Merge branch 'v2-dev' into v2_admin_mode

2026-04-24 12:27:25 +08:00 · 2026-02-09 18:21:01 +08:00
parent 2e3d0cc57c 02f89a9c9d
commit ad22244388
83 changed files with 776 additions and 398 deletions
@@ -11,6 +11,8 @@ typeorm:
    default:
      logging: false

+flyway:
+  allowHashNotMatch: true

 account:
  server:
@@ -3,6 +3,15 @@
 All notable changes to this project will be documented in this file.
 See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.

+## [1.38.8](https://github.com/certd/certd/compare/v1.38.7...v1.38.8) (2026-02-06)
+
+### Performance Improvements
+
+* 双重验证显示secret ([febd6d3](https://github.com/certd/certd/commit/febd6d32cfe6d89ccecf26bf15141df7c456e5c6))
+* 优化申请证书最大超时时长 ([00f67d8](https://github.com/certd/certd/commit/00f67d86d68f4f83cfafe2fbfeb4af0d86f9d20e))
+* 支持设置默认的证书申请地址的反向代理 ([0cfb94b](https://github.com/certd/certd/commit/0cfb94b0ba6a6dc3bb0d0a81a1912068a4e6b6b6))
+* 子域名托管域名支持配置通配符 ([3f7ac93](https://github.com/certd/certd/commit/3f7ac939326b0c7ec013a7534b6c0e58fb3e8cb4))
+
 ## [1.38.7](https://github.com/certd/certd/compare/v1.38.6...v1.38.7) (2026-02-05)

 ### Performance Improvements
@@ -97,7 +97,7 @@ CREATE TABLE `cd_cert_info`

 CREATE INDEX `index_cert_info_user_id` ON `cd_cert_info` (`user_id`);
 CREATE INDEX `index_cert_info_domain` ON `cd_cert_info` (`domain`);
-CREATE INDEX `index_cert_info_domains` ON `cd_cert_info` (`domains`(200));
+CREATE INDEX `index_cert_info_domains` ON `cd_cert_info` (`domains`(190));
 CREATE INDEX `index_cert_info_pipeline` ON `cd_cert_info` (`pipeline_id`);


@@ -124,7 +124,7 @@ CREATE TABLE `cd_site_info`

  `create_time`       timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
  `update_time`       timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
-);
+) ENGINE=InnoDB;

 CREATE INDEX `index_site_info_user_id` ON `cd_site_info` (`user_id`);
 CREATE INDEX `index_site_info_domain` ON `cd_site_info` (`domain`);
@@ -16,5 +16,5 @@ CREATE TABLE `cd_domain`
 );

 CREATE INDEX `index_domain_user_id` ON `cd_domain` (`user_id`);
-CREATE INDEX `index_domain_domain` ON `cd_domain` (`domain`);
+CREATE INDEX `index_domain_domain` ON `cd_domain` (`domain`(100));

@@ -1,5 +1,5 @@

-CREATE TABLE `cd_oauth_bound`
+CREATE TABLE IF NOT EXISTS `cd_oauth_bound`
 (
  `id`          bigint PRIMARY KEY AUTO_INCREMENT NOT NULL,
  `user_id`     bigint      NOT NULL,
@@ -7,8 +7,8 @@ CREATE TABLE `cd_oauth_bound`
  `open_id`     varchar(512) NOT NULL,
  `create_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP,
  `update_time` timestamp     NOT NULL DEFAULT CURRENT_TIMESTAMP
-);
+) ENGINE=InnoDB;


 CREATE INDEX `index_oauth_bound_user_id` ON `cd_oauth_bound` (`user_id`);
-CREATE INDEX `index_oauth_bound_open_id` ON `cd_oauth_bound` (`open_id`);
+CREATE INDEX `index_oauth_bound_open_id` ON `cd_oauth_bound` (`open_id`(190));
@@ -75,6 +75,8 @@ function transformMysql() {
    pgSql = pgSql.replaceAll(/text/g, 'longtext');
    //双引号 替换成反引号
    pgSql = pgSql.replaceAll(/"/g, '`');
+    //create table if not exists
+    pgSql = pgSql.replaceAll(/CREATE TABLE ([ ]+)`/g, 'CREATE TABLE IF NOT EXISTS `');

    fs.writeFileSync(`./migration-mysql/${notFile}`, pgSql);
  }
@@ -1,6 +1,6 @@
 {
  "name": "@certd/ui-server",
-  "version": "1.38.7",
+  "version": "1.38.8",
  "description": "fast-server base midway",
  "private": true,
  "type": "module",
@@ -48,20 +48,20 @@
    "@aws-sdk/client-iam": "^3.964.0",
    "@aws-sdk/client-route-53": "^3.964.0",
    "@aws-sdk/client-s3": "^3.964.0",
-    "@certd/acme-client": "^1.38.7",
-    "@certd/basic": "^1.38.7",
-    "@certd/commercial-core": "^1.38.7",
+    "@certd/acme-client": "^1.38.8",
+    "@certd/basic": "^1.38.8",
+    "@certd/commercial-core": "^1.38.8",
    "@certd/cv4pve-api-javascript": "^8.4.2",
-    "@certd/jdcloud": "^1.38.7",
-    "@certd/lib-huawei": "^1.38.7",
-    "@certd/lib-k8s": "^1.38.7",
-    "@certd/lib-server": "^1.38.7",
-    "@certd/midway-flyway-js": "^1.38.7",
-    "@certd/pipeline": "^1.38.7",
-    "@certd/plugin-cert": "^1.38.7",
-    "@certd/plugin-lib": "^1.38.7",
-    "@certd/plugin-plus": "^1.38.7",
-    "@certd/plus-core": "^1.38.7",
+    "@certd/jdcloud": "^1.38.8",
+    "@certd/lib-huawei": "^1.38.8",
+    "@certd/lib-k8s": "^1.38.8",
+    "@certd/lib-server": "^1.38.8",
+    "@certd/midway-flyway-js": "^1.38.8",
+    "@certd/pipeline": "^1.38.8",
+    "@certd/plugin-cert": "^1.38.8",
+    "@certd/plugin-lib": "^1.38.8",
+    "@certd/plugin-plus": "^1.38.8",
+    "@certd/plus-core": "^1.38.8",
    "@google-cloud/publicca": "^1.3.0",
    "@huaweicloud/huaweicloud-sdk-cdn": "^3.1.185",
    "@huaweicloud/huaweicloud-sdk-core": "^3.1.185",
@@ -4,7 +4,7 @@ import { MidwayConfig } from '@midwayjs/core';
 // import { fileURLToPath } from 'node:url';
 // // const __filename = fileURLToPath(import.meta.url);
 // const __dirname = dirname(fileURLToPath(import.meta.url));
-import { FlywayHistory } from '@certd/midway-flyway-js';
+import { FlywayHistory, setFlywayLogger } from '@certd/midway-flyway-js';
 import { UserEntity } from '../modules/sys/authority/entity/user.js';
 import { PipelineEntity } from '../modules/pipeline/entity/pipeline.js';
 //import { logger } from '../utils/logger';
@@ -15,6 +15,7 @@ import { commercialEntities } from '@certd/commercial-core';
 import { tmpdir } from 'node:os';
 import { DefaultUploadFileMimeType, uploadWhiteList } from '@midwayjs/upload';
 import path from 'path';
+import { logger } from '@certd/basic';

