chore: 1

packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts

@@ -30,6 +30,7 @@ export type CertInfo = {
   ic?: string;
   pfx?: string;
   der?: string;
+  p12?: string;
 };
 export type SSLProvider = "letsencrypt" | "google" | "zerossl";
 export type PrivateKeyType = "rsa_1024" | "rsa_2048" | "rsa_3072" | "rsa_4096" | "ec_256" | "ec_384" | "ec_521";

packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts

@@ -48,14 +48,14 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
   email!: string;
 
   @TaskInput({
-    title: "PFX证书密码",
+    title: "证书密码",
     component: {
       name: "input-password",
       vModel: "value",
     },
     required: false,
     order: 100,
-    helper: "PFX格式证书是否需要加密",
+    helper: "PFX、P12格式证书是否需要加密",
   })
   pfxPassword!: string;
 
@@ -150,18 +150,27 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
     }
     this._result.pipelinePrivateVars.cert = cert;
 
-    if (cert.pfx == null || cert.der == null) {
+    if (cert.pfx == null || cert.der == null || cert.p12 == null) {
       try {
         const converter = new CertConverter({ logger: this.logger });
         const res = await converter.convert({
           cert,
           pfxPassword: this.pfxPassword,
         });
-        const pfxBuffer = fs.readFileSync(res.pfxPath);
+        if (res.pfxPath) {
-        cert.pfx = pfxBuffer.toString("base64");
+          const pfxBuffer = fs.readFileSync(res.pfxPath);
+          cert.pfx = pfxBuffer.toString("base64");
+        }
 
-        const derBuffer = fs.readFileSync(res.derPath);
+        if (res.derPath) {
-        cert.der = derBuffer.toString("base64");
+          const derBuffer = fs.readFileSync(res.derPath);
+          cert.der = derBuffer.toString("base64");
+        }
+
+        if (res.p12Path) {
+          const p12Buffer = fs.readFileSync(res.p12Path);
+          cert.p12 = p12Buffer.toString("base64");
+        }
 
         this.logger.info("转换证书格式成功");
         isNew = true;
@@ -186,12 +195,16 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
     zip.file("cert.crt", cert.crt);
     zip.file("cert.key", cert.key);
     zip.file("intermediate.crt", cert.ic);
+
     if (cert.pfx) {
       zip.file("cert.pfx", Buffer.from(cert.pfx, "base64"));
     }
     if (cert.der) {
       zip.file("cert.der", Buffer.from(cert.der, "base64"));
     }
+    if (cert.p12) {
+      zip.file("cert.p12", Buffer.from(cert.p12, "base64"));
+    }
     const content = await zip.generateAsync({ type: "nodebuffer" });
     this.saveFile(filename, content);
     this.logger.info(`已保存文件:${filename}`);

packages/plugins/plugin-cert/src/plugin/cert-plugin/convert.ts

@@ -17,16 +17,20 @@ export class CertConverter {
   async convert(opts: { cert: CertInfo; pfxPassword: string }): Promise<{
     pfxPath: string;
     derPath: string;
+    p12Path: string;
   }> {
     const certReader = new CertReader(opts.cert);
     let pfxPath: string;
     let derPath: string;
+    let p12Path: string;
     const handle = async (ctx: CertReaderHandleContext) => {
       // 调用openssl 转pfx
       pfxPath = await this.convertPfx(ctx, opts.pfxPassword);
 
       // 转der
       derPath = await this.convertDer(ctx);
+
+      p12Path = await this.convertP12(ctx, opts.pfxPassword);
     };
 
     await certReader.readCertFile({ logger: this.logger, handle });
@@ -34,6 +38,7 @@ export class CertConverter {
     return {
       pfxPath,
       derPath,
+      p12Path,
     };
   }
 
