From 498539bf53dbb78ddcf629815207861bf1bd967a Mon Sep 17 00:00:00 2001
From: xljiulang <366193849@qq.com>
Date: Wed, 28 Jul 2021 21:23:14 +0800
Subject: [PATCH] =?UTF-8?q?=E5=8F=82=E8=80=83fiddler=E7=94=9F=E6=88=90ca?=
 =?UTF-8?q?=E8=AF=81=E4=B9=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 FastGithub.ReverseProxy/CertGenerator.cs | 20 +++++++++++++-------
 FastGithub/.config/dotnet-tools.json     | 12 ++++++++++++
 2 files changed, 25 insertions(+), 7 deletions(-)
 create mode 100644 FastGithub/.config/dotnet-tools.json

diff --git a/FastGithub.ReverseProxy/CertGenerator.cs b/FastGithub.ReverseProxy/CertGenerator.cs
index e6a5e4c..77f8369 100644
--- a/FastGithub.ReverseProxy/CertGenerator.cs
+++ b/FastGithub.ReverseProxy/CertGenerator.cs
@@ -1,4 +1,5 @@
-using Org.BouncyCastle.Asn1.Pkcs;
+using Org.BouncyCastle.Asn1;
+using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
@@ -40,7 +41,7 @@ namespace FastGithub.ReverseProxy
         public static void GenerateBySelf(IEnumerable<string> domains, int keySizeBits, DateTime validFrom, DateTime validTo, string caPublicCerPath, string caPrivateKeyPath)
         {
             var keys = GenerateRsaKeyPair(keySizeBits);
-            var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, domains.First(), null, keys.Private);
+            var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, domains.First(), null, keys.Private, 1);
 
             using var priWriter = new StreamWriter(caPrivateKeyPath);
             var priPemWriter = new PemWriter(priWriter);
@@ -84,7 +85,7 @@ namespace FastGithub.ReverseProxy
 
             var caSubjectName = GetSubjectName(caCert);
             var keys = GenerateRsaKeyPair(keySizeBits);
-            var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, caSubjectName, caCert.GetPublicKey(), caPrivateKey);
+            var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, caSubjectName, caCert.GetPublicKey(), caPrivateKey, null);
 
             return GeneratePfx(cert, keys.Private, password);
         }
@@ -111,9 +112,10 @@ namespace FastGithub.ReverseProxy
         /// <param name="validTo"></param>
         /// <param name="issuerName"></param>
         /// <param name="issuerPublic"></param>
-        /// <param name="issuerPrivate"></param> 
+        /// <param name="issuerPrivate"></param>
+        /// <param name="caPathLengthConstraint"></param>
         /// <returns></returns>
-        private static X509Certificate GenerateCertificate(IEnumerable<string> domains, AsymmetricKeyParameter subjectPublic, DateTime validFrom, DateTime validTo, string issuerName, AsymmetricKeyParameter? issuerPublic, AsymmetricKeyParameter issuerPrivate)
+        private static X509Certificate GenerateCertificate(IEnumerable<string> domains, AsymmetricKeyParameter subjectPublic, DateTime validFrom, DateTime validTo, string issuerName, AsymmetricKeyParameter? issuerPublic, AsymmetricKeyParameter issuerPrivate, int? caPathLengthConstraint)
         {
             var signatureFactory = issuerPrivate is ECPrivateKeyParameters
                 ? new Asn1SignatureFactory(X9ObjectIdentifiers.ECDsaWithSha256.ToString(), issuerPrivate)
@@ -132,9 +134,10 @@ namespace FastGithub.ReverseProxy
                 var akis = new AuthorityKeyIdentifierStructure(issuerPublic);
                 certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, akis);
             }
-            else
+            if (caPathLengthConstraint != null && caPathLengthConstraint >= 0)
             {
-                certGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(cA: true)); ;
+                var extension = new X509Extension(true, new DerOctetString(new BasicConstraints(caPathLengthConstraint.Value)));
+                certGenerator.AddExtension(X509Extensions.BasicConstraints, extension.IsCritical, extension.GetParsedValue());
             }
 
             var names = domains.Select(domain =>
@@ -150,9 +153,12 @@ namespace FastGithub.ReverseProxy
 
             var subjectAltName = new GeneralNames(names);
             certGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
+
+            certGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth));
             return certGenerator.Generate(signatureFactory);
         }
 
+
         /// <summary>
         /// 生成pfx
         /// </summary>
diff --git a/FastGithub/.config/dotnet-tools.json b/FastGithub/.config/dotnet-tools.json
new file mode 100644
index 0000000..2ae5996
--- /dev/null
+++ b/FastGithub/.config/dotnet-tools.json
@@ -0,0 +1,12 @@
+{
+  "version": 1,
+  "isRoot": true,
+  "tools": {
+    "dotnet-ef": {
+      "version": "5.0.8",
+      "commands": [
+        "dotnet-ef"
+      ]
+    }
+  }
+}
\ No newline at end of file