【新增】宝塔dns

【修复】查看证书于下载证书内容不一致【修复】多个ca无法选中【修复】创建中间证书私有ca加密算法没有默认继承【调整】下载自签证书附带pfx
2025-09-17 15:35:18 +08:00 · 2025-09-17 15:35:18 +08:00 · 5b7245a78d
parent e16d0b748b
commit 5b7245a78d
4 changed files with 49 additions and 3 deletions
--- a/backend/app/api/private_ca/private_ca.go
+++ b/backend/app/api/private_ca/private_ca.go
@ -162,6 +162,10 @@ func DownloadCert(c *gin.Context) {
 		public.FailMsg(c, err.Error())
 		return
 	}
+	if certData == nil {
+		public.FailMsg(c, "证书不存在")
+		return
+	}

 	// 构建 zip 包（内存中）
 	buf := new(bytes.Buffer)
@ -213,6 +217,32 @@ func DownloadCert(c *gin.Context) {
 		}
 	}

+	if certData["algorithm"] == "ecdsa" || certData["algorithm"] == "rsa" {
+		// cert.pfx
+		pfxPassword := "allinssl"
+		pfxData, err := public.PEMToPFX(certStr, keyStr, pfxPassword)
+		if err == nil && len(pfxData) > 0 {
+			pfxWriter, err := zipWriter.Create("IIS/cert.pfx")
+			if err != nil {
+				public.FailMsg(c, err.Error())
+				return
+			}
+			if _, err := pfxWriter.Write(pfxData); err != nil {
+				public.FailMsg(c, err.Error())
+				return
+			}
+			txtWriter, err := zipWriter.Create("IIS/passwd.txt")
+			if err != nil {
+				public.FailMsg(c, err.Error())
+				return
+			}
+			if _, err := txtWriter.Write([]byte(pfxPassword)); err != nil {
+				public.FailMsg(c, err.Error())
+				return
+			}
+		}
+	}
+
 	// 关闭 zipWriter
 	if err := zipWriter.Close(); err != nil {
 		public.FailMsg(c, err.Error())
--- a/backend/internal/cert/apply/apply.go
+++ b/backend/internal/cert/apply/apply.go
@ -3,6 +3,7 @@ package apply
 import (
 	"ALLinSSL/backend/internal/access"
 	"ALLinSSL/backend/internal/cert"
+	"ALLinSSL/backend/internal/cert/apply/lego/bt"
 	"ALLinSSL/backend/internal/cert/apply/lego/jdcloud"
 	"ALLinSSL/backend/internal/cert/apply/lego/webhook"
 	"ALLinSSL/backend/public"
@ -216,6 +217,16 @@ func GetDNSProvider(providerName string, creds map[string]string, httpClient *ht
 		config.APISecret = creds["api_secret"]
 		config.PropagationTimeout = maxWait
 		return spaceship.NewDNSProviderConfig(config)
+	case "btdomain":
+		config := bt.NewDefaultConfig()
+		config.AccountID = creds["account_id"]
+		config.AccessKey = creds["access_key"]
+		config.SecretKey = creds["secret_key"]
+		if creds["base_url"] != "" {
+			config.BaseURL = creds["base_url"]
+		}
+		config.PropagationTimeout = maxWait
+		return bt.NewDNSProviderConfig(config)
 	//case "edgeone":
 	//config :=

--- a/backend/migrations/init.go
+++ b/backend/migrations/init.go
@ -190,6 +190,8 @@ func init() {
 	InsertIfNotExists(db, "access_type", map[string]any{"name": "webhook", "type": "dns"}, []string{"name", "type"}, []any{"webhook", "dns"})
 	InsertIfNotExists(db, "access_type", map[string]any{"name": "webhook", "type": "host"}, []string{"name", "type"}, []any{"webhook", "host"})

+	InsertIfNotExists(db, "access_type", map[string]any{"name": "btdomain", "type": "dns"}, []string{"name", "type"}, []any{"btdomain", "dns"})
+
 	err = sqlite_migrate.EnsureDatabaseWithTables(
 		"data/site_monitor.db",
 		"data/data.db",
--- a/backend/public/cert.go
+++ b/backend/public/cert.go
@ -168,18 +168,21 @@ func PEMToPFX(certPEM, keyPEM, pfxPassword string) ([]byte, error) {
 		return nil, fmt.Errorf("解析证书失败: %v", err)
 	}

-	// 尝试解析私钥(PKCS8或PKCS1格式)
+	// 尝试解析私钥(PKCS8、PKCS1 或 EC 格式)
 	var privKey interface{}
 	privKey, err = x509.ParsePKCS8PrivateKey(keyBlock.Bytes)
 	if err != nil {
 		privKey, err = x509.ParsePKCS1PrivateKey(keyBlock.Bytes)
+		if err != nil {
+			privKey, err = x509.ParseECPrivateKey(keyBlock.Bytes)
 			if err != nil {
 				return nil, fmt.Errorf("解析私钥失败: %v", err)
 			}
 		}
+	}

 	// 编码为PFX格式
-	pfxData, err := pkcs12.Encode(rand.Reader, privKey, cert, nil, pfxPassword)
+	pfxData, err := pkcs12.LegacyRC2.WithRand(rand.Reader).Encode(privKey, cert, nil, pfxPassword)
 	if err != nil {
 		return nil, fmt.Errorf("编码PFX失败: %v", err)
 	}