perf: http方式校验，选择sftp时，支持修改文件访问权限比如777

packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts

@@ -58,7 +58,7 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
     },
     required: false,
     order: 100,
-    helper: "PFX、jks格式证书是否加密；jks必须设置密码，不传则默认123456",
+    helper: "PFX、jks格式证书是否加密\njks必须设置密码，不传则默认123456",
   })
   pfxPassword!: string;
 
@@ -66,12 +66,17 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
     title: "PFX证书转换参数",
     value: "-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES",
     component: {
-      name: "a-input",
+      name: "a-auto-complete",
       vModel: "value",
+      options: [
+        { value: "", label: "兼容 Windows Server 最新" },
+        { value: "-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES", label: "兼容 Windows Server 2016" },
+        { value: "-nomac -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES", label: "兼容 Windows Server 2008" },
+      ],
     },
     required: false,
     order: 100,
-    helper: "兼容Server 2016，如果导入证书失败，请删除此参数",
+    helper: "兼容Windows Server各个版本",
   })
   pfxArgs = "-macalg SHA1 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES";
 

packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts

@@ -232,7 +232,7 @@ HTTP文件验证：不支持泛域名，需要配置网站文件上传`,
         // { value: "ec_521", label: "EC 521" },
       ],
     },
-    helper: "如无特殊需求，默认即可",
+    helper: "如无特殊需求，默认即可\n选择RSA 2048 pkcs1可以获得旧版RSA证书",
     required: true,
   })
   privateKeyType!: PrivateKeyType;

packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/factory.ts

@@ -8,6 +8,9 @@ export class HttpChallengeUploaderFactory {
     } else if (type === "ssh") {
       const module = await import("./impls/ssh.js");
       return module.SshHttpChallengeUploader;
+    } else if (type === "sftp") {
+      const module = await import("./impls/sftp.js");
+      return module.SftpHttpChallengeUploader;
     } else if (type === "ftp") {
       const module = await import("./impls/ftp.js");
       return module.FtpHttpChallengeUploader;

packages/plugins/plugin-cert/src/plugin/cert-plugin/uploads/impls/sftp.ts

@@ -0,0 +1,51 @@
+import { BaseHttpChallengeUploader } from "../api.js";
+import { SshAccess, SshClient } from "@certd/plugin-lib";
+import path from "path";
+import os from "os";
+import fs from "fs";
+import { SftpAccess } from "@certd/plugin-lib";
+
+export class SftpHttpChallengeUploader extends BaseHttpChallengeUploader<SftpAccess> {
+  async upload(filePath: string, fileContent: Buffer) {
+    const tmpFilePath = path.join(os.tmpdir(), "cert", "http", filePath);
+
+    // Write file to temp path
+    const dir = path.dirname(tmpFilePath);
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+    fs.writeFileSync(tmpFilePath, fileContent);
+
+    const access = await this.ctx.accessService.getById<SshAccess>(this.access.sshAccess);
+    const key = this.rootDir + filePath;
+    try {
+      const client = new SshClient(this.logger);
+      await client.uploadFiles({
+        connectConf: access,
+        mkdirs: true,
+        transports: [
+          {
+            localPath: tmpFilePath,
+            remotePath: key,
+          },
+        ],
+        opts: {
+          mode: this.access?.fileMode ?? undefined,
+        },
+      });
+    } finally {
+      // Remove temp file
+      fs.unlinkSync(tmpFilePath);
+    }
+  }
+
+  async remove(filePath: string) {
+    const access = await this.ctx.accessService.getById<SshAccess>(this.access.sshAccess);
+    const client = new SshClient(this.logger);
+    const key = this.rootDir + filePath;
+    await client.removeFiles({
+      connectConf: access,
+      files: [key],
+    });
+  }
+}