath)`
- no dockerhub 2021-04-04 23:12:36 +03:00			`.arg(clientId);`

			`QString script_sign = QString("sudo docker exec -i %1 bash -c \"export EASYRSA_BATCH=1; cd /opt/amnezia/openvpn && "`
			`"easyrsa sign-req client %2\"")`
Various types containers support 2021-09-20 21:51:28 +03:00			`.arg(ContainerProps::containerToString(container))`
- no dockerhub 2021-04-04 23:12:36 +03:00			`.arg(clientId);`

			`QStringList scriptList {script_import, script_sign};`
App refactoring finished 2022-08-25 17:35:28 +03:00			`QString script = m_serverController->replaceVars(scriptList.join("\n"), m_serverController->genVarsForScript(credentials, container));`
- no dockerhub 2021-04-04 23:12:36 +03:00
App refactoring finished 2022-08-25 17:35:28 +03:00			`return m_serverController->runScript(credentials, script);`
- no dockerhub 2021-04-04 23:12:36 +03:00			`}`
Easyrsa removed 2021-10-17 13:03:03 +03:00
			`OpenVpnConfigurator::ConnectionData OpenVpnConfigurator::createCertRequest()`
			`{`
			`ConnectionData connData;`
			`connData.clientId = Utils::getRandomString(32);`

			`int ret = 0;`
			`int nVersion = 1;`

			`QByteArray clientIdUtf8 = connData.clientId.toUtf8();`

			`EVP_PKEY * pKey = EVP_PKEY_new();`
			`q_check_ptr(pKey);`
			`RSA * rsa = RSA_generate_key(2048, RSA_F4, nullptr, nullptr);`
			`q_check_ptr(rsa);`
			`EVP_PKEY_assign_RSA(pKey, rsa);`


			`// 2. set version of x509 req`
			`X509_REQ *x509_req = X509_REQ_new();`
			`ret = X509_REQ_set_version(x509_req, nVersion);`
			`if (ret != 1) {`
			`qWarning() << "Could not get X509!";`
OpenSSL libs added for Linux 2021-10-17 07:00:00 -07:00			`X509_REQ_free(x509_req);`
			`EVP_PKEY_free(pKey);`
			`return connData;`
Easyrsa removed 2021-10-17 13:03:03 +03:00			`}`

			`// 3. set subject of x509 req`
			`X509_NAME *x509_name = X509_REQ_get_subject_name(x509_req);`

			`X509_NAME_add_entry_by_txt(x509_name, "C", MBSTRING_ASC,`
			`(unsigned char *)"ORG", -1, -1, 0);`
			`X509_NAME_add_entry_by_txt(x509_name, "O", MBSTRING_ASC,`
			`(unsigned char *)"", -1, -1, 0);`
			`X509_NAME_add_entry_by_txt(x509_name, "CN", MBSTRING_ASC,`
			`reinterpret_cast<unsigned char const *>(clientIdUtf8.data()), clientIdUtf8.size(), -1, 0);`

			`// 4. set public key of x509 req`
			`ret = X509_REQ_set_pubkey(x509_req, pKey);`
			`if (ret != 1){`
			`qWarning() << "Could not set pubkey!";`
OpenSSL libs added for Linux 2021-10-17 07:00:00 -07:00			`X509_REQ_free(x509_req);`
			`EVP_PKEY_free(pKey);`
			`return connData;`
Easyrsa removed 2021-10-17 13:03:03 +03:00			`}`

			`// 5. set sign key of x509 req`
			`ret = X509_REQ_sign(x509_req, pKey, EVP_sha256()); // return x509_req->signature->length`
			`if (ret <= 0){`
			`qWarning() << "Could not sign request!";`
OpenSSL libs added for Linux 2021-10-17 07:00:00 -07:00			`X509_REQ_free(x509_req);`
			`EVP_PKEY_free(pKey);`
			`return connData;`
Easyrsa removed 2021-10-17 13:03:03 +03:00			`}`

			`// save private key`
			`BIO * bp_private = BIO_new(BIO_s_mem());`
			`q_check_ptr(bp_private);`
			`if (PEM_write_bio_PrivateKey(bp_private, pKey, nullptr, nullptr, 0, nullptr, nullptr) != 1)`
			`{`
OpenSSL libs added for Linux 2021-10-17 07:00:00 -07:00			`qFatal("PEM_write_bio_PrivateKey");`
Easyrsa removed 2021-10-17 13:03:03 +03:00			`EVP_PKEY_free(pKey);`
			`BIO_free_all(bp_private);`
OpenSSL libs added for Linux 2021-10-17 07:00:00 -07:00			`X509_REQ_free(x509_req);`
			`return connData;`
Easyrsa removed 2021-10-17 13:03:03 +03:00			`}`

			`const char * buffer = nullptr;`
			`size_t size = BIO_get_mem_data(bp_private, &buffer);`
			`q_check_ptr(buffer);`
			`connData.privKey = QByteArray(buffer, size);`
			`if (connData.privKey.isEmpty()) {`
			`qFatal("Failed to generate a random private key");`
OpenSSL libs added for Linux 2021-10-17 07:00:00 -07:00			`EVP_PKEY_free(pKey);`
			`BIO_free_all(bp_private);`
			`X509_REQ_free(x509_req);`
			`return connData;`
Easyrsa removed 2021-10-17 13:03:03 +03:00			`}`
			`BIO_free_all(bp_private);`

			`// save req`
			`BIO * bio_req = BIO_new(BIO_s_mem());`
			`PEM_write_bio_X509_REQ(bio_req, x509_req);`

			`BUF_MEM *bio_buf;`
			`BIO_get_mem_ptr(bio_req, &bio_buf);`
			`connData.request = QByteArray(bio_buf->data, bio_buf->length);`
			`BIO_free(bio_req);`


			`EVP_PKEY_free(pKey); // this will also free the rsa key`

			`return connData;`
			`}`