@certd/plugin-cert 1.21.1 → 1.22.0

package/dist/d/plugin/cert-plugin/acme.d.ts

@@ -13,12 +13,14 @@ export declare class AcmeService {
     userContext: IContext;
     logger: Logger;
     sslProvider: SSLProvider;
+    skipLocalVerify: boolean;
     eab?: ClientExternalAccountBindingOptions;
     constructor(options: {
         userContext: IContext;
         logger: Logger;
         sslProvider: SSLProvider;
         eab?: ClientExternalAccountBindingOptions;
+        skipLocalVerify?: boolean;
     });
     getAccountConfig(email: string): Promise<any>;
     buildAccountKey(email: string): string;

package/dist/d/plugin/cert-plugin/index.d.ts

@@ -11,6 +11,7 @@ export declare class CertApplyPlugin extends AbstractTaskPlugin {
     eabAccessId: number;
     dnsProviderType: string;
     dnsProviderAccess: string;
+    skipLocalVerify: boolean;
     renewDays: number;
     forceUpdate: string;
     csrInfo: string;

package/dist/dns-provider/api.d.ts

@@ -0,0 +1,27 @@
+import { HttpClient, IAccess, ILogger, Registrable } from "@certd/pipeline";
+export type DnsProviderDefine = Registrable & {
+    accessType: string;
+    autowire?: {
+        [key: string]: any;
+    };
+};
+export type CreateRecordOptions = {
+    fullRecord: string;
+    type: string;
+    value: any;
+    domain: string;
+};
+export type RemoveRecordOptions<T> = CreateRecordOptions & {
+    record: T;
+};
+export type DnsProviderContext = {
+    access: IAccess;
+    logger: ILogger;
+    http: HttpClient;
+};
+export interface IDnsProvider<T = any> {
+    onInstance(): Promise<void>;
+    createRecord(options: CreateRecordOptions): Promise<T>;
+    removeRecord(options: RemoveRecordOptions<T>): Promise<void>;
+    setCtx(ctx: DnsProviderContext): void;
+}

package/dist/dns-provider/api.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBpLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2Rucy1wcm92aWRlci9hcGkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/dns-provider/base.d.ts

@@ -0,0 +1,8 @@
+import { CreateRecordOptions, DnsProviderContext, IDnsProvider, RemoveRecordOptions } from "./api.js";
+export declare abstract class AbstractDnsProvider<T = any> implements IDnsProvider<T> {
+    ctx: DnsProviderContext;
+    setCtx(ctx: DnsProviderContext): void;
+    abstract createRecord(options: CreateRecordOptions): Promise<T>;
+    abstract onInstance(): Promise<void>;
+    abstract removeRecord(options: RemoveRecordOptions<T>): Promise<void>;
+}

package/dist/dns-provider/base.js

@@ -0,0 +1,7 @@
+export class AbstractDnsProvider {
+    ctx;
+    setCtx(ctx) {
+        this.ctx = ctx;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmFzZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9kbnMtcHJvdmlkZXIvYmFzZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFFQSxNQUFNLE9BQWdCLG1CQUFtQjtJQUN2QyxHQUFHLENBQXNCO0lBRXpCLE1BQU0sQ0FBQyxHQUF1QjtRQUM1QixJQUFJLENBQUMsR0FBRyxHQUFHLEdBQUcsQ0FBQztJQUNqQixDQUFDO0NBT0YifQ==

package/dist/dns-provider/decorator.d.ts

@@ -0,0 +1,3 @@
+import { DnsProviderDefine } from "./api.js";
+export declare const DNS_PROVIDER_CLASS_KEY = "pipeline:dns-provider";
+export declare function IsDnsProvider(define: DnsProviderDefine): ClassDecorator;

