下载证书兼容jks

2025-12-15 09:55:37 +08:00 · 2025-06-26 16:51:26 +08:00
parent 91e74557aa
commit 4e8f0cf5e8
4 changed files with 82 additions and 0 deletions
--- a/backend/app/api/cert.go
+++ b/backend/app/api/cert.go
@@ -144,6 +144,28 @@ func DownloadCert(c *gin.Context) {
 			return
 		}
 	}
+	// cert.jks
+	jksData, err := public.PfxToJks(pfxData, pfxPassword, pfxPassword, "allinssl")
+	if err == nil && jksData != nil {
+		jksWriter, err := zipWriter.Create("Tomcat/cert.jks")
+		if err != nil {
+			public.FailMsg(c, err.Error())
+			return
+		}
+		if _, err := jksWriter.Write(jksData.Bytes()); err != nil {
+			public.FailMsg(c, err.Error())
+			return
+		}
+		txtWriter, err := zipWriter.Create("Tomcat/passwd.txt")
+		if err != nil {
+			public.FailMsg(c, err.Error())
+			return
+		}
+		if _, err := txtWriter.Write([]byte(pfxPassword)); err != nil {
+			public.FailMsg(c, err.Error())
+			return
+		}
+	}

 	// 关闭 zipWriter
 	if err := zipWriter.Close(); err != nil {
--- a/backend/public/cert.go
+++ b/backend/public/cert.go
@@ -1,6 +1,7 @@
 package public

 import (
+	"bytes"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/ed25519"
@@ -12,6 +13,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"github.com/pavlo-v-chernykh/keystore-go/v4"
 	"software.sslmate.com/src/go-pkcs12"
 	"strings"
 	"time"
@@ -184,3 +186,55 @@ func PEMToPFX(certPEM, keyPEM, pfxPassword string) ([]byte, error) {

 	return pfxData, nil
 }
+
+// PfxToJks 将PFX格式证书转换为JKS格式
+func PfxToJks(pfxData []byte, pfxPassword, jksPassword, alias string) (*bytes.Buffer, error) {
+	if pfxPassword == "" {
+		return nil, fmt.Errorf("PFX 密码不能为空")
+	}
+	if jksPassword == "" {
+		jksPassword = pfxPassword
+	}
+	if alias == "" {
+		alias = "mycert"
+	}
+	// 解析 PFX，提取私钥、证书链
+	priv, cert, caCerts, err := pkcs12.DecodeChain(pfxData, pfxPassword)
+	if err != nil {
+		return nil, fmt.Errorf("解析 PFX 失败: %w", err)
+	}
+
+	// 序列化私钥，兼容多种类型
+	pkBytes, err := x509.MarshalPKCS8PrivateKey(priv)
+	if err != nil {
+		return nil, fmt.Errorf("私钥序列化失败: %w", err)
+	}
+
+	// 构建证书链
+	certChain := make([]keystore.Certificate, 0, len(caCerts)+1)
+	certChain = append(certChain, keystore.Certificate{
+		Type:    "X.509",
+		Content: cert.Raw,
+	})
+	for _, c := range caCerts {
+		certChain = append(certChain, keystore.Certificate{
+			Type:    "X.509",
+			Content: c.Raw,
+		})
+	}
+
+	// 创建 JKS 并写入条目
+	ks := keystore.New()
+	ks.SetPrivateKeyEntry(alias, keystore.PrivateKeyEntry{
+		PrivateKey:       pkBytes,
+		CertificateChain: certChain,
+	}, []byte(jksPassword))
+
+	// 写入到 Buffer
+	var buf bytes.Buffer
+	if err := ks.Store(&buf, []byte(jksPassword)); err != nil {
+		return nil, fmt.Errorf("生成 JKS 失败: %w", err)
+	}
+
+	return &buf, nil
+}