packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts

// @ts-ignore
import * as acme from "@certd/acme-client";
import _ from "lodash-es";
import { Challenge } from "@certd/acme-client/types/rfc8555";
import { Logger } from "log4js";
import { IContext } from "@certd/pipeline";
import { IDnsProvider } from "../../dns-provider/index.js";
import psl from "psl";
import { ClientExternalAccountBindingOptions, UrlMapping } from "@certd/acme-client";
import { utils } from "@certd/pipeline";
export type CertInfo = {
  crt: string;
  key: string;
  csr: string;
};
export type SSLProvider = "letsencrypt" | "google" | "zerossl";
export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";
type AcmeServiceOptions = {
  userContext: IContext;
  logger: Logger;
  sslProvider: SSLProvider;
  eab?: ClientExternalAccountBindingOptions;
  skipLocalVerify?: boolean;
  useMappingProxy?: boolean;
  privateKeyType?: PrivateKeyType;
  signal?: AbortSignal;
};

export class AcmeService {
  options: AcmeServiceOptions;
  userContext: IContext;
  logger: Logger;
  sslProvider: SSLProvider;
  skipLocalVerify = true;
  eab?: ClientExternalAccountBindingOptions;
  constructor(options: AcmeServiceOptions) {
    this.options = options;
    this.userContext = options.userContext;
    this.logger = options.logger;
    this.sslProvider = options.sslProvider || "letsencrypt";
    this.eab = options.eab;
    this.skipLocalVerify = options.skipLocalVerify ?? false;
    acme.setLogger((text: string) => {
      this.logger.info(text);
    });
  }

  async getAccountConfig(email: string, urlMapping: UrlMapping): Promise<any> {
    const conf = (await this.userContext.getObj(this.buildAccountKey(email))) || {};
    if (urlMapping && urlMapping.mappings) {
      for (const key in urlMapping.mappings) {
        if (Object.prototype.hasOwnProperty.call(urlMapping.mappings, key)) {
          const element = urlMapping.mappings[key];
          if (conf.accountUrl?.indexOf(element) > -1) {
            //如果用了代理url，要替换回去
            conf.accountUrl = conf.accountUrl.replace(element, key);
          }
        }
      }
    }
    return conf;
  }

  buildAccountKey(email: string) {
    return `acme.config.${this.sslProvider}.${email}`;
  }

  async saveAccountConfig(email: string, conf: any) {
    await this.userContext.setObj(this.buildAccountKey(email), conf);
  }

  async getAcmeClient(email: string, isTest = false): Promise<acme.Client> {
    const urlMapping: UrlMapping = {
      enabled: false,
      mappings: {
        "acme-v02.api.letsencrypt.org": "letsencrypt.proxy.handsfree.work",
        "dv.acme-v02.api.pki.goog": "google.proxy.handsfree.work",
      },
    };
    const conf = await this.getAccountConfig(email, urlMapping);
    if (conf.key == null) {
      conf.key = await this.createNewKey();
      await this.saveAccountConfig(email, conf);
    }
    let directoryUrl = "";
    if (isTest) {
      directoryUrl = acme.directory[this.sslProvider].staging;
    } else {
      directoryUrl = acme.directory[this.sslProvider].production;
    }
    if (this.options.useMappingProxy) {
      urlMapping.enabled = true;
    } else {
      //测试directory是否可以访问
      const isOk = await this.testDirectory(directoryUrl);
      if (!isOk) {
        this.logger.info("测试访问失败，自动使用代理");
        urlMapping.enabled = true;
      }
    }
    const client = new acme.Client({
      directoryUrl: directoryUrl,
      accountKey: conf.key,
      accountUrl: conf.accountUrl,
      externalAccountBinding: this.eab,
      backoffAttempts: 15,
      backoffMin: 5000,
      backoffMax: 10000,
      urlMapping,
      signal: this.options.signal,
    });