package/dist/dns-provider/decorator.js

@@ -0,0 +1,26 @@
+import { dnsProviderRegistry } from "./registry.js";
+import { Decorator, AUTOWIRE_KEY } from "@certd/pipeline";
+import _ from "lodash-es";
+// 提供一个唯一 key
+export const DNS_PROVIDER_CLASS_KEY = "pipeline:dns-provider";
+export function IsDnsProvider(define) {
+    return (target) => {
+        target = Decorator.target(target);
+        const autowires = {};
+        const properties = Decorator.getClassProperties(target);
+        for (const property in properties) {
+            const autowire = Reflect.getMetadata(AUTOWIRE_KEY, target, property);
+            if (autowire) {
+                autowires[property] = autowire;
+            }
+        }
+        _.merge(define, { autowire: autowires });
+        Reflect.defineMetadata(DNS_PROVIDER_CLASS_KEY, define, target);
+        target.define = define;
+        dnsProviderRegistry.register(define.name, {
+            define,
+            target,
+        });
+    };
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGVjb3JhdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2Rucy1wcm92aWRlci9kZWNvcmF0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLG1CQUFtQixFQUFFLE1BQU0sZUFBZSxDQUFDO0FBRXBELE9BQU8sRUFBRSxTQUFTLEVBQUUsWUFBWSxFQUFFLE1BQU0saUJBQWlCLENBQUM7QUFDMUQsT0FBTyxDQUFDLE1BQU0sV0FBVyxDQUFDO0FBRTFCLGFBQWE7QUFDYixNQUFNLENBQUMsTUFBTSxzQkFBc0IsR0FBRyx1QkFBdUIsQ0FBQztBQUU5RCxNQUFNLFVBQVUsYUFBYSxDQUFDLE1BQXlCO0lBQ3JELE9BQU8sQ0FBQyxNQUFXLEVBQUUsRUFBRTtRQUNyQixNQUFNLEdBQUcsU0FBUyxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNsQyxNQUFNLFNBQVMsR0FBUSxFQUFFLENBQUM7UUFDMUIsTUFBTSxVQUFVLEdBQUcsU0FBUyxDQUFDLGtCQUFrQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3hELEtBQUssTUFBTSxRQUFRLElBQUksVUFBVSxFQUFFO1lBQ2pDLE1BQU0sUUFBUSxHQUFHLE9BQU8sQ0FBQyxXQUFXLENBQUMsWUFBWSxFQUFFLE1BQU0sRUFBRSxRQUFRLENBQUMsQ0FBQztZQUNyRSxJQUFJLFFBQVEsRUFBRTtnQkFDWixTQUFTLENBQUMsUUFBUSxDQUFDLEdBQUcsUUFBUSxDQUFDO2FBQ2hDO1NBQ0Y7UUFDRCxDQUFDLENBQUMsS0FBSyxDQUFDLE1BQU0sRUFBRSxFQUFFLFFBQVEsRUFBRSxTQUFTLEVBQUUsQ0FBQyxDQUFDO1FBRXpDLE9BQU8sQ0FBQyxjQUFjLENBQUMsc0JBQXNCLEVBQUUsTUFBTSxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBRS9ELE1BQU0sQ0FBQyxNQUFNLEdBQUcsTUFBTSxDQUFDO1FBQ3ZCLG1CQUFtQixDQUFDLFFBQVEsQ0FBQyxNQUFNLENBQUMsSUFBSSxFQUFFO1lBQ3hDLE1BQU07WUFDTixNQUFNO1NBQ1AsQ0FBQyxDQUFDO0lBQ0wsQ0FBQyxDQUFDO0FBQ0osQ0FBQyJ9

package/dist/dns-provider/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./api.js";
+export * from "./registry.js";
+export * from "./decorator.js";
+export * from "./base.js";

package/dist/dns-provider/index.js

@@ -0,0 +1,5 @@
+export * from "./api.js";
+export * from "./registry.js";
+export * from "./decorator.js";
+export * from "./base.js";
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZG5zLXByb3ZpZGVyL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsVUFBVSxDQUFDO0FBQ3pCLGNBQWMsZUFBZSxDQUFDO0FBQzlCLGNBQWMsZ0JBQWdCLENBQUM7QUFDL0IsY0FBYyxXQUFXLENBQUMifQ==

package/dist/dns-provider/registry.d.ts

@@ -0,0 +1,2 @@
+import { Registry } from "@certd/pipeline";
+export declare const dnsProviderRegistry: Registry<unknown>;

package/dist/dns-provider/registry.js

@@ -0,0 +1,3 @@
+import { Registry } from "@certd/pipeline";
+export const dnsProviderRegistry = new Registry("dnsProvider");
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVnaXN0cnkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZG5zLXByb3ZpZGVyL3JlZ2lzdHJ5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxRQUFRLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUUzQyxNQUFNLENBQUMsTUFBTSxtQkFBbUIsR0FBRyxJQUFJLFFBQVEsQ0FBQyxhQUFhLENBQUMsQ0FBQyJ9

