github
/
certd
mirror of https://github.com/certd/certd
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

perf: 支持ssl.com证书颁发机构

v2
xiaojunnuo 2025-09-04 23:42:03 +08:00
parent 204cbd0209
commit 27b6dfa4d2
7 changed files with 55 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/core/acme-client/src/index.js
View File

@ -25,6 +25,10 @@ export const directory = {
staging: 'https://acme.zerossl.com/v2/DV90',
production: 'https://acme.zerossl.com/v2/DV90',
},
sslcom:{
staging: 'https://acme.ssl.com/sslcom-dv-rsa',
production: 'https://acme.ssl.com/sslcom-dv-rsa',
}
};
/**

4
packages/core/pipeline/src/plugin/api.ts
View File

@ -253,9 +253,9 @@ export abstract class AbstractTaskPlugin implements ITaskPlugin {
return name + "_" + dayjs().format("YYYYMMDDHHmmssSSS");
}
buildCertName(domain: string) {
buildCertName(domain: string, prefix = "") {
domain = domain.replaceAll("*", "_").replaceAll(".", "_");
return `${domain}_${dayjs().format("YYYYMMDDHHmmssSSS")}`;
return `${prefix}_${domain}_${dayjs().format("YYYYMMDDHHmmssSSS")}`;
}
async onRequest(req: PluginRequestHandleReq<any>) {

2
packages/plugins/plugin-cert/src/access/eab-access.ts
View File

@ -12,7 +12,7 @@ export class EabAccess extends BaseAccess {
component: {
placeholder: "kid / keyId",
},
helper: "EAB KID google的叫 keyId",
helper: "EAB KID google的叫 keyIdssl.com的叫Account/ACME Key",
required: true,
encrypt: true,
})

3
packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
View File

@ -50,7 +50,7 @@ export type CertInfo = {
one?: string;
p7b?: string;
};
export type SSLProvider = "letsencrypt" | "google" | "zerossl";
export type SSLProvider = "letsencrypt" | "google" | "zerossl" | "sslcom";
export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";
type AcmeServiceOptions = {
userContext: IContext;
@ -373,6 +373,7 @@ export class AcmeService {
commonName,
...csrInfo,
altNames,
emailAddress: email,
},
privateKey
);

4
packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts
View File

@ -221,10 +221,10 @@ export class CertReader {
return `${prefix}_${domain}_${timeStr}.${suffix}`;
}
buildCertName() {
buildCertName(prefix: string = "") {
let domain = this.getMainDomain();
domain = domain.replaceAll(".", "_").replaceAll("*", "_");
return `${domain}_${dayjs().format("YYYYMMDDHHmmssSSS")}`;
return `${prefix}_${domain}_${dayjs().format("YYYYMMDDHHmmssSSS")}`;
}
static appendTimeSuffix(name?: string) {

