mirror of https://github.com/certd/certd
perf: 支持ssl.com证书颁发机构
xiaojunnuo
parent
204cbd0209
commit
27b6dfa4d2
|
|
@ -25,6 +25,10 @@ export const directory = {
|
|||
staging: 'https://acme.zerossl.com/v2/DV90',
|
||||
production: 'https://acme.zerossl.com/v2/DV90',
|
||||
},
|
||||
sslcom:{
|
||||
staging: 'https://acme.ssl.com/sslcom-dv-rsa',
|
||||
production: 'https://acme.ssl.com/sslcom-dv-rsa',
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -253,9 +253,9 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
|
|||
return name + "_" + dayjs().format("YYYYMMDDHHmmssSSS");
|
||||
}
|
||||
|
||||
buildCertName(domain: string) {
|
||||
buildCertName(domain: string, prefix = "") {
|
||||
domain = domain.replaceAll("*", "_").replaceAll(".", "_");
|
||||
return `${domain}_${dayjs().format("YYYYMMDDHHmmssSSS")}`;
|
||||
return `${prefix}_${domain}_${dayjs().format("YYYYMMDDHHmmssSSS")}`;
|
||||
}
|
||||
|
||||
async onRequest(req: PluginRequestHandleReq<any>) {
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ export class EabAccess extends BaseAccess {
|
|||
component: {
|
||||
placeholder: "kid / keyId",
|
||||
},
|
||||
helper: "EAB KID, google的叫 keyId",
|
||||
helper: "EAB KID, google的叫 keyId,ssl.com的叫Account/ACME Key",
|
||||
required: true,
|
||||
encrypt: true,
|
||||
})
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ export type CertInfo = {
|
|||
one?: string;
|
||||
p7b?: string;
|
||||
};
|
||||
export type SSLProvider = "letsencrypt" | "google" | "zerossl";
|
||||
export type SSLProvider = "letsencrypt" | "google" | "zerossl" | "sslcom";
|
||||
export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";
|
||||
type AcmeServiceOptions = {
|
||||
userContext: IContext;
|
||||
|
|
@ -373,6 +373,7 @@ export class AcmeService {
|
|||
commonName,
|
||||
...csrInfo,
|
||||
altNames,
|
||||
emailAddress: email,
|
||||
},
|
||||
privateKey
|
||||
);
|
||||
|
|
|
|||
|
|
@ -221,10 +221,10 @@ export class CertReader {
|
|||
return `${prefix}_${domain}_${timeStr}.${suffix}`;
|
||||
}
|
||||
|
||||
buildCertName() {
|
||||
buildCertName(prefix: string = "") {
|
||||
let domain = this.getMainDomain();
|
||||
domain = domain.replaceAll(".", "_").replaceAll("*", "_");
|
||||
return `${domain}_${dayjs().format("YYYYMMDDHHmmssSSS")}`;
|
||||
return `${prefix}_${domain}_${dayjs().format("YYYYMMDDHHmmssSSS")}`;
|
||||
}
|
||||
|
||||
static appendTimeSuffix(name?: string) {
|
||||
|
|
|
|||
|
|
@ -89,6 +89,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
|
|||
{ value: "letsencrypt", label: "Let's Encrypt", icon: "simple-icons:letsencrypt" },
|
||||
{ value: "google", label: "Google", icon: "flat-color-icons:google" },
|
||||
{ value: "zerossl", label: "ZeroSSL", icon: "emojione:digit-zero" },
|
||||
{ value: "sslcom", label: "SSL.com", icon: "la:expeditedssl" },
|
||||
],
|
||||
},
|
||||
helper: "Let's Encrypt:申请最简单\nGoogle:大厂光环,兼容性好,仅首次需要翻墙获取EAB授权\nZeroSSL:需要EAB授权,无需翻墙",
|
||||
|
|
@ -194,6 +195,13 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
|
|||
})
|
||||
zerosslCommonEabAccessId!: number;
|
||||
|
||||
@TaskInput({
|
||||
title: "SSL.com公共EAB授权",
|
||||
isSys: true,
|
||||
show: false,
|
||||
})
|
||||
sslcomCommonEabAccessId!: number;
|
||||
|
||||
@TaskInput({
|
||||
title: "EAB授权",
|
||||
component: {
|
||||
|
|
@ -203,11 +211,16 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
|
|||
maybeNeed: true,
|
||||
required: false,
|
||||
helper:
|
||||
"需要提供EAB授权\nZeroSSL:请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'\n Google:请查看[google获取eab帮助文档](https://certd.docmirror.cn/guide/use/google/),用过一次后会绑定邮箱,后续复用EAB要用同一个邮箱",
|
||||
"需要提供EAB授权" +
|
||||
"\nZeroSSL:请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'" +
|
||||
"\nGoogle:请查看[google获取eab帮助文档](https://certd.docmirror.cn/guide/use/google/),用过一次后会绑定邮箱,后续复用EAB要用同一个邮箱" +
|
||||