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./plugin/index.js";
+export * from "./dns-provider/index.js";
+export * from "./access/index.js";

package/dist/index.js

@@ -0,0 +1,4 @@
+export * from "./plugin/index.js";
+export * from "./dns-provider/index.js";
+export * from "./access/index.js";
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxtQkFBbUIsQ0FBQztBQUNsQyxjQUFjLHlCQUF5QixDQUFDO0FBQ3hDLGNBQWMsbUJBQW1CLENBQUMifQ==

package/dist/plugin/cert-plugin/acme.d.ts

@@ -0,0 +1,54 @@
+import * as acme from "@certd/acme-client";
+import { Logger } from "log4js";
+import { IContext } from "@certd/pipeline";
+import { IDnsProvider } from "../../dns-provider/index.js";
+import { ClientExternalAccountBindingOptions } from "@certd/acme-client";
+export type CertInfo = {
+    crt: string;
+    key: string;
+    csr: string;
+};
+export type SSLProvider = "letsencrypt" | "buypass" | "zerossl";
+export declare class AcmeService {
+    userContext: IContext;
+    logger: Logger;
+    sslProvider: SSLProvider;
+    skipLocalVerify: boolean;
+    eab?: ClientExternalAccountBindingOptions;
+    constructor(options: {
+        userContext: IContext;
+        logger: Logger;
+        sslProvider: SSLProvider;
+        eab?: ClientExternalAccountBindingOptions;
+        skipLocalVerify?: boolean;
+    });
+    getAccountConfig(email: string): Promise<any>;
+    buildAccountKey(email: string): string;
+    saveAccountConfig(email: string, conf: any): Promise<void>;
+    getAcmeClient(email: string, isTest?: boolean): Promise<acme.Client>;
+    createNewKey(): Promise<string>;
+    parseDomain(fullDomain: string): string;
+    challengeCreateFn(authz: any, challenge: any, keyAuthorization: string, dnsProvider: IDnsProvider): Promise<any>;
+    /**
+     * Function used to remove an ACME challenge response
+     *
+     * @param {object} authz Authorization object
+     * @param {object} challenge Selected challenge
+     * @param {string} keyAuthorization Authorization key
+     * @param recordItem  challengeCreateFn create record item
+     * @param dnsProvider dnsProvider
+     * @returns {Promise}
+     */
+    challengeRemoveFn(authz: any, challenge: any, keyAuthorization: string, recordItem: any, dnsProvider: IDnsProvider): Promise<void>;
+    order(options: {
+        email: string;
+        domains: string | string[];
+        dnsProvider: any;
+        csrInfo: any;
+        isTest?: boolean;
+    }): Promise<CertInfo>;
+    buildCommonNameByDomains(domains: string | string[]): {
+        commonName: string;
+        altNames: string[] | undefined;
+    };
+}