 const env = process.env.NODE_ENV || 'development';

@@ -137,4 +138,6 @@ mergeConfig(development, 'development');

 mergeConfig(development, env);

+setFlywayLogger(logger);
+
 export default development;
@@ -78,7 +78,7 @@ export class MainConfiguration {
  app: koa.Application;

  async onReady() {
-
+    // 设置flyway logger


    // add middleware
@@ -48,8 +48,8 @@ export class UserTwoFactorSettingController extends BaseController {
  @Post("/authenticator/qrcode", { summary: Constants.per.authOnly })
  async authenticatorQrcode() {
    const userId = this.getUserId();
-    const qrcode = await this.twoFactorService.getAuthenticatorQrCode(userId);
-    return this.ok(qrcode);
+    const {qrcode,link,secret} = await this.twoFactorService.getAuthenticatorQrCode(userId);
+    return this.ok({qrcode,link,secret}); 
  }

  @Post("/authenticator/save", { summary: Constants.per.authOnly })
@@ -33,7 +33,8 @@ export class TwoFactorService {

    //生成qrcode base64
    const qrcode = await import("qrcode");
-    return await qrcode.toDataURL(qrcodeContent);
+    const qrcodeBase64 = await qrcode.toDataURL(qrcodeContent);
+    return {qrcode:qrcodeBase64,link:qrcodeContent,secret}

  }

@@ -1,5 +1,5 @@
-import {ISubDomainsGetter} from "@certd/plugin-cert";
-import {SubDomainService} from "../sub-domain-service.js";
+import { ISubDomainsGetter } from "@certd/plugin-cert";
+import { SubDomainService } from "../sub-domain-service.js";
 import { DomainService } from "../../../cert/service/domain-service.js";

 export class SubDomainsGetter implements ISubDomainsGetter {
@@ -18,18 +18,39 @@ export class SubDomainsGetter implements ISubDomainsGetter {
  }

  async hasSubDomain(fullDomain: string) {
+    let arr = fullDomain.split(".")
    const subDomains = await this.getSubDomains()
-     if (subDomains && subDomains.length > 0) {
+    if (subDomains && subDomains.length > 0) {
      const fullDomainDot = "." + fullDomain;
      for (const subDomain of subDomains) {
        if (fullDomainDot.endsWith("." + subDomain)) {
          //找到子域名托管
          return subDomain;
        }
+
+        if (subDomain.startsWith("*.")) {
+          //如果子域名配置的是泛域名，说明这一层及以下的子域名都是托管的
+          //以fullDomain在这一层的子域名作为返回值
+          const nonStarDomain = subDomain.slice(1)
+          if (fullDomainDot.endsWith(nonStarDomain)) {
+            //提取fullDomain在这一层的子域名
+            const fullArr = arr.reverse()
+            const subArr = subDomain.split(".").reverse()
+            let strBuilder = ""
+            for (let i =0 ;i<subArr.length;i++) {
+              if (strBuilder) {
+                strBuilder = fullArr[i] + "." + strBuilder
+              } else {
+                strBuilder = fullArr[i]
+              }
+            }
+            return strBuilder
+          }
+        }
+
      }
    }
-    let arr = fullDomain.split(".")
-    while(arr.length>0){
+    while (arr.length > 0) {
      const subDomain = arr.join(".")
      const domain = await this.domainService.findOne({
        where: {
@@ -38,10 +59,10 @@ export class SubDomainsGetter implements ISubDomainsGetter {
          challengeType: "dns",
        }
      })
-      if(domain){
+      if (domain) {
        return subDomain
      }
-       arr = arr.slice(1)
+      arr = arr.slice(1)
    }
    return null
  }
@@ -5,7 +5,7 @@ import {
  createRemoteSelectInputDefine
 } from "@certd/plugin-lib";
 import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
-import { AliyunClient, AliyunSslClient } from "../../../plugin-lib/aliyun/lib/index.js";
+import { AliyunClient, AliyunSslClient, CasCertId } from "../../../plugin-lib/aliyun/lib/index.js";
 import { AliyunClientV2 } from "../../../plugin-lib/aliyun/lib/aliyun-client-v2.js";

@IsTaskPlugin({
@@ -31,7 +31,7 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
    },
    required: true
  })
-  cert!: CertInfo | number;
+  cert!: CertInfo | CasCertId | number;

  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
  certDomains!: string[];
@@ -298,18 +298,25 @@ export class AliyunDeployCertToALB extends AbstractTaskPlugin {
  async getAliyunCertId(access: AliyunAccess) {
    let certId: any = this.cert;
    if (typeof this.cert === "object") {
+
+      const certInfo = this.cert as CertInfo;
+      const casCert =  this.cert as CasCertId;
      const sslClient = new AliyunSslClient({
        access,
        logger: this.logger,
        endpoint: this.casEndpoint
      });

