From 3d9c3ecb3eb604b2458154f608bde0f01915d116 Mon Sep 17 00:00:00 2001
From: xiaojunnuo <xiaojunnuo@qq.com>
Date: Mon, 23 Sep 2024 14:32:57 +0800
Subject: [PATCH] =?UTF-8?q?perf:=20=E8=AF=81=E4=B9=A6=E6=94=AF=E6=8C=81?=
 =?UTF-8?q?=E6=97=A7=E7=89=88RSA=EF=BC=8Cpkcs1?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/core/acme-client/src/crypto/index.js | 11 +++++++----
 packages/core/acme-client/src/index.js        |  2 +-
 packages/core/acme-client/types/index.d.ts    |  8 ++++----
 .../src/plugin/cert-plugin/acme.ts            | 19 ++++++++++++++++---
 .../src/plugin/cert-plugin/index.ts           |  1 +
 5 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/packages/core/acme-client/src/crypto/index.js b/packages/core/acme-client/src/crypto/index.js
index 53599f5d..7e6c1b03 100644
--- a/packages/core/acme-client/src/crypto/index.js
+++ b/packages/core/acme-client/src/crypto/index.js
@@ -67,11 +67,11 @@ function getKeyInfo(keyPem) {
  * ```
  */
 
-async function createPrivateRsaKey(modulusLength = 2048) {
+async function createPrivateRsaKey(modulusLength = 2048, encodingType = 'pkcs8') {
     const pair = await generateKeyPair('rsa', {
         modulusLength,
         privateKeyEncoding: {
-            type: 'pkcs8',
+            type: encodingType,
             format: 'pem',
         },
     });
@@ -106,11 +106,11 @@ exports.createPrivateKey = createPrivateRsaKey;
  * ```
  */
 
-exports.createPrivateEcdsaKey = async (namedCurve = 'P-256') => {
+exports.createPrivateEcdsaKey = async (namedCurve = 'P-256', encodingType = 'pkcs8') => {
     const pair = await generateKeyPair('ec', {
         namedCurve,
         privateKeyEncoding: {
-            type: 'pkcs8',
+            type: encodingType,
             format: 'pem',
         },
     });
@@ -201,6 +201,9 @@ async function getWebCryptoKeyPair(keyPem) {
     }
 
     /* Decode PEM and import into CryptoKeyPair */
+    if (encodingType === 'pkcs1') {
+        encodingType = 'pkcs8';
+    }
     const privateKeyDec = x509.PemConverter.decodeFirst(keyPem.toString());
     const privateKey = await crypto.webcrypto.subtle.importKey('pkcs8', privateKeyDec, sigalg, true, ['sign']);
     const publicKey = await crypto.webcrypto.subtle.importKey('jwk', jwk, sigalg, true, ['verify']);
diff --git a/packages/core/acme-client/src/index.js b/packages/core/acme-client/src/index.js
index 5c82b3f9..4e83c9f6 100644
--- a/packages/core/acme-client/src/index.js
+++ b/packages/core/acme-client/src/index.js
@@ -32,7 +32,7 @@ exports.directory = {
  */
 
 exports.crypto = require('./crypto');
-// exports.forge = require('./crypto/forge');
+exports.forge = require('./crypto/forge');
 
 /**
  * Axios
diff --git a/packages/core/acme-client/types/index.d.ts b/packages/core/acme-client/types/index.d.ts
index 406b546a..b0fc9657 100644
--- a/packages/core/acme-client/types/index.d.ts
+++ b/packages/core/acme-client/types/index.d.ts
@@ -155,16 +155,16 @@ export interface EcdsaPublicJwk {
 }
 