package/dist/plugin/cert-plugin/acme.js

@@ -0,0 +1,203 @@
+// @ts-ignore
+import * as acme from "@certd/acme-client";
+import _ from "lodash-es";
+import psl from "psl";
+export class AcmeService {
+    userContext;
+    logger;
+    sslProvider;
+    skipLocalVerify = true;
+    eab;
+    constructor(options) {
+        this.userContext = options.userContext;
+        this.logger = options.logger;
+        this.sslProvider = options.sslProvider || "letsencrypt";
+        this.eab = options.eab;
+        this.skipLocalVerify = options.skipLocalVerify ?? false;
+        acme.setLogger((text) => {
+            this.logger.info(text);
+        });
+    }
+    async getAccountConfig(email) {
+        return (await this.userContext.getObj(this.buildAccountKey(email))) || {};
+    }
+    buildAccountKey(email) {
+        return `acme.config.${this.sslProvider}.${email}`;
+    }
+    async saveAccountConfig(email, conf) {
+        await this.userContext.setObj(this.buildAccountKey(email), conf);
+    }
+    async getAcmeClient(email, isTest = false) {
+        const conf = await this.getAccountConfig(email);
+        if (conf.key == null) {
+            conf.key = await this.createNewKey();
+            await this.saveAccountConfig(email, conf);
+        }
+        let directoryUrl = "";
+        if (isTest) {
+            directoryUrl = acme.directory[this.sslProvider].staging;
+        }
+        else {
+            directoryUrl = acme.directory[this.sslProvider].production;
+        }
+        const client = new acme.Client({
+            directoryUrl: directoryUrl,
+            accountKey: conf.key,
+            accountUrl: conf.accountUrl,
+            externalAccountBinding: this.eab,
+            backoffAttempts: 30,
+            backoffMin: 5000,
+            backoffMax: 10000,
+        });
+        if (conf.accountUrl == null) {
+            const accountPayload = {
+                termsOfServiceAgreed: true,
+                contact: [`mailto:${email}`],
+                externalAccountBinding: this.eab,
+            };
+            await client.createAccount(accountPayload);
+            conf.accountUrl = client.getAccountUrl();
+            await this.saveAccountConfig(email, conf);
+        }
+        return client;
+    }
+    async createNewKey() {
+        const key = await acme.forge.createPrivateKey();
+        return key.toString();
+    }
+    parseDomain(fullDomain) {
+        const parsed = psl.parse(fullDomain);
+        if (parsed.error) {
+            throw new Error(`解析${fullDomain}域名失败:` + JSON.stringify(parsed.error));
+        }
+        return parsed.domain;
+    }
+    async challengeCreateFn(authz, challenge, keyAuthorization, dnsProvider) {
+        this.logger.info("Triggered challengeCreateFn()");
+        /* http-01 */
+        const fullDomain = authz.identifier.value;
+        if (challenge.type === "http-01") {
+            const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
+            const fileContents = keyAuthorization;
+            this.logger.info(`Creating challenge response for ${fullDomain} at path: ${filePath}`);
+            /* Replace this */
+            this.logger.info(`Would write "${fileContents}" to path "${filePath}"`);
+            // await fs.writeFileAsync(filePath, fileContents);
+        }
+        else if (challenge.type === "dns-01") {
+            /* dns-01 */
+            const dnsRecord = `_acme-challenge.${fullDomain}`;
+            const recordValue = keyAuthorization;
+            this.logger.info(`Creating TXT record for ${fullDomain}: ${dnsRecord}`);
+            /* Replace this */
+            this.logger.info(`Would create TXT record "${dnsRecord}" with value "${recordValue}"`);
+            const domain = this.parseDomain(fullDomain);
+            this.logger.info("解析到域名domain=", domain);
+            return await dnsProvider.createRecord({
+                fullRecord: dnsRecord,
+                type: "TXT",
+                value: recordValue,
+                domain,
+            });
+        }
+    }
+    /**
+     * Function used to remove an ACME challenge response
+     *
+     * @param {object} authz Authorization object
+     * @param {object} challenge Selected challenge