@@ -88,4 +93,25 @@ export class CertConverter {
     // const filename = reader.buildCertFileName("der", applyTime);
     // this.saveFile(filename, fileBuffer);
   }
+
+  async convertP12(opts: CertReaderHandleContext, pfxPassword: string) {
+    const { tmpCrtPath, tmpKeyPath } = opts;
+    const p12Path = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.p12`);
+
+    const dir = path.dirname(p12Path);
+    if (!fs.existsSync(dir)) {
+      fs.mkdirSync(dir, { recursive: true });
+    }
+    try {
+      let passwordArg = "-passout pass:";
+      if (pfxPassword) {
+        passwordArg = `-password pass:${pfxPassword}`;
+      }
+      await this.exec(`openssl pkcs12 -export -in ${tmpCrtPath} -inkey ${tmpKeyPath} -out ${p12Path} -name certd ${passwordArg}`);
+      return p12Path;
+    } catch (e) {
+      this.logger.error("转换jks失败", e);
+      return;
+    }
+  }
 }

packages/ui/certd-server/src/plugins/plugin-host/plugin/copy-to-local/index.ts

@@ -19,18 +19,18 @@ import path from 'path';
 export class CopyCertToLocalPlugin extends AbstractTaskPlugin {
   @TaskInput({
     title: '证书保存路径',
-    helper: '全链证书，路径要包含文件名' + '\n推荐使用相对路径，将写入与数据库同级目录，无需映射，例如：./tmp/cert.pem',
+    helper: '全链证书，路径要包含文件名' + '\n推荐使用相对路径，将写入与数据库同级目录，无需映射，例如：tmp/cert.pem',
     component: {
-      placeholder: './tmp/full_chain.pem',
+      placeholder: 'tmp/full_chain.pem',
     },
     rules: [{ type: 'filepath' }],
   })
   crtPath!: string;
   @TaskInput({
     title: '私钥保存路径',
-    helper: '路径要包含文件名\n推荐使用相对路径，将写入与数据库同级目录，无需映射，例如：./tmp/cert.key',
+    helper: '路径要包含文件名\n推荐使用相对路径，将写入与数据库同级目录，无需映射，例如：tmp/cert.key',
     component: {
-      placeholder: './tmp/cert.key',
+      placeholder: 'tmp/cert.key',
     },
     rules: [{ type: 'filepath' }],
   })
@@ -48,9 +48,9 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin {
 
   @TaskInput({
     title: 'PFX证书保存路径',
-    helper: '用于IIS证书部署，路径要包含文件名\n推荐使用相对路径，将写入与数据库同级目录，无需映射，例如：./tmp/cert.pfx',
+    helper: '用于IIS证书部署，路径要包含文件名\n推荐使用相对路径，将写入与数据库同级目录，无需映射，例如：tmp/cert.pfx',
     component: {
-      placeholder: './tmp/cert.pfx',
+      placeholder: 'tmp/cert.pfx',
     },
     rules: [{ type: 'filepath' }],
   })
@@ -59,14 +59,24 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin {
   @TaskInput({
     title: 'DER证书保存路径',
     helper:
-      '用于Apache证书部署，路径要包含文件名\n推荐使用相对路径，将写入与数据库同级目录，无需映射，例如：./tmp/cert.der\n.der和.cer是相同的东西，改个后缀名即可',
+      '用于Apache证书部署，路径要包含文件名\n推荐使用相对路径，将写入与数据库同级目录，无需映射，例如：tmp/cert.der\n.der和.cer是相同的东西，改个后缀名即可',
     component: {
-      placeholder: './tmp/cert.der 或 ./tmp/cert.cer',
+      placeholder: 'tmp/cert.der 或 tmp/cert.cer',
     },
     rules: [{ type: 'filepath' }],
   })
   derPath!: string;
 
+  @TaskInput({
+    title: 'p12证书保存路径',
+    helper: '用于java，路径要包含文件名，例如：tmp/cert.p12',
+    component: {
+      placeholder: 'tmp/cert.p12',
+    },
+    rules: [{ type: 'filepath' }],
+  })
+  p12Path!: string;
+
   @TaskInput({
     title: '域名证书',
     helper: '请选择前置任务输出的域名证书',
@@ -108,6 +118,12 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin {
   })
   hostDerPath!: string;
 
