github
/
certd
mirror of https://github.com/certd/certd
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

chore: 1

pull/189/head
xiaojunnuo 2024-09-06 00:13:21 +08:00
parent af388ec39f
commit 3bad0b2685
13 changed files with 292 additions and 240 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
packages/core/pipeline/src/core/executor.ts
View File

@ -96,14 +96,13 @@ export class Executor {
runnable.runnableType = runnableType; runnable.runnableType = runnableType;
this.runtime.start(runnable); this.runtime.start(runnable);
await this.onChanged(this.runtime); await this.onChanged(this.runtime);
if (runnable.strategy?.runStrategy === RunStrategy.SkipWhenSucceed) {
//如果是成功后跳过策略
const lastNode = this.lastStatusMap.get(runnable.id); const lastNode = this.lastStatusMap.get(runnable.id);
const lastResult = lastNode?.status?.status; const lastResult = lastNode?.status?.status;
const lastInput = JSON.stringify(lastNode?.status?.input); if (runnable.strategy?.runStrategy === RunStrategy.SkipWhenSucceed) {
//如果是成功后跳过策略
let inputChanged = false; let inputChanged = false;
if (runnableType === "step") { if (runnableType === "step") {
const lastInput = JSON.stringify((lastNode as Step)?.input);
const step = runnable as Step; const step = runnable as Step;
const input = JSON.stringify(step.input); const input = JSON.stringify(step.input);
if (input != null && lastInput !== input) { if (input != null && lastInput !== input) {
@ -271,7 +270,6 @@ export class Executor {
// this.runtime.context[stepOutputKey] = instance[key]; // this.runtime.context[stepOutputKey] = instance[key];
}); });
step.status!.files = instance.getFiles(); step.status!.files = instance.getFiles();
//更新pipeline vars //更新pipeline vars
if (Object.keys(instance._result.pipelineVars).length > 0) { if (Object.keys(instance._result.pipelineVars).length > 0) {
// 判断 pipelineVars 有值时更新 // 判断 pipelineVars 有值时更新

2
packages/core/pipeline/src/core/run-history.ts
View File

@ -41,10 +41,8 @@ export class RunHistory {
this._loggers[runnable.id] = buildLogger((text) => { this._loggers[runnable.id] = buildLogger((text) => {
this.logs[runnable.id].push(text); this.logs[runnable.id].push(text);
}); });
const input = (runnable as Step).input;
const status: HistoryResult = { const status: HistoryResult = {
output: {}, output: {},
input: _.cloneDeep(input),
status: ResultType.start, status: ResultType.start,
startTime: now, startTime: now,
result: ResultType.start, result: ResultType.start,

2
packages/core/pipeline/src/dt/pipeline.ts
View File

@ -118,7 +118,7 @@ export type HistoryResultGroup = {
}; };
}; };
export type HistoryResult = { export type HistoryResult = {
input: any; // input: any;
output: any; output: any;
files?: FileItem[]; files?: FileItem[];
/** /**

2
packages/core/pipeline/src/utils/util.sp.ts
View File

@ -67,7 +67,7 @@ async function spawn(opts: SpawnOption): Promise<string> {
} }
} }
} else { } else {
cmd = opts.cmd cmd = opts.cmd;
} }
log.info(`执行命令: ${cmd}`); log.info(`执行命令: ${cmd}`);
let stdout = ""; let stdout = "";

