mirror of
https://github.com/certd/certd.git
synced 2026-04-23 11:37:23 +08:00
chore: 1
This commit is contained in:
xiaojunnuo
@@ -30,6 +30,7 @@ export type CertInfo = {
|
||||
ic?: string;
|
||||
pfx?: string;
|
||||
der?: string;
|
||||
p12?: string;
|
||||
};
|
||||
export type SSLProvider = "letsencrypt" | "google" | "zerossl";
|
||||
export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";
|
||||
|
||||
@@ -48,14 +48,14 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
|
||||
email!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: "PFX证书密码",
|
||||
title: "证书密码",
|
||||
component: {
|
||||
name: "input-password",
|
||||
vModel: "value",
|
||||
},
|
||||
required: false,
|
||||
order: 100,
|
||||
helper: "PFX格式证书是否需要加密",
|
||||
helper: "PFX、P12格式证书是否需要加密",
|
||||
})
|
||||
pfxPassword!: string;
|
||||
|
||||
@@ -150,18 +150,27 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
|
||||
}
|
||||
this._result.pipelinePrivateVars.cert = cert;
|
||||
|
||||
if (cert.pfx == null || cert.der == null) {
|
||||
if (cert.pfx == null || cert.der == null || cert.p12 == null) {
|
||||
try {
|
||||
const converter = new CertConverter({ logger: this.logger });
|
||||
const res = await converter.convert({
|
||||
cert,
|
||||
pfxPassword: this.pfxPassword,
|
||||
});
|
||||
const pfxBuffer = fs.readFileSync(res.pfxPath);
|
||||
cert.pfx = pfxBuffer.toString("base64");
|
||||
if (res.pfxPath) {
|
||||
const pfxBuffer = fs.readFileSync(res.pfxPath);
|
||||
cert.pfx = pfxBuffer.toString("base64");
|
||||
}
|
||||
|
||||
const derBuffer = fs.readFileSync(res.derPath);
|
||||
cert.der = derBuffer.toString("base64");
|
||||
if (res.derPath) {
|
||||
const derBuffer = fs.readFileSync(res.derPath);
|
||||
cert.der = derBuffer.toString("base64");
|
||||
}
|
||||
|
||||
if (res.p12Path) {
|
||||
const p12Buffer = fs.readFileSync(res.p12Path);
|
||||
cert.p12 = p12Buffer.toString("base64");
|
||||
}
|
||||
|
||||
this.logger.info("转换证书格式成功");
|
||||
isNew = true;
|
||||
@@ -186,12 +195,16 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
|
||||
zip.file("cert.crt", cert.crt);
|
||||
zip.file("cert.key", cert.key);
|
||||
zip.file("intermediate.crt", cert.ic);
|
||||
|
||||
if (cert.pfx) {
|
||||
zip.file("cert.pfx", Buffer.from(cert.pfx, "base64"));
|
||||
}
|
||||
if (cert.der) {
|
||||
zip.file("cert.der", Buffer.from(cert.der, "base64"));
|
||||
}
|
||||
if (cert.p12) {
|
||||
zip.file("cert.p12", Buffer.from(cert.p12, "base64"));
|
||||
}
|
||||
const content = await zip.generateAsync({ type: "nodebuffer" });
|
||||
this.saveFile(filename, content);
|
||||
this.logger.info(`已保存文件:${filename}`);
|
||||
|
||||
@@ -17,16 +17,20 @@ export class CertConverter {
|
||||
async convert(opts: { cert: CertInfo; pfxPassword: string }): Promise<{
|
||||
pfxPath: string;
|
||||
derPath: string;
|
||||
p12Path: string;
|
||||
}> {
|
||||
const certReader = new CertReader(opts.cert);
|
||||
let pfxPath: string;
|
||||
let derPath: string;
|
||||
let p12Path: string;
|
||||
const handle = async (ctx: CertReaderHandleContext) => {
|
||||
// 调用openssl 转pfx
|
||||
pfxPath = await this.convertPfx(ctx, opts.pfxPassword);
|
||||
|
||||
// 转der
|
||||
derPath = await this.convertDer(ctx);
|
||||
|
||||
p12Path = await this.convertP12(ctx, opts.pfxPassword);
|
||||
};
|
||||
|
||||
await certReader.readCertFile({ logger: this.logger, handle });
|
||||
@@ -34,6 +38,7 @@ export class CertConverter {
|
||||
return {
|
||||
pfxPath,
|
||||
derPath,
|
||||
p12Path,
|
||||
};
|
||||
}
|
||||
|
||||
@@ -88,4 +93,25 @@ export class CertConverter {
|
||||
// const filename = reader.buildCertFileName("der", applyTime);
|
||||
// this.saveFile(filename, fileBuffer);
|
||||
}
|
||||
|
||||
async convertP12(opts: CertReaderHandleContext, pfxPassword: string) {
|
||||
const { tmpCrtPath, tmpKeyPath } = opts;
|
||||
const p12Path = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.p12`);
|
||||
|
||||
const dir = path.dirname(p12Path);
|
||||
if (!fs.existsSync(dir)) {
|
||||
fs.mkdirSync(dir, { recursive: true });
|
||||
}
|
||||
try {
|
||||
let passwordArg = "-passout pass:";
|
||||
if (pfxPassword) {
|
||||
passwordArg = `-password pass:${pfxPassword}`;
|
||||
}
|
||||
await this.exec(`openssl pkcs12 -export -in ${tmpCrtPath} -inkey ${tmpKeyPath} -out ${p12Path} -name certd ${passwordArg}`);
|
||||
return p12Path;
|
||||
} catch (e) {
|
||||
this.logger.error("转换jks失败", e);
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user