perf: google eab授权支持自动获取，不过要配置代理

2026-04-23 19:57:27 +08:00 · 2024-10-10 13:29:08 +08:00
parent c5e58770d1
commit 592791d135
6 changed files with 227 additions and 6 deletions
@@ -0,0 +1,62 @@
+import { EabAccess, GoogleAccess } from "../access/index.js";
+import { ILogger } from "@certd/basic";
+
+export class GoogleClient {
+  access: GoogleAccess;
+  logger: ILogger;
+  constructor(opts: { logger: ILogger; access: GoogleAccess }) {
+    this.access = opts.access;
+    this.logger = opts.logger;
+  }
+  async getEab() {
+    // https://cloud.google.com/docs/authentication/api-keys-use#using-with-client-libs
+    const { v1 } = await import("@google-cloud/publicca");
+    // process.env.HTTPS_PROXY = "http://127.0.0.1:10811";
+    const access = this.access;
+    if (!access.serviceAccountSecret) {
+      throw new Error("服务账号密钥 不能为空");
+    }
+    const credentials = JSON.parse(access.serviceAccountSecret);
+
+    const client = new v1.PublicCertificateAuthorityServiceClient({ credentials });
+    const parent = `projects/${access.projectId}/locations/global`;
+    const externalAccountKey = {};
+    const request = {
+      parent,
+      externalAccountKey,
+    };
+
+    let envHttpsProxy = "";
+    try {
+      if (this.access.httpsProxy) {
+        //设置临时使用代理
+        envHttpsProxy = process.env.HTTPS_PROXY;
+        process.env.HTTPS_PROXY = this.access.httpsProxy;
+      }
+      this.logger.info("开始获取google eab授权");
+      const response = await client.createExternalAccountKey(request);
+      const { keyId, b64MacKey } = response[0];
+      const eabAccess = new EabAccess();
+      eabAccess.kid = keyId;
+      eabAccess.hmacKey = b64MacKey.toString();
+      this.logger.info(`google eab授权获取成功，kid: ${eabAccess.kid}`);
+      return eabAccess;
+    } finally {
+      if (envHttpsProxy) {
+        process.env.HTTPS_PROXY = envHttpsProxy;
+      }
+    }
+  }
+}
+
+// const access = new GoogleAccess();
+// access.projectId = "hip-light-432411-d4";
+// access.serviceAccountSecret = `
+//
+//
+// `;
+// // process.env.HTTPS_PROXY = "http://127.0.0.1:10811";
+// const client = new GoogleClient(access);
+// client.getEab().catch((e) => {
+//   console.error(e);
+// });