ouczbs/FastGithub
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

修复生成CA证书时缺少CA标识扩展的bug

Browse Source
This commit is contained in:
陈国伟 2021-07-27 17:05:57 +08:00
parent 02c051511d
commit 97135abe3b
3 changed files with 10 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
FastGithub.ReverseProxy/CertGenerator.cs
View File

@ -1,5 +1,4 @@
using Org.BouncyCastle.Asn1; using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.Pkcs;
using Org.BouncyCastle.Asn1.X509; using Org.BouncyCastle.Asn1.X509;
using Org.BouncyCastle.Asn1.X9; using Org.BouncyCastle.Asn1.X9;
using Org.BouncyCastle.Crypto; using Org.BouncyCastle.Crypto;
@ -41,7 +40,7 @@ namespace FastGithub.ReverseProxy
public static void GenerateBySelf(IEnumerable<string> domains, int keySizeBits, DateTime validFrom, DateTime validTo, string caPublicCerPath, string caPrivateKeyPath) public static void GenerateBySelf(IEnumerable<string> domains, int keySizeBits, DateTime validFrom, DateTime validTo, string caPublicCerPath, string caPrivateKeyPath)
{ {
var keys = GenerateRsaKeyPair(keySizeBits); var keys = GenerateRsaKeyPair(keySizeBits);
var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, domains.First(), null, keys.Private, null); var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, domains.First(), null, keys.Private);
using var priWriter = new StreamWriter(caPrivateKeyPath); using var priWriter = new StreamWriter(caPrivateKeyPath);
var priPemWriter = new PemWriter(priWriter); var priPemWriter = new PemWriter(priWriter);
@ -85,7 +84,7 @@ namespace FastGithub.ReverseProxy
var caSubjectName = GetSubjectName(caCert); var caSubjectName = GetSubjectName(caCert);
var keys = GenerateRsaKeyPair(keySizeBits); var keys = GenerateRsaKeyPair(keySizeBits);
var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, caSubjectName, caCert.GetPublicKey(), caPrivateKey, null); var cert = GenerateCertificate(domains, keys.Public, validFrom, validTo, caSubjectName, caCert.GetPublicKey(), caPrivateKey);
return GeneratePfx(cert, keys.Private, password); return GeneratePfx(cert, keys.Private, password);
} }
@ -112,10 +111,9 @@ namespace FastGithub.ReverseProxy
/// <param name="validTo"></param> /// <param name="validTo"></param>
/// <param name="issuerName"></param> /// <param name="issuerName"></param>
/// <param name="issuerPublic"></param> /// <param name="issuerPublic"></param>
/// <param name="issuerPrivate"></param> /// <param name="issuerPrivate"></param>
/// <param name="CA_PathLengthConstraint"></param>
/// <returns></returns> /// <returns></returns>
private static X509Certificate GenerateCertificate(IEnumerable<string> domains, AsymmetricKeyParameter subjectPublic, DateTime validFrom, DateTime validTo, string issuerName, AsymmetricKeyParameter? issuerPublic, AsymmetricKeyParameter issuerPrivate, int? CA_PathLengthConstraint) private static X509Certificate GenerateCertificate(IEnumerable<string> domains, AsymmetricKeyParameter subjectPublic, DateTime validFrom, DateTime validTo, string issuerName, AsymmetricKeyParameter? issuerPublic, AsymmetricKeyParameter issuerPrivate)
{ {
var signatureFactory = issuerPrivate is ECPrivateKeyParameters var signatureFactory = issuerPrivate is ECPrivateKeyParameters
? new Asn1SignatureFactory(X9ObjectIdentifiers.ECDsaWithSha256.ToString(), issuerPrivate) ? new Asn1SignatureFactory(X9ObjectIdentifiers.ECDsaWithSha256.ToString(), issuerPrivate)
@ -134,10 +132,9 @@ namespace FastGithub.ReverseProxy
var akis = new AuthorityKeyIdentifierStructure(issuerPublic); var akis = new AuthorityKeyIdentifierStructure(issuerPublic);
certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, akis); certGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, akis);
} }
if (CA_PathLengthConstraint != null && CA_PathLengthConstraint >= 0) else
{ {
var extension = new X509Extension(true, new DerOctetString(new BasicConstraints(CA_PathLengthConstraint.Value))); certGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(cA: true)); ;
certGenerator.AddExtension(X509Extensions.BasicConstraints, extension.IsCritical, extension.GetParsedValue());
} }
var names = domains.Select(domain => var names = domains.Select(domain =>

4
FastGithub.ReverseProxy/KestrelServerOptionsExtensions.cs
View File

@ -37,8 +37,8 @@ namespace FastGithub
const string CAPATH = "CACert"; const string CAPATH = "CACert";
Directory.CreateDirectory(CAPATH); Directory.CreateDirectory(CAPATH);
var caPublicCerPath = $"{CAPATH}/{Environment.MachineName}.cer"; var caPublicCerPath = $"{CAPATH}/{nameof(FastGithub)}.cer";
var caPrivateKeyPath = $"{CAPATH}/{Environment.MachineName}.key"; var caPrivateKeyPath = $"{CAPATH}/{nameof(FastGithub)}.key";
GeneratorCaCert(caPublicCerPath, caPrivateKeyPath); GeneratorCaCert(caPublicCerPath, caPrivateKeyPath);
InstallCaCert(caPublicCerPath, logger); InstallCaCert(caPublicCerPath, logger);

2
FastGithub/Controllers/HomeController.cs
View File

@ -22,7 +22,7 @@ namespace FastGithub.Controllers
/// <returns></returns> /// <returns></returns>
public async Task<IActionResult> Cert() public async Task<IActionResult> Cert()
{ {
var certFile = $"CACert/{Environment.MachineName}.cer"; var certFile = $"CACert/{nameof(FastGithub)}.cer";
this.Response.ContentType = "application/x-x509-ca-cert"; this.Response.ContentType = "application/x-x509-ca-cert";
this.Response.Headers.Add("Content-Disposition", $"attachment;filename={nameof(FastGithub)}.cer"); this.Response.Headers.Add("Content-Disposition", $"attachment;filename={nameof(FastGithub)}.cer");
await this.Response.SendFileAsync(certFile); await this.Response.SendFileAsync(certFile);