+     * @param {string} keyAuthorization Authorization key
+     * @param recordItem  challengeCreateFn create record item
+     * @param dnsProvider dnsProvider
+     * @returns {Promise}
+     */
+    async challengeRemoveFn(authz, challenge, keyAuthorization, recordItem, dnsProvider) {
+        this.logger.info("Triggered challengeRemoveFn()");
+        /* http-01 */
+        const fullDomain = authz.identifier.value;
+        if (challenge.type === "http-01") {
+            const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
+            this.logger.info(`Removing challenge response for ${fullDomain} at path: ${filePath}`);
+            /* Replace this */
+            this.logger.info(`Would remove file on path "${filePath}"`);
+            // await fs.unlinkAsync(filePath);
+        }
+        else if (challenge.type === "dns-01") {
+            const dnsRecord = `_acme-challenge.${fullDomain}`;
+            const recordValue = keyAuthorization;
+            this.logger.info(`Removing TXT record for ${fullDomain}: ${dnsRecord}`);
+            /* Replace this */
+            this.logger.info(`Would remove TXT record "${dnsRecord}" with value "${recordValue}"`);
+            const domain = this.parseDomain(fullDomain);
+            try {
+                await dnsProvider.removeRecord({
+                    fullRecord: dnsRecord,
+                    type: "TXT",
+                    value: keyAuthorization,
+                    record: recordItem,
+                    domain,
+                });
+            }
+            catch (e) {
+                this.logger.error("删除解析记录出错：", e);
+                throw e;
+            }
+        }
+    }
+    async order(options) {
+        const { email, isTest, domains, csrInfo, dnsProvider } = options;
+        const client = await this.getAcmeClient(email, isTest);
+        /* Create CSR */
+        const { commonName, altNames } = this.buildCommonNameByDomains(domains);
+        const [key, csr] = await acme.forge.createCsr({
+            commonName,
+            ...csrInfo,
+            altNames,
+        });
+        if (dnsProvider == null) {
+            throw new Error("dnsProvider 不能为空");
+        }
+        /* 自动申请证书 */
+        const crt = await client.auto({
+            csr,
+            email: email,
+            termsOfServiceAgreed: true,
+            skipChallengeVerification: this.skipLocalVerify,
+            challengePriority: ["dns-01"],
+            challengeCreateFn: async (authz, challenge, keyAuthorization) => {
+                return await this.challengeCreateFn(authz, challenge, keyAuthorization, dnsProvider);
+            },
+            challengeRemoveFn: async (authz, challenge, keyAuthorization, recordItem) => {
+                return await this.challengeRemoveFn(authz, challenge, keyAuthorization, recordItem, dnsProvider);
+            },
+        });
+        const cert = {
+            crt: crt.toString(),
+            key: key.toString(),
+            csr: csr.toString(),
+        };
+        /* Done */
+        this.logger.debug(`CSR:\n${cert.csr}`);
+        this.logger.debug(`Certificate:\n${cert.crt}`);
+        this.logger.info("证书申请成功");
+        return cert;
+    }
+    buildCommonNameByDomains(domains) {
+        if (typeof domains === "string") {
+            domains = domains.split(",");
+        }
+        if (domains.length === 0) {
+            throw new Error("domain can not be empty");
+        }
+        const commonName = domains[0];
+        let altNames = undefined;
+        if (domains.length > 1) {
+            altNames = _.slice(domains, 1);
+        }
+        return {
+            commonName,
+            altNames,
+        };