    if (conf.accountUrl == null) {
      const accountPayload = {
        termsOfServiceAgreed: true,
        contact: [`mailto:${email}`],
        externalAccountBinding: this.eab,
      };
      await client.createAccount(accountPayload);
      conf.accountUrl = client.getAccountUrl();
      await this.saveAccountConfig(email, conf);
    }
    return client;
  }

  async createNewKey() {
    const key = await acme.forge.createPrivateKey();
    return key.toString();
  }

  parseDomain(fullDomain: string) {
    const parsed = psl.parse(fullDomain) as psl.ParsedDomain;
    if (parsed.error) {
      throw new Error(`解析${fullDomain}域名失败:` + JSON.stringify(parsed.error));
    }
    return parsed.domain as string;
  }
  async challengeCreateFn(authz: any, challenge: any, keyAuthorization: string, dnsProvider: IDnsProvider) {
    this.logger.info("Triggered challengeCreateFn()");

    /* http-01 */
    const fullDomain = authz.identifier.value;
    if (challenge.type === "http-01") {
      const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
      const fileContents = keyAuthorization;

      this.logger.info(`Creating challenge response for ${fullDomain} at path: ${filePath}`);

      /* Replace this */
      this.logger.info(`Would write "${fileContents}" to path "${filePath}"`);
      // await fs.writeFileAsync(filePath, fileContents);
    } else if (challenge.type === "dns-01") {
      /* dns-01 */
      const dnsRecord = `_acme-challenge.${fullDomain}`;
      const recordValue = keyAuthorization;

      this.logger.info(`Creating TXT record for ${fullDomain}: ${dnsRecord}`);
      /* Replace this */
      this.logger.info(`Would create TXT record "${dnsRecord}" with value "${recordValue}"`);

      const domain = this.parseDomain(fullDomain);
      this.logger.info("解析到域名domain=", domain);
      return await dnsProvider.createRecord({
        fullRecord: dnsRecord,
        type: "TXT",
        value: recordValue,
        domain,
      });
    }
  }

  /**
   * Function used to remove an ACME challenge response
   *
   * @param {object} authz Authorization object
   * @param {object} challenge Selected challenge
   * @param {string} keyAuthorization Authorization key
   * @param recordItem  challengeCreateFn create record item
   * @param dnsProvider dnsProvider
   * @returns {Promise}
   */

  async challengeRemoveFn(authz: any, challenge: any, keyAuthorization: string, recordItem: any, dnsProvider: IDnsProvider) {
    this.logger.info("Triggered challengeRemoveFn()");

    /* http-01 */
    const fullDomain = authz.identifier.value;
    if (challenge.type === "http-01") {
      const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;

      this.logger.info(`Removing challenge response for ${fullDomain} at path: ${filePath}`);

      /* Replace this */
      this.logger.info(`Would remove file on path "${filePath}"`);
      // await fs.unlinkAsync(filePath);
    } else if (challenge.type === "dns-01") {
      const dnsRecord = `_acme-challenge.${fullDomain}`;
      const recordValue = keyAuthorization;

      this.logger.info(`Removing TXT record for ${fullDomain}: ${dnsRecord}`);

      /* Replace this */
      this.logger.info(`Would remove TXT record "${dnsRecord}" with value "${recordValue}"`);

      const domain = this.parseDomain(fullDomain);

      try {
        await dnsProvider.removeRecord({
          fullRecord: dnsRecord,
          type: "TXT",
          value: keyAuthorization,
          record: recordItem,
          domain,
        });
      } catch (e) {
        this.logger.error("删除解析记录出错：", e);
        throw e;
      }
    }
  }

  async order(options: {
    email: string;
    domains: string | string[];
    dnsProvider: any;
    csrInfo: any;
    isTest?: boolean;
    privateKeyType?: string;
  }): Promise<CertInfo> {
    const { email, isTest, domains, csrInfo, dnsProvider } = options;
    const client: acme.Client = await this.getAcmeClient(email, isTest);

