ouczbs/FastGithub
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

方法重命名

Browse Source
This commit is contained in:
陈国伟 2021-07-30 09:54:33 +08:00
parent 05608973b7
commit 95bd7593dc
2 changed files with 55 additions and 57 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

106
FastGithub.ReverseProxy/CertService.cs
View File

@ -15,13 +15,10 @@ namespace FastGithub.ReverseProxy
sealed class CertService sealed class CertService
{ {
private const string CAPATH = "CACert"; private const string CAPATH = "CACert";
private const int KEY_SIZE_BITS = 2048;
private readonly IMemoryCache serverCertCache; private readonly IMemoryCache serverCertCache;
private readonly ILogger<CertService> logger; private readonly ILogger<CertService> logger;
/// <summary>
/// 私钥长度
/// </summary>
public int KeySizeBits { get; } = 2048;
/// <summary> /// <summary>
/// 获取证书文件路径 /// 获取证书文件路径
@ -48,51 +45,9 @@ namespace FastGithub.ReverseProxy
} }
/// <summary> /// <summary>
/// 获取颁发给指定域名的证书 /// 生成CA证书
/// </summary>
/// <param name="domain"></param>
/// <returns></returns>
public X509Certificate2 GetServerCert(string? domain)
{
var key = $"{nameof(CertService)}:{domain}";
return this.serverCertCache.GetOrCreate(key, GetOrCreateCert);
// 生成域名的1年证书
X509Certificate2 GetOrCreateCert(ICacheEntry entry)
{
var domains = GetDomains(domain).Distinct();
var validFrom = DateTime.Today.AddDays(-1);
var validTo = DateTime.Today.AddYears(1);
entry.SetAbsoluteExpiration(validTo);
return CertGenerator.GenerateByCa(domains, this.KeySizeBits, validFrom, validTo, this.CaCerFilePath, this.CaKeyFilePath);
}
}
/// <summary>
/// 获取域名
/// </summary>
/// <param name="domain"></param>
/// <returns></returns>
private static IEnumerable<string> GetDomains(string? domain)
{
if (string.IsNullOrEmpty(domain) == false)
{
yield return domain;
yield break;
}
yield return LocalMachine.Name;
foreach (var address in LocalMachine.GetAllIPv4Addresses())
{
yield return address.ToString();
}
}
/// <summary>
/// 生成10年的根证书
/// </summary> /// </summary>
public bool GenerateCaCert() public bool CreateCaCertIfNotExists()
{ {
if (File.Exists(this.CaCerFilePath) && File.Exists(this.CaKeyFilePath)) if (File.Exists(this.CaCerFilePath) && File.Exists(this.CaKeyFilePath))
{ {
@ -104,18 +59,18 @@ namespace FastGithub.ReverseProxy
var validFrom = DateTime.Today.AddDays(-1); var validFrom = DateTime.Today.AddDays(-1);
var validTo = DateTime.Today.AddYears(10); var validTo = DateTime.Today.AddYears(10);
CertGenerator.GenerateBySelf(new[] { nameof(FastGithub) }, this.KeySizeBits, validFrom, validTo, this.CaCerFilePath, this.CaKeyFilePath); CertGenerator.GenerateBySelf(new[] { nameof(FastGithub) }, KEY_SIZE_BITS, validFrom, validTo, this.CaCerFilePath, this.CaKeyFilePath);
return true; return true;
} }
/// <summary> /// <summary>
/// 安装证书 /// 安装和信任CA证书
/// </summary> /// </summary>
public void InstallCaCert() public void InstallAndTrustCaCert()
{ {
if (OperatingSystem.IsWindows()) if (OperatingSystem.IsWindows())
{ {
this.InstallCaCertAtWindows(); this.InstallAndTrustCaCertAtWindows();
} }
else if (OperatingSystem.IsLinux()) else if (OperatingSystem.IsLinux())
{ {
@ -132,9 +87,9 @@ namespace FastGithub.ReverseProxy
} }
/// <summary> /// <summary>
/// 安装证书 /// 安装CA证书
/// </summary> /// </summary>
private void InstallCaCertAtWindows() private void InstallAndTrustCaCertAtWindows()
{ {
try try
{ {
@ -161,5 +116,48 @@ namespace FastGithub.ReverseProxy
this.logger.LogWarning($"安装证书{this.CaCerFilePath}失败:请手动安装到“将所有的证书都放入下载存储”\\“受信任的根证书颁发机构”", ex); this.logger.LogWarning($"安装证书{this.CaCerFilePath}失败:请手动安装到“将所有的证书都放入下载存储”\\“受信任的根证书颁发机构”", ex);
} }
} }
/// <summary>
/// 获取颁发给指定域名的证书
/// </summary>
/// <param name="domain"></param>
/// <returns></returns>
public X509Certificate2 GetOrCreateServerCert(string? domain)
{
var key = $"{nameof(CertService)}:{domain}";
return this.serverCertCache.GetOrCreate(key, GetOrCreateCert);
// 生成域名的1年证书
X509Certificate2 GetOrCreateCert(ICacheEntry entry)
{
var domains = GetDomains(domain).Distinct();
var validFrom = DateTime.Today.AddDays(-1);
var validTo = DateTime.Today.AddYears(1);
entry.SetAbsoluteExpiration(validTo);
return CertGenerator.GenerateByCa(domains, KEY_SIZE_BITS, validFrom, validTo, this.CaCerFilePath, this.CaKeyFilePath);
}
}
/// <summary>
/// 获取域名
/// </summary>
/// <param name="domain"></param>
/// <returns></returns>
private static IEnumerable<string> GetDomains(string? domain)
{
if (string.IsNullOrEmpty(domain) == false)
{
yield return domain;
yield break;
}
yield return LocalMachine.Name;
foreach (var address in LocalMachine.GetAllIPv4Addresses())
{
yield return address.ToString();
}
}
} }
} }

6
FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs
View File

@ -58,13 +58,13 @@ namespace FastGithub
} }
var certService = kestrel.ApplicationServices.GetRequiredService<CertService>(); var certService = kestrel.ApplicationServices.GetRequiredService<CertService>();
certService.GenerateCaCert(); certService.CreateCaCertIfNotExists();
certService.InstallCaCert(); certService.InstallAndTrustCaCert();
kestrel.Listen(IPAddress.Any, HTTPS_PORT, listen => kestrel.Listen(IPAddress.Any, HTTPS_PORT, listen =>
listen.UseHttps(https => listen.UseHttps(https =>
https.ServerCertificateSelector = (ctx, domain) => https.ServerCertificateSelector = (ctx, domain) =>
certService.GetServerCert(domain))); certService.GetOrCreateServerCert(domain)));
} }
/// <summary> /// <summary>