-      const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt));
-      const certIdRes = await sslClient.uploadCertificate({
-        name: certName,
-        cert: this.cert
-      });
-      certId = certIdRes.certId as any; 
+      if (certInfo.crt) {
+        const certName = this.buildCertName(CertReader.getMainDomain(certInfo.crt));
+        const certIdRes = await sslClient.uploadCertificate({
+          name: certName,
+          cert: certInfo,
+        });
+        certId = certIdRes.certId as any; 
+      }else if (casCert.certId){
+        certId = casCert.certId;
+      }
    }

    return certId;
@@ -2,7 +2,7 @@ import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput
 import { CertApplyPluginNames, CertInfo } from "@certd/plugin-cert";
 import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
 import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
-import { AliyunSslClient } from "../../../plugin-lib/aliyun/lib/ssl-client.js";
+import { AliyunSslClient, CasCertId } from "../../../plugin-lib/aliyun/lib/ssl-client.js";

@IsTaskPlugin({
  name: "AliyunDeployCertToAll",
@@ -27,7 +27,7 @@ export class AliyunDeployCertToAll extends AbstractTaskPlugin {
    },
    required: true,
  })
-  cert!: CertInfo | number;
+  cert!: CertInfo | CasCertId | number;

  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
  certDomains!: string[];
@@ -155,11 +155,17 @@ export class AliyunDeployCertToAll extends AbstractTaskPlugin {
    //
    let certId: any = this.cert;
    if (typeof this.cert === "object") {
-      const certIdRes = await sslClient.uploadCertificate({
-        name: this.appendTimeSuffix("certd"),
-        cert: this.cert,
-      });
-      certId = certIdRes.certId as any;
+      const certInfo = this.cert as CertInfo;
+      const casCert = this.cert as CasCertId;
+      if (casCert.certId) {
+        certId = casCert.certId;
+      } else {
+        const certIdRes = await sslClient.uploadCertificate({
+          name: this.appendTimeSuffix("certd"),
+          cert: certInfo,
+        });
+        certId = certIdRes.certId as any;
+      }
    }

    const jobId = await this.createDeployJob(sslClient, certId);
@@ -4,7 +4,7 @@ import {
  createRemoteSelectInputDefine
 } from "@certd/plugin-lib";
 import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
-import { AliyunSslClient } from "../../../plugin-lib/aliyun/lib/ssl-client.js";
+import { AliyunSslClient, CasCertId } from "../../../plugin-lib/aliyun/lib/ssl-client.js";
 import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
 import {optionsUtils} from "@certd/basic";

@@ -30,7 +30,7 @@ export class DeployCertToAliyunApig extends AbstractTaskPlugin {
    },
    required: true,
  })
-  cert!: CertInfo | string;
+  cert!: CertInfo | CasCertId |number;

  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
  certDomains!: string[];
@@ -137,11 +137,16 @@ export class DeployCertToAliyunApig extends AbstractTaskPlugin {
        logger: this.logger,
        region: this.casRegion,
      });
-
-      certId = await sslClient.uploadCert({
-        name: this.buildCertName(CertReader.getMainDomain(this.cert.crt)),
-        cert: this.cert,
-      });
+      const certInfo = this.cert as CertInfo;
+      const casCert = this.cert as CasCertId;
+      if (casCert.certId) {
+        certId = casCert.certId;
+      } else {
+        certId = await sslClient.uploadCert({
+          name: this.buildCertName(CertReader.getMainDomain(certInfo.crt)),
+          cert: certInfo,
+        });
+      }
    }

    const certIdentify  = `${certId}-${this.casRegion}`
@@ -1,9 +1,9 @@
 import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
-import { createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from '@certd/plugin-lib';
+import { CertInfo, createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from '@certd/plugin-lib';
 import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
 import { optionsUtils } from '@certd/basic';
 import { CertApplyPluginNames, CertReader } from "@certd/plugin-cert";
-import { AliyunClient, AliyunSslClient } from "../../../plugin-lib/aliyun/lib/index.js";
+import { AliyunClient, AliyunSslClient, CasCertId } from "../../../plugin-lib/aliyun/lib/index.js";
@IsTaskPlugin({
  name: 'DeployCertToAliyunCDN',
  title: '阿里云-部署证书至CDN',
@@ -43,7 +43,7 @@ export class DeployCertToAliyunCDN extends AbstractTaskPlugin {
    template:false,
    required: true,
  })
-  cert!: string;
+  cert!: CertInfo | CasCertId |number;

  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
  certDomains!: string[];
@@ -113,13 +113,18 @@ export class DeployCertToAliyunCDN extends AbstractTaskPlugin {
    let certName =  this.appendTimeSuffix(this.certName);

    if (typeof this.cert === 'object') {
-      // @ts-ignore
-      const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt))
-      const certIdRes = await sslClient.uploadCertificate({
-        name:certName,
-        cert: this.cert,
-      });
-      certId = certIdRes.certId as any;
+      const certInfo = this.cert as CertInfo;
+      const casCert = this.cert as CasCertId;
+      if (casCert.certId) {
+        certId = casCert.certId;
+      } else {
+        certName = this.buildCertName(CertReader.getMainDomain(certInfo.crt))
+        const certIdRes = await sslClient.uploadCertificate({
+          name:certName,
+          cert: certInfo,
+        });
+        certId = certIdRes.certId as any;
+      }
    }

    const client = await this.getClient(access);
@@ -151,6 +156,7 @@ export class DeployCertToAliyunCDN extends AbstractTaskPlugin {
  }

  async SetCdnDomainSSLCertificate(client: any, params: { CertId: number; DomainName: string,CertName:string,CertRegion:string }) {
+    this.logger.info('设置CDN: ',JSON.stringify(params));
    const requestOption = {
      method: 'POST',
      formatParams: false,
@@ -7,9 +7,9 @@ import {
 import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";

 import { CertInfo } from '@certd/plugin-cert';
-import { CertApplyPluginNames} from '@certd/plugin-cert';
+import { CertApplyPluginNames } from '@certd/plugin-cert';
 import { optionsUtils } from "@certd/basic";
-import { AliyunClient } from "../../../plugin-lib/aliyun/lib/index.js";
+import { AliyunClient, CasCertId } from "../../../plugin-lib/aliyun/lib/index.js";
@IsTaskPlugin({
  name: 'DeployCertToAliyunDCDN',
  title: '阿里云-部署证书至DCDN',
@@ -32,7 +32,7 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
    },
    required: true,
  })
-  cert!: CertInfo | number;
+  cert!: CertInfo | CasCertId | number;