    /* Create CSR */
    const { commonName, altNames } = this.buildCommonNameByDomains(domains);
    let privateKey = null;
    const privateKeyType = options.privateKeyType || "rsa_2048";
    const privateKeyArr = privateKeyType.split("_");
    const type = privateKeyArr[0];
    const size = parseInt(privateKeyArr[1]);
    if (type == "ec") {
      const name: any = "P-" + size;
      privateKey = await acme.crypto.createPrivateEcdsaKey(name);
    } else {
      privateKey = await acme.crypto.createPrivateRsaKey(size);
    }
    const [key, csr] = await acme.crypto.createCsr(
      {
        commonName,
        ...csrInfo,
        altNames,
      },
      privateKey
    );
    if (dnsProvider == null) {
      throw new Error("dnsProvider 不能为空");
    }
    /* 自动申请证书 */
    const crt = await client.auto({
      csr,
      email: email,
      termsOfServiceAgreed: true,
      skipChallengeVerification: this.skipLocalVerify,
      challengePriority: ["dns-01"],
      challengeCreateFn: async (authz: acme.Authorization, challenge: Challenge, keyAuthorization: string): Promise<any> => {
        return await this.challengeCreateFn(authz, challenge, keyAuthorization, dnsProvider);
      },
      challengeRemoveFn: async (authz: acme.Authorization, challenge: Challenge, keyAuthorization: string, recordItem: any): Promise<any> => {
        return await this.challengeRemoveFn(authz, challenge, keyAuthorization, recordItem, dnsProvider);
      },
      signal: this.options.signal,
    });

    const cert: CertInfo = {
      crt: crt.toString(),
      key: key.toString(),
      csr: csr.toString(),
    };
    /* Done */
    this.logger.debug(`CSR:\n${cert.csr}`);
    this.logger.debug(`Certificate:\n${cert.crt}`);
    this.logger.info("证书申请成功");
    return cert;
  }

  buildCommonNameByDomains(domains: string | string[]): {
    commonName: string;
    altNames: string[] | undefined;
  } {
    if (typeof domains === "string") {
      domains = domains.split(",");
    }
    if (domains.length === 0) {
      throw new Error("domain can not be empty");
    }
    const commonName = domains[0];
    let altNames: undefined | string[] = undefined;
    if (domains.length > 1) {
      altNames = _.slice(domains, 1);
    }
    return {
      commonName,
      altNames,
    };
  }

  private async testDirectory(directoryUrl: string) {
    try {
      await utils.http({
        url: directoryUrl,
        method: "GET",
        timeout: 5000,
      });
    } catch (e) {
      this.logger.error(`${directoryUrl}，测试访问失败`, e);
      return false;
    }
    this.logger.info(`${directoryUrl}，测试访问成功`);
    return true;
  }
}
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								// @ts-ignore
 								import * as acme from "@certd/acme-client";
-												feat: 升级midway，支持esm

											
										
										
											2024-07-15 00:30:33 +08:00
+								import _ from "lodash-es";
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								import { Challenge } from "@certd/acme-client/types/rfc8555";
 								import { Logger } from "log4js";
-												perf: 优化文件下载包名

											
										
										
											2024-05-30 10:12:48 +08:00
+								import { IContext } from "@certd/pipeline";
-												feat: 升级midway，支持esm

											
										
										
											2024-07-15 00:30:33 +08:00
+								import { IDnsProvider } from "../../dns-provider/index.js";
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								import psl from "psl";
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								import { ClientExternalAccountBindingOptions, UrlMapping } from "@certd/acme-client";
-												perf: 授权配置支持加密

原本已经添加的授权配置，再次编辑保存即变成加密配置

											
										
										
											2024-08-27 13:46:19 +08:00
+								import { utils } from "@certd/pipeline";
-												feat: ui模式

BREAKING CHANGE: 接口配置变更

											
										
										
											2023-05-23 18:01:20 +08:00
+								export type CertInfo = {
 								  crt: string;
 								  key: string;
 								  csr: string;
 								};
-												perf: 优化证书申请成功率