160
packages/plugins/plugin-cert/src/plugin/cert-convert/index.ts
View File

@ -1,160 +0,0 @@
import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, sp, TaskInput, TaskOutput } from "@certd/pipeline";
import type { CertInfo } from "../cert-plugin/acme.js";
import { CertReader, CertReaderHandleContext } from "../cert-plugin/cert-reader.js";
import path from "path";
import os from "os";
import fs from "fs";
export { CertReader };
export type { CertInfo };
@IsTaskPlugin({
name: "CertConvert",
title: "证书转换器",
group: pluginGroups.cert.key,
desc: "转换为pfx、der等证书格式",
default: {
input: {
renewDays: 20,
forceUpdate: false,
},
strategy: {
runStrategy: RunStrategy.AlwaysRun,
},
},
})
export class CertConvertPlugin extends AbstractTaskPlugin {
@TaskInput({
title: "域名证书",
helper: "请选择前置任务输出的域名证书",
component: {
name: "pi-output-selector",
from: "CertApply",
},
required: true,
})
cert!: CertInfo;
@TaskInput({
title: "PFX证书密码",
helper: "不填则没有密码",
component: {
name: "a-input-password",
vModel: "value",
},
required: false,
})
pfxPassword!: string;
@TaskInput({
title: "输出PFX",
value:true,
component: {
name: "a-switch",
vModel: "checked",
},
required: true,
})
pfxEnabled: boolean = true;
@TaskInput({
title: "输出DER",
value:true,
component: {
name: "a-switch",
vModel: "checked",
},
required: true,
})
derEnabled: boolean = true;
@TaskOutput({
title: "pfx格式证书",
type: "PfxCert",
})
pfxCert?: string;
@TaskOutput({
title: "der格式证书",
type: "DerCert",
})
derCert?: string;
async onInit() {}
async execute(): Promise<void> {
const certReader = new CertReader(this.cert);
const handle = async (opts: CertReaderHandleContext) => {
if(this.pfxEnabled){
// 调用openssl 转pfx
await this.convertPfx(opts);
}else{
this.logger.info("pfx证书已禁用");
}
if(this.pfxEnabled){
// 转der
await this.convertDer(opts);
}else{
this.logger.info("der证书已禁用");
}
};
await certReader.readCertFile({ logger: this.logger, handle });
}
async exec(cmd: string) {
await sp.spawn({
cmd: cmd,
logger: this.logger,
});
}
private async convertPfx(opts: CertReaderHandleContext) {
const { reader, tmpCrtPath, tmpKeyPath } = opts;
const pfxPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", "cert.pfx");
const dir = path.dirname(pfxPath)
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true });
}
let passwordArg = "-passout pass:";
if (this.pfxPassword) {
passwordArg = `-password pass:${this.pfxPassword}`;
}
await this.exec(`openssl pkcs12 -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`);
this.pfxCert = pfxPath;
const applyTime = new Date().getTime();
const filename = reader.buildCertFileName("pfx", applyTime);
const fileBuffer = fs.readFileSync(pfxPath);
this.saveFile(filename, fileBuffer);
}
private async convertDer(opts: CertReaderHandleContext) {
const { reader, tmpCrtPath } = opts;
const derPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.der`);
const dir = path.dirname(derPath)
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true });
}
await this.exec(`openssl x509 -outform der -in ${tmpCrtPath} -out ${derPath}`);
this.derCert = derPath;
const applyTime = new Date().getTime();
const filename = reader.buildCertFileName("der", applyTime);
const fileBuffer = fs.readFileSync(derPath);
this.saveFile(filename, fileBuffer);
}
}
new CertConvertPlugin();

2
packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
View File

@ -12,6 +12,8 @@ export type CertInfo = {
crt: string; crt: string;
key: string; key: string;
csr: string; csr: string;
pfx?: string;
der?: string;
}; };
export type SSLProvider = "letsencrypt" | "google" | "zerossl"; export type SSLProvider = "letsencrypt" | "google" | "zerossl";
export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521"; export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";