 export interface CryptoInterface {
-    createPrivateKey(keySize?: number): Promise<PrivateKeyBuffer>;
-    createPrivateRsaKey(keySize?: number): Promise<PrivateKeyBuffer>;
-    createPrivateEcdsaKey(namedCurve?: 'P-256' | 'P-384' | 'P-521'): Promise<PrivateKeyBuffer>;
+    createPrivateKey(keySize?: number,encodingType?:string): Promise<PrivateKeyBuffer>;
+    createPrivateRsaKey(keySize?: number,encodingType?:string): Promise<PrivateKeyBuffer>;
+    createPrivateEcdsaKey(namedCurve?: 'P-256' | 'P-384' | 'P-521',encodingType?:string): Promise<PrivateKeyBuffer>;
     getPublicKey(keyPem: PrivateKeyBuffer | PrivateKeyString | PublicKeyBuffer | PublicKeyString): PublicKeyBuffer;
     getJwk(keyPem: PrivateKeyBuffer | PrivateKeyString | PublicKeyBuffer | PublicKeyString): RsaPublicJwk | EcdsaPublicJwk;
     splitPemChain(chainPem: CertificateBuffer | CertificateString): string[];
     getPemBodyAsB64u(pem: CertificateBuffer | CertificateString): string;
     readCsrDomains(csrPem: CsrBuffer | CsrString): CertificateDomains;
     readCertificateInfo(certPem: CertificateBuffer | CertificateString): CertificateInfo;
-    createCsr(data: CsrOptions, keyPem?: PrivateKeyBuffer | PrivateKeyString): Promise<[PrivateKeyBuffer, CsrBuffer]>;
+    createCsr(data: CsrOptions, keyPem?: PrivateKeyBuffer | PrivateKeyString,encodingType?:string): Promise<[PrivateKeyBuffer, CsrBuffer]>;
     createAlpnCertificate(authz: Authorization, keyAuthorization: string, keyPem?: PrivateKeyBuffer | PrivateKeyString): Promise<[PrivateKeyBuffer, CertificateBuffer]>;
     isAlpnCertificateAuthorizationValid(certPem: CertificateBuffer | CertificateString, keyAuthorization: string): boolean;
 }
diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
index 8c295766..1789f534 100644
--- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
+++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
@@ -244,13 +244,25 @@ export class AcmeService {
     if (privateKeyArr.length > 1) {
       size = parseInt(privateKeyArr[1]);
     }
+
+    let encodingType = "pkcs8";
+    if (privateKeyArr.length > 2) {
+      encodingType = privateKeyArr[2];
+    }
+
     if (type == "ec") {
       const name: any = "P-" + size;
-      privateKey = await acme.crypto.createPrivateEcdsaKey(name);
+      privateKey = await acme.crypto.createPrivateEcdsaKey(name, encodingType);
     } else {
-      privateKey = await acme.crypto.createPrivateRsaKey(size);
+      privateKey = await acme.crypto.createPrivateRsaKey(size, encodingType);
     }
-    const [key, csr] = await acme.crypto.createCsr(
+
+    let createCsr: any = acme.crypto.createCsr;
+    if (encodingType === "pkcs1") {
+      //兼容老版本
+      createCsr = acme.forge.createCsr;
+    }
+    const [key, csr] = await createCsr(
       {
         commonName,
         ...csrInfo,
@@ -258,6 +270,7 @@ export class AcmeService {
       },
       privateKey
     );
+
     if (dnsProvider == null) {
       throw new Error("dnsProvider 不能为空");
     }
diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
index b2828afd..34e64a75 100644
--- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
+++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/index.ts
@@ -74,6 +74,7 @@ export class CertApplyPlugin extends CertApplyBasePlugin {
         { value: "rsa_2048", label: "RSA 2048" },
         { value: "rsa_3072", label: "RSA 3072" },
         { value: "rsa_4096", label: "RSA 4096" },
+        { value: "rsa_2048_pkcs1", label: "RSA 2048 pkcs1 (旧版)" },
         { value: "ec_256", label: "EC 256" },
         { value: "ec_384", label: "EC 384" },
         // { value: "ec_521", label: "EC 521" },