											
										
										
											2024-08-23 13:15:06 +08:00
+								export type SSLProvider = "letsencrypt" | "google" | "zerossl";
-												feat: 支持ECC类型

											
										
										
											2024-08-25 11:56:15 +08:00
+								export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								type AcmeServiceOptions = {
 								  userContext: IContext;
 								  logger: Logger;
 								  sslProvider: SSLProvider;
 								  eab?: ClientExternalAccountBindingOptions;
 								  skipLocalVerify?: boolean;
 								  useMappingProxy?: boolean;
-												fix: 修复创建流水线后立即运行时报no id错误的bug

Closes https://github.com/certd/certd/issues/135

											
										
										
											2024-08-23 17:41:02 +08:00
+								  privateKeyType?: PrivateKeyType;
-												fix: 修复成功后跳过之后丢失腾讯云证书id的bug

											
										
										
											2024-08-23 23:26:31 +08:00
+								  signal?: AbortSignal;
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								};
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								export class AcmeService {
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								  options: AcmeServiceOptions;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								  userContext: IContext;
 								  logger: Logger;
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								  sslProvider: SSLProvider;
-												perf: 申请证书时可以选择跳过本地dns校验

											
										
										
											2024-07-08 15:35:58 +08:00
+								  skipLocalVerify = true;
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								  eab?: ClientExternalAccountBindingOptions;
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								  constructor(options: AcmeServiceOptions) {
 								    this.options = options;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    this.userContext = options.userContext;
 								    this.logger = options.logger;
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								    this.sslProvider = options.sslProvider || "letsencrypt";
 								    this.eab = options.eab;
-												perf: 申请证书时可以选择跳过本地dns校验

											
										
										
											2024-07-08 15:35:58 +08:00
+								    this.skipLocalVerify = options.skipLocalVerify ?? false;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    acme.setLogger((text: string) => {
 								      this.logger.info(text);
 								    });
 								  }
-												perf: 优化证书申请成功率

											
										
										
											2024-08-23 13:15:06 +08:00
+								  async getAccountConfig(email: string, urlMapping: UrlMapping): Promise<any> {
-												fix: 修复使用代理的情况下申请证书失败的bug

											
										
										
											2024-08-21 10:34:50 +08:00
+								    const conf = (await this.userContext.getObj(this.buildAccountKey(email))) || {};
-												perf: 优化证书申请成功率

											
										
										
											2024-08-23 13:15:06 +08:00
+								    if (urlMapping && urlMapping.mappings) {
 								      for (const key in urlMapping.mappings) {
 								        if (Object.prototype.hasOwnProperty.call(urlMapping.mappings, key)) {
 								          const element = urlMapping.mappings[key];
 								          if (conf.accountUrl?.indexOf(element) > -1) {
 								            //如果用了代理url，要替换回去
 								            conf.accountUrl = conf.accountUrl.replace(element, key);
 								          }
 								        }
 								      }
-												fix: 修复使用代理的情况下申请证书失败的bug

											
										
										
											2024-08-21 10:34:50 +08:00
+								    }
 								    return conf;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								  }
 								  buildAccountKey(email: string) {
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								    return `acme.config.${this.sslProvider}.${email}`;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								  }
 								  async saveAccountConfig(email: string, conf: any) {
-												refactor: huawei

											
										
										
											2023-05-09 14:11:01 +08:00
+								    await this.userContext.setObj(this.buildAccountKey(email), conf);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								  }
 								  async getAcmeClient(email: string, isTest = false): Promise<acme.Client> {
-												perf: 优化证书申请成功率

											
										
