From b3e0546f78c3c791e83b8c84446a2f4c62141c22 Mon Sep 17 00:00:00 2001 From: xiaojunnuo Date: Tue, 29 Oct 2024 23:37:18 +0800 Subject: [PATCH] chore: 1 --- .../src/plugin/cert-plugin/acme.ts | 1 + .../src/plugin/cert-plugin/base.ts | 27 ++++++++---- .../src/plugin/cert-plugin/convert.ts | 26 ++++++++++++ .../plugin-host/plugin/copy-to-local/index.ts | 41 ++++++++++++++----- .../plugin/upload-to-host/index.ts | 24 ++++++++++- 5 files changed, 101 insertions(+), 18 deletions(-) diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts index 20bed7c4..cbdcf0d5 100644 --- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts +++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts @@ -30,6 +30,7 @@ export type CertInfo = { ic?: string; pfx?: string; der?: string; + p12?: string; }; export type SSLProvider = "letsencrypt" | "google" | "zerossl"; export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521"; diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts index 8efcdf09..8c6cd213 100644 --- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts +++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts @@ -48,14 +48,14 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin { email!: string; @TaskInput({ - title: "PFX证书密码", + title: "证书密码", component: { name: "input-password", vModel: "value", }, required: false, order: 100, - helper: "PFX格式证书是否需要加密", + helper: "PFX、P12格式证书是否需要加密", }) pfxPassword!: string; @@ -150,18 +150,27 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin { } this._result.pipelinePrivateVars.cert = cert; - if (cert.pfx == null || cert.der == null) { + if (cert.pfx == null || cert.der == null || cert.p12 == null) { try { const converter = new CertConverter({ logger: this.logger }); const res = await converter.convert({ cert, pfxPassword: this.pfxPassword, }); - const pfxBuffer = fs.readFileSync(res.pfxPath); - cert.pfx = pfxBuffer.toString("base64"); + if (res.pfxPath) { + const pfxBuffer = fs.readFileSync(res.pfxPath); + cert.pfx = pfxBuffer.toString("base64"); + } - const derBuffer = fs.readFileSync(res.derPath); - cert.der = derBuffer.toString("base64"); + if (res.derPath) { + const derBuffer = fs.readFileSync(res.derPath); + cert.der = derBuffer.toString("base64"); + } + + if (res.p12Path) { + const p12Buffer = fs.readFileSync(res.p12Path); + cert.p12 = p12Buffer.toString("base64"); + } this.logger.info("转换证书格式成功"); isNew = true; @@ -186,12 +195,16 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin { zip.file("cert.crt", cert.crt); zip.file("cert.key", cert.key); zip.file("intermediate.crt", cert.ic); + if (cert.pfx) { zip.file("cert.pfx", Buffer.from(cert.pfx, "base64")); } if (cert.der) { zip.file("cert.der", Buffer.from(cert.der, "base64")); } + if (cert.p12) { + zip.file("cert.p12", Buffer.from(cert.p12, "base64")); + } const content = await zip.generateAsync({ type: "nodebuffer" }); this.saveFile(filename, content); this.logger.info(`已保存文件:${filename}`); diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/convert.