66
packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
View File

@ -89,6 +89,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
{ value: "letsencrypt", label: "Let's Encrypt", icon: "simple-icons:letsencrypt" },
{ value: "google", label: "Google", icon: "flat-color-icons:google" },
{ value: "zerossl", label: "ZeroSSL", icon: "emojione:digit-zero" },
{ value: "sslcom", label: "SSL.com", icon: "la:expeditedssl" },
],
},
helper: "Let's Encrypt申请最简单\nGoogle大厂光环兼容性好仅首次需要翻墙获取EAB授权\nZeroSSL需要EAB授权无需翻墙",
@ -104,7 +105,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
mergeScript: `
return {
show: ctx.compute(({form})=>{
return form.challengeType === 'dns'
return form.challengeType === 'dns'
}),
component:{
onSelectedChange: ctx.compute(({form})=>{
@ -137,7 +138,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
})
},
show: ctx.compute(({form})=>{
return form.challengeType === 'dns'
return form.challengeType === 'dns'
})
}
`,
@ -194,6 +195,13 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
})
zerosslCommonEabAccessId!: number;
@TaskInput({
title: "SSL.com公共EAB授权",
isSys: true,
show: false,
})
sslcomCommonEabAccessId!: number;
@TaskInput({
title: "EAB授权",
component: {
@ -203,11 +211,16 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
maybeNeed: true,
required: false,
helper:
"需要提供EAB授权\nZeroSSL请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'\n Google:请查看[google获取eab帮助文档](https://certd.docmirror.cn/guide/use/google/)用过一次后会绑定邮箱后续复用EAB要用同一个邮箱",
"需要提供EAB授权" +
"\nZeroSSL请前往[zerossl开发者中心](https://app.zerossl.com/developer),生成 'EAB Credentials'" +
"\nGoogle:请查看[google获取eab帮助文档](https://certd.docmirror.cn/guide/use/google/)用过一次后会绑定邮箱后续复用EAB要用同一个邮箱" +
"\nSSL.com:[SSL.com账号页面](https://secure.ssl.com/account),然后点击api credentials链接然后点击编辑按钮查看Secret key和HMAC key",
mergeScript: `
return {
show: ctx.compute(({form})=>{
return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId) || (form.sslProvider === 'google' && !form.googleCommonEabAccessId)
return (form.sslProvider === 'zerossl' && !form.zerosslCommonEabAccessId)
|| (form.sslProvider === 'google' && !form.googleCommonEabAccessId)
|| (form.sslProvider === 'sslcom' && !form.sslcomCommonEabAccessId)
})
}
`,
@ -339,8 +352,8 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
async onInit() {
let eab: EabAccess = null;
if (this.sslProvider === "google") {
if (this.googleAccessId) {
if (this.sslProvider !== "letsencrypt") {
if (this.sslProvider === "google" && this.googleAccessId) {
this.logger.info("当前正在使用 google服务账号授权获取EAB");
const googleAccess = await this.getAccess(this.googleAccessId);
const googleClient = new GoogleClient({
@ -348,24 +361,19 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
logger: this.logger,
});
eab = await googleClient.getEab();
} else if (this.eabAccessId) {
this.logger.info("当前正在使用 google EAB授权");
eab = await this.getAccess(this.eabAccessId);
} else if (this.googleCommonEabAccessId) {
this.logger.info("当前正在使用 google 公共EAB授权");
eab = await this.getAccess(this.googleCommonEabAccessId, true);
} else {
throw new Error("google需要配置EAB授权或服务账号授权");
}
} else if (this.sslProvider === "zerossl") {
if (this.eabAccessId) {
this.logger.info("当前正在使用 zerossl EAB授权");
eab = await this.getAccess(this.eabAccessId);
} else if (this.zerosslCommonEabAccessId) {
this.logger.info("当前正在使用 zerossl 公共EAB授权");
eab = await this.getAccess(this.zerosslCommonEabAccessId, true);
} else {
throw new Error("zerossl需要配置EAB授权");
const getEab = async (type: string) => {
if (this.eabAccessId) {
this.logger.info(`当前正在使用 ${type} EAB授权`);
eab = await this.getAccess(this.eabAccessId);
} else if (this[`${type}CommonEabAccessId`]) {
this.logger.info(`当前正在使用 ${type} 公共EAB授权`);
eab = await this.getAccess(this[`${type}CommonEabAccessId`], true);
} else {
throw new Error(`${type}需要配置EAB授权`);
}
};
await getEab(this.sslProvider);
}
}
this.eab = eab;
@ -397,12 +405,12 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
const csrInfo = _.merge(
{
country: "CN",
state: "GuangDong",
locality: "ShengZhen",
organization: "CertD Org.",
organizationUnit: "IT Department",
emailAddress: email,
// country: "CN",
// state: "GuangDong",
// locality: "ShengZhen",
// organization: "CertD Org.",
// organizationUnit: "IT Department",
// emailAddress: email,
},
this.csrInfo ? JSON.parse(this.csrInfo) : {}
);

8
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-fc/index.ts
View File

@ -116,6 +116,12 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin {
})
protocol!: string;
@TaskInput({
title: '证书名称',
helper: '上传后将以此名称作为前缀备注',
})
certName!: string;
async onInstance() {}
async exec(cmd: string) {
@ -179,7 +185,7 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin {
bodyType: 'json',
});
// body params
const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt))
const certName = this.buildCertName(CertReader.getMainDomain(this.cert.crt),this.certName??"")
const body: { [key: string]: any } = {
certConfig: {