										
											2024-08-23 13:15:06 +08:00
+								    const urlMapping: UrlMapping = {
 								      enabled: false,
 								      mappings: {
 								        "acme-v02.api.letsencrypt.org": "letsencrypt.proxy.handsfree.work",
 								        "dv.acme-v02.api.pki.goog": "google.proxy.handsfree.work",
 								      },
 								    };
 								    const conf = await this.getAccountConfig(email, urlMapping);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    if (conf.key == null) {
 								      conf.key = await this.createNewKey();
 								      await this.saveAccountConfig(email, conf);
 								    }
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								    let directoryUrl = "";
 								    if (isTest) {
 								      directoryUrl = acme.directory[this.sslProvider].staging;
 								    } else {
 								      directoryUrl = acme.directory[this.sslProvider].production;
 								    }
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								    if (this.options.useMappingProxy) {
 								      urlMapping.enabled = true;
-												perf: 授权配置支持加密

原本已经添加的授权配置，再次编辑保存即变成加密配置

											
										
										
											2024-08-27 13:46:19 +08:00
+								    } else {
 								      //测试directory是否可以访问
 								      const isOk = await this.testDirectory(directoryUrl);
 								      if (!isOk) {
 								        this.logger.info("测试访问失败，自动使用代理");
 								        urlMapping.enabled = true;
 								      }
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								    }
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    const client = new acme.Client({
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								      directoryUrl: directoryUrl,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      accountKey: conf.key,
 								      accountUrl: conf.accountUrl,
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								      externalAccountBinding: this.eab,
-												perf: 优化证书申请成功率

											
										
										
											2024-08-23 13:15:06 +08:00
+								      backoffAttempts: 15,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      backoffMin: 5000,
 								      backoffMax: 10000,
-												perf: 证书申请支持反向代理，letsencrypt无法访问时的备用方案

											
										
										
											2024-07-25 10:38:45 +08:00
+								      urlMapping,
-												fix: 修复成功后跳过之后丢失腾讯云证书id的bug

											
										
										
											2024-08-23 23:26:31 +08:00
+								      signal: this.options.signal,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    });
 								    if (conf.accountUrl == null) {
 								      const accountPayload = {
 								        termsOfServiceAgreed: true,
 								        contact: [`mailto:${email}`],
-												feat: 支持zero ssl

											
										
										
											2024-07-04 01:14:09 +08:00
+								        externalAccountBinding: this.eab,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      };
 								      await client.createAccount(accountPayload);
 								      conf.accountUrl = client.getAccountUrl();
 								      await this.saveAccountConfig(email, conf);
 								    }
 								    return client;
 								  }
 								  async createNewKey() {
 								    const key = await acme.forge.createPrivateKey();
 								    return key.toString();
 								  }
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								  parseDomain(fullDomain: string) {
 								    const parsed = psl.parse(fullDomain) as psl.ParsedDomain;
 								    if (parsed.error) {
 								      throw new Error(`解析${fullDomain}域名失败:` + JSON.stringify(parsed.error));
 								    }
 								    return parsed.domain as string;
 								  }
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								  async challengeCreateFn(authz: any, challenge: any, keyAuthorization: string, dnsProvider: IDnsProvider) {
 								    this.logger.info("Triggered challengeCreateFn()");
 								    /* http-01 */
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								    const fullDomain = authz.identifier.value;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    if (challenge.type === "http-01") {
 								      const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
 								      const fileContents = keyAuthorization;
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								      this.logger.info(`Creating challenge response for ${fullDomain} at path: ${filePath}`);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
 								      /* Replace this */
 								      this.logger.info(`Would write "${fileContents}" to path "${filePath}"`);
 								      // await fs.writeFileAsync(filePath, fileContents);
 								    } else if (challenge.type === "dns-01") {
 								      /* dns-01 */
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								      const dnsRecord = `_acme-challenge.${fullDomain}`;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      const recordValue = keyAuthorization;
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								      this.logger.info(`Creating TXT record for ${fullDomain}: ${dnsRecord}`);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      /* Replace this */
 								      this.logger.info(`Would create TXT record "${dnsRecord}" with value "${recordValue}"`);
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								      const domain = this.parseDomain(fullDomain);
 								      this.logger.info("解析到域名domain=", domain);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      return await dnsProvider.createRecord({
 								        fullRecord: dnsRecord,
 								        type: "TXT",
 								        value: recordValue,
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								        domain,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      });
 								    }
 								  }
 								  /**
 								   * Function used to remove an ACME challenge response
 								   *
 								   * @param {object} authz Authorization object
 								   * @param {object} challenge Selected challenge
 								   * @param {string} keyAuthorization Authorization key
 								   * @param recordItem  challengeCreateFn create record item
 								   * @param dnsProvider dnsProvider
 								   * @returns {Promise}
 								   */
 								  async challengeRemoveFn(authz: any, challenge: any, keyAuthorization: string, recordItem: any, dnsProvider: IDnsProvider) {
 								    this.logger.info("Triggered challengeRemoveFn()");
 								    /* http-01 */
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								    const fullDomain = authz.identifier.value;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    if (challenge.type === "http-01") {
 								      const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								      this.logger.info(`Removing challenge response for ${fullDomain} at path: ${filePath}`);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
 								      /* Replace this */
 								      this.logger.info(`Would remove file on path "${filePath}"`);
 								      // await fs.unlinkAsync(filePath);
 								    } else if (challenge.type === "dns-01") {
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								      const dnsRecord = `_acme-challenge.${fullDomain}`;
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      const recordValue = keyAuthorization;
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								      this.logger.info(`Removing TXT record for ${fullDomain}: ${dnsRecord}`);
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
 								      /* Replace this */
 								      this.logger.info(`Would remove TXT record "${dnsRecord}" with value "${recordValue}"`);
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
 								      const domain = this.parseDomain(fullDomain);
-												refactor: huawei