  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
  certDomains!: string[];
@@ -68,18 +68,18 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
  domainName!: string | string[];


-  async onInstance() {}
+  async onInstance() { }
  async execute(): Promise<void> {
    this.logger.info('开始部署证书到阿里云DCDN');
-    if(!this.domainName){
+    if (!this.domainName) {
      throw new Error('您还未选择DCDN域名');
    }
    const access = (await this.getAccess(this.accessId)) as AliyunAccess;
    const client = await this.getClient(access);
-    if(typeof this.domainName  === 'string'){
+    if (typeof this.domainName === 'string') {
      this.domainName = [this.domainName];
    }
-    for (const domainName of this.domainName ) {
+    for (const domainName of this.domainName) {
      this.logger.info(`[${domainName}]开始部署`)
      const params = await this.buildParams(domainName);
      await this.doRequest(client, params);
@@ -100,30 +100,32 @@ export class DeployCertToAliyunDCDN extends AbstractTaskPlugin {
    return client;
  }

-  async buildParams(domainName:string) {
+  async buildParams(domainName: string) {
    const CertName = (this.certName ?? 'certd') + '-' + dayjs().format('YYYYMMDDHHmmss');

-    if (typeof this.cert !== 'object') {
-      const certId = this.cert;
-      this.logger.info('使用已上传的证书:', certId);
-      return {
-        DomainName: domainName,
-        SSLProtocol: 'on',
-        CertType: 'cas',
-        CertName: CertName,
-        CertId: certId,
-      };
+    let certId: any = this.cert
+    if (typeof this.cert === 'object') {
+      const certInfo = this.cert as CertInfo;
+      if (certInfo.crt) {
+        this.logger.info('上传证书:', CertName);
+        const cert: any = this.cert;
+        return {
+          DomainName: domainName,
+          SSLProtocol: 'on',
+          CertName: CertName,
+          CertType: 'upload',
+          SSLPub: cert.crt,
+          SSLPri: cert.key,
+        };
+      }
    }
-
-    this.logger.info('上传证书:', CertName);
-    const cert: any = this.cert;
+    this.logger.info('使用已上传的证书:', certId);
    return {
      DomainName: domainName,
      SSLProtocol: 'on',
+      CertType: 'cas',
      CertName: CertName,
-      CertType: 'upload',
-      SSLPub: cert.crt,
-      SSLPri: cert.key,
+      CertId: certId,
    };
  }

@@ -5,7 +5,7 @@ import {
  createRemoteSelectInputDefine
 } from "@certd/plugin-lib";
 import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
-import { AliyunSslClient } from "../../../plugin-lib/aliyun/lib/ssl-client.js";
+import { AliyunSslClient, CasCertId } from "../../../plugin-lib/aliyun/lib/ssl-client.js";
 import { AliyunClientV2 } from "../../../plugin-lib/aliyun/lib/aliyun-client-v2.js";
 import dayjs from "dayjs";

@@ -32,7 +32,7 @@ export class AliyunDeployCertToESA extends AbstractTaskPlugin {
    },
    required: true
  })
-  cert!: CertInfo;
+  cert!: CertInfo | CasCertId | number;

  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
  certDomains!: string[];
@@ -117,14 +117,21 @@ export class AliyunDeployCertToESA extends AbstractTaskPlugin {
        endpoint: this.casEndpoint
      });

-      certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt));
+      const certInfo = this.cert as CertInfo;
+      const casCert = this.cert as CasCertId;
+      if (casCert.certId) {
+        certId = casCert.certId;
+        certName = casCert.certName;
+      } else {
+        certName = this.buildCertName(CertReader.getMainDomain(certInfo.crt));

-      const certIdRes = await sslClient.uploadCertificate({
-        name: certName,
-        cert: this.cert
-      });
-      certId = certIdRes.certId as any;
-      this.logger.info("上传证书成功", certId, certName);
+        const certIdRes = await sslClient.uploadCertificate({
+          name: certName,
+          cert: certInfo
+        });
+        certId = certIdRes.certId as any;
+        this.logger.info("上传证书成功", certId, certName);
+      }
    }
    return {
      certId,
@@ -5,7 +5,7 @@ import {
  createRemoteSelectInputDefine
 } from "@certd/plugin-lib";
 import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
-import { AliyunSslClient } from "../../../plugin-lib/aliyun/lib/ssl-client.js";
+import { AliyunSslClient, CasCertId } from "../../../plugin-lib/aliyun/lib/ssl-client.js";

@IsTaskPlugin({
  name: "AliyunDeployCertToGA",
@@ -30,7 +30,7 @@ export class AliyunDeployCertToGA extends AbstractTaskPlugin {
    },
    required: true
  })
-  cert!: CertInfo|number;
+  cert!: CertInfo|number | CasCertId;

  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
  certDomains!: string[];
@@ -123,7 +123,7 @@ export class AliyunDeployCertToGA extends AbstractTaskPlugin {
      logger: this.logger,
      endpoint: this.casEndpoint
    });
-    return await sslClient.uploadCertOrGet(this.cert)
+    return await sslClient.uploadCertOrGet(this.cert as any)
  }

  async execute(): Promise<void> {
@@ -6,7 +6,7 @@ import {
 } from "@certd/plugin-lib";
 import { CertApplyPluginNames} from '@certd/plugin-cert';
 import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
-import { AliyunClient, AliyunSslClient } from "../../../plugin-lib/aliyun/lib/index.js";
+import { AliyunClient, AliyunSslClient, CasCertId } from "../../../plugin-lib/aliyun/lib/index.js";
 import { AliyunClientV2 } from '../../../plugin-lib/aliyun/lib/aliyun-client-v2.js';
@IsTaskPlugin({
  name: 'AliyunDeployCertToNLB',
@@ -31,7 +31,7 @@ export class AliyunDeployCertToNLB extends AbstractTaskPlugin {
    },
    required: true,
  })
-  cert!: CertInfo | number;
+  cert!: CertInfo | number | CasCertId;