"\nSSL.com:[SSL.com账号页面](https://secure.ssl.com/account),然后点击api credentials链接,然后点击编辑按钮,查看Secret key和HMAC key",
|
||||
mergeScript: `
|
||||
return {
|
||||
show: ctx.compute(({form})=>{
|
||||
return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId) || (form.sslProvider === 'google' && !form.googleCommonEabAccessId)
|
||||
return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId)
|
||||
|| (form.sslProvider === 'google' && !form.googleCommonEabAccessId)
|
||||
|| (form.sslProvider === 'sslcom' && !form.sslcomCommonEabAccessId)
|
||||
})
|
||||
}
|
||||
`,
|
||||
|
|
@ -339,8 +352,8 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
|
|||
async onInit() {
|
||||
let eab: EabAccess = null;
|
||||
|
||||
if (this.sslProvider === "google") {
|
||||
if (this.googleAccessId) {
|
||||
if (this.sslProvider !== "letsencrypt") {
|
||||
if (this.sslProvider === "google" && this.googleAccessId) {
|
||||
this.logger.info("当前正在使用 google服务账号授权获取EAB");
|
||||
const googleAccess = await this.getAccess(this.googleAccessId);
|
||||
const googleClient = new GoogleClient({
|
||||
|
|
@ -348,24 +361,19 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
|
|||
logger: this.logger,
|
||||
});
|
||||
eab = await googleClient.getEab();
|
||||
} else if (this.eabAccessId) {
|
||||
this.logger.info("当前正在使用 google EAB授权");
|
||||
eab = await this.getAccess(this.eabAccessId);
|
||||
} else if (this.googleCommonEabAccessId) {
|
||||
this.logger.info("当前正在使用 google 公共EAB授权");
|
||||
eab = await this.getAccess(this.googleCommonEabAccessId, true);
|
||||
} else {
|
||||
throw new Error("google需要配置EAB授权或服务账号授权");
|
||||
}
|
||||
} else if (this.sslProvider === "zerossl") {
|
||||
if (this.eabAccessId) {
|
||||
this.logger.info("当前正在使用 zerossl EAB授权");
|
||||
eab = await this.getAccess(this.eabAccessId);
|
||||
} else if (this.zerosslCommonEabAccessId) {
|
||||
this.logger.info("当前正在使用 zerossl 公共EAB授权");
|
||||
eab = await this.getAccess(this.zerosslCommonEabAccessId, true);
|
||||
} else {
|
||||
throw new Error("zerossl需要配置EAB授权");
|
||||
const getEab = async (type: string) => {
|
||||
if (this.eabAccessId) {
|
||||
this.logger.info(`当前正在使用 ${type} EAB授权`);
|
||||
eab = await this.getAccess(this.eabAccessId);
|
||||
} else if (this[`${type}CommonEabAccessId`]) {
|
||||
this.logger.info(`当前正在使用 ${type} 公共EAB授权`);
|
||||
eab = await this.getAccess(this[`${type}CommonEabAccessId`], true);
|
||||
} else {
|
||||
throw new Error(`${type}需要配置EAB授权`);
|
||||
}
|
||||
};
|
||||
await getEab(this.sslProvider);
|
||||
}
|
||||
}
|
||||
this.eab = eab;
|
||||
|
|
@ -397,12 +405,12 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
|
|||
|
||||
const csrInfo = _.merge(
|
||||
{
|
||||
country: "CN",
|
||||
state: "GuangDong",
|
||||
locality: "ShengZhen",
|
||||
organization: "CertD Org.",
|
||||
organizationUnit: "IT Department",
|
||||
emailAddress: email,
|
||||
// country: "CN",
|
||||
// state: "GuangDong",
|
||||
// locality: "ShengZhen",
|
||||
// organization: "CertD Org.",
|
||||
// organizationUnit: "IT Department",
|
||||
// emailAddress: email,
|
||||
},
|
||||
this.csrInfo ? JSON.parse(this.csrInfo) : {}
|
||||
);
|
||||
|
|
|
|||
|
|
@ -116,6 +116,12 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin {
|
|||
})
|
||||
protocol!: string;
|
||||
|
||||
@TaskInput({
|
||||
title: '证书名称',
|
||||
helper: '上传后将以此名称作为前缀备注',
|
||||
})
|
||||
certName!: string;
|
||||
|
||||
async onInstance() {}
|
||||
|
||||
async exec(cmd: string) {
|
||||
|
|
@ -179,7 +185,7 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin {
|
|||
bodyType: 'json',
|
||||
});
|
||||
// body params
|
||||
const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt))
|
||||
const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt),this.certName??"")
|
||||
|
||||
const body: { [key: string]: any } = {
|
||||
certConfig: {
|
||||
|
|
|
|||
Loading…
Reference in New Issue