											
										
										
											2023-05-09 13:52:25 +08:00
+								      try {
 								        await dnsProvider.removeRecord({
 								          fullRecord: dnsRecord,
 								          type: "TXT",
 								          value: keyAuthorization,
 								          record: recordItem,
-												fix: 修复aliyun域名超过100个找不到域名的bug

											
										
										
											2024-06-14 01:22:07 +08:00
+								          domain,
-												refactor: huawei

											
										
										
											2023-05-09 13:52:25 +08:00
+								        });
 								      } catch (e) {
 								        this.logger.error("删除解析记录出错：", e);
 								        throw e;
 								      }
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    }
 								  }
-												fix: 修复创建流水线后立即运行时报no id错误的bug

Closes https://github.com/certd/certd/issues/135

											
										
										
											2024-08-23 17:41:02 +08:00
+								  async order(options: {
 								    email: string;
 								    domains: string | string[];
 								    dnsProvider: any;
 								    csrInfo: any;
 								    isTest?: boolean;
 								    privateKeyType?: string;
 								  }): Promise<CertInfo> {
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    const { email, isTest, domains, csrInfo, dnsProvider } = options;
 								    const client: acme.Client = await this.getAcmeClient(email, isTest);
 								    /* Create CSR */
 								    const { commonName, altNames } = this.buildCommonNameByDomains(domains);
-												fix: 修复创建流水线后立即运行时报no id错误的bug

Closes https://github.com/certd/certd/issues/135

											
										
										
											2024-08-23 17:41:02 +08:00
+								    let privateKey = null;
-												chore:

											
										
										
											2024-08-25 12:07:47 +08:00
+								    const privateKeyType = options.privateKeyType || "rsa_2048";
 								    const privateKeyArr = privateKeyType.split("_");
-												feat: 支持ECC类型

											
										
										
											2024-08-25 11:56:15 +08:00
+								    const type = privateKeyArr[0];
 								    const size = parseInt(privateKeyArr[1]);
 								    if (type == "ec") {
 								      const name: any = "P-" + size;
 								      privateKey = await acme.crypto.createPrivateEcdsaKey(name);
-												fix: 修复创建流水线后立即运行时报no id错误的bug

Closes https://github.com/certd/certd/issues/135

											
										
