ouczbs/FastGithub
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

参考fiddler生成ca证书

Browse Source
This commit is contained in:
xljiulang 2021-07-28 21:23:14 +08:00
parent de38ad6e80
commit 498539bf53
2 changed files with 25 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
FastGithub.ReverseProxy/CertGenerator.cs
View File

@ -1,4 +1,5 @@
using Org.BouncyCastle.Asn1.Pkcs; using Org.BouncyCastle.Asn1;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Asn1.X9; using Org.BouncyCastle.Asn1.X9;
using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto;
@ -40,7 +41,7 @@ namespace FastGithub.ReverseProxy
public static void GenerateBySelf(IEnumerable<string> domains, int keySizeBits, DateTime validFrom, DateTime validTo, string caPublicCerPath, string caPrivateKeyPath) public static void GenerateBySelf(IEnumerable<string> domains, int keySizeBits, DateTime validFrom, DateTime validTo, string caPublicCerPath, string caPrivateKeyPath)
{ {
var keys = GenerateRsaKeyPair(keySizeBits); var keys = GenerateRsaKeyPair(keySizeBits);
var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, domains.First(), null, keys.Private); var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, domains.First(), null, keys.Private, 1);
using var priWriter = new StreamWriter(caPrivateKeyPath); using var priWriter = new StreamWriter(caPrivateKeyPath);
var priPemWriter = new PemWriter(priWriter); var priPemWriter = new PemWriter(priWriter);
@ -84,7 +85,7 @@ namespace FastGithub.ReverseProxy
var caSubjectName = GetSubjectName(caCert); var caSubjectName = GetSubjectName(caCert);
var keys = GenerateRsaKeyPair(keySizeBits); var keys = GenerateRsaKeyPair(keySizeBits);
var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, caSubjectName, caCert.GetPublicKey(), caPrivateKey); var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, caSubjectName, caCert.GetPublicKey(), caPrivateKey, null);
return GeneratePfx(cert, keys.Private, password); return GeneratePfx(cert, keys.Private, password);
} }
@ -111,9 +112,10 @@ namespace FastGithub.ReverseProxy
/// <param name="validTo"></param> /// <param name="validTo"></param>
/// <param name="issuerName"></param> /// <param name="issuerName"></param>
/// <param name="issuerPublic"></param> /// <param name="issuerPublic"></param>
/// <param name="issuerPrivate"></param> /// <param name="issuerPrivate"></param>
/// <param name="caPathLengthConstraint"></param>
/// <returns></returns> /// <returns></returns>
private static X509Certificate GenerateCertificate(IEnumerable<string> domains, AsymmetricKeyParameter subjectPublic, DateTime validFrom, DateTime validTo, string issuerName, AsymmetricKeyParameter? issuerPublic, AsymmetricKeyParameter issuerPrivate) private static X509Certificate GenerateCertificate(IEnumerable<string> domains, AsymmetricKeyParameter subjectPublic, DateTime validFrom, DateTime validTo, string issuerName, AsymmetricKeyParameter? issuerPublic, AsymmetricKeyParameter issuerPrivate, int? caPathLengthConstraint)
{ {
var signatureFactory = issuerPrivate is ECPrivateKeyParameters var signatureFactory = issuerPrivate is ECPrivateKeyParameters
? new Asn1SignatureFactory(X9ObjectIdentifiers.ECDsaWithSha256.ToString(), issuerPrivate) ? new Asn1SignatureFactory(X9ObjectIdentifiers.ECDsaWithSha256.ToString(), issuerPrivate)
@ -132,9 +134,10 @@ namespace FastGithub.ReverseProxy
var akis = new AuthorityKeyIdentifierStructure(issuerPublic); var akis = new AuthorityKeyIdentifierStructure(issuerPublic);
certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, akis); certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, akis);
} }
else if (caPathLengthConstraint != null && caPathLengthConstraint >= 0)
{ {
certGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(cA: true)); ; var extension = new X509Extension(true, new DerOctetString(new BasicConstraints(caPathLengthConstraint.Value)));
certGenerator.AddExtension(X509Extensions.BasicConstraints, extension.IsCritical, extension.GetParsedValue());
} }
var names = domains.Select(domain => var names = domains.Select(domain =>
@ -150,9 +153,12 @@ namespace FastGithub.ReverseProxy
var subjectAltName = new GeneralNames(names); var subjectAltName = new GeneralNames(names);
certGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName); certGenerator.AddExtension(X509Extensions.SubjectAlternativeName, false, subjectAltName);
certGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth));
return certGenerator.Generate(signatureFactory); return certGenerator.Generate(signatureFactory);
} }
/// <summary> /// <summary>
/// 生成pfx /// 生成pfx
/// </summary> /// </summary>

12
FastGithub/.config/dotnet-tools.json Normal file
View File

@ -0,0 +1,12 @@
{
"version": 1,
"isRoot": true,
"tools": {
"dotnet-ef": {
"version": "5.0.8",
"commands": [
"dotnet-ef"
]
}
}
}