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNtZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9wbHVnaW4vY2VydC1wbHVnaW4vYWNtZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxhQUFhO0FBQ2IsT0FBTyxLQUFLLElBQUksTUFBTSxvQkFBb0IsQ0FBQztBQUMzQyxPQUFPLENBQUMsTUFBTSxXQUFXLENBQUM7QUFLMUIsT0FBTyxHQUFHLE1BQU0sS0FBSyxDQUFDO0FBU3RCLE1BQU0sT0FBTyxXQUFXO0lBQ3RCLFdBQVcsQ0FBVztJQUN0QixNQUFNLENBQVM7SUFDZixXQUFXLENBQWM7SUFDekIsZUFBZSxHQUFHLElBQUksQ0FBQztJQUN2QixHQUFHLENBQXVDO0lBQzFDLFlBQVksT0FNWDtRQUNDLElBQUksQ0FBQyxXQUFXLEdBQUcsT0FBTyxDQUFDLFdBQVcsQ0FBQztRQUN2QyxJQUFJLENBQUMsTUFBTSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUM7UUFDN0IsSUFBSSxDQUFDLFdBQVcsR0FBRyxPQUFPLENBQUMsV0FBVyxJQUFJLGFBQWEsQ0FBQztRQUN4RCxJQUFJLENBQUMsR0FBRyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUM7UUFDdkIsSUFBSSxDQUFDLGVBQWUsR0FBRyxPQUFPLENBQUMsZUFBZSxJQUFJLEtBQUssQ0FBQztRQUN4RCxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsSUFBWSxFQUFFLEVBQUU7WUFDOUIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDekIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLGdCQUFnQixDQUFDLEtBQWE7UUFDbEMsT0FBTyxDQUFDLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO0lBQzVFLENBQUM7SUFFRCxlQUFlLENBQUMsS0FBYTtRQUMzQixPQUFPLGVBQWUsSUFBSSxDQUFDLFdBQVcsSUFBSSxLQUFLLEVBQUUsQ0FBQztJQUNwRCxDQUFDO0lBRUQsS0FBSyxDQUFDLGlCQUFpQixDQUFDLEtBQWEsRUFBRSxJQUFTO1FBQzlDLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUNuRSxDQUFDO0lBRUQsS0FBSyxDQUFDLGFBQWEsQ0FBQyxLQUFhLEVBQUUsTUFBTSxHQUFHLEtBQUs7UUFDL0MsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDaEQsSUFBSSxJQUFJLENBQUMsR0FBRyxJQUFJLElBQUksRUFBRTtZQUNwQixJQUFJLENBQUMsR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLFlBQVksRUFBRSxDQUFDO1lBQ3JDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQztTQUMzQztRQUNELElBQUksWUFBWSxHQUFHLEVBQUUsQ0FBQztRQUN0QixJQUFJLE1BQU0sRUFBRTtZQUNWLFlBQVksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxPQUFPLENBQUM7U0FDekQ7YUFBTTtZQUNMLFlBQVksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxVQUFVLENBQUM7U0FDNUQ7UUFDRCxNQUFNLE1BQU0sR0FBRyxJQUFJLElBQUksQ0FBQyxNQUFNLENBQUM7WUFDN0IsWUFBWSxFQUFFLFlBQVk7WUFDMUIsVUFBVSxFQUFFLElBQUksQ0FBQyxHQUFHO1lBQ3BCLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQixzQkFBc0IsRUFBRSxJQUFJLENBQUMsR0FBRztZQUNoQyxlQUFlLEVBQUUsRUFBRTtZQUNuQixVQUFVLEVBQUUsSUFBSTtZQUNoQixVQUFVLEVBQUUsS0FBSztTQUNsQixDQUFDLENBQUM7UUFFSCxJQUFJLElBQUksQ0FBQyxVQUFVLElBQUksSUFBSSxFQUFFO1lBQzNCLE1BQU0sY0FBYyxHQUFHO2dCQUNyQixvQkFBb0IsRUFBRSxJQUFJO2dCQUMxQixPQUFPLEVBQUUsQ0FBQyxVQUFVLEtBQUssRUFBRSxDQUFDO2dCQUM1QixzQkFBc0IsRUFBRSxJQUFJLENBQUMsR0FBRzthQUNqQyxDQUFDO1lBQ0YsTUFBTSxNQUFNLENBQUMsYUFBYSxDQUFDLGNBQWMsQ0FBQyxDQUFDO1lBQzNDLElBQUksQ0FBQyxVQUFVLEdBQUcsTUFBTSxDQUFDLGFBQWEsRUFBRSxDQUFDO1lBQ3pDLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLEtBQUssRUFBRSxJQUFJLENBQUMsQ0FBQztTQUMzQztRQUNELE9BQU8sTUFBTSxDQUFDO0lBQ2hCLENBQUM7SUFFRCxLQUFLLENBQUMsWUFBWTtRQUNoQixNQUFNLEdBQUcsR0FBRyxNQUFNLElBQUksQ0FBQyxLQUFLLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQztRQUNoRCxPQUFPLEdBQUcsQ0FBQyxRQUFRLEVBQUUsQ0FBQztJQUN4QixDQUFDO0lBRUQsV0FBVyxDQUFDLFVBQWtCO1FBQzVCLE1BQU0sTUFBTSxHQUFHLEdBQUcsQ0FBQyxLQUFLLENBQUMsVUFBVSxDQUFxQixDQUFDO1FBQ3pELElBQUksTUFBTSxDQUFDLEtBQUssRUFBRTtZQUNoQixNQUFNLElBQUksS0FBSyxDQUFDLEtBQUssVUFBVSxPQUFPLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztTQUN4RTtRQUNELE9BQU8sTUFBTSxDQUFDLE1BQWdCLENBQUM7SUFDakMsQ0FBQztJQUNELEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxLQUFVLEVBQUUsU0FBYyxFQUFFLGdCQUF3QixFQUFFLFdBQXlCO1FBQ3JHLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLCtCQUErQixDQUFDLENBQUM7UUFFbEQsYUFBYTtRQUNiLE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDO1FBQzFDLElBQUksU0FBUyxDQUFDLElBQUksS0FBSyxTQUFTLEVBQUU7WUFDaEMsTUFBTSxRQUFRLEdBQUcsNENBQTRDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUMvRSxNQUFNLFlBQVksR0FBRyxnQkFBZ0IsQ0FBQztZQUV0QyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxtQ0FBbUMsVUFBVSxhQUFhLFFBQVEsRUFBRSxDQUFDLENBQUM7WUFFdkYsa0JBQWtCO1lBQ2xCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGdCQUFnQixZQUFZLGNBQWMsUUFBUSxHQUFHLENBQUMsQ0FBQztZQUN4RSxtREFBbUQ7U0FDcEQ7YUFBTSxJQUFJLFNBQVMsQ0FBQyxJQUFJLEtBQUssUUFBUSxFQUFFO1lBQ3RDLFlBQVk7WUFDWixNQUFNLFNBQVMsR0FBRyxtQkFBbUIsVUFBVSxFQUFFLENBQUM7WUFDbEQsTUFBTSxXQUFXLEdBQUcsZ0JBQWdCLENBQUM7WUFFckMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsMkJBQTJCLFVBQVUsS0FBSyxTQUFTLEVBQUUsQ0FBQyxDQUFDO1lBQ3hFLGtCQUFrQjtZQUNsQixJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyw0QkFBNEIsU0FBUyxpQkFBaUIsV0FBVyxHQUFHLENBQUMsQ0FBQztZQUV2RixNQUFNLE1BQU0sR0FBRyxJQUFJLENBQUMsV0FBVyxDQUFDLFVBQVUsQ0FBQyxDQUFDO1lBQzVDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGNBQWMsRUFBRSxNQUFNLENBQUMsQ0FBQztZQUN6QyxPQUFPLE1BQU0sV0FBVyxDQUFDLFlBQVksQ0FBQztnQkFDcEMsVUFBVSxFQUFFLFNBQVM7Z0JBQ3JCLElBQUksRUFBRSxLQUFLO2dCQUNYLEtBQUssRUFBRSxXQUFXO2dCQUNsQixNQUFNO2FBQ1AsQ0FBQyxDQUFDO1NBQ0o7SUFDSCxDQUFDO0lBRUQ7Ozs7Ozs7OztPQVNHO0lBRUgsS0FBSyxDQUFDLGlCQUFpQixDQUFDLEtBQVUsRUFBRSxTQUFjLEVBQUUsZ0JBQXdCLEVBQUUsVUFBZSxFQUFFLFdBQXlCO1FBQ3RILElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLCtCQUErQixDQUFDLENBQUM7UUFFbEQsYUFBYTtRQUNiLE1BQU0sVUFBVSxHQUFHLEtBQUssQ0FBQyxVQUFVLENBQUMsS0FBSyxDQUFDO1FBQzFDLElBQUksU0FBUyxDQUFDLElBQUksS0FBSyxTQUFTLEVBQUU7WUFDaEMsTUFBTSxRQUFRLEdBQUcsNENBQTRDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUUvRSxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxtQ0FBbUMsVUFBVSxhQUFhLFFBQVEsRUFBRSxDQUFDLENBQUM7WUFFdkYsa0JBQWtCO1lBQ2xCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDhCQUE4QixRQUFRLEdBQUcsQ0FBQyxDQUFDO1lBQzVELGtDQUFrQztTQUNuQzthQUFNLElBQUksU0FBUyxDQUFDLElBQUksS0FBSyxRQUFRLEVBQUU7WUFDdEMsTUFBTSxTQUFTLEdBQUcsbUJBQW1CLFVBQVUsRUFBRSxDQUFDO1lBQ2xELE1BQU0sV0FBVyxHQUFHLGdCQUFnQixDQUFDO1lBRXJDLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDJCQUEyQixVQUFVLEtBQUssU0FBUyxFQUFFLENBQUMsQ0FBQztZQUV4RSxrQkFBa0I7WUFDbEIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsNEJBQTRCLFNBQVMsaUJBQWlCLFdBQVcsR0FBRyxDQUFDLENBQUM7WUFFdkYsTUFBTSxNQUFNLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxVQUFVLENBQUMsQ0FBQztZQUU1QyxJQUFJO2dCQUNGLE1BQU0sV0FBVyxDQUFDLFlBQVksQ0FBQztvQkFDN0IsVUFBVSxFQUFFLFNBQVM7b0JBQ3JCLElBQUksRUFBRSxLQUFLO29CQUNYLEtBQUssRUFBRSxnQkFBZ0I7b0JBQ3ZCLE1BQU0sRUFBRSxVQUFVO29CQUNsQixNQUFNO2lCQUNQLENBQUMsQ0FBQzthQUNKO1lBQUMsT0FBTyxDQUFDLEVBQUU7Z0JBQ1YsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQyxDQUFDO2dCQUNsQyxNQUFNLENBQUMsQ0FBQzthQUNUO1NBQ0Y7SUFDSCxDQUFDO0lBRUQsS0FBSyxDQUFDLEtBQUssQ0FBQyxPQUF3RztRQUNsSCxNQUFNLEVBQUUsS0FBSyxFQUFFLE1BQU0sRUFBRSxPQUFPLEVBQUUsT0FBTyxFQUFFLFdBQVcsRUFBRSxHQUFHLE9BQU8sQ0FBQztRQUNqRSxNQUFNLE1BQU0sR0FBZ0IsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUMsQ0FBQztRQUVwRSxnQkFBZ0I7UUFDaEIsTUFBTSxFQUFFLFVBQVUsRUFBRSxRQUFRLEVBQUUsR0FBRyxJQUFJLENBQUMsd0JBQXdCLENBQUMsT0FBTyxDQUFDLENBQUM7UUFFeEUsTUFBTSxDQUFDLEdBQUcsRUFBRSxHQUFHLENBQUMsR0FBRyxNQUFNLElBQUksQ0FBQyxLQUFLLENBQUMsU0FBUyxDQUFDO1lBQzVDLFVBQVU7WUFDVixHQUFHLE9BQU87WUFDVixRQUFRO1NBQ1QsQ0FBQyxDQUFDO1FBQ0gsSUFBSSxXQUFXLElBQUksSUFBSSxFQUFFO1lBQ3ZCLE1BQU0sSUFBSSxLQUFLLENBQUMsa0JBQWtCLENBQUMsQ0FBQztTQUNyQztRQUNELFlBQVk7UUFDWixNQUFNLEdBQUcsR0FBRyxNQUFNLE1BQU0sQ0FBQyxJQUFJLENBQUM7WUFDNUIsR0FBRztZQUNILEtBQUssRUFBRSxLQUFLO1lBQ1osb0JBQW9CLEVBQUUsSUFBSTtZQUMxQix5QkFBeUIsRUFBRSxJQUFJLENBQUMsZUFBZTtZQUMvQyxpQkFBaUIsRUFBRSxDQUFDLFFBQVEsQ0FBQztZQUM3QixpQkFBaUIsRUFBRSxLQUFLLEVBQUUsS0FBeUIsRUFBRSxTQUFvQixFQUFFLGdCQUF3QixFQUFnQixFQUFFO2dCQUNuSCxPQUFPLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLEtBQUssRUFBRSxTQUFTLEVBQUUsZ0JBQWdCLEVBQUUsV0FBVyxDQUFDLENBQUM7WUFDdkYsQ0FBQztZQUNELGlCQUFpQixFQUFFLEtBQUssRUFBRSxLQUF5QixFQUFFLFNBQW9CLEVBQUUsZ0JBQXdCLEVBQUUsVUFBZSxFQUFnQixFQUFFO2dCQUNwSSxPQUFPLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLEtBQUssRUFBRSxTQUFTLEVBQUUsZ0JBQWdCLEVBQUUsVUFBVSxFQUFFLFdBQVcsQ0FBQyxDQUFDO1lBQ25HLENBQUM7U0FDRixDQUFDLENBQUM7UUFFSCxNQUFNLElBQUksR0FBYTtZQUNyQixHQUFHLEVBQUUsR0FBRyxDQUFDLFFBQVEsRUFBRTtZQUNuQixHQUFHLEVBQUUsR0FBRyxDQUFDLFFBQVEsRUFBRTtZQUNuQixHQUFHLEVBQUUsR0FBRyxDQUFDLFFBQVEsRUFBRTtTQUNwQixDQUFDO1FBQ0YsVUFBVTtRQUNWLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDLENBQUM7UUFDdkMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsaUJBQWlCLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQy9DLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzNCLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVELHdCQUF3QixDQUFDLE9BQTBCO1FBSWpELElBQUksT0FBTyxPQUFPLEtBQUssUUFBUSxFQUFFO1lBQy9CLE9BQU8sR0FBRyxPQUFPLENBQUMsS0FBSyxDQUFDLEdBQUcsQ0FBQyxDQUFDO1NBQzlCO1FBQ0QsSUFBSSxPQUFPLENBQUMsTUFBTSxLQUFLLENBQUMsRUFBRTtZQUN4QixNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixDQUFDLENBQUM7U0FDNUM7UUFDRCxNQUFNLFVBQVUsR0FBRyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDOUIsSUFBSSxRQUFRLEdBQXlCLFNBQVMsQ0FBQztRQUMvQyxJQUFJLE9BQU8sQ0FBQyxNQUFNLEdBQUcsQ0FBQyxFQUFFO1lBQ3RCLFFBQVEsR0FBRyxDQUFDLENBQUMsS0FBSyxDQUFDLE9BQU8sRUFBRSxDQUFDLENBQUMsQ0FBQztTQUNoQztRQUNELE9BQU87WUFDTCxVQUFVO1lBQ1YsUUFBUTtTQUNULENBQUM7SUFDSixDQUFDO0NBQ0YifQ==

