From 27b6dfa4d2ab3bddd284c3a34511a72e1a513a4c Mon Sep 17 00:00:00 2001 From: xiaojunnuo Date: Thu, 4 Sep 2025 23:42:03 +0800 Subject: [PATCH] =?UTF-8?q?perf:=20=E6=94=AF=E6=8C=81ssl.com=E8=AF=81?= =?UTF-8?q?=E4=B9=A6=E9=A2=81=E5=8F=91=E6=9C=BA=E6=9E=84?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- packages/core/acme-client/src/index.js | 4 ++ packages/core/pipeline/src/plugin/api.ts | 4 +- .../plugin-cert/src/access/eab-access.ts | 2 +- .../src/plugin/cert-plugin/acme.ts | 3 +- .../src/plugin/cert-plugin/cert-reader.ts | 4 +- .../src/plugin/cert-plugin/index.ts | 66 +++++++++++-------- .../plugin/deploy-to-fc/index.ts | 8 ++- 7 files changed, 55 insertions(+), 36 deletions(-) diff --git a/packages/core/acme-client/src/index.js b/packages/core/acme-client/src/index.js index 99cb041f..a40d9544 100644 --- a/packages/core/acme-client/src/index.js +++ b/packages/core/acme-client/src/index.js @@ -25,6 +25,10 @@ export const directory = { staging: 'https://acme.zerossl.com/v2/DV90', production: 'https://acme.zerossl.com/v2/DV90', }, + sslcom:{ + staging: 'https://acme.ssl.com/sslcom-dv-rsa', + production: 'https://acme.ssl.com/sslcom-dv-rsa', + } }; /** diff --git a/packages/core/pipeline/src/plugin/api.ts b/packages/core/pipeline/src/plugin/api.ts index eee946f7..8cb10d19 100644 --- a/packages/core/pipeline/src/plugin/api.ts +++ b/packages/core/pipeline/src/plugin/api.ts @@ -253,9 +253,9 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin { return name + "_" + dayjs().format("YYYYMMDDHHmmssSSS"); } - buildCertName(domain: string) { + buildCertName(domain: string, prefix = "") { domain = domain.replaceAll("*", "_").replaceAll(".", "_"); - return `${domain}_${dayjs().format("YYYYMMDDHHmmssSSS")}`; + return `${prefix}_${domain}_${dayjs().format("YYYYMMDDHHmmssSSS")}`; } async onRequest(req: PluginRequestHandleReq) { diff --git a/packages/plugins/plugin-cert/src/access/eab-access.ts b/packages/plugins/plugin-cert/src/access/eab-access.ts index f5c7379f..1162c4df 100644 --- a/packages/plugins/plugin-cert/src/access/eab-access.ts +++ b/packages/plugins/plugin-cert/src/access/eab-access.ts @@ -12,7 +12,7 @@ export class EabAccess extends BaseAccess { component: { placeholder: "kid / keyId", }, - helper: "EAB KID, google的叫 keyId", + helper: "EAB KID, google的叫 keyId,ssl.com的叫Account/ACME Key", required: true, encrypt: true, }) diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts index 3f55a27b..0362c6c9 100644 --- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts +++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts @@ -50,7 +50,7 @@ export type CertInfo = { one?: string; p7b?: string; }; -export type SSLProvider = "letsencrypt" | "google" | "zerossl"; +export type SSLProvider = "letsencrypt" | "google" | "zerossl" | "sslcom"; export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521"; type AcmeServiceOptions = { userContext: IContext; @@ -373,6 +373,7 @@ export class AcmeService { commonName, ...csrInfo, altNames, + emailAddress: email, }, privateKey ); diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts index df31264f..b2151871 100644 --- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts +++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts @@ -221,10 +221,10 @@ export class CertReader { return `${prefix}_${domain}_${timeStr}.${suffix}`; } - buildCertName() { + buildCertName(prefix: string = "") { let domain = this.getMainDomain(); domain = domain.replaceAll(".", "_").replaceAll("*", "_"); - return `${domain}_${dayjs().format("YYYYMMDDHHmmssSSS")}`; + return `${prefix}_${domain}_${dayjs().format("YYYYMMDDHHmmssSSS")}`; } static appendTimeSuffix(name?: string) { diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts index 6c654cf1..9e459247 100644 --- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts +++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts @@ -89,6 +89,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin { { value: "letsencrypt", label: "Let's Encrypt", icon: "simple-icons:letsencrypt" }, { value: "google", label: "Google", icon: "flat-color-icons:google" }, { value: "zerossl", label: "ZeroSSL", icon: "emojione:digit-zero" }, + { value: "sslcom", label: "SSL.com", icon: "la:expeditedssl" }, ], }, helper: "Let's Encrypt:申请最简单\nGoogle:大厂光环,兼容性好,仅首次需要翻墙获取EAB授权\nZeroSSL:需要EAB授权,无需翻墙", @@ -104,7 +105,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin { mergeScript: ` return { show: ctx.compute(({form})=>{ - return form.challengeType === 'dns' + return form.challengeType === 'dns' }), component:{ onSelectedChange: ctx.compute(({form})=>{ @@ -137,7 +138,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin { }) }, show: ctx.compute(({form})=>{ - return form.challengeType === 'dns' + return form.challengeType === 'dns' }) } `, @@ -194,6 +195,13 @@ export class CertApplyPlugin extends CertApplyBasePlugin { }) zerosslCommonEabAccessId!: number; + @TaskInput({ + title: "SSL.com公共EAB授权", + isSys: true, + show: false, + }) + sslcomCommonEabAccessId!: number; + @TaskInput({ title: "EAB授权", component: { @@ -203,11 +211,16 @@ export class CertApplyPlugin extends CertApplyBasePlugin { maybeNeed: true, required: false, helper: - "需要提供EAB授权\nZeroSSL:请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'\n Google:请查看[google获取eab帮助文档](https://certd.docmirror.cn/guide/use/google/),用过一次后会绑定邮箱,后续复用EAB要用同一个邮箱", + "需要提供EAB授权" + + "\nZeroSSL:请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'" + + "\nGoogle:请查看[google获取eab帮助文档](https://certd.docmirror.cn/guide/use/google/),用过一次后会绑定邮箱,后续复用EAB要用同一个邮箱" + + "\nSSL.com:[SSL.com账号页面](https://secure.ssl.com/account),然后点击api credentials链接,然后点击编辑按钮,查看Secret key和HMAC key", mergeScript: ` return { show: ctx.compute(({form})=>{ - return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId) || (form.sslProvider === 'google' && !form.googleCommonEabAccessId) + return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId) + || (form.sslProvider === 'google' && !form.googleCommonEabAccessId) + || (form.sslProvider === 'sslcom' && !form.sslcomCommonEabAccessId) }) } `, @@ -339,8 +352,8 @@ export class CertApplyPlugin extends CertApplyBasePlugin { async onInit() { let eab: EabAccess = null; - if (this.sslProvider === "google") { - if (this.googleAccessId) { + if (this.sslProvider !== "letsencrypt") { + if (this.sslProvider === "google" && this.googleAccessId) { this.logger.info("当前正在使用 google服务账号授权获取EAB"); const googleAccess = await this.getAccess(this.googleAccessId); const googleClient = new GoogleClient({ @@ -348,24 +361,19 @@ export class CertApplyPlugin extends CertApplyBasePlugin { logger: this.logger, }); eab = await googleClient.getEab(); - } else if (this.eabAccessId) { - this.logger.info("当前正在使用 google EAB授权"); - eab = await this.getAccess(this.eabAccessId); - } else if (this.googleCommonEabAccessId) { - this.logger.info("当前正在使用 google 公共EAB授权"); - eab = await this.getAccess(this.googleCommonEabAccessId, true); } else { - throw new Error("google需要配置EAB授权或服务账号授权"); - } - } else if (this.sslProvider === "zerossl") { - if (this.eabAccessId) { - this.logger.info("当前正在使用 zerossl EAB授权"); - eab = await this.getAccess(this.eabAccessId); - } else if (this.zerosslCommonEabAccessId) { - this.logger.info("当前正在使用 zerossl 公共EAB授权"); - eab = await this.getAccess(this.zerosslCommonEabAccessId, true); - } else { - throw new Error("zerossl需要配置EAB授权"); + const getEab = async (type: string) => { + if (this.eabAccessId) { + this.logger.info(`当前正在使用 ${type} EAB授权`); + eab = await this.getAccess(this.eabAccessId); + } else if (this[`${type}CommonEabAccessId`]) { + this.logger.info(`当前正在使用 ${type} 公共EAB授权`); + eab = await this.getAccess(this[`${type}CommonEabAccessId`], true); + } else { + throw new Error(`${type}需要配置EAB授权`); + } + }; + await getEab(this.sslProvider); } } this.eab = eab; @@ -397,12 +405,12 @@ export class CertApplyPlugin extends CertApplyBasePlugin { const csrInfo = _.merge( { - country: "CN", - state: "GuangDong", - locality: "ShengZhen", - organization: "CertD Org.", - organizationUnit: "IT Department", - emailAddress: email, + // country: "CN", + // state: "GuangDong", + // locality: "ShengZhen", + // organization: "CertD Org.", + // organizationUnit: "IT Department", + // emailAddress: email, }, this.csrInfo ? JSON.parse(this.csrInfo) : {} ); diff --git a/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-fc/index.ts b/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-fc/index.ts index 14286d2a..1d4ba68a 100644 --- a/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-fc/index.ts +++ b/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-fc/index.ts @@ -116,6 +116,12 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin { }) protocol!: string; + @TaskInput({ + title: '证书名称', + helper: '上传后将以此名称作为前缀备注', + }) + certName!: string; + async onInstance() {} async exec(cmd: string) { @@ -179,7 +185,7 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin { bodyType: 'json', }); // body params - const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt)) + const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt),this.certName??"") const body: { [key: string]: any } = { certConfig: {