  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
  certDomains!: string[];
@@ -286,17 +286,25 @@ export class AliyunDeployCertToNLB extends AbstractTaskPlugin {
  async getAliyunCertId(access: AliyunAccess) {
    let certId: any = this.cert;
    if (typeof this.cert === 'object') {
+
+      const casCert = this.cert as CasCertId;
+      if (casCert.certId) {
+        return casCert.certId;
+      }
+
+      const certInfo = this.cert as CertInfo;
+
      const sslClient = new AliyunSslClient({
        access,
        logger: this.logger,
        endpoint: this.casEndpoint,
      });

-      const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt))
+      const certName = this.buildCertName(CertReader.getMainDomain(certInfo.crt))

      const certIdRes = await sslClient.uploadCertificate({
        name: certName,
-        cert: this.cert,
+        cert: certInfo,
      });
      certId = certIdRes.certId as any;
    }
@@ -1,14 +1,13 @@
-import {AbstractTaskPlugin, IsTaskPlugin, Pager, pluginGroups, RunStrategy, TaskInput} from '@certd/pipeline';
+import { optionsUtils } from "@certd/basic";
+import { AbstractTaskPlugin, IsTaskPlugin, Pager, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
+import { CertApplyPluginNames, CertInfo } from '@certd/plugin-cert';
 import {
  createCertDomainGetterInputDefine,
  createRemoteSelectInputDefine
 } from '@certd/plugin-lib';
-import {CertInfo, CertReader} from '@certd/plugin-cert';
-import { CertApplyPluginNames} from '@certd/plugin-cert';
-import {optionsUtils} from "@certd/basic";
-import {isArray} from "lodash-es";
+import { isArray } from "lodash-es";
 import { AliyunAccess } from '../../../plugin-lib/aliyun/access/index.js';
-import { AliyunSslClient } from '../../../plugin-lib/aliyun/lib/index.js';
+import { CasCertId } from '../../../plugin-lib/aliyun/lib/index.js';
@IsTaskPlugin({
  name: 'DeployCertToAliyunOSS',
  title: '阿里云-部署证书至OSS',
@@ -32,7 +31,7 @@ export class DeployCertToAliyunOSS extends AbstractTaskPlugin {
    },
    required: true,
  })
-  cert!: CertInfo | string;
+  cert!: CertInfo | number | CasCertId;

  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
  certDomains!: string[];
@@ -147,7 +146,6 @@ export class DeployCertToAliyunOSS extends AbstractTaskPlugin {
    this.logger.info('开始部署证书到阿里云OSS');
    const access = (await this.getAccess(this.accessId)) as AliyunAccess;

-    await this.getAliyunCertId(access)
    this.logger.info(`bucket: ${this.bucket}, region: ${this.region}, domainName: ${this.domainName}`);
    const client = await this.getClient(access);
    if (typeof this.domainName === "string"){
@@ -169,12 +167,19 @@ export class DeployCertToAliyunOSS extends AbstractTaskPlugin {
    });

    let certStr =  ""
+
    if (typeof this.cert === "object" ){
-      certStr = `
-      <PrivateKey>${this.cert.key}</PrivateKey>
-      <Certificate>${this.cert.crt}</Certificate>
-`
-    }else{
+      const certInfo = this.cert as CertInfo;
+      if (certInfo.crt){
+        certStr = `
+              <PrivateKey>${certInfo.key}</PrivateKey>
+              <Certificate>${certInfo.crt}</Certificate>
+        `
+      }else{
+        const casCert = this.cert as CasCertId;
+        certStr = `<CertId>${casCert.certIdentifier}</CertId>`
+      }
+    }else {
      certStr = `<CertId>${this.cert}-${this.casRegion}</CertId>`
    }

@@ -196,34 +201,6 @@ export class DeployCertToAliyunOSS extends AbstractTaskPlugin {
    return res;
  }

-  async getAliyunCertId(access: AliyunAccess) {
-    let certId: any = this.cert;
-    let certName: any = this.appendTimeSuffix("certd");
-    if (typeof this.cert === "object") {
-      let endpoint = `cas.${this.casRegion}.aliyuncs.com`;
-      if (this.casRegion === "cn-hangzhou" || !this.casRegion){
-        endpoint = "cas.aliyuncs.com";
-      }
-      const sslClient = new AliyunSslClient({
-        access,
-        logger: this.logger,
-        endpoint: endpoint
-      });
-
-      certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt));
-
-      const certIdRes = await sslClient.uploadCertificate({
-        name: certName,
-        cert: this.cert
-      });
-      certId = certIdRes.certId as any;
-      this.logger.info("上传证书成功", certId, certName);
-    }
-    return {
-      certId,
-      certName
-    };
-  }

  async getClient(access: AliyunAccess) {
    // @ts-ignore
@@ -1,10 +1,10 @@
-import {AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput} from '@certd/pipeline';
-import {CertInfo} from '@certd/plugin-cert';
+import { AbstractTaskPlugin, IsTaskPlugin, PageSearch, pluginGroups, RunStrategy, TaskInput } from '@certd/pipeline';
+import { CertInfo } from '@certd/plugin-cert';
 import {
  createCertDomainGetterInputDefine,
  createRemoteSelectInputDefine
 } from '@certd/plugin-lib';
-import {CertApplyPluginNames} from '@certd/plugin-cert';
+import { CertApplyPluginNames } from '@certd/plugin-cert';
 import { AliyunAccess } from '../../../plugin-lib/aliyun/access/index.js';
 import { AliyunClient, AliyunSslClient, CasCertInfo } from '../../../plugin-lib/aliyun/lib/index.js';

@@ -31,9 +31,9 @@ export class AliyunDeployCertToSLB extends AbstractTaskPlugin {
    },
    required: true,
  })
-  cert!: CertInfo | number;
+  cert!: CertInfo | number | CasCertInfo;