package/dist/plugin/cert-plugin/base.d.ts

@@ -0,0 +1,49 @@
+import { AbstractTaskPlugin, HttpClient, IAccessService, IContext, Step } from "@certd/pipeline";
+import type { CertInfo } from "./acme.js";
+import { Logger } from "log4js";
+import { CertReader } from "./cert-reader.js";
+export { CertReader };
+export type { CertInfo };
+export declare abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
+    domains: string[];
+    email: string;
+    renewDays: number;
+    forceUpdate: string;
+    successNotify: boolean;
+    intro: string;
+    csrInfo: string;
+    logger: Logger;
+    userContext: IContext;
+    accessService: IAccessService;
+    http: HttpClient;
+    lastStatus: Step;
+    cert?: CertInfo;
+    onInstance(): Promise<void>;
+    abstract onInit(): Promise<void>;
+    abstract doCertApply(): Promise<any>;
+    execute(): Promise<void>;
+    output(certReader: CertReader, isNew: boolean): Promise<void>;
+    zipCert(cert: CertInfo, applyTime: string): Promise<void>;
+    /**
+     * 是否更新证书
+     */
+    condition(): Promise<CertReader>;
+    formatCert(pem: string): string;
+    formatCerts(cert: {
+        crt: string;
+        key: string;
+        csr: string;
+    }): CertInfo;
+    readLastCert(): Promise<CertReader | undefined>;
+    /**
+     * 检查是否过期，默认提前20天
+     * @param expires
+     * @param maxDays
+     * @returns {boolean}
+     */
+    isWillExpire(expires: number, maxDays?: number): {
+        isWillExpire: boolean;
+        leftDays: number;
+    };
+    private sendSuccessEmail;
+}