42
packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts
View File

@ -3,6 +3,8 @@ import dayjs from "dayjs";
import type { CertInfo } from "./acme.js"; import type { CertInfo } from "./acme.js";
import { CertReader } from "./cert-reader.js"; import { CertReader } from "./cert-reader.js";
import JSZip from "jszip"; import JSZip from "jszip";
import { CertConverter } from "./convert.js";
import fs from "fs";
export { CertReader }; export { CertReader };
export type { CertInfo }; export type { CertInfo };
@ -42,6 +44,18 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
}) })
email!: string; email!: string;
@TaskInput({
title: "PFX密码",
component: {
name: "a-input-password",
vModel: "value",
},
required: false,
order: 100,
helper: "PFX格式证书是否需要加密",
})
pfxPassword!: string;
@TaskInput({ @TaskInput({
title: "更新天数", title: "更新天数",
value: 20, value: 20,
@ -129,22 +143,36 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
this._result.pipelineVars.certExpiresTime = dayjs(certReader.detail.notAfter).valueOf(); this._result.pipelineVars.certExpiresTime = dayjs(certReader.detail.notAfter).valueOf();
if (cert.pfx == null || cert.der == null) {
const converter = new CertConverter({ logger: this.logger });
const res = await converter.convert({
cert,
pfxPassword: this.pfxPassword,
});
const pfxBuffer = fs.readFileSync(res.pfxPath);
cert.pfx = pfxBuffer.toString("base64");
const derBuffer = fs.readFileSync(res.derPath);
cert.der = derBuffer.toString("base64");
this.logger.info("转换证书格式成功");
isNew = true;
}
if (isNew) { if (isNew) {
const applyTime = dayjs(certReader.detail.notBefore).format("YYYYMMDD_HHmmss"); const zipFileName = certReader.buildCertFileName("zip", certReader.detail.notBefore);
await this.zipCert(cert, applyTime); await this.zipCert(cert, zipFileName);
} else { } else {
this.extendsFiles(); this.extendsFiles();
} }
// thi
// s.logger.info(JSON.stringify(certReader.detail));
} }
async zipCert(cert: CertInfo, applyTime: string) { async zipCert(cert: CertInfo, filename: string) {
const zip = new JSZip(); const zip = new JSZip();
zip.file("cert.crt", cert.crt); zip.file("cert.crt", cert.crt);
zip.file("cert.key", cert.key); zip.file("cert.key", cert.key);
const domain_name = this.domains[0].replace(".", "_").replace("*", "_"); zip.file("cert.pfx", Buffer.from(cert.pfx, "base64"));
const filename = `cert_${domain_name}_${applyTime}.zip`; zip.file("cert.der", Buffer.from(cert.der, "base64"));
const content = await zip.generateAsync({ type: "nodebuffer" }); const content = await zip.generateAsync({ type: "nodebuffer" });
this.saveFile(filename, content); this.saveFile(filename, content);
this.logger.info(`已保存文件:${filename}`); this.logger.info(`已保存文件:${filename}`);

