From 2fabee647acf64afe689f5bea3603028cd0ba4a2 Mon Sep 17 00:00:00 2001
From: xiaojunnuo <xiaojunnuo@qq.com>
Date: Thu, 27 Nov 2025 22:36:33 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E9=98=BF=E9=87=8C?=
 =?UTF-8?q?=E4=BA=91=20waf=20tlsVersion=E5=8F=82=E6=95=B0=E7=BC=BA?=
 =?UTF-8?q?=E5=A4=B1=E5=AF=BC=E8=87=B4=E9=83=A8=E7=BD=B2=E5=A4=B1=E8=B4=A5?=
 =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../plugin/deploy-to-alb/index.ts             | 67 +++++++++++--------
 .../plugin/deploy-to-waf/index.ts             | 31 +++++++++
 .../plugin/upload-to-aliyun/index.ts          |  4 +-
 3 files changed, 73 insertions(+), 29 deletions(-)

diff --git a/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-alb/index.ts b/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-alb/index.ts
index aa6cda38f..06e309754 100644
--- a/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-alb/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-alb/index.ts
@@ -99,27 +99,39 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
 
 
   @TaskInput({
-      title: "部署证书类型",
-      value: "default",
-      component: {
-        name: "a-select",
-        vModel: "value",
-        options: [
-          {
-            label: "默认证书",
-            value: "default"
-          },
-          {
-            label: "扩展证书",
-            value: "extension"
-          }
-        ]
-      },
-      required: true
-    }
+    title: "部署证书类型",
+    value: "default",
+    component: {
+      name: "a-select",
+      vModel: "value",
+      options: [
+        {
+          label: "默认证书",
+          value: "default"
+        },
+        {
+          label: "扩展证书",
+          value: "extension"
+        }
+      ]
+    },
+    required: true
+  }
   )
   deployType: string = "default";
 
+  @TaskInput({
+    title: "是否清理过期证书",
+    value: true,
+    component: {
+      name: "a-switch",
+      vModel: "checked",
+    },
+    required: true
+  }
+  )
+  clearExpiredCert: boolean;
+
 
   async onInstance() {
   }
@@ -155,17 +167,18 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
       const client = await this.getLBClient(access, this.regionId);
       await this.deployDefaultCert(certId, client);
     }
-    this.logger.info(`准备开始清理过期证书`);
-    await this.ctx.utils.sleep(30000)
-    for (const listener of this.listeners) {
-      try{
-        await this.clearInvalidCert(albClientV2, listener);
-      }catch(e){
-        this.logger.error(`清理监听器${listener}的过期证书失败`, e);
+    if (this.clearExpiredCert!==false) {
+      this.logger.info(`准备开始清理过期证书`);
+      await this.ctx.utils.sleep(30000)
+      for (const listener of this.listeners) {
+        try {
+          await this.clearInvalidCert(albClientV2, listener);
+        } catch (e) {
+          this.logger.error(`清理监听器${listener}的过期证书失败`, e);
+        }
       }
     }
 
-
     this.logger.info("执行完成");
   }
 
@@ -247,7 +260,7 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
       if (item.IsDefault) {
         continue;
       }
-      certIds.push( parseInt(item.CertificateId));
+      certIds.push(parseInt(item.CertificateId));
     }
     this.logger.info(`监听器${listener}绑定的证书${certIds}`);
     //检查是否过期，过期则删除
diff --git a/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-waf/index.ts b/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-waf/index.ts
index 09913b7cc..27de4c580 100644
--- a/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-waf/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-waf/index.ts
@@ -90,6 +90,35 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
   )
   cnameDomains!: string[];
 
+
+  @TaskInput({
+    title: 'TLS版本',
+    value: 'TLSv1.2',
+    component: {
+      name: 'a-select',
+      options: [
+        { value: 'TLSv1', label: 'TLSv1' },
+        { value: 'TLSv1.1', label: 'TLSv1.1' },
+        { value: 'TLSv1.2', label: 'TLSv1.2' },
+      ],
+    },
+    required: true,
+  })
+  tlsVersion!: string;
+
+    @TaskInput({
+    title: '启用TLSv3',
+    value: true,
+    component: {
+      name: 'a-switch',
+      vModel: 'checked',
+    },
+    required: true,
+  })
+  enableTLSv3!: boolean;
+
+
+
   async onInstance() {}
 
   async getWafClient(access: AliyunAccess) {
@@ -163,6 +192,8 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
         Redirect: JSON.stringify(redirect),
         Listen: JSON.stringify(listen),
         Domain: siteDomain,
+        TLSVersion: this.tlsVersion || 'TLSv1.2',
+        EnableTLSv3: this.enableTLSv3 ?? true,
       };
       const res = await client.request('ModifyDomain', updateParams);
       this.logger.info('部署成功', JSON.stringify(res));
diff --git a/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/upload-to-aliyun/index.ts b/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/upload-to-aliyun/index.ts
index 398fd49df..67efb55f5 100644
--- a/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/upload-to-aliyun/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/upload-to-aliyun/index.ts
@@ -24,10 +24,10 @@ const regionDict = [
 
 @IsTaskPlugin({
   name: 'uploadCertToAliyun',
-  title: '阿里云-上传证书到阿里云CAS',
+  title: '阿里云-上传证书到CAS',
   icon: 'svg:icon-aliyun',
   group: pluginGroups.aliyun.key,
-  desc: '上传证书到阿里云数字证书管理服务（CAS），注意：不会部署到任何应用上；如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出',
+  desc: '上传证书到阿里云证书管理服务（CAS），如果不想在阿里云上同一份证书上传多次，可以把此任务作为前置任务，其他阿里云任务证书那一项选择此任务的输出',
   default: {
     strategy: {
       runStrategy: RunStrategy.SkipWhenSucceed,