mirror of
https://github.com/certd/certd.git
synced 2026-04-16 14:00:51 +08:00
chore: 1
This commit is contained in:
xiaojunnuo
@@ -1,160 +0,0 @@
|
||||
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, sp, TaskInput, TaskOutput } from "@certd/pipeline";
|
||||
import type { CertInfo } from "../cert-plugin/acme.js";
|
||||
import { CertReader, CertReaderHandleContext } from "../cert-plugin/cert-reader.js";
|
||||
import path from "path";
|
||||
import os from "os";
|
||||
import fs from "fs";
|
||||
|
||||
export { CertReader };
|
||||
export type { CertInfo };
|
||||
|
||||
@IsTaskPlugin({
|
||||
name: "CertConvert",
|
||||
title: "证书转换器",
|
||||
group: pluginGroups.cert.key,
|
||||
desc: "转换为pfx、der等证书格式",
|
||||
default: {
|
||||
input: {
|
||||
renewDays: 20,
|
||||
forceUpdate: false,
|
||||
},
|
||||
strategy: {
|
||||
runStrategy: RunStrategy.AlwaysRun,
|
||||
},
|
||||
},
|
||||
})
|
||||
export class CertConvertPlugin extends AbstractTaskPlugin {
|
||||
@TaskInput({
|
||||
title: "域名证书",
|
||||
helper: "请选择前置任务输出的域名证书",
|
||||
component: {
|
||||
name: "pi-output-selector",
|
||||
from: "CertApply",
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
cert!: CertInfo;
|
||||
|
||||
@TaskInput({
|
||||
title: "PFX证书密码",
|
||||
helper: "不填则没有密码",
|
||||
component: {
|
||||
name: "a-input-password",
|
||||
vModel: "value",
|
||||
},
|
||||
required: false,
|
||||
})
|
||||
pfxPassword!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: "输出PFX",
|
||||
value:true,
|
||||
component: {
|
||||
name: "a-switch",
|
||||
vModel: "checked",
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
pfxEnabled: boolean = true;
|
||||
|
||||
|
||||
@TaskInput({
|
||||
title: "输出DER",
|
||||
value:true,
|
||||
component: {
|
||||
name: "a-switch",
|
||||
vModel: "checked",
|
||||
},
|
||||
required: true,
|
||||
})
|
||||
derEnabled: boolean = true;
|
||||
|
||||
|
||||
|
||||
@TaskOutput({
|
||||
title: "pfx格式证书",
|
||||
type: "PfxCert",
|
||||
})
|
||||
pfxCert?: string;
|
||||
|
||||
@TaskOutput({
|
||||
title: "der格式证书",
|
||||
type: "DerCert",
|
||||
})
|
||||
derCert?: string;
|
||||
|
||||
async onInit() {}
|
||||
|
||||
async execute(): Promise<void> {
|
||||
const certReader = new CertReader(this.cert);
|
||||
|
||||
const handle = async (opts: CertReaderHandleContext) => {
|
||||
if(this.pfxEnabled){
|
||||
// 调用openssl 转pfx
|
||||
await this.convertPfx(opts);
|
||||
}else{
|
||||
this.logger.info("pfx证书已禁用");
|
||||
}
|
||||
|
||||
if(this.pfxEnabled){
|
||||
// 转der
|
||||
await this.convertDer(opts);
|
||||
}else{
|
||||
this.logger.info("der证书已禁用");
|
||||
}
|
||||
};
|
||||
|
||||
await certReader.readCertFile({ logger: this.logger, handle });
|
||||
}
|
||||
|
||||
async exec(cmd: string) {
|
||||
await sp.spawn({
|
||||
cmd: cmd,
|
||||
logger: this.logger,
|
||||
});
|
||||
}
|
||||
|
||||
private async convertPfx(opts: CertReaderHandleContext) {
|
||||
const { reader, tmpCrtPath, tmpKeyPath } = opts;
|
||||
|
||||
const pfxPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", "cert.pfx");
|
||||
|
||||
const dir = path.dirname(pfxPath)
|
||||
if (!fs.existsSync(dir)) {
|
||||
fs.mkdirSync(dir, { recursive: true });
|
||||
}
|
||||
|
||||
let passwordArg = "-passout pass:";
|
||||
if (this.pfxPassword) {
|
||||
passwordArg = `-password pass:${this.pfxPassword}`;
|
||||
}
|
||||
await this.exec(`openssl pkcs12 -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`);