35
packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts
View File

@ -6,10 +6,11 @@ import { crypto } from "@certd/acme-client";
import { ILogger } from "@certd/pipeline"; import { ILogger } from "@certd/pipeline";
import dayjs from "dayjs"; import dayjs from "dayjs";
export type CertReaderHandleContext = { reader: CertReader; tmpCrtPath: string; tmpKeyPath: string }; export type CertReaderHandleContext = { reader: CertReader; tmpCrtPath: string; tmpKeyPath: string; tmpPfxPath?: string; tmpDerPath?: string };
export type CertReaderHandle = (ctx: CertReaderHandleContext) => Promise<void>; export type CertReaderHandle = (ctx: CertReaderHandleContext) => Promise<void>;
export type HandleOpts = { logger: ILogger; handle: CertReaderHandle }; export type HandleOpts = { logger: ILogger; handle: CertReaderHandle };
export class CertReader implements CertInfo { export class CertReader {
cert: CertInfo;
crt: string; crt: string;
key: string; key: string;
csr: string; csr: string;
@ -17,30 +18,31 @@ export class CertReader implements CertInfo {
detail: any; detail: any;
expires: number; expires: number;
constructor(certInfo: CertInfo) { constructor(certInfo: CertInfo) {
this.cert = certInfo;
this.crt = certInfo.crt; this.crt = certInfo.crt;
this.key = certInfo.key; this.key = certInfo.key;
this.csr = certInfo.csr; this.csr = certInfo.csr;
const { detail, expires } = this.getCrtDetail(this.crt); const { detail, expires } = this.getCrtDetail(this.cert.crt);
this.detail = detail; this.detail = detail;
this.expires = expires.getTime(); this.expires = expires.getTime();
} }
toCertInfo(): CertInfo { toCertInfo(): CertInfo {
return { return this.cert;
crt: this.crt,
key: this.key,
csr: this.csr,
};
} }
getCrtDetail(crt: string = this.crt) { getCrtDetail(crt: string = this.cert.crt) {
const detail = crypto.readCertificateInfo(crt.toString()); const detail = crypto.readCertificateInfo(crt.toString());
const expires = detail.notAfter; const expires = detail.notAfter;
return { detail, expires }; return { detail, expires };
} }
saveToFile(type: "crt" | "key", filepath?: string) { saveToFile(type: "crt" | "key" | "pfx" | "der", filepath?: string) {
if (!this.cert[type]) {
return;
}
if (filepath == null) { if (filepath == null) {
//写入临时目录 //写入临时目录
filepath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.${type}`); filepath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.${type}`);
@ -50,8 +52,11 @@ export class CertReader implements CertInfo {
if (!fs.existsSync(dir)) { if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true }); fs.mkdirSync(dir, { recursive: true });
} }
if (type === "crt" || type === "key") {
fs.writeFileSync(filepath, this[type]); fs.writeFileSync(filepath, this.cert[type]);
} else {
fs.writeFileSync(filepath, Buffer.from(this.cert[type], "base64"));
}
return filepath; return filepath;
} }
@ -60,18 +65,24 @@ export class CertReader implements CertInfo {
logger.info("将证书写入本地缓存文件"); logger.info("将证书写入本地缓存文件");
const tmpCrtPath = this.saveToFile("crt"); const tmpCrtPath = this.saveToFile("crt");
const tmpKeyPath = this.saveToFile("key"); const tmpKeyPath = this.saveToFile("key");
const tmpPfxPath = this.saveToFile("pfx");
const tmpDerPath = this.saveToFile("der");
logger.info("本地文件写入成功"); logger.info("本地文件写入成功");
try { try {
await opts.handle({ await opts.handle({
reader: this, reader: this,
tmpCrtPath: tmpCrtPath, tmpCrtPath: tmpCrtPath,
tmpKeyPath: tmpKeyPath, tmpKeyPath: tmpKeyPath,
tmpPfxPath: tmpPfxPath,
tmpDerPath: tmpDerPath,
}); });
} finally { } finally {
//删除临时文件 //删除临时文件
logger.info("删除临时文件"); logger.info("删除临时文件");
fs.unlinkSync(tmpCrtPath); fs.unlinkSync(tmpCrtPath);
fs.unlinkSync(tmpKeyPath); fs.unlinkSync(tmpKeyPath);
fs.unlinkSync(tmpPfxPath);
fs.unlinkSync(tmpDerPath);
} }
} }

91
packages/plugins/plugin-cert/src/plugin/cert-plugin/convert.ts Normal file
View File