-  @TaskInput(createCertDomainGetterInputDefine({props: {required: false}}))
+  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
  certDomains!: string[];


@@ -44,9 +44,9 @@ export class AliyunDeployCertToSLB extends AbstractTaskPlugin {
    component: {
      name: 'a-select',
      options: [
-        {value: 'cas.aliyuncs.com', label: '中国大陆'},
-        {value: 'cas.ap-southeast-1.aliyuncs.com', label: '新加坡'},
-        {value: 'cas.eu-central-1.aliyuncs.com', label: '德国（法兰克福）'},
+        { value: 'cas.aliyuncs.com', label: '中国大陆' },
+        { value: 'cas.ap-southeast-1.aliyuncs.com', label: '新加坡' },
+        { value: 'cas.eu-central-1.aliyuncs.com', label: '德国（法兰克福）' },
      ],
    },
    required: true,
@@ -99,24 +99,24 @@ export class AliyunDeployCertToSLB extends AbstractTaskPlugin {


  @TaskInput({
-      title: "部署默认证书",
-      value: true,
-      component: {
-        name: "a-switch",
-        vModel: "checked"
-      }
+    title: "部署默认证书",
+    value: true,
+    component: {
+      name: "a-switch",
+      vModel: "checked"
    }
+  }
  )
  deployDefault!: boolean;

  @TaskInput({
-      title: "部署扩展证书",
-      value: false,
-      component: {
-        name: "a-switch",
-        vModel: "checked"
-      }
+    title: "部署扩展证书",
+    value: false,
+    component: {
+      name: "a-switch",
+      vModel: "checked"
    }
+  }
  )
  deployExtension!: boolean;

@@ -126,8 +126,8 @@ export class AliyunDeployCertToSLB extends AbstractTaskPlugin {
      title: '扩展域名列表',
      helper: '要部署扩展域名列表',
      action: AliyunDeployCertToSLB.prototype.onGetExtensionDomainList.name,
-      watches: ['listeners','deployExtension'],
-      mergeScript:`
+      watches: ['listeners', 'deployExtension'],
+      mergeScript: `
        return {
        show: ctx.compute(({form})=>{
          return form.deployExtension;
@@ -143,7 +143,7 @@ export class AliyunDeployCertToSLB extends AbstractTaskPlugin {
  }

  async getLBClient(access: AliyunAccess, region: string) {
-    const client = new AliyunClient({logger: this.logger});
+    const client = new AliyunClient({ logger: this.logger });
    const version = '2014-05-15';
    await client.init({
      accessKeyId: access.accessKeyId,
@@ -163,10 +163,10 @@ export class AliyunDeployCertToSLB extends AbstractTaskPlugin {
    const aliyunCert = await this.getAliyunCertId(access);
    const slbServerCertId = await this.uploadServerCert(client, aliyunCert);

-    if (this.deployDefault!==false) {
+    if (this.deployDefault !== false) {
      this.logger.info("部署监听器默认证书")
      for (const listener of this.listeners) {
-        const {port, loadBalanceId} = this.resolveListenerKey(listener)
+        const { port, loadBalanceId } = this.resolveListenerKey(listener)
        const params = {
          RegionId: this.regionId,
          LoadBalancerId: loadBalanceId,
@@ -185,7 +185,7 @@ export class AliyunDeployCertToSLB extends AbstractTaskPlugin {

      const clientV2 = this.getCLBClientV2(access);
      for (const domainStr of this.extensionDomains) {
-        const {extensionDomainId} = this.resolveListenerKey(domainStr)
+        const { extensionDomainId } = this.resolveListenerKey(domainStr)
        const res = await clientV2.doRequest({
          action: "SetDomainExtensionAttribute",
          // 接口版本
@@ -251,11 +251,20 @@ export class AliyunDeployCertToSLB extends AbstractTaskPlugin {

    if (typeof this.cert === 'object') {
      const name = this.appendTimeSuffix('certd');
-      const certIdRes = await sslClient.uploadCertificate({
-        name: name,
-        cert: this.cert,
-      });
-      certId = certIdRes.certId as any;
+
+      const casCert = this.cert as CasCertInfo;
+      if (casCert.certIdentifier) {
+        certId = casCert.certId;
+      } else {
+        const cert = this.cert as CertInfo;
+        const certIdRes = await sslClient.uploadCertificate({
+          name: name,
+          cert: cert,
+        });
+        certId = certIdRes.certId as any;
+      }
+
+
    }

    return await sslClient.getCertInfo(certId);
@@ -360,7 +369,7 @@ export class AliyunDeployCertToSLB extends AbstractTaskPlugin {

    const allDomains: any[] = []
    for (const ls of this.listeners) {
-      const {port, loadBalanceId, protocol} = this.resolveListenerKey(ls)
+      const { port, loadBalanceId, protocol } = this.resolveListenerKey(ls)
      const domains = await this.doGetExtensionDomainList({
        access,
        loadBalancerId: loadBalanceId,
@@ -381,7 +390,7 @@ export class AliyunDeployCertToSLB extends AbstractTaskPlugin {
    listenerProtocol: string,
    access: AliyunAccess
  }) {
-    const {loadBalancerId, listenerPort, listenerProtocol, access} = data;
+    const { loadBalancerId, listenerPort, listenerProtocol, access } = data;
    const client = access.getClient(`slb.${this.regionId}.aliyuncs.com`)

    let queries = {
@@ -412,7 +421,7 @@ export class AliyunDeployCertToSLB extends AbstractTaskPlugin {
      return {
        value: value,
        label: label,
-        domain:i.Domain
+        domain: i.Domain
      };
    });
  }
@@ -1,11 +1,11 @@
-import { AbstractTaskPlugin, IsTaskPlugin, Pager,PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
+import { AbstractTaskPlugin, IsTaskPlugin, Pager, PageSearch, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
 import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
 import {
  createCertDomainGetterInputDefine,
  createRemoteSelectInputDefine
 } from "@certd/plugin-lib";
 import { AliyunAccess } from "../../../plugin-lib/aliyun/access/index.js";
-import { AliyunClient, AliyunSslClient } from "../../../plugin-lib/aliyun/lib/index.js";
+import { AliyunClient, AliyunSslClient, CasCertInfo } from "../../../plugin-lib/aliyun/lib/index.js";