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/convert.ts index 6c016105..77fb1944 100644 --- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/convert.ts +++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/convert.ts @@ -17,16 +17,20 @@ export class CertConverter { async convert(opts: { cert: CertInfo; pfxPassword: string }): Promise<{ pfxPath: string; derPath: string; + p12Path: string; }> { const certReader = new CertReader(opts.cert); let pfxPath: string; let derPath: string; + let p12Path: string; const handle = async (ctx: CertReaderHandleContext) => { // 调用openssl 转pfx pfxPath = await this.convertPfx(ctx, opts.pfxPassword); // 转der derPath = await this.convertDer(ctx); + + p12Path = await this.convertP12(ctx, opts.pfxPassword); }; await certReader.readCertFile({ logger: this.logger, handle }); @@ -34,6 +38,7 @@ export class CertConverter { return { pfxPath, derPath, + p12Path, }; } @@ -88,4 +93,25 @@ export class CertConverter { // const filename = reader.buildCertFileName("der", applyTime); // this.saveFile(filename, fileBuffer); } + + async convertP12(opts: CertReaderHandleContext, pfxPassword: string) { + const { tmpCrtPath, tmpKeyPath } = opts; + const p12Path = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.p12`); + + const dir = path.dirname(p12Path); + if (!fs.existsSync(dir)) { + fs.mkdirSync(dir, { recursive: true }); + } + try { + let passwordArg = "-passout pass:"; + if (pfxPassword) { + passwordArg = `-password pass:${pfxPassword}`; + } + await this.exec(`openssl pkcs12 -export -in ${tmpCrtPath} -inkey ${tmpKeyPath} -out ${p12Path} -name certd ${passwordArg}`); + return p12Path; + } catch (e) { + this.logger.error("转换jks失败", e); + return; + } + } } diff --git a/packages/ui/certd-server/src/plugins/plugin-host/plugin/copy-to-local/index.ts b/packages/ui/certd-server/src/plugins/plugin-host/plugin/copy-to-local/index.ts index b7ac227e..ff29c05d 100644 --- a/packages/ui/certd-server/src/plugins/plugin-host/plugin/copy-to-local/index.ts +++ b/packages/ui/certd-server/src/plugins/plugin-host/plugin/copy-to-local/index.ts @@ -19,18 +19,18 @@ import path from 'path'; export class CopyCertToLocalPlugin extends AbstractTaskPlugin { @TaskInput({ title: '证书保存路径', - helper: '全链证书,路径要包含文件名' + '\n推荐使用相对路径,将写入与数据库同级目录,无需映射,例如:./tmp/cert.pem', + helper: '全链证书,路径要包含文件名' + '\n推荐使用相对路径,将写入与数据库同级目录,无需映射,例如:tmp/cert.pem', component: { - placeholder: './tmp/full_chain.pem', + placeholder: 'tmp/full_chain.pem', }, rules: [{ type: 'filepath' }], }) crtPath!: string; @TaskInput({ title: '私钥保存路径', - helper: '路径要包含文件名\n推荐使用相对路径,将写入与数据库同级目录,无需映射,例如:./tmp/cert.key', + helper: '路径要包含文件名\n推荐使用相对路径,将写入与数据库同级目录,无需映射,例如:tmp/cert.key', component: { - placeholder: './tmp/cert.key', + placeholder: 'tmp/cert.key', }, rules: [{ type: 'filepath' }], }) @@ -48,9 +48,9 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin { @TaskInput({ title: 'PFX证书保存路径', - helper: '用于IIS证书部署,路径要包含文件名\n推荐使用相对路径,将写入与数据库同级目录,无需映射,例如:./tmp/cert.pfx', + helper: '用于IIS证书部署,路径要包含文件名\n推荐使用相对路径,将写入与数据库同级目录,无需映射,例如:tmp/cert.pfx', component: { - placeholder: './tmp/cert.pfx', + placeholder: 'tmp/cert.pfx', }, rules: [{ type: 'filepath' }], }) @@ -59,14 +59,24 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin { @TaskInput({ title: 'DER证书保存路径', helper: - '用于Apache证书部署,路径要包含文件名\n推荐使用相对路径,将写入与数据库同级目录,无需映射,例如:./tmp/cert.der\n.der和.cer是相同的东西,改个后缀名即可', + '用于Apache证书部署,路径要包含文件名\n推荐使用相对路径,将写入与数据库同级目录,无需映射,例如:tmp/cert.der\n.der和.cer是相同的东西,改个后缀名即可', component: { - placeholder: './tmp/cert.der 或 ./tmp/cert.cer', + placeholder: 'tmp/cert.der 或 tmp/cert.cer', }, rules: [{ type: 'filepath' }], }) derPath!: string; + @TaskInput({ + title: 'p12证书保存路径', + helper: '用于java,路径要包含文件名,例如:tmp/cert.p12', + component: { + placeholder: 'tmp/cert.p12', + }, + rules: [{ type: 'filepath' }], + }) + p12Path!: string; + @TaskInput({ title: '域名证书', helper: '请选择前置任务输出的域名证书', @@ -108,6 +118,12 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin { }) hostDerPath!: string; + @TaskOutput({ + title: 'P12保存路径', + type: 'HostP12Path', + }) + hostP12Path!: string; + async onInstance() {} copyFile(srcFile: string, destFile: string) { @@ -123,10 +139,10 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin { throw new Error('只有管理员才能运行此任务'); } - let { crtPath, keyPath, icPath, pfxPath, derPath } = this; + let { crtPath, keyPath, icPath, pfxPath, derPath, p12Path } = this; const certReader = new CertReader(this.cert); - const handle = async ({ reader, tmpCrtPath, tmpKeyPath, tmpDerPath, tmpPfxPath, tmpIcPath }) => { + const handle = async ({ reader, tmpCrtPath, tmpKeyPath, tmpDerPath, tmpPfxPath, tmpIcPath, tmpP12Path }) => { this.logger.info('复制到目标路径'); if (crtPath) { crtPath = crtPath.startsWith('/') ? crtPath : path.join(Constants.dataDir, crtPath); @@ -153,6 +169,11 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin { this.copyFile(tmpDerPath, derPath); this.hostDerPath = derPath; } + if (p12Path) { + p12Path = p12Path.startsWith('/') ? p12Path : path.join(Constants.dataDir, p12Path); + this.copyFile(tmpP12Path, p12Path); + this.hostP12Path = p12Path; + } this.logger.info('请注意,如果使用的是相对路径,那么文件就在你的数据库同级目录下,默认是/data/certd/下面'); this.logger.info( '请注意,如果使用的是绝对路径,文件在容器内的目录下,你需要给容器做目录映射才能复制到宿主机,需要在docker-compose.yaml中配置主机目录映射: volumes: /你宿主机的路径:/任务配置的证书路径' diff --git a/packages/ui/certd-server/src/plugins/plugin-host/plugin/upload-to-host/index.ts b/packages/ui/certd-server/src/plugins/plugin-host/plugin/upload-to-host/index.ts index b7b47a86..784bb02d 100644 --- a/packages/ui/certd-server/src/plugins/plugin-host/plugin/upload-to-host/index.ts +++ b/packages/ui/certd-server/src/plugins/plugin-host/plugin/upload-to-host/index.ts @@ -67,6 +67,16 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin { }) derPath!: string; + @TaskInput({ + title: 'p12证书保存路径', + helper: '需要有写入权限,路径要包含证书文件名,例如:/tmp/cert.p12', + component: { + placeholder: '/root/deploy/nginx/cert.p12', + }, + rules: [{ type: 'filepath' }], + }) + p12Path!: string; + @TaskInput({ title: '域名证书', helper: '请选择前置任务输出的域名证书', @@ -147,6 +157,10 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin { title: 'DER保存路径', }) hostDerPath!: string; + @TaskOutput({ + title: 'P12保存路径', + }) + hostP12Path!: string; async onInstance() {} @@ -167,7 +181,7 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin { const certReader = new CertReader(cert); const handle = async (opts: CertReaderHandleContext) => { - const { tmpCrtPath, tmpKeyPath, tmpDerPath, tmpPfxPath, tmpIcPath } = opts; + const { tmpCrtPath, tmpKeyPath, tmpDerPath, tmpP12Path, tmpPfxPath, tmpIcPath } = opts; // if (this.copyToThisHost) { // this.logger.info('复制到目标路径'); // this.copyFile(tmpCrtPath, crtPath); @@ -227,6 +241,13 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin { }); this.logger.info(`上传DER证书到主机:${this.derPath}`); } + if (this.p12Path) { + transports.push({ + localPath: tmpP12Path, + remotePath: this.p12Path, + }); + this.logger.info(`上传p12证书到主机:${this.p12Path}`); + } this.logger.info('开始上传文件到服务器'); await sshClient.uploadFiles({ connectConf, @@ -240,6 +261,7 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin { this.hostIcPath = this.icPath; this.hostPfxPath = this.pfxPath; this.hostDerPath = this.derPath; + this.hostP12Path = this.p12Path; }; await certReader.readCertFile({