+  @TaskOutput({
+    title: 'P12保存路径',
+    type: 'HostP12Path',
+  })
+  hostP12Path!: string;
+
   async onInstance() {}
 
   copyFile(srcFile: string, destFile: string) {
@@ -123,10 +139,10 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin {
       throw new Error('只有管理员才能运行此任务');
     }
 
-    let { crtPath, keyPath, icPath, pfxPath, derPath } = this;
+    let { crtPath, keyPath, icPath, pfxPath, derPath, p12Path } = this;
     const certReader = new CertReader(this.cert);
 
-    const handle = async ({ reader, tmpCrtPath, tmpKeyPath, tmpDerPath, tmpPfxPath, tmpIcPath }) => {
+    const handle = async ({ reader, tmpCrtPath, tmpKeyPath, tmpDerPath, tmpPfxPath, tmpIcPath, tmpP12Path }) => {
       this.logger.info('复制到目标路径');
       if (crtPath) {
         crtPath = crtPath.startsWith('/') ? crtPath : path.join(Constants.dataDir, crtPath);
@@ -153,6 +169,11 @@ export class CopyCertToLocalPlugin extends AbstractTaskPlugin {
         this.copyFile(tmpDerPath, derPath);
         this.hostDerPath = derPath;
       }
+      if (p12Path) {
+        p12Path = p12Path.startsWith('/') ? p12Path : path.join(Constants.dataDir, p12Path);
+        this.copyFile(tmpP12Path, p12Path);
+        this.hostP12Path = p12Path;
+      }
       this.logger.info('请注意，如果使用的是相对路径，那么文件就在你的数据库同级目录下，默认是/data/certd/下面');
       this.logger.info(
         '请注意，如果使用的是绝对路径，文件在容器内的目录下，你需要给容器做目录映射才能复制到宿主机，需要在docker-compose.yaml中配置主机目录映射： volumes: /你宿主机的路径:/任务配置的证书路径'

packages/ui/certd-server/src/plugins/plugin-host/plugin/upload-to-host/index.ts

@@ -67,6 +67,16 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin {
   })
   derPath!: string;
 
+  @TaskInput({
+    title: 'p12证书保存路径',
+    helper: '需要有写入权限，路径要包含证书文件名，例如：/tmp/cert.p12',
+    component: {
+      placeholder: '/root/deploy/nginx/cert.p12',
+    },
+    rules: [{ type: 'filepath' }],
+  })
+  p12Path!: string;
+
   @TaskInput({
     title: '域名证书',
     helper: '请选择前置任务输出的域名证书',
@@ -147,6 +157,10 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin {
     title: 'DER保存路径',
   })
   hostDerPath!: string;
+  @TaskOutput({
+    title: 'P12保存路径',
+  })
+  hostP12Path!: string;
 
   async onInstance() {}
 
@@ -167,7 +181,7 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin {
     const certReader = new CertReader(cert);
 
     const handle = async (opts: CertReaderHandleContext) => {
-      const { tmpCrtPath, tmpKeyPath, tmpDerPath, tmpPfxPath, tmpIcPath } = opts;
+      const { tmpCrtPath, tmpKeyPath, tmpDerPath, tmpP12Path, tmpPfxPath, tmpIcPath } = opts;
       // if (this.copyToThisHost) {
       //   this.logger.info('复制到目标路径');
       //   this.copyFile(tmpCrtPath, crtPath);
@@ -227,6 +241,13 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin {
         });
         this.logger.info(`上传DER证书到主机：${this.derPath}`);
       }
+      if (this.p12Path) {
+        transports.push({
+          localPath: tmpP12Path,
+          remotePath: this.p12Path,
+        });
+        this.logger.info(`上传p12证书到主机：${this.p12Path}`);
+      }
       this.logger.info('开始上传文件到服务器');
       await sshClient.uploadFiles({
         connectConf,
@@ -240,6 +261,7 @@ export class UploadCertToHostPlugin extends AbstractTaskPlugin {
       this.hostIcPath = this.icPath;
       this.hostPfxPath = this.pfxPath;
       this.hostDerPath = this.derPath;
+      this.hostP12Path = this.p12Path;
     };
 
     await certReader.readCertFile({