2024-11-04 15:14:56 +08:00
|
|
|
|
import { ILogger, sp } from "@certd/basic";
|
2024-09-06 00:13:21 +08:00
|
|
|
|
import type { CertInfo } from "../cert-plugin/acme.js";
|
|
|
|
|
|
import { CertReader, CertReaderHandleContext } from "../cert-plugin/cert-reader.js";
|
|
|
|
|
|
import path from "path";
|
|
|
|
|
|
import os from "os";
|
|
|
|
|
|
import fs from "fs";
|
|
|
|
|
|
|
|
|
|
|
|
export { CertReader };
|
|
|
|
|
|
export type { CertInfo };
|
|
|
|
|
|
|
|
|
|
|
|
export class CertConverter {
|
|
|
|
|
|
logger: ILogger;
|
|
|
|
|
|
|
|
|
|
|
|
constructor(opts: { logger: ILogger }) {
|
|
|
|
|
|
this.logger = opts.logger;
|
|
|
|
|
|
}
|
2024-11-30 17:36:47 +08:00
|
|
|
|
async convert(opts: { cert: CertInfo; pfxPassword: string; pfxArgs: string }): Promise<{
|
|
|
|
|
|
pfx: string;
|
|
|
|
|
|
der: string;
|
|
|
|
|
|
jks: string;
|
2025-08-25 18:21:38 +08:00
|
|
|
|
p7b: string;
|
2024-09-06 00:13:21 +08:00
|
|
|
|
}> {
|
|
|
|
|
|
const certReader = new CertReader(opts.cert);
|
2024-11-30 17:36:47 +08:00
|
|
|
|
let pfx: string;
|
|
|
|
|
|
let der: string;
|
|
|
|
|
|
let jks: string;
|
2025-08-25 18:21:38 +08:00
|
|
|
|
let p7b: string;
|
2024-09-30 13:52:18 +08:00
|
|
|
|
const handle = async (ctx: CertReaderHandleContext) => {
|
2024-09-06 00:13:21 +08:00
|
|
|
|
// 调用openssl 转pfx
|
2024-11-30 17:36:47 +08:00
|
|
|
|
pfx = await this.convertPfx(ctx, opts.pfxPassword, opts.pfxArgs);
|
2024-09-06 00:13:21 +08:00
|
|
|
|
|
|
|
|
|
|
// 转der
|
2024-11-30 17:36:47 +08:00
|
|
|
|
der = await this.convertDer(ctx);
|
2024-10-29 23:37:18 +08:00
|
|
|
|
|
2024-11-30 17:36:47 +08:00
|
|
|
|
jks = await this.convertJks(ctx, opts.pfxPassword);
|
2025-08-25 18:21:38 +08:00
|
|
|
|
|
|
|
|
|
|
p7b = await this.convertP7b(ctx);
|
2024-09-06 00:13:21 +08:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
await certReader.readCertFile({ logger: this.logger, handle });
|
|
|
|
|
|
|
|
|
|
|
|
return {
|
2024-11-30 17:36:47 +08:00
|
|
|
|
pfx,
|
|
|
|
|
|
der,
|
|
|
|
|
|
jks,
|
2025-08-25 18:21:38 +08:00
|
|
|
|
p7b,
|
2024-09-06 00:13:21 +08:00
|
|
|
|
};
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
async exec(cmd: string) {
|
2024-10-30 01:44:02 +08:00
|
|
|
|
process.env.LANG = "zh_CN.GBK";
|
2024-09-06 00:13:21 +08:00
|
|
|
|
await sp.spawn({
|
|
|
|
|
|
cmd: cmd,
|
|
|
|
|
|
logger: this.logger,
|
|
|
|
|
|
});
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2024-11-30 17:36:47 +08:00
|
|
|
|
private async convertPfx(opts: CertReaderHandleContext, pfxPassword: string, pfxArgs: string) {
|
2024-09-06 00:13:21 +08:00
|
|
|
|
const { tmpCrtPath, tmpKeyPath } = opts;
|
|
|
|
|
|
|
2024-10-30 01:44:02 +08:00
|
|
|
|
const pfxPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "_cert.pfx");
|
2024-09-06 00:13:21 +08:00
|
|
|
|
|
|
|
|
|
|
const dir = path.dirname(pfxPath);
|
|
|
|
|
|
if (!fs.existsSync(dir)) {
|
|
|
|
|
|
fs.mkdirSync(dir, { recursive: true });
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
let passwordArg = "-passout pass:";
|
|
|
|
|
|
if (pfxPassword) {
|
|
|
|
|
|
passwordArg = `-password pass:${pfxPassword}`;
|
|
|
|
|
|
}
|
2024-10-31 15:14:56 +08:00
|
|
|
|
// 兼容server 2016,旧版本不能用sha256
|
2024-11-30 17:36:47 +08:00
|
|
|
|
const oldPfxCmd = `openssl pkcs12 ${pfxArgs} -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`;
|
2024-10-31 13:37:25 +08:00
|
|
|
|
// const newPfx = `openssl pkcs12 -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`;
|
|
|
|
|
|
await this.exec(oldPfxCmd);
|
2024-11-30 17:36:47 +08:00
|
|
|
|
const fileBuffer = fs.readFileSync(pfxPath);
|
|
|
|
|
|
const pfxCert = fileBuffer.toString("base64");
|
|
|
|
|
|
fs.unlinkSync(pfxPath);
|
|
|
|
|
|
return pfxCert;
|
|
|
|
|
|
|
2024-09-06 00:13:21 +08:00