@ -0,0 +1,91 @@
import { ILogger, sp } from "@certd/pipeline";
import type { CertInfo } from "../cert-plugin/acme.js";
import { CertReader, CertReaderHandleContext } from "../cert-plugin/cert-reader.js";
import path from "path";
import os from "os";
import fs from "fs";
export { CertReader };
export type { CertInfo };
export class CertConverter {
logger: ILogger;
constructor(opts: { logger: ILogger }) {
this.logger = opts.logger;
}
async convert(opts: { cert: CertInfo; pfxPassword: string }): Promise<{
pfxPath: string;
derPath: string;
}> {
const certReader = new CertReader(opts.cert);
let pfxPath: string;
let derPath: string;
const handle = async (opts: CertReaderHandleContext) => {
// 调用openssl 转pfx
pfxPath = await this.convertPfx(opts);
// 转der
derPath = await this.convertDer(opts);
};
await certReader.readCertFile({ logger: this.logger, handle });
return {
pfxPath,
derPath,
};
}
async exec(cmd: string) {
await sp.spawn({
cmd: cmd,
logger: this.logger,
});
}
private async convertPfx(opts: CertReaderHandleContext, pfxPassword?: string) {
const { tmpCrtPath, tmpKeyPath } = opts;
const pfxPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", "cert.pfx");
const dir = path.dirname(pfxPath);
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true });
}
let passwordArg = "-passout pass:";
if (pfxPassword) {
passwordArg = `-password pass:${pfxPassword}`;
}
await this.exec(`openssl pkcs12 -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`);
return pfxPath;
// const fileBuffer = fs.readFileSync(pfxPath);
// this.pfxCert = fileBuffer.toString("base64");
//
// const applyTime = new Date().getTime();
// const filename = reader.buildCertFileName("pfx", applyTime);
// this.saveFile(filename, fileBuffer);
}
private async convertDer(opts: CertReaderHandleContext) {
const { tmpCrtPath } = opts;
const derPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.der`);
const dir = path.dirname(derPath);
if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true });
}
await this.exec(`openssl x509 -outform der -in ${tmpCrtPath} -out ${derPath}`);
return derPath;
// const fileBuffer = fs.readFileSync(derPath);
// this.derCert = fileBuffer.toString("base64");
//
// const applyTime = new Date().getTime();
// const filename = reader.buildCertFileName("der", applyTime);
// this.saveFile(filename, fileBuffer);
}
}

1
packages/plugins/plugin-cert/src/plugin/index.ts
View File

@ -1,3 +1,2 @@
export * from "./cert-plugin/index.js"; export * from "./cert-plugin/index.js";
export * from "./cert-plugin/lego/index.js"; export * from "./cert-plugin/lego/index.js";
export * from "./cert-convert/index.js";

2
packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-ack-ingress/index.ts
View File

@ -51,7 +51,7 @@ export class DeployCertToAliyunAckIngressPlugin extends AbstractTaskPlugin {
}, },
required: true, required: true,
}) })
namespace!: string; namespace: string = 'default';
@TaskInput({ @TaskInput({
title: 'ingress名称', title: 'ingress名称',
value: '', value: '',

93
packages/ui/certd-server/src/plugins/plugin-host/plugin/copy-to-local/index.ts
View File