@IsTaskPlugin({
  name: 'AliyunDeployCertToWaf',
@@ -30,7 +30,7 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
    },
    required: true,
  })
-  cert!: CertInfo | number;
+  cert!: CertInfo | number | CasCertInfo;

  @TaskInput(createCertDomainGetterInputDefine({ props: { required: false } }))
  certDomains!: string[];
@@ -83,8 +83,8 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
      helper: '请选择要部署证书的CNAME站点',
      action: AliyunDeployCertToWaf.prototype.onGetCnameList.name,
      watches: ['accessId', 'regionId'],
-      pager:true,
-      search:true,
+      pager: true,
+      search: true,
    })
  )
  cnameDomains!: string[];
@@ -105,7 +105,7 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
  })
  tlsVersion!: string;

-    @TaskInput({
+  @TaskInput({
    title: '启用TLSv3',
    value: true,
    component: {
@@ -118,7 +118,7 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {



-  async onInstance() {}
+  async onInstance() { }

  async getWafClient(access: AliyunAccess) {
    const client = new AliyunClient({ logger: this.logger });
@@ -152,11 +152,17 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
        endpoint: this.casEndpoint,
      });

-      const certIdRes = await sslClient.uploadCertificate({
-        name: this.buildCertName(CertReader.getMainDomain(this.cert.crt)),
-        cert: this.cert,
-      });
-      certId = certIdRes.certId as any;
+      const cert = this.cert as CertInfo;
+      if (cert.crt) {
+        const certIdRes = await sslClient.uploadCertificate({
+          name: this.buildCertName(CertReader.getMainDomain(cert.crt)),
+          cert: cert,
+        });
+        certId = certIdRes.certId as any;
+      }else {
+        const casCert = this.cert as CasCertInfo;
+        certId = casCert.certId;
+      }
    }

    const client = await this.getWafClient(access);
@@ -211,13 +217,13 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
    const pager = new Pager(data)

    const instanceId = await this.getInstanceId(client);
-    const params:any = {
+    const params: any = {
      RegionId: this.regionId,
      InstanceId: instanceId,
      PageSize: pager.pageSize,
      PageNumber: pager.pageNo,
    };
-    if (data.searchKey){
+    if (data.searchKey) {
      params.Domain = data.searchKey
    }

@@ -235,7 +241,7 @@ export class AliyunDeployCertToWaf extends AbstractTaskPlugin {
        domain: item.Domain,
      };
    });
-    const list= this.ctx.utils.options.buildGroupOptions(options, this.certDomains);
+    const list = this.ctx.utils.options.buildGroupOptions(options, this.certDomains);

    // const list = [{value:"1",label:"1"},{value:"2",label:"2"}]
    // const total = 120
@@ -1,7 +1,7 @@
 import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput, TaskOutput } from '@certd/pipeline';
 import { CertApplyPluginNames, CertReader } from "@certd/plugin-cert";
 import { AliyunAccess } from '../../../plugin-lib/aliyun/access/index.js';
-import { AliyunSslClient } from '../../../plugin-lib/aliyun/lib/index.js';
+import { AliyunSslClient, CasCertId } from '../../../plugin-lib/aliyun/lib/index.js';
 /**
 * 华东1（杭州）	cn-hangzhou	cas.aliyuncs.com	cas-vpc.cn-hangzhou.aliyuncs.com
 * 马来西亚（吉隆坡）	ap-southeast-3	cas.ap-southeast-3.aliyuncs.com	cas-vpc.ap-southeast-3.aliyuncs.com
@@ -78,7 +78,7 @@ export class UploadCertToAliyun extends AbstractTaskPlugin {
  @TaskOutput({
    title: '上传成功后的阿里云CertId',
  })
-  aliyunCertId!: string;
+  aliyunCertId!: CasCertId;

  async onInstance() {}

@@ -1,13 +1,12 @@
 // @ts-ignore
 import * as acme from "@certd/acme-client";
 import { ClientExternalAccountBindingOptions, UrlMapping } from "@certd/acme-client";
-import * as _ from "lodash-es";
 import { Challenge } from "@certd/acme-client/types/rfc8555.js";
-import { IContext } from "@certd/pipeline";
 import { ILogger, utils } from "@certd/basic";
+import { IContext } from "@certd/pipeline";
+import { IDnsProvider, IDomainParser } from "@certd/plugin-lib";
 import punycode from "punycode.js";
 import { IOssClient } from "../../../plugin-lib/index.js";
-import { IDnsProvider, IDomainParser } from "@certd/plugin-lib";
 export type CnameVerifyPlan = {
  type?: string;
  domain: string;
@@ -112,11 +111,26 @@ export class AcmeService {
  }

