From ea8fdb120ce9933b259096686198058102cda30c Mon Sep 17 00:00:00 2001
From: xiaojunnuo <xiaojunnuo@qq.com>
Date: Thu, 12 Dec 2024 16:45:40 +0800
Subject: [PATCH] =?UTF-8?q?docs:=20=E8=AF=81=E4=B9=A6=E8=AF=B4=E6=98=8E?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/plugin/cert-plugin/acme.ts            |  9 +++----
 .../src/plugin/cert-plugin/base.ts            | 16 ++++++++++++-
 .../src/plugin/cert-plugin/cert-reader.ts     | 24 ++++++++++++++++---
 3 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
index 1a9fc5c5..410754da 100644
--- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
+++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/acme.ts
@@ -24,10 +24,11 @@ export type DomainsVerifyPlan = {
 };
 
 export type CertInfo = {
-  crt: string;
-  key: string;
-  csr: string;
-  ic?: string;
+  crt: string; //fullchain证书
+  key: string; //私钥
+  csr: string; //csr
+  oc?: string; //仅证书，非fullchain证书
+  ic?: string; //中间证书
   pfx?: string;
   der?: string;
   jks?: string;
diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts
index d704860a..51e33df4 100644
--- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts
+++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/base.ts
@@ -191,7 +191,7 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
     zip.file("cert.crt", cert.crt);
     zip.file("cert.key", cert.key);
     zip.file("intermediate.crt", cert.ic);
-
+    zip.file("origin.crt", cert.oc);
     if (cert.pfx) {
       zip.file("cert.pfx", Buffer.from(cert.pfx, "base64"));
     }
@@ -201,6 +201,20 @@ export abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
     if (cert.jks) {
       zip.file("cert.jks", Buffer.from(cert.jks, "base64"));
     }
+
+    zip.file(
+      "说明.txt",
+      `证书文件说明
+cert.crt：证书文件，包含证书链，pem格式
+cert.key：私钥文件，pem格式
+intermediate.crt：中间证书文件，pem格式
+origin.crt：原始证书文件，不含证书链，pem格式
+cert.pfx：pfx格式证书文件，iis服务器使用
+cert.der：der格式证书文件
+cert.jks：jks格式证书文件，java服务器使用
+    `
+    );
+
     const content = await zip.generateAsync({ type: "nodebuffer" });
     this.saveFile(filename, content);
     this.logger.info(`已保存文件:${filename}`);
diff --git a/packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts b/packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts
index 604eaada..907c3ab1 100644
--- a/packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts
+++ b/packages/plugins/plugin-cert/src/plugin/cert-plugin/cert-reader.ts
@@ -10,6 +10,7 @@ export type CertReaderHandleContext = {
   reader: CertReader;
   tmpCrtPath: string;
   tmpKeyPath: string;
+  tmpOcPath?: string;
   tmpPfxPath?: string;
   tmpDerPath?: string;
   tmpIcPath?: string;
@@ -19,6 +20,7 @@ export type CertReaderHandle = (ctx: CertReaderHandleContext) => Promise<void>;
 export type HandleOpts = { logger: ILogger; handle: CertReaderHandle };
 export class CertReader {
   cert: CertInfo;
+  oc: string; //仅证书，非fullchain证书
   crt: string;
   key: string;
   csr: string;
@@ -38,6 +40,12 @@ export class CertReader {
       this.cert.ic = this.ic;
     }
 
+    this.oc = certInfo.oc;
+    if (!this.oc) {
+      this.oc = this.getOc();
+      this.cert.oc = this.oc;
+    }
+
     const { detail, expires } = this.getCrtDetail(this.cert.crt);
     this.detail = detail;
     this.expires = expires.getTime();
@@ -56,6 +64,13 @@ export class CertReader {
     return ic.trim();
   }
 
+  getOc() {
+    //原始证书 就是crt的第一个 -----END CERTIFICATE----- 之前的内容
+    const endStr = "-----END CERTIFICATE-----";
+    const arr = this.crt.split(endStr);
+    return arr[0] + endStr;
+  }
+
   toCertInfo(): CertInfo {
     return this.cert;
   }
@@ -73,7 +88,7 @@ export class CertReader {
     return domains;
   }
 
-  saveToFile(type: "crt" | "key" | "pfx" | "der" | "ic" | "jks", filepath?: string) {
+  saveToFile(type: "crt" | "key" | "pfx" | "der" | "oc" | "ic" | "jks", filepath?: string) {
     if (!this.cert[type]) {
       return;
     }
@@ -87,7 +102,7 @@ export class CertReader {
     if (!fs.existsSync(dir)) {
       fs.mkdirSync(dir, { recursive: true });
     }
-    if (type === "crt" || type === "key" || type === "ic") {
+    if (type === "crt" || type === "key" || type === "ic" || type === "oc") {
       fs.writeFileSync(filepath, this.cert[type]);
     } else {
       fs.writeFileSync(filepath, Buffer.from(this.cert[type], "base64"));
@@ -102,9 +117,10 @@ export class CertReader {
     const tmpKeyPath = this.saveToFile("key");
     const tmpPfxPath = this.saveToFile("pfx");
     const tmpIcPath = this.saveToFile("ic");
-    logger.info("本地文件写入成功");
+    const tmpOcPath = this.saveToFile("oc");
     const tmpDerPath = this.saveToFile("der");
     const tmpJksPath = this.saveToFile("jks");
+    logger.info("本地文件写入成功");
     try {
       return await opts.handle({
         reader: this,
@@ -114,6 +130,7 @@ export class CertReader {
         tmpDerPath: tmpDerPath,
         tmpIcPath: tmpIcPath,
         tmpJksPath: tmpJksPath,
+        tmpOcPath: tmpOcPath,
       });
     } catch (err) {
       throw err;
@@ -128,6 +145,7 @@ export class CertReader {
       removeFile(tmpCrtPath);
       removeFile(tmpKeyPath);
       removeFile(tmpPfxPath);
+      removeFile(tmpOcPath);
       removeFile(tmpDerPath);
       removeFile(tmpIcPath);
       removeFile(tmpJksPath);