@ -17,28 +17,46 @@ import path from 'path';
export class CopyCertToLocalPlugin extends AbstractTaskPlugin { export class CopyCertToLocalPlugin extends AbstractTaskPlugin {
@TaskInput({ @TaskInput({
title: '证书保存路径', title: '证书保存路径',
helper: '需要有写入权限,路径要包含证书文件名,文件名不能用*?!等特殊符号\n推荐使用相对路径将写入与数据库同级目录无需映射例如./tmp/cert.pem', helper: '需要有写入权限,路径要包含文件名,文件名不能用*?!等特殊符号\n推荐使用相对路径将写入与数据库同级目录无需映射例如./tmp/cert.pem',
component: { component: {
placeholder: './tmp/cert.pem', placeholder: './tmp/cert.pem',
}, },
required: true,
}) })
crtPath!: string; crtPath!: string;
@TaskInput({ @TaskInput({
title: '私钥保存路径', title: '私钥保存路径',
helper: '需要有写入权限,路径要包含私钥文件名,文件名不能用*?!等特殊符号\n推荐使用相对路径将写入与数据库同级目录无需映射例如./tmp/cert.key', helper: '需要有写入权限,路径要包含文件名,文件名不能用*?!等特殊符号\n推荐使用相对路径将写入与数据库同级目录无需映射例如./tmp/cert.key',
component: { component: {
placeholder: './tmp/cert.key', placeholder: './tmp/cert.key',
}, },
required: true,
}) })
keyPath!: string; keyPath!: string;
@TaskInput({
title: 'PFX证书保存路径',
helper: '需要有写入权限,路径要包含文件名,文件名不能用*?!等特殊符号\n推荐使用相对路径将写入与数据库同级目录无需映射例如./tmp/cert.pfx',
component: {
placeholder: './tmp/cert.pfx',
},
})
pfxPath!: string;
@TaskInput({
title: 'DER证书保存路径',
helper:
'需要有写入权限,路径要包含文件名,文件名不能用*?!等特殊符号\n推荐使用相对路径将写入与数据库同级目录无需映射例如./tmp/cert.der\n.der和.cer是相同的东西改个后缀名即可',
component: {
placeholder: './tmp/cert.der 或 ./tmp/cert.cer',
},
})
derPath!: string;
@TaskInput({ @TaskInput({
title: '域名证书', title: '域名证书',
helper: '请选择前置任务输出的域名证书', helper: '请选择前置任务输出的域名证书',
component: { component: {
name: 'pi-output-selector', name: 'pi-output-selector',
from: ['CertApply','CertConvert'], from: 'CertApply',
}, },
required: true, required: true,
}) })
@ -46,16 +64,28 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin {
@TaskOutput({ @TaskOutput({
title: '证书保存路径', title: '证书保存路径',
type:"HostCrtPath" type: 'HostCrtPath',
}) })
hostCrtPath!: string; hostCrtPath!: string;
@TaskOutput({ @TaskOutput({
title: '私钥保存路径', title: '私钥保存路径',
type:"HostKeyPath" type: 'HostKeyPath',
}) })
hostKeyPath!: string; hostKeyPath!: string;
@TaskOutput({
title: 'PFX保存路径',
type: 'HostPfxPath',
})
hostPfxPath!: string;
@TaskOutput({
title: 'DER保存路径',
type: 'HostDerPath',
})
hostDerPath!: string;
async onInstance() {} async onInstance() {}
copyFile(srcFile: string, destFile: string) { copyFile(srcFile: string, destFile: string) {
@ -67,37 +97,38 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin {
fs.copyFileSync(srcFile, destFile); fs.copyFileSync(srcFile, destFile);
} }
async execute(): Promise<void> { async execute(): Promise<void> {
let { crtPath, keyPath } = this; let { crtPath, keyPath, pfxPath, derPath } = this;
const certReader = new CertReader(this.cert); const certReader = new CertReader(this.cert);
this.logger.info('将证书写入本地缓存文件');
const saveCrtPath = certReader.saveToFile('crt');
const saveKeyPath = certReader.saveToFile('key');
this.logger.info('本地文件写入成功');
try {
this.logger.info('复制到目标路径');
const handle = async ({ reader, tmpCrtPath, tmpKeyPath, tmpDerPath, tmpPfxPath }) => {
this.logger.info('复制到目标路径');
if (crtPath) {
crtPath = crtPath.startsWith('/') ? crtPath : path.join(Constants.dataDir, crtPath); crtPath = crtPath.startsWith('/') ? crtPath : path.join(Constants.dataDir, crtPath);
this.copyFile(tmpCrtPath, crtPath);
this.hostCrtPath = crtPath;
}
if (keyPath) {
keyPath = keyPath.startsWith('/') ? keyPath : path.join(Constants.dataDir, keyPath); keyPath = keyPath.startsWith('/') ? keyPath : path.join(Constants.dataDir, keyPath);
// crtPath = path.resolve(crtPath); this.copyFile(tmpKeyPath, keyPath);
// keyPath = path.resolve(keyPath); this.hostKeyPath = keyPath;
this.copyFile(saveCrtPath, crtPath); }
this.copyFile(saveKeyPath, keyPath); if (pfxPath) {
this.logger.info('证书复制成功crtPath=', crtPath, ',keyPath=', keyPath); pfxPath = pfxPath.startsWith('/') ? pfxPath : path.join(Constants.dataDir, pfxPath);
this.copyFile(tmpPfxPath, pfxPath);
this.hostPfxPath = pfxPath;
}
if (derPath) {
derPath = derPath.startsWith('/') ? derPath : path.join(Constants.dataDir, derPath);
this.copyFile(tmpDerPath, derPath);
this.hostDerPath = derPath;
}
this.logger.info('请注意,如果使用的是相对路径,那么文件就在你的数据库同级目录下,默认是/data/certd/下面'); this.logger.info('请注意,如果使用的是相对路径,那么文件就在你的数据库同级目录下,默认是/data/certd/下面');
this.logger.info('请注意,如果使用的是绝对路径,文件在容器内的目录下,你需要给容器做目录映射才能复制到宿主机'); this.logger.info('请注意,如果使用的是绝对路径,文件在容器内的目录下,你需要给容器做目录映射才能复制到宿主机');
} catch (e) { };
this.logger.error(`复制失败:${e.message}`);
throw e; await certReader.readCertFile({ logger: this.logger, handle });
} finally {
//删除临时文件
this.logger.info('删除临时文件');
fs.unlinkSync(saveCrtPath);
fs.unlinkSync(saveKeyPath);
}
this.logger.info('执行完成'); this.logger.info('执行完成');
//输出
this.hostCrtPath = crtPath;
this.hostKeyPath = keyPath;
} }
} }