|
||||
this.pfxCert = pfxPath;
|
||||
|
||||
const applyTime = new Date().getTime();
|
||||
const filename = reader.buildCertFileName("pfx", applyTime);
|
||||
const fileBuffer = fs.readFileSync(pfxPath);
|
||||
this.saveFile(filename, fileBuffer);
|
||||
}
|
||||
|
||||
private async convertDer(opts: CertReaderHandleContext) {
|
||||
const { reader, tmpCrtPath } = opts;
|
||||
const derPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.der`);
|
||||
|
||||
const dir = path.dirname(derPath)
|
||||
if (!fs.existsSync(dir)) {
|
||||
fs.mkdirSync(dir, { recursive: true });
|
||||
}
|
||||
|
||||
|
||||
await this.exec(`openssl x509 -outform der -in ${tmpCrtPath} -out ${derPath}`);
|
||||
this.derCert = derPath;
|
||||
|
||||
const applyTime = new Date().getTime();
|
||||
const filename = reader.buildCertFileName("der", applyTime);
|
||||
const fileBuffer = fs.readFileSync(derPath);
|
||||
this.saveFile(filename, fileBuffer);
|
||||
}
|
||||
}
|
||||
|
||||
new CertConvertPlugin();
|
||||
@@ -12,6 +12,8 @@ export type CertInfo = {
|
||||
crt: string;
|
||||
key: string;
|
||||
csr: string;
|
||||
pfx?: string;
|
||||
der?: string;
|
||||
};
|
||||
export type SSLProvider = "letsencrypt" | "google" | "zerossl";
|
||||
export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";
|
||||
|
||||
@@ -3,6 +3,8 @@ import dayjs from "dayjs";
|
||||
import type { CertInfo } from "./acme.js";
|
||||
import { CertReader } from "./cert-reader.js";
|
||||
import JSZip from "jszip";
|
||||
import { CertConverter } from "./convert.js";
|
||||
import fs from "fs";
|
||||
|
||||
export { CertReader };
|
||||
export type { CertInfo };
|
||||
@@ -42,6 +44,18 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
|
||||
})
|
||||
email!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: "PFX密码",
|
||||
component: {
|
||||
name: "a-input-password",
|
||||
vModel: "value",
|
||||
},
|
||||
required: false,
|
||||
order: 100,
|
||||
helper: "PFX格式证书是否需要加密",
|
||||
})
|
||||
pfxPassword!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: "更新天数",
|
||||
value: 20,
|
||||
@@ -129,22 +143,36 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
|
||||
|
||||
this._result.pipelineVars.certExpiresTime = dayjs(certReader.detail.notAfter).valueOf();
|
||||
|
||||
if (cert.pfx == null || cert.der == null) {
|
||||
const converter = new CertConverter({ logger: this.logger });
|
||||
const res = await converter.convert({
|
||||
cert,
|
||||
pfxPassword: this.pfxPassword,
|
||||
});
|
||||
const pfxBuffer = fs.readFileSync(res.pfxPath);
|
||||
cert.pfx = pfxBuffer.toString("base64");
|
||||
|
||||
const derBuffer = fs.readFileSync(res.derPath);
|
||||
cert.der = derBuffer.toString("base64");
|
||||
|
||||
this.logger.info("转换证书格式成功");
|
||||
isNew = true;
|
||||
}
|
||||
|
||||
if (isNew) {
|
||||
const applyTime = dayjs(certReader.detail.notBefore).format("YYYYMMDD_HHmmss");
|
||||
await this.zipCert(cert, applyTime);
|
||||
const zipFileName = certReader.buildCertFileName("zip", certReader.detail.notBefore);
|
||||
await this.zipCert(cert, zipFileName);
|
||||
} else {
|
||||
this.extendsFiles();
|
||||
}
|
||||
// thi
|
||||
// s.logger.info(JSON.stringify(certReader.detail));
|
||||
}
|
||||
|
||||
async zipCert(cert: CertInfo, applyTime: string) {
|
||||
async zipCert(cert: CertInfo, filename: string) {
|
||||
const zip = new JSZip();
|
||||
zip.file("cert.crt", cert.crt);
|
||||
zip.file("cert.key", cert.key);
