Add HTTP(S) proxy (#208)

Source/GrasscutterTools/Eavesdrop/Certifier.cs

@@ -0,0 +1,202 @@
+#nullable enable
+using System.Collections.Generic;
+using System.IO;
+using System.Linq;
+using System;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+
+namespace Eavesdrop;
+
+public sealed class Certifier : IDisposable
+{
+    private readonly X509Store _rootStore, _myStore;
+    private readonly IDictionary<string, X509Certificate2> _certificateCache;
+
+    public string Issuer { get; }
+    public string CertificateAuthorityName { get; }
+
+    public DateTime NotAfter { get; set; }
+    public DateTime NotBefore { get; set; }
+    public int KeyLength { get; set; } = 1024;
+    public bool IsCachingSignedCertificates { get; set; }
+
+    public X509Certificate2? Authority { get; private set; }
+
+    public Certifier()
+        : this("Eavesdrop")
+    { }
+    public Certifier(string issuer)
+        : this(issuer, $"{issuer} Root Certificate Authority", StoreLocation.CurrentUser)
+    { }
+    public Certifier(string issuer, string certificateAuthorityName)
+        : this(issuer, certificateAuthorityName, StoreLocation.CurrentUser)
+    { }
+    public Certifier(string issuer, string certificateAuthorityName, StoreLocation location)
+    {
+        _myStore = new X509Store(StoreName.My, location);
+        _rootStore = new X509Store(StoreName.Root, location);
+        _certificateCache = new Dictionary<string, X509Certificate2>();
+
+        NotBefore = DateTime.Now;
+        NotAfter = NotBefore.AddMonths(1);
+
+        Issuer = issuer;
+        CertificateAuthorityName = certificateAuthorityName;
+    }
+
+    public bool CreateTrustedRootCertificate()
+    {
+        return (Authority = InstallCertificate(_rootStore, CertificateAuthorityName)) != null;
+    }
+    public bool DestroyTrustedRootCertificate()
+    {
+        return DestroyCertificates(_rootStore);
+    }
+    public bool ExportTrustedRootCertificate(string path)
+    {
+        X509Certificate2? rootCertificate = InstallCertificate(_rootStore, CertificateAuthorityName);
+
+        path = Path.GetFullPath(path);
+        if (rootCertificate != null)
+        {
+            byte[] data = rootCertificate.Export(X509ContentType.Cert);
+            File.WriteAllBytes(path, data);
+        }
+        return File.Exists(path);
+    }
+
+    public X509Certificate2? GenerateCertificate(string certificateName)
+    {
+        return InstallCertificate(_myStore, certificateName);
+    }
+    public X509Certificate2 CreateCertificate(string subjectName, string alternateName)
+    {
+        using var rsa = RSA.Create(KeyLength);
+        var certificateRequest = new CertificateRequest(subjectName, rsa, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
+        if (Authority == null)
+        {
+            certificateRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(true, false, 0, true));
+            certificateRequest.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(certificateRequest.PublicKey, false));
+
+            using X509Certificate2 certificate = certificateRequest.CreateSelfSigned(NotBefore.ToUniversalTime(), NotAfter.ToUniversalTime());
+
+            certificate.FriendlyName = alternateName;
+            return new X509Certificate2(certificate.Export(X509ContentType.Pfx, string.Empty), string.Empty, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
+        }
+        else
+        {
+            var sanBuilder = new SubjectAlternativeNameBuilder();
+            sanBuilder.AddDnsName(alternateName);
+
+            certificateRequest.CertificateExtensions.Add(sanBuilder.Build());
+            certificateRequest.CertificateExtensions.Add(new X509BasicConstraintsExtension(false, false, 0, false));
+            certificateRequest.CertificateExtensions.Add(new X509SubjectKeyIdentifierExtension(certificateRequest.PublicKey, false));
+
+            using X509Certificate2 certificate = certificateRequest.Create(Authority, Authority.NotBefore, Authority.NotAfter, Guid.NewGuid().ToByteArray());
+            using X509Certificate2 certificateWithPrivateKey = certificate.CopyWithPrivateKey(rsa);
+
+            certificateWithPrivateKey.FriendlyName = alternateName;
+            return new X509Certificate2(certificateWithPrivateKey.Export(X509ContentType.Pfx, string.Empty), string.Empty, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
+        }
+    }
+    private X509Certificate2? InstallCertificate(X509Store store, string certificateName)
+    {
+        if (_certificateCache.TryGetValue(certificateName, out X509Certificate2? certificate))
+        {
+            if (DateTime.Now >= certificate.NotAfter)
+            {
+                _certificateCache.Remove(certificateName);
+            }
+            else return certificate;
+        }
+        lock (store)
+        {
+            try
+            {
+                store.Open(OpenFlags.ReadWrite);
+                string subjectName = $"CN={certificateName}, O={Issuer}";
+
+                certificate = FindCertificates(store, subjectName)?[0];
+                if (certificate != null && DateTime.Now >= certificate.NotAfter)
+                {
+                    if (Authority == null)
+                    {
+                        DestroyCertificates();
+                        store.Open(OpenFlags.ReadWrite);
+                    }
+                    else
+                    {
+                        store.Remove(certificate);
+                    }
+                    certificate = null;
+                }
+
+                if (certificate == null)
+                {
+                    certificate = CreateCertificate(subjectName, certificateName);
+                    if (certificate != null)
+                    {
+                        if (store == _rootStore || IsCachingSignedCertificates)
+                        {
+                            store.Add(certificate);
+                        }
+                    }
+                }
+
+                return certificate;
+            }
+            catch { return certificate = null; }
+            finally
+            {
+                store.Close();
+                if (certificate != null && !_certificateCache.ContainsKey(certificateName))
+                {
+                    _certificateCache.Add(certificateName, certificate);
+                }
+            }
+        }
+    }
+
+    public bool DestroyCertificates(X509Store store)
+    {
+        lock (store)
+        {
+            try
+            {
+                store.Open(OpenFlags.ReadWrite);
+                X509Certificate2Collection certificates = store.Certificates.Find(X509FindType.FindByIssuerName, Issuer, false);
+
+                store.RemoveRange(certificates);
+                IEnumerable<string> subjectNames = certificates.Cast<X509Certificate2>().Select(c => c.GetNameInfo(X509NameType.SimpleName, false));
+
+                foreach (string subjectName in subjectNames)
+                {
+                    if (!_certificateCache.ContainsKey(subjectName)) continue;
+                    _certificateCache.Remove(subjectName);
+                }
+                return true;
+            }
+            catch { return false; }
+            finally { store.Close(); }
+        }
+    }
+    public bool DestroyCertificates() => DestroyCertificates(_myStore) && DestroyCertificates(_rootStore);
+
+    private static X509Certificate2Collection? FindCertificates(X509Store store, string subjectName)
+    {
+        X509Certificate2Collection certificates = store.Certificates
+            .Find(X509FindType.FindBySubjectDistinguishedName, subjectName, false);
+
+        return certificates.Count > 0 ? certificates : null;
+    }
+
+    public void Dispose()
+    {
+        _myStore.Close();
+        _rootStore.Close();
+
+        _myStore.Dispose();
+        _rootStore.Dispose();
+    }
+}