perf: 阿里云 FC3.0 不在要求证书加密方式为旧版，修复支持的协议类型可以正常选择

2025-08-17 23:27:50 +08:00 · 2025-08-17 23:27:50 +08:00 · a34db7449e
parent 0283bd2f97
commit a34db7449e
1 changed files with 42 additions and 4 deletions
--- a/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-fc/index.ts
+++ b/packages/ui/certd-server/src/plugins/plugin-aliyun/plugin/deploy-to-fc/index.ts
@ -1,13 +1,17 @@
 import { AbstractTaskPlugin, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
 import { CertApplyPluginNames, CertInfo, CertReader } from "@certd/plugin-cert";
 import { AliyunAccess, createCertDomainGetterInputDefine, createRemoteSelectInputDefine } from "@certd/plugin-lib";
 import fs from "fs";
 import path from "path";
 import { tmpdir } from "node:os";
 import { sp } from "@certd/basic";
@IsTaskPlugin({
  name: 'AliyunDeployCertToFC',
  title: '阿里云-部署至阿里云FC(3.0)',
  icon: 'svg:icon-aliyun',
  group: pluginGroups.aliyun.key,
-  desc: '部署证书到阿里云函数计算（FC3.0）,【注意】证书的加密算法必须选择【pkcs1旧版】',
+  desc: '部署证书到阿里云函数计算（FC3.0）',
  needPlus: false,
  default: {
    strategy: {
@ -89,7 +93,7 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin {
  @TaskInput(
    createRemoteSelectInputDefine({
      title: 'FC域名',
-      helper: "请选择要部署证书的域名\n【注意】证书的加密算法必须选择【pkcs1旧版】（否则会报'private key' has to be in PEM format错误）",
+      helper: "请选择要部署证书的域名",
      typeName: 'AliyunDeployCertToFC',
      action: AliyunDeployCertToFC.prototype.onGetDomainList.name,
      watches: ['accessId', 'regionId'],
@ -99,9 +103,10 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin {
  @TaskInput({
    title: '域名支持的协议类型',
    value: '',
    component: {
      name: 'a-select',
-      value: '',
+      vModel:"value",
      options: [
        { value: '', label: '保持原样（适用于原来已经开启了HTTPS）' },
        { value: 'HTTPS', label: '仅HTTPS' },
@ -113,6 +118,13 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin {
  async onInstance() {}
  async exec(cmd: string) {
    process.env.LANG = "zh_CN.GBK";
    await sp.spawn({
      cmd: cmd,
      logger: this.logger,
    });
  }
  async execute(): Promise<void> {
    this.logger.info('开始部署证书到阿里云');
    const access = await this.getAccess<AliyunAccess>(this.accessId);
@ -121,6 +133,32 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin {
    const $Util = await import('@alicloud/tea-util');
    const $OpenApi = await import('@alicloud/openapi-client');
    let privateKey = this.cert.key
    try{
      // openssl rsa -in private_key.pem -out private_key_pkcs1.pem
      const tempDir = path.join(tmpdir(), "certd");
      if (!fs.existsSync(tempDir)) {
        fs.mkdirSync(tempDir, { recursive: true });
      }
      const keyFileName = this.ctx.utils.id.randomNumber(10);
      const tempPem = `${tempDir}/${keyFileName}.pem`;
      const tempPkcs1Pem =`${tempDir}/${keyFileName}_pkcs1.pem`;
      fs.writeFileSync(tempPem, this.cert.key);
      const oldPfxCmd = `openssl rsa -in ${tempPem} -traditional -out ${tempPkcs1Pem}`;
      await this.exec(oldPfxCmd);
      const fileBuffer = fs.readFileSync(tempPkcs1Pem);
      privateKey = fileBuffer.toString();
      fs.unlinkSync(tempPem);
      fs.unlinkSync(tempPkcs1Pem);
    }catch (e) {
      this.logger.warn("私钥转换为PKCS#1格式失败",e);
    }
    for (const domainName of this.fcDomains) {
      const params = new $OpenApi.Params({
        // 接口名称
@ -147,7 +185,7 @@ export class AliyunDeployCertToFC extends AbstractTaskPlugin {
        certConfig: {
          certName: certName,
          certificate: this.cert.crt,
-          privateKey: this.cert.key,
+          privateKey: privateKey,
        },
      };
      if (this.protocol) {