82
packages/ui/certd-server/src/plugins/plugin-host/plugin/upload-to-host/index.ts
View File

@ -17,8 +17,8 @@ import { SshAccess } from '../../access/index.js';
}) })
export class UploadCertToHostPlugin extends AbstractTaskPlugin { export class UploadCertToHostPlugin extends AbstractTaskPlugin {
@TaskInput({ @TaskInput({
title: '证书保存路径', title: 'PEM证书保存路径',
helper: '需要有写入权限,路径要包含证书文件名,文件名不能用*?!等特殊符号', helper: '需要有写入权限,路径要包含证书文件名,文件名不能用*?!等特殊符号,例如:/tmp/cert.pem',
component: { component: {
placeholder: '/root/deploy/nginx/cert.pem', placeholder: '/root/deploy/nginx/cert.pem',
}, },
@ -26,12 +26,31 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin {
crtPath!: string; crtPath!: string;
@TaskInput({ @TaskInput({
title: '私钥保存路径', title: '私钥保存路径',
helper: '需要有写入权限,路径要包含私钥文件名,文件名不能用*?!等特殊符号', helper: '需要有写入权限,路径要包含私钥文件名,文件名不能用*?!等特殊符号,例如:/tmp/cert.key',
component: { component: {
placeholder: '/root/deploy/nginx/cert.key', placeholder: '/root/deploy/nginx/cert.key',
}, },
}) })
keyPath!: string; keyPath!: string;
@TaskInput({
title: 'PFX证书保存路径',
helper: '需要有写入权限,路径要包含私钥文件名,文件名不能用*?!等特殊符号,例如:/tmp/cert.pfx',
component: {
placeholder: '/root/deploy/nginx/cert.pfx',
},
})
pfxPath!: string;
@TaskInput({
title: 'DER证书保存路径',
helper: '需要有写入权限,路径要包含私钥文件名,文件名不能用*?!等特殊符号,例如:/tmp/cert.der',
component: {
placeholder: '/root/deploy/nginx/cert.der',
},
})
derPath!: string;
@TaskInput({ @TaskInput({
title: '域名证书', title: '域名证书',
helper: '请选择前置任务输出的域名证书', helper: '请选择前置任务输出的域名证书',
@ -87,9 +106,23 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin {
}) })
hostKeyPath!: string; hostKeyPath!: string;
@TaskOutput({
title: 'PFX保存路径',
})
hostPfxPath!: string;
@TaskOutput({
title: 'DER保存路径',
})
hostDerPath!: string;
async onInstance() {} async onInstance() {}
copyFile(srcFile: string, destFile: string) { copyFile(srcFile: string, destFile: string) {
if (!srcFile || !destFile) {
this.logger.warn(`srcFile:${srcFile} 或 destFile:${destFile} 为空,不复制`);
return;
}
const dir = destFile.substring(0, destFile.lastIndexOf('/')); const dir = destFile.substring(0, destFile.lastIndexOf('/'));
if (!fs.existsSync(dir)) { if (!fs.existsSync(dir)) {
fs.mkdirSync(dir, { recursive: true }); fs.mkdirSync(dir, { recursive: true });
@ -101,12 +134,15 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin {
const certReader = new CertReader(cert); const certReader = new CertReader(cert);
const handle = async (opts: CertReaderHandleContext) => { const handle = async (opts: CertReaderHandleContext) => {
const { tmpCrtPath, tmpKeyPath } = opts; const { tmpCrtPath, tmpKeyPath, tmpDerPath, tmpPfxPath } = opts;
if (this.copyToThisHost) { if (this.copyToThisHost) {
this.logger.info('复制到目标路径'); this.logger.info('复制到目标路径');
this.copyFile(tmpCrtPath, crtPath); this.copyFile(tmpCrtPath, crtPath);
this.copyFile(tmpKeyPath, keyPath); this.copyFile(tmpKeyPath, keyPath);
this.logger.info('证书复制成功crtPath=', crtPath, ',keyPath=', keyPath); this.copyFile(tmpPfxPath, this.pfxPath);
this.copyFile(tmpDerPath, this.derPath);
this.logger.info(`证书复制成功crtPath=${crtPath},keyPath=${keyPath},pfxPath=${this.pfxPath},derPath=${this.derPath}`);
} else { } else {
if (!accessId) { if (!accessId) {
throw new Error('主机登录授权配置不能为空'); throw new Error('主机登录授权配置不能为空');
@ -114,25 +150,43 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin {
this.logger.info('准备上传文件到服务器'); this.logger.info('准备上传文件到服务器');
const connectConf: SshAccess = await this.accessService.getById(accessId); const connectConf: SshAccess = await this.accessService.getById(accessId);
const sshClient = new SshClient(this.logger); const sshClient = new SshClient(this.logger);
await sshClient.uploadFiles({ const transports: any = [];
connectConf, if (crtPath) {
transports: [ transports.push({
{
localPath: tmpCrtPath, localPath: tmpCrtPath,
remotePath: crtPath, remotePath: crtPath,
}, });
{ }
if (keyPath) {
transports.push({
localPath: tmpKeyPath, localPath: tmpKeyPath,
remotePath: keyPath, remotePath: keyPath,
}, });
], }
if (this.pfxPath) {
transports.push({
localPath: tmpPfxPath,
remotePath: this.pfxPath,
});
}
if (this.derPath) {
transports.push({
localPath: tmpDerPath,
remotePath: this.derPath,
});
}
await sshClient.uploadFiles({
connectConf,
transports,
mkdirs: this.mkdirs, mkdirs: this.mkdirs,
}); });
this.logger.info('证书上传成功crtPath=', crtPath, ',keyPath=', keyPath); this.logger.info(`证书上传成功crtPath=${crtPath},keyPath=${keyPath},pfxPath=${this.pfxPath},derPath=${this.derPath}`);
//输出 //输出
this.hostCrtPath = crtPath; this.hostCrtPath = crtPath;
this.hostKeyPath = keyPath; this.hostKeyPath = keyPath;
this.hostPfxPath = this.pfxPath;
this.hostDerPath = this.derPath;
} }
}; };
await certReader.readCertFile({ await certReader.readCertFile({