  async getAcmeClient(email: string): Promise<acme.Client> {
-    const mappings = {};
-    if (this.sslProvider === "letsencrypt") {
-      mappings["acme-v02.api.letsencrypt.org"] = this.options.reverseProxy || "le.px.certd.handfree.work";
-    } else if (this.sslProvider === "google") {
-      mappings["dv.acme-v02.api.pki.goog"] = this.options.reverseProxy || "gg.px.certd.handfree.work";
+
+    const directoryUrl = acme.getDirectoryUrl({ sslProvider: this.sslProvider, pkType: this.options.privateKeyType });
+    let targetUrl = directoryUrl.replace("https://", "");
+    targetUrl = targetUrl.substring(0, targetUrl.indexOf("/"));
+    
+    const mappings = {
+      "acme-v02.api.letsencrypt.org": "le.px.certd.handfree.work",
+      "dv.acme-v02.api.pki.goog": "gg.px.certd.handfree.work",
+    };
+    const reverseProxies = acme.getSslProviderReverseProxies();
+    if (reverseProxies) {
+      for (const key in reverseProxies) {
+        const value = reverseProxies[key];
+        if (value) {
+          mappings[key] = value;
+        }
+      }
+    }
+    if (this.options.reverseProxy && targetUrl) {
+      mappings[targetUrl] = this.options.reverseProxy;
    }
    const urlMapping: UrlMapping = {
      enabled: false,
@@ -128,7 +142,7 @@ export class AcmeService {
      await this.saveAccountConfig(email, conf);
      this.logger.info(`创建新的Accountkey:${email}`);
    }
-    const directoryUrl = acme.getDirectoryUrl({ sslProvider: this.sslProvider, pkType: this.options.privateKeyType });
+
    if (this.options.useMappingProxy) {
      urlMapping.enabled = true;
    } else {
@@ -147,7 +161,7 @@ export class AcmeService {
      externalAccountBinding: this.eab,
      backoffAttempts: this.options.maxCheckRetryCount || 20,
      backoffMin: 5000,
-      backoffMax: 30*1000,
+      backoffMax: 30 * 1000,
      urlMapping,
      signal: this.options.signal,
      logger: this.logger,
@@ -434,11 +448,7 @@ export class AcmeService {
    if (domains.length === 0) {
      throw new Error("domain can not be empty");
    }
-    // const commonName = domains[0];
-    // let altNames: undefined | string[] = undefined;
-    // if (domains.length > 1) {
-    //   altNames = _.slice(domains, 1);
-    // }
+
    return {
      // commonName,
      altNames: domains,
@@ -458,6 +458,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
    this.eab = eab;
    const subDomainsGetter = await this.ctx.serviceGetter.get<ISubDomainsGetter>("subDomainsGetter");
    const domainParser = new DomainParser(subDomainsGetter, this.logger);
+
    this.acme = new AcmeService({
      userId: this.ctx.user.id,
      userContext: this.userContext,
@@ -673,6 +674,12 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
      },
    };
  }
+
+  async onGetReverseProxyList() {
+    const sysSettingsService:any = await this.ctx.serviceGetter.get("sysSettingsService");
+    const sysSettings = await sysSettingsService.getPrivateSettings();
+    return sysSettings.reverseProxyList || []
+  }
 }

 new CertApplyPlugin();
@@ -1,4 +1,5 @@
 import { AccessInput, BaseAccess, IsAccess } from "@certd/pipeline";
+import { AliyunAccess } from "./aliyun-access.js";

@IsAccess({
  name: "alioss",
@@ -22,9 +23,36 @@ export class AliossAccess extends BaseAccess {
  @AccessInput({
    title: "大区",
    component: {
-      name: "a-auto-complete",
+      name: "remote-auto-complete",
      vModel: "value",
-      options: [
+      type: "access",
+      typeName: "alioss",
+      action: AliossAccess.prototype.onGetRegionList.name
+    },
+    required: true,
+  })
+  region!: string;
+
+  @AccessInput({
+    title: "Bucket",
+    helper: "存储桶名称",
+    required: true,
+    component: {
+      name: "remote-auto-complete",
+      vModel: "value",
+      type: "access",
+      action: AliossAccess.prototype.onGetBucketList.name,
+      search: false,
+      pager: false,
+      watches: ["accessId", "region"],
+    },
+  })
+  bucket!: string;
+
+
+  onGetRegionList(){
+    return {
+      list: [
        { value: "oss-cn-hangzhou", label: "华东1（杭州）" },
        { value: "oss-cn-shanghai", label: "华东2（上海）" },
        { value: "oss-cn-nanjing", label: "华东5（南京-本地地域）" },
@@ -54,18 +82,36 @@ export class AliossAccess extends BaseAccess {
        { value: "oss-eu-west-1", label: "英国（伦敦）" },
        { value: "oss-me-east-1", label: "阿联酋（迪拜）①" },
        { value: "oss-rg-china-mainland", label: "无地域属性（中国内地）" },
-      ],
-    },
-    required: true,
-  })
-  region!: string;
+      ]
+    }
+  }

-  @AccessInput({
-    title: "Bucket",
-    helper: "存储桶名称",
-    required: true,
-  })
-  bucket!: string;
+  async onGetBucketList() {
+    const access = (await this.ctx.accessService.getById(this.accessId)) as AliyunAccess;
+    const client = await this.getClient(access);
+
+    let res;
+    const buckets = [];
+    do {
+      const requestData = { marker: res?.nextMarker || null, "max-keys": 1000 };
+      res = await client.listBuckets(requestData);
+      buckets.push(...(res?.buckets || []));
+    } while (!!res?.nextMarker);
+    return buckets.filter(bucket => bucket?.region === this.region).map(bucket => ({ label: `${bucket.name}<${bucket.region}>`, value: bucket.name }));
+  }
+
+  async getClient(access: AliyunAccess) {
+    // @ts-ignore
+    const OSS = await import("ali-oss");
+    return new OSS.default({
+      accessKeyId: access.accessKeyId,
+      accessKeySecret: access.accessKeySecret,
+      // yourRegion填写Bucket所在地域。以华东1（杭州）为例，Region填写为oss-cn-hangzhou。
+      region: this.region,
+      //@ts-ignore
+      authorizationV4: true,
+    });
+  }
 }

 new AliossAccess();
@@ -126,18 +126,25 @@ export class AliyunSslClient {
    }
  }

-  async uploadCertOrGet(cert: CertInfo | number )  :Promise<CasCertId>{
+  async uploadCertOrGet(cert: CertInfo | number | CasCertId )  :Promise<CasCertId>{
    if (typeof cert === "object") {
+
+      const casCert = cert as CasCertId;
+      if (casCert.certId) {
+        return casCert;
+      }
+      const certInfo = cert as CertInfo;
      // 上传证书到阿里云
      this.logger.info(`开始上传证书`);
-      const certName = CertReader.buildCertName(cert);
+      const certName = CertReader.buildCertName(certInfo);
      const res = await this.uploadCertificate({
        name: certName,
-        cert: cert
+        cert: certInfo
      });
      this.logger.info("上传证书成功", JSON.stringify(res));
      return res
    }
+    //number类型
    const certId = cert as any;
    let certName: any = utils.string.appendTimeSuffix(certId);
    const certIdentifier = this.getCertIdentifier(certId);