From 97135abe3bd134c3a1a367e37357845425c83167 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=99=88=E5=9B=BD=E4=BC=9F?= <366193849@qq.com>
Date: Tue, 27 Jul 2021 17:05:57 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E7=94=9F=E6=88=90CA=E8=AF=81?=
 =?UTF-8?q?=E4=B9=A6=E6=97=B6=E7=BC=BA=E5=B0=91CA=E6=A0=87=E8=AF=86?=
 =?UTF-8?q?=E6=89=A9=E5=B1=95=E7=9A=84bug?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 FastGithub.ReverseProxy/CertGenerator.cs        | 17 +++++++----------
 .../KestrelServerOptionsExtensions.cs           |  4 ++--
 FastGithub/Controllers/HomeController.cs        |  2 +-
 3 files changed, 10 insertions(+), 13 deletions(-)

diff --git a/FastGithub.ReverseProxy/CertGenerator.cs b/FastGithub.ReverseProxy/CertGenerator.cs
index a1ca06f..e6a5e4c 100644
--- a/FastGithub.ReverseProxy/CertGenerator.cs
+++ b/FastGithub.ReverseProxy/CertGenerator.cs
@@ -1,5 +1,4 @@
-using Org.BouncyCastle.Asn1;
-using Org.BouncyCastle.Asn1.Pkcs;
+using Org.BouncyCastle.Asn1.Pkcs;
 using Org.BouncyCastle.Asn1.X509;
 using Org.BouncyCastle.Asn1.X9;
 using Org.BouncyCastle.Crypto;
@@ -41,7 +40,7 @@ namespace FastGithub.ReverseProxy
         public static void GenerateBySelf(IEnumerable<string> domains, int keySizeBits, DateTime validFrom, DateTime validTo, string caPublicCerPath, string caPrivateKeyPath)
         {
             var keys = GenerateRsaKeyPair(keySizeBits);
-            var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, domains.First(), null, keys.Private, null);
+            var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, domains.First(), null, keys.Private);
 
             using var priWriter = new StreamWriter(caPrivateKeyPath);
             var priPemWriter = new PemWriter(priWriter);
@@ -85,7 +84,7 @@ namespace FastGithub.ReverseProxy
 
             var caSubjectName = GetSubjectName(caCert);
             var keys = GenerateRsaKeyPair(keySizeBits);
-            var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, caSubjectName, caCert.GetPublicKey(), caPrivateKey, null);
+            var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, caSubjectName, caCert.GetPublicKey(), caPrivateKey);
 
             return GeneratePfx(cert, keys.Private, password);
         }
@@ -112,10 +111,9 @@ namespace FastGithub.ReverseProxy
         /// <param name="validTo"></param>
         /// <param name="issuerName"></param>
         /// <param name="issuerPublic"></param>
-        /// <param name="issuerPrivate"></param>
-        /// <param name="CA_PathLengthConstraint"></param>
+        /// <param name="issuerPrivate"></param> 
         /// <returns></returns>
-        private static X509Certificate GenerateCertificate(IEnumerable<string> domains, AsymmetricKeyParameter subjectPublic, DateTime validFrom, DateTime validTo, string issuerName, AsymmetricKeyParameter? issuerPublic, AsymmetricKeyParameter issuerPrivate, int? CA_PathLengthConstraint)
+        private static X509Certificate GenerateCertificate(IEnumerable<string> domains, AsymmetricKeyParameter subjectPublic, DateTime validFrom, DateTime validTo, string issuerName, AsymmetricKeyParameter? issuerPublic, AsymmetricKeyParameter issuerPrivate)
         {
             var signatureFactory = issuerPrivate is ECPrivateKeyParameters
                 ? new Asn1SignatureFactory(X9ObjectIdentifiers.ECDsaWithSha256.ToString(), issuerPrivate)
@@ -134,10 +132,9 @@ namespace FastGithub.ReverseProxy
                 var akis = new AuthorityKeyIdentifierStructure(issuerPublic);
                 certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, akis);
             }
-            if (CA_PathLengthConstraint != null && CA_PathLengthConstraint >= 0)
+            else
             {
-                var extension = new X509Extension(true, new DerOctetString(new BasicConstraints(CA_PathLengthConstraint.Value)));
-                certGenerator.AddExtension(X509Extensions.BasicConstraints, extension.IsCritical, extension.GetParsedValue());
+                certGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(cA: true)); ;
             }
 
             var names = domains.Select(domain =>
diff --git a/FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs b/FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs
index 6dbbcea..fcd7874 100644
--- a/FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs
+++ b/FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs
@@ -37,8 +37,8 @@ namespace FastGithub
 
             const string CAPATH = "CACert";
             Directory.CreateDirectory(CAPATH);
-            var caPublicCerPath = $"{CAPATH}/{Environment.MachineName}.cer";
-            var caPrivateKeyPath = $"{CAPATH}/{Environment.MachineName}.key";
+            var caPublicCerPath = $"{CAPATH}/{nameof(FastGithub)}.cer";
+            var caPrivateKeyPath = $"{CAPATH}/{nameof(FastGithub)}.key";
 
             GeneratorCaCert(caPublicCerPath, caPrivateKeyPath);
             InstallCaCert(caPublicCerPath, logger);
diff --git a/FastGithub/Controllers/HomeController.cs b/FastGithub/Controllers/HomeController.cs
index dc5fafd..7c528f1 100644
--- a/FastGithub/Controllers/HomeController.cs
+++ b/FastGithub/Controllers/HomeController.cs
@@ -22,7 +22,7 @@ namespace FastGithub.Controllers
         /// <returns></returns>
         public async Task<IActionResult> Cert()
         {
-            var certFile = $"CACert/{Environment.MachineName}.cer";
+            var certFile = $"CACert/{nameof(FastGithub)}.cer";
             this.Response.ContentType = "application/x-x509-ca-cert";
             this.Response.Headers.Add("Content-Disposition", $"attachment;filename={nameof(FastGithub)}.cer");
             await this.Response.SendFileAsync(certFile);