@certd/plugin-cert 1.21.2 → 1.22.1

package/dist/d/plugin/cert-plugin/acme.d.ts

@@ -13,14 +13,12 @@ export declare class AcmeService {
     userContext: IContext;
     logger: Logger;
     sslProvider: SSLProvider;
-    skipLocalVerify: boolean;
     eab?: ClientExternalAccountBindingOptions;
     constructor(options: {
         userContext: IContext;
         logger: Logger;
         sslProvider: SSLProvider;
         eab?: ClientExternalAccountBindingOptions;
-        skipLocalVerify?: boolean;
     });
     getAccountConfig(email: string): Promise<any>;
     buildAccountKey(email: string): string;

package/dist/d/plugin/cert-plugin/index.d.ts

@@ -11,7 +11,6 @@ export declare class CertApplyPlugin extends AbstractTaskPlugin {
     eabAccessId: number;
     dnsProviderType: string;
     dnsProviderAccess: string;
-    skipLocalVerify: boolean;
     renewDays: number;
     forceUpdate: string;
     csrInfo: string;

package/dist/dns-provider/api.d.ts

@@ -0,0 +1,27 @@
+import { HttpClient, IAccess, ILogger, Registrable } from "@certd/pipeline";
+export type DnsProviderDefine = Registrable & {
+    accessType: string;
+    autowire?: {
+        [key: string]: any;
+    };
+};
+export type CreateRecordOptions = {
+    fullRecord: string;
+    type: string;
+    value: any;
+    domain: string;
+};
+export type RemoveRecordOptions<T> = CreateRecordOptions & {
+    record: T;
+};
+export type DnsProviderContext = {
+    access: IAccess;
+    logger: ILogger;
+    http: HttpClient;
+};
+export interface IDnsProvider<T = any> {
+    onInstance(): Promise<void>;
+    createRecord(options: CreateRecordOptions): Promise<T>;
+    removeRecord(options: RemoveRecordOptions<T>): Promise<void>;
+    setCtx(ctx: DnsProviderContext): void;
+}

package/dist/dns-provider/api.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYXBpLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2Rucy1wcm92aWRlci9hcGkudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IiJ9

package/dist/dns-provider/base.d.ts

@@ -0,0 +1,8 @@
+import { CreateRecordOptions, DnsProviderContext, IDnsProvider, RemoveRecordOptions } from "./api.js";
+export declare abstract class AbstractDnsProvider<T = any> implements IDnsProvider<T> {
+    ctx: DnsProviderContext;
+    setCtx(ctx: DnsProviderContext): void;
+    abstract createRecord(options: CreateRecordOptions): Promise<T>;
+    abstract onInstance(): Promise<void>;
+    abstract removeRecord(options: RemoveRecordOptions<T>): Promise<void>;
+}

package/dist/dns-provider/base.js

@@ -0,0 +1,7 @@
+export class AbstractDnsProvider {
+    ctx;
+    setCtx(ctx) {
+        this.ctx = ctx;
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmFzZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9kbnMtcHJvdmlkZXIvYmFzZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFFQSxNQUFNLE9BQWdCLG1CQUFtQjtJQUN2QyxHQUFHLENBQXNCO0lBRXpCLE1BQU0sQ0FBQyxHQUF1QjtRQUM1QixJQUFJLENBQUMsR0FBRyxHQUFHLEdBQUcsQ0FBQztJQUNqQixDQUFDO0NBT0YifQ==

package/dist/dns-provider/decorator.d.ts

@@ -0,0 +1,3 @@
+import { DnsProviderDefine } from "./api.js";
+export declare const DNS_PROVIDER_CLASS_KEY = "pipeline:dns-provider";
+export declare function IsDnsProvider(define: DnsProviderDefine): ClassDecorator;

package/dist/dns-provider/decorator.js

@@ -0,0 +1,26 @@
+import { dnsProviderRegistry } from "./registry.js";
+import { Decorator, AUTOWIRE_KEY } from "@certd/pipeline";
+import _ from "lodash-es";
+// 提供一个唯一 key
+export const DNS_PROVIDER_CLASS_KEY = "pipeline:dns-provider";
+export function IsDnsProvider(define) {
+    return (target) => {
+        target = Decorator.target(target);
+        const autowires = {};
+        const properties = Decorator.getClassProperties(target);
+        for (const property in properties) {
+            const autowire = Reflect.getMetadata(AUTOWIRE_KEY, target, property);
+            if (autowire) {
+                autowires[property] = autowire;
+            }
+        }
+        _.merge(define, { autowire: autowires });
+        Reflect.defineMetadata(DNS_PROVIDER_CLASS_KEY, define, target);
+        target.define = define;
+        dnsProviderRegistry.register(define.name, {
+            define,
+            target,
+        });
+    };
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZGVjb3JhdG9yLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vLi4vc3JjL2Rucy1wcm92aWRlci9kZWNvcmF0b3IudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLG1CQUFtQixFQUFFLE1BQU0sZUFBZSxDQUFDO0FBRXBELE9BQU8sRUFBRSxTQUFTLEVBQUUsWUFBWSxFQUFFLE1BQU0saUJBQWlCLENBQUM7QUFDMUQsT0FBTyxDQUFDLE1BQU0sV0FBVyxDQUFDO0FBRTFCLGFBQWE7QUFDYixNQUFNLENBQUMsTUFBTSxzQkFBc0IsR0FBRyx1QkFBdUIsQ0FBQztBQUU5RCxNQUFNLFVBQVUsYUFBYSxDQUFDLE1BQXlCO0lBQ3JELE9BQU8sQ0FBQyxNQUFXLEVBQUUsRUFBRTtRQUNyQixNQUFNLEdBQUcsU0FBUyxDQUFDLE1BQU0sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUNsQyxNQUFNLFNBQVMsR0FBUSxFQUFFLENBQUM7UUFDMUIsTUFBTSxVQUFVLEdBQUcsU0FBUyxDQUFDLGtCQUFrQixDQUFDLE1BQU0sQ0FBQyxDQUFDO1FBQ3hELEtBQUssTUFBTSxRQUFRLElBQUksVUFBVSxFQUFFLENBQUM7WUFDbEMsTUFBTSxRQUFRLEdBQUcsT0FBTyxDQUFDLFdBQVcsQ0FBQyxZQUFZLEVBQUUsTUFBTSxFQUFFLFFBQVEsQ0FBQyxDQUFDO1lBQ3JFLElBQUksUUFBUSxFQUFFLENBQUM7Z0JBQ2IsU0FBUyxDQUFDLFFBQVEsQ0FBQyxHQUFHLFFBQVEsQ0FBQztZQUNqQyxDQUFDO1FBQ0gsQ0FBQztRQUNELENBQUMsQ0FBQyxLQUFLLENBQUMsTUFBTSxFQUFFLEVBQUUsUUFBUSxFQUFFLFNBQVMsRUFBRSxDQUFDLENBQUM7UUFFekMsT0FBTyxDQUFDLGNBQWMsQ0FBQyxzQkFBc0IsRUFBRSxNQUFNLEVBQUUsTUFBTSxDQUFDLENBQUM7UUFFL0QsTUFBTSxDQUFDLE1BQU0sR0FBRyxNQUFNLENBQUM7UUFDdkIsbUJBQW1CLENBQUMsUUFBUSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUU7WUFDeEMