ouczbs/FastGithub
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

增加秘钥用法和基本约束

Browse Source
This commit is contained in:
xljiulang 2021-07-28 23:27:37 +08:00
parent 03fb43028c
commit 0eab66f8e6
1 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
FastGithub.ReverseProxy/CertGenerator.cs
View File

@ -1,5 +1,4 @@
using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Asn1.X9; using Org.BouncyCastle.Asn1.X9;
using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto;
@ -134,11 +133,20 @@ namespace FastGithub.ReverseProxy
var akis = new AuthorityKeyIdentifierStructure(issuerPublic); var akis = new AuthorityKeyIdentifierStructure(issuerPublic);
certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, akis); certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, akis);
} }
if (caPathLengthConstraint != null && caPathLengthConstraint >= 0) if (caPathLengthConstraint != null && caPathLengthConstraint >= 0)
{ {
var extension = new X509Extension(true, new DerOctetString(new BasicConstraints(caPathLengthConstraint.Value))); var basicConstraints = new BasicConstraints(caPathLengthConstraint.Value);
certGenerator.AddExtension(X509Extensions.BasicConstraints, extension.IsCritical, extension.GetParsedValue()); certGenerator.AddExtension(X509Extensions.BasicConstraints, true, basicConstraints);
certGenerator.AddExtension(X509Extensions.KeyUsage, false, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.CrlSign | KeyUsage.KeyCertSign));
} }
else
{
var basicConstraints = new BasicConstraints(cA: false);
certGenerator.AddExtension(X509Extensions.BasicConstraints, true, basicConstraints);
certGenerator.AddExtension(X509Extensions.KeyUsage, false, new KeyUsage(KeyUsage.DigitalSignature | KeyUsage.KeyEncipherment));
}
certGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth));
var names = domains.Select(domain => var names = domains.Select(domain =>
{ {
@ -148,13 +156,10 @@ namespace FastGithub.ReverseProxy
nameType = GeneralName.IPAddress; nameType = GeneralName.IPAddress;
} }
return new GeneralName(nameType, domain); return new GeneralName(nameType, domain);
}).ToArray(); }).ToArray();
var subjectAltName = new GeneralNames(names); var subjectAltName = new GeneralNames(names);
certGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName); certGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
certGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth));
return certGenerator.Generate(signatureFactory); return certGenerator.Generate(signatureFactory);
} }