|
|
|
|
//
|
|
|
|
|
|
// const applyTime = new Date().getTime();
|
|
|
|
|
|
// const filename = reader.buildCertFileName("pfx", applyTime);
|
|
|
|
|
|
// this.saveFile(filename, fileBuffer);
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private async convertDer(opts: CertReaderHandleContext) {
|
|
|
|
|
|
const { tmpCrtPath } = opts;
|
2024-10-30 01:44:02 +08:00
|
|
|
|
const derPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + `_cert.der`);
|
2024-09-06 00:13:21 +08:00
|
|
|
|
|
|
|
|
|
|
const dir = path.dirname(derPath);
|
|
|
|
|
|
if (!fs.existsSync(dir)) {
|
|
|
|
|
|
fs.mkdirSync(dir, { recursive: true });
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
await this.exec(`openssl x509 -outform der -in ${tmpCrtPath} -out ${derPath}`);
|
2024-11-30 17:36:47 +08:00
|
|
|
|
const fileBuffer = fs.readFileSync(derPath);
|
|
|
|
|
|
const derCert = fileBuffer.toString("base64");
|
|
|
|
|
|
fs.unlinkSync(derPath);
|
|
|
|
|
|
return derCert;
|
2024-09-06 00:13:21 +08:00
|
|
|
|
}
|
2024-10-29 23:37:18 +08:00
|
|
|
|
|
2025-08-25 18:21:38 +08:00
|
|
|
|
async convertP7b(opts: CertReaderHandleContext) {
|
|
|
|
|
|
const { tmpCrtPath } = opts;
|
|
|
|
|
|
const p7bPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + `_cert.p7b`);
|
|
|
|
|
|
const dir = path.dirname(p7bPath);
|
|
|
|
|
|
if (!fs.existsSync(dir)) {
|
|
|
|
|
|
fs.mkdirSync(dir, { recursive: true });
|
|
|
|
|
|
}
|
|
|
|
|
|
//openssl crl2pkcs7 -nocrl \
|
|
|
|
|
|
// -certfile your_domain.crt \
|
|
|
|
|
|
// -certfile intermediate.crt \
|
|
|
|
|
|
// -out chain.p7b
|
|
|
|
|
|
await this.exec(`openssl crl2pkcs7 -nocrl -certfile ${tmpCrtPath} -out ${p7bPath}`);
|
|
|
|
|
|
const fileBuffer = fs.readFileSync(p7bPath);
|
|
|
|
|
|
const p7bCert = fileBuffer.toString();
|
|
|
|
|
|
fs.unlinkSync(p7bPath);
|
|
|
|
|
|
return p7bCert;
|
|
|
|
|
|
}
|
2024-10-31 15:14:56 +08:00
|
|
|
|
async convertJks(opts: CertReaderHandleContext, pfxPassword = "") {
|
2024-10-30 01:44:02 +08:00
|
|
|
|
const jksPassword = pfxPassword || "123456";
|
2024-10-29 23:37:18 +08:00
|
|
|
|
try {
|
2024-10-30 01:44:02 +08:00
|
|
|
|
const randomStr = Math.floor(Math.random() * 1000000) + "";
|
|
|
|
|
|
|
2024-10-31 15:14:56 +08:00
|
|
|
|
const p12Path = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.p12`);
|
|
|
|
|
|
const { tmpCrtPath, tmpKeyPath } = opts;
|
|
|
|
|
|
let passwordArg = "-passout pass:";
|
2024-11-14 18:04:59 +08:00
|
|
|
|
if (jksPassword) {
|
|
|
|
|
|
passwordArg = `-password pass:${jksPassword}`;
|
2024-10-31 15:14:56 +08:00
|
|
|
|
}
|
|
|
|
|
|
await this.exec(`openssl pkcs12 -export -in ${tmpCrtPath} -inkey ${tmpKeyPath} -out ${p12Path} -name certd ${passwordArg}`);
|
2024-10-30 01:44:02 +08:00
|
|
|
|
|
|
|
|
|
|
const jksPath = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.jks`);
|
|
|
|
|
|
const dir = path.dirname(jksPath);
|
|
|
|
|
|
if (!fs.existsSync(dir)) {
|
|
|
|
|
|
fs.mkdirSync(dir, { recursive: true });
|
2024-10-29 23:37:18 +08:00
|
|
|
|
}
|
2025-08-25 18:21:38 +08:00
|
|
|
|
await this.exec(`keytool -importkeystore -srckeystore ${p12Path} -srcstoretype PKCS12 -srcstorepass "${jksPassword}" -destkeystore ${jksPath} -deststoretype PKCS12 -deststorepass "${jksPassword}" `);
|
2024-10-31 15:14:56 +08:00
|
|
|
|
fs.unlinkSync(p12Path);
|
2024-11-30 17:36:47 +08:00
|
|
|
|
|
|
|
|
|
|
const fileBuffer = fs.readFileSync(jksPath);
|
|
|
|
|
|
const certBase64 = fileBuffer.toString("base64");
|
|
|
|
|
|
fs.unlinkSync(jksPath);
|
|
|
|
|
|
return certBase64;
|
2024-10-29 23:37:18 +08:00
|
|
|
|
} catch (e) {
|
|
|
|
|
|
this.logger.error("转换jks失败", e);
|
|
|
|
|
|
return;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2024-09-06 00:13:21 +08:00
|
|
|
|
}
|