|
||||
const domain_name = this.domains[0].replace(".", "_").replace("*", "_");
|
||||
const filename = `cert_${domain_name}_${applyTime}.zip`;
|
||||
zip.file("cert.pfx", Buffer.from(cert.pfx, "base64"));
|
||||
zip.file("cert.der", Buffer.from(cert.der, "base64"));
|
||||
const content = await zip.generateAsync({ type: "nodebuffer" });
|
||||
this.saveFile(filename, content);
|
||||
this.logger.info(`已保存文件:${filename}`);
|
||||
|
||||
@@ -6,10 +6,11 @@ import { crypto } from "@certd/acme-client";
|
||||
import { ILogger } from "@certd/pipeline";
|
||||
import dayjs from "dayjs";
|
||||
|
||||
export type CertReaderHandleContext = { reader: CertReader; tmpCrtPath: string; tmpKeyPath: string };
|
||||
export type CertReaderHandleContext = { reader: CertReader; tmpCrtPath: string; tmpKeyPath: string; tmpPfxPath?: string; tmpDerPath?: string };
|
||||
export type CertReaderHandle = (ctx: CertReaderHandleContext) => Promise<void>;
|
||||
export type HandleOpts = { logger: ILogger; handle: CertReaderHandle };
|
||||
export class CertReader implements CertInfo {
|
||||
export class CertReader {
|
||||
cert: CertInfo;
|
||||
crt: string;
|
||||
key: string;
|
||||
csr: string;
|
||||
@@ -17,30 +18,31 @@ export class CertReader implements CertInfo {
|
||||
detail: any;
|
||||
expires: number;
|
||||
constructor(certInfo: CertInfo) {
|
||||
this.cert = certInfo;
|
||||
this.crt = certInfo.crt;
|
||||
this.key = certInfo.key;
|
||||
this.csr = certInfo.csr;
|
||||
|
||||
const { detail, expires } = this.getCrtDetail(this.crt);
|
||||
const { detail, expires } = this.getCrtDetail(this.cert.crt);
|
||||
this.detail = detail;
|
||||
this.expires = expires.getTime();
|
||||
}
|
||||
|
||||
toCertInfo(): CertInfo {
|
||||
return {
|
||||
crt: this.crt,
|
||||
key: this.key,
|
||||
csr: this.csr,
|
||||
};
|
||||
return this.cert;
|
||||
}
|
||||
|
||||
getCrtDetail(crt: string = this.crt) {
|
||||
getCrtDetail(crt: string = this.cert.crt) {
|
||||
const detail = crypto.readCertificateInfo(crt.toString());
|
||||
const expires = detail.notAfter;
|
||||
return { detail, expires };
|
||||
}
|
||||
|
||||
saveToFile(type: "crt" | "key", filepath?: string) {
|
||||
saveToFile(type: "crt" | "key" | "pfx" | "der", filepath?: string) {
|
||||
if (!this.cert[type]) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (filepath == null) {
|
||||
//写入临时目录
|
||||
filepath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.${type}`);
|
||||
@@ -50,8 +52,11 @@ export class CertReader implements CertInfo {
|
||||
if (!fs.existsSync(dir)) {
|
||||
fs.mkdirSync(dir, { recursive: true });
|
||||
}
|
||||
|
||||
fs.writeFileSync(filepath, this[type]);
|
||||
if (type === "crt" || type === "key") {
|
||||
fs.writeFileSync(filepath, this.cert[type]);
|
||||
} else {
|
||||
fs.writeFileSync(filepath, Buffer.from(this.cert[type], "base64"));
|
||||
}
|
||||
return filepath;
|
||||
}
|
||||
|
||||
@@ -60,18 +65,24 @@ export class CertReader implements CertInfo {
|
||||
logger.info("将证书写入本地缓存文件");
|
||||
const tmpCrtPath = this.saveToFile("crt");
|
||||
const tmpKeyPath = this.saveToFile("key");
|
||||
const tmpPfxPath = this.saveToFile("pfx");
|
||||
const tmpDerPath = this.saveToFile("der");
|
||||
logger.info("本地文件写入成功");
|
||||
try {
|
||||
await opts.handle({
|
||||
reader: this,
|
||||
tmpCrtPath: tmpCrtPath,
|
||||
tmpKeyPath: tmpKeyPath,
|
||||
tmpPfxPath: tmpPfxPath,
|
||||
tmpDerPath: tmpDerPath,
|
||||
});
|
||||