										
											2024-08-23 17:41:02 +08:00
+								    } else {
-												feat: 支持ECC类型

											
										
										
											2024-08-25 11:56:15 +08:00
+								      privateKey = await acme.crypto.createPrivateRsaKey(size);
-												fix: 修复创建流水线后立即运行时报no id错误的bug

Closes https://github.com/certd/certd/issues/135

											
										
										
											2024-08-23 17:41:02 +08:00
+								    }
-												feat: 支持ECC类型

											
										
										
											2024-08-25 11:56:15 +08:00
+								    const [key, csr] = await acme.crypto.createCsr(
-												fix: 修复创建流水线后立即运行时报no id错误的bug

Closes https://github.com/certd/certd/issues/135

											
										
										
											2024-08-23 17:41:02 +08:00
+								      {
 								        commonName,
 								        ...csrInfo,
 								        altNames,
 								      },
 								      privateKey
 								    );
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    if (dnsProvider == null) {
 								      throw new Error("dnsProvider 不能为空");
 								    }
 								    /* 自动申请证书 */
 								    const crt = await client.auto({
 								      csr,
 								      email: email,
 								      termsOfServiceAgreed: true,
-												perf: 申请证书时可以选择跳过本地dns校验

											
										
										
											2024-07-08 15:35:58 +08:00
+								      skipChallengeVerification: this.skipLocalVerify,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      challengePriority: ["dns-01"],
 								      challengeCreateFn: async (authz: acme.Authorization, challenge: Challenge, keyAuthorization: string): Promise<any> => {
 								        return await this.challengeCreateFn(authz, challenge, keyAuthorization, dnsProvider);
 								      },
 								      challengeRemoveFn: async (authz: acme.Authorization, challenge: Challenge, keyAuthorization: string, recordItem: any): Promise<any> => {
 								        return await this.challengeRemoveFn(authz, challenge, keyAuthorization, recordItem, dnsProvider);
 								      },
-												fix: 修复成功后跳过之后丢失腾讯云证书id的bug

											
										
										
											2024-08-23 23:26:31 +08:00
+								      signal: this.options.signal,
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								    });
-												feat: ui模式

BREAKING CHANGE: 接口配置变更

											
										
										
											2023-05-23 18:01:20 +08:00
+								    const cert: CertInfo = {
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								      crt: crt.toString(),
 								      key: key.toString(),
 								      csr: csr.toString(),
 								    };
 								    /* Done */
 								    this.logger.debug(`CSR:\n${cert.csr}`);
 								    this.logger.debug(`Certificate:\n${cert.crt}`);
 								    this.logger.info("证书申请成功");
 								    return cert;
 								  }
 								  buildCommonNameByDomains(domains: string | string[]): {
 								    commonName: string;
 								    altNames: string[] | undefined;
 								  } {
 								    if (typeof domains === "string") {
 								      domains = domains.split(",");
 								    }
 								    if (domains.length === 0) {
 								      throw new Error("domain can not be empty");
 								    }
 								    const commonName = domains[0];
 								    let altNames: undefined | string[] = undefined;
 								    if (domains.length > 1) {
 								      altNames = _.slice(domains, 1);
 								    }
 								    return {
 								      commonName,
 								      altNames,
 								    };
 								  }
-												perf: 授权配置支持加密

原本已经添加的授权配置，再次编辑保存即变成加密配置

											
										
										
											2024-08-27 13:46:19 +08:00
 								  private async testDirectory(directoryUrl: string) {
 								    try {
 								      await utils.http({
 								        url: directoryUrl,
 								        method: "GET",
 								        timeout: 5000,
 								      });
 								    } catch (e) {
 								      this.logger.error(`${directoryUrl}，测试访问失败`, e);
 								      return false;
 								    }
 								    this.logger.info(`${directoryUrl}，测试访问成功`);
 								    return true;
 								  }
-												refactor: plugins

											
										
										
											2022-11-08 22:10:42 +08:00
+								}