perf: 部署到IIS插件

packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts

@@ -4,7 +4,6 @@ import type { CertInfo } from "./acme.js";
 import { CertReader } from "./cert-reader.js";
 import JSZip from "jszip";
 import { CertConverter } from "./convert.js";
-import fs from "fs";
 import { pick } from "lodash-es";
 
 export { CertReader };
@@ -59,6 +58,19 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
   })
   pfxPassword!: string;
 
+  @TaskInput({
+    title: "PFX证书转换参数",
+    value: "-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES",
+    component: {
+      name: "a-input",
+      vModel: "value",
+    },
+    required: false,
+    order: 100,
+    helper: "兼容Server 2016，如果导入证书失败，请删除此参数",
+  })
+  pfxArgs = "-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES";
+
   @TaskInput({
     title: "更新天数",
     value: 35,
@@ -143,23 +155,18 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
         const res = await converter.convert({
           cert,
           pfxPassword: this.pfxPassword,
+          pfxArgs: this.pfxArgs,
         });
-        if (cert.pfx == null && res.pfxPath) {
-          const pfxBuffer = fs.readFileSync(res.pfxPath);
-          cert.pfx = pfxBuffer.toString("base64");
-          fs.unlinkSync(res.pfxPath);
+        if (cert.pfx == null && res.pfx) {
+          cert.pfx = res.pfx;
         }
 
-        if (cert.der == null && res.derPath) {
-          const derBuffer = fs.readFileSync(res.derPath);
-          cert.der = derBuffer.toString("base64");
-          fs.unlinkSync(res.derPath);
+        if (cert.der == null && res.der) {
+          cert.der = res.der;
         }
 
-        if (cert.jks == null && res.jksPath) {
-          const jksBuffer = fs.readFileSync(res.jksPath);
-          cert.jks = jksBuffer.toString("base64");
-          fs.unlinkSync(res.jksPath);
+        if (cert.jks == null && res.jks) {
+          cert.jks = res.jks;
         }
 
         this.logger.info("转换证书格式成功");

packages/plugins/plugin-cert/src/plugin/cert-plugin/convert.ts

@@ -14,31 +14,31 @@ export class CertConverter {
   constructor(opts: { logger: ILogger }) {
     this.logger = opts.logger;
   }
-  async convert(opts: { cert: CertInfo; pfxPassword: string }): Promise<{
-    pfxPath: string;
-    derPath: string;
-    jksPath: string;
+  async convert(opts: { cert: CertInfo; pfxPassword: string; pfxArgs: string }): Promise<{
+    pfx: string;
+    der: string;
+    jks: string;
   }> {
     const certReader = new CertReader(opts.cert);
-    let pfxPath: string;
-    let derPath: string;
-    let jksPath: string;
+    let pfx: string;
+    let der: string;
+    let jks: string;
     const handle = async (ctx: CertReaderHandleContext) => {
       // 调用openssl 转pfx
-      pfxPath = await this.convertPfx(ctx, opts.pfxPassword);
+      pfx = await this.convertPfx(ctx, opts.pfxPassword, opts.pfxArgs);
 
       // 转der
-      derPath = await this.convertDer(ctx);
+      der = await this.convertDer(ctx);
 
-      jksPath = await this.convertJks(ctx, opts.pfxPassword);
+      jks = await this.convertJks(ctx, opts.pfxPassword);
     };
 
     await certReader.readCertFile({ logger: this.logger, handle });
 
     return {
-      pfxPath,
-      derPath,
-      jksPath,
+      pfx,
+      der,
+      jks,
     };
   }
 
@@ -50,7 +50,7 @@ export class CertConverter {
     });
   }
 
-  private async convertPfx(opts: CertReaderHandleContext, pfxPassword: string) {
+  private async convertPfx(opts: CertReaderHandleContext, pfxPassword: string, pfxArgs: string) {
     const { tmpCrtPath, tmpKeyPath } = opts;
 
     const pfxPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "_cert.pfx");
@@ -65,12 +65,14 @@ export class CertConverter {
       passwordArg = `-password pass:${pfxPassword}`;
     }
     // 兼容server 2016，旧版本不能用sha256
-    const oldPfxCmd = `openssl pkcs12 -macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`;
+    const oldPfxCmd = `openssl pkcs12 ${pfxArgs} -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`;
     // const newPfx = `openssl pkcs12 -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`;
     await this.exec(oldPfxCmd);
-    return pfxPath;
-    // const fileBuffer = fs.readFileSync(pfxPath);
-    // this.pfxCert = fileBuffer.toString("base64");
+    const fileBuffer = fs.readFileSync(pfxPath);
+    const pfxCert = fileBuffer.toString("base64");
+    fs.unlinkSync(pfxPath);
+    return pfxCert;
+
     //
     // const applyTime = new Date().getTime();
     // const filename = reader.buildCertFileName("pfx", applyTime);
@@ -87,15 +89,10 @@ export class CertConverter {
     }
 
     await this.exec(`openssl x509 -outform der -in ${tmpCrtPath} -out ${derPath}`);
-
-    return derPath;
-
-    // const fileBuffer = fs.readFileSync(derPath);
-    // this.derCert = fileBuffer.toString("base64");
-    //
-    // const applyTime = new Date().getTime();
-    // const filename = reader.buildCertFileName("der", applyTime);
-    // this.saveFile(filename, fileBuffer);
+    const fileBuffer = fs.readFileSync(derPath);
+    const derCert = fileBuffer.toString("base64");
+    fs.unlinkSync(derPath);
+    return derCert;
   }
 
   async convertJks(opts: CertReaderHandleContext, pfxPassword = "") {
@@ -120,7 +117,11 @@ export class CertConverter {
         `keytool -importkeystore -srckeystore ${p12Path} -srcstoretype PKCS12 -srcstorepass "${jksPassword}" -destkeystore ${jksPath} -deststoretype PKCS12 -deststorepass "${jksPassword}" `
       );
       fs.unlinkSync(p12Path);
-      return jksPath;
+
+      const fileBuffer = fs.readFileSync(jksPath);
+      const certBase64 = fileBuffer.toString("base64");
+      fs.unlinkSync(jksPath);
+      return certBase64;
     } catch (e) {
       this.logger.error("转换jks失败", e);
       return;