} finally {
|
||||
//删除临时文件
|
||||
logger.info("删除临时文件");
|
||||
fs.unlinkSync(tmpCrtPath);
|
||||
fs.unlinkSync(tmpKeyPath);
|
||||
fs.unlinkSync(tmpPfxPath);
|
||||
fs.unlinkSync(tmpDerPath);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -0,0 +1,91 @@
|
||||
import { ILogger, sp } from "@certd/pipeline";
|
||||
import type { CertInfo } from "../cert-plugin/acme.js";
|
||||
import { CertReader, CertReaderHandleContext } from "../cert-plugin/cert-reader.js";
|
||||
import path from "path";
|
||||
import os from "os";
|
||||
import fs from "fs";
|
||||
|
||||
export { CertReader };
|
||||
export type { CertInfo };
|
||||
|
||||
export class CertConverter {
|
||||
logger: ILogger;
|
||||
|
||||
constructor(opts: { logger: ILogger }) {
|
||||
this.logger = opts.logger;
|
||||
}
|
||||
async convert(opts: { cert: CertInfo; pfxPassword: string }): Promise<{
|
||||
pfxPath: string;
|
||||
derPath: string;
|
||||
}> {
|
||||
const certReader = new CertReader(opts.cert);
|
||||
let pfxPath: string;
|
||||
let derPath: string;
|
||||
const handle = async (opts: CertReaderHandleContext) => {
|
||||
// 调用openssl 转pfx
|
||||
pfxPath = await this.convertPfx(opts);
|
||||
|
||||
// 转der
|
||||
derPath = await this.convertDer(opts);
|
||||
};
|
||||
|
||||
await certReader.readCertFile({ logger: this.logger, handle });
|
||||
|
||||
return {
|
||||
pfxPath,
|
||||
derPath,
|
||||
};
|
||||
}
|
||||
|
||||
async exec(cmd: string) {
|
||||
await sp.spawn({
|
||||
cmd: cmd,
|
||||
logger: this.logger,
|
||||
});
|
||||
}
|
||||
|
||||
private async convertPfx(opts: CertReaderHandleContext, pfxPassword?: string) {
|
||||
const { tmpCrtPath, tmpKeyPath } = opts;
|
||||
|
||||
const pfxPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", "cert.pfx");
|
||||
|
||||
const dir = path.dirname(pfxPath);
|
||||
if (!fs.existsSync(dir)) {
|
||||
fs.mkdirSync(dir, { recursive: true });
|
||||
}
|
||||
|
||||
let passwordArg = "-passout pass:";
|
||||
if (pfxPassword) {
|
||||
passwordArg = `-password pass:${pfxPassword}`;
|
||||
}
|
||||
await this.exec(`openssl pkcs12 -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`);
|
||||
return pfxPath;
|
||||
// const fileBuffer = fs.readFileSync(pfxPath);
|
||||
// this.pfxCert = fileBuffer.toString("base64");
|
||||
//
|
||||
// const applyTime = new Date().getTime();
|
||||
// const filename = reader.buildCertFileName("pfx", applyTime);
|
||||
// this.saveFile(filename, fileBuffer);
|
||||
}
|
||||
|
||||
private async convertDer(opts: CertReaderHandleContext) {
|
||||
const { tmpCrtPath } = opts;
|
||||
const derPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.der`);
|
||||
|
||||
const dir = path.dirname(derPath);
|
||||
if (!fs.existsSync(dir)) {
|
||||
fs.mkdirSync(dir, { recursive: true });
|
||||
}
|
||||
|
||||
await this.exec(`openssl x509 -outform der -in ${tmpCrtPath} -out ${derPath}`);
|
||||
|
||||
return derPath;
|
||||
|
||||
// const fileBuffer = fs.readFileSync(derPath);
|
||||
// this.derCert = fileBuffer.toString("base64");
|
||||
//
|
||||
// const applyTime = new Date().getTime();
|
||||
// const filename = reader.buildCertFileName("der", applyTime);
|
||||
// this.saveFile(filename, fileBuffer);
|
||||
}
|
||||
}
|
||||
@@ -1,3 +1,2 @@
|
||||
export * from "./cert-plugin/index.js";
|
||||
export * from "./cert-plugin/lego/index.js";
|
||||
export * from "./cert-convert/index.js";
|
||||
|
||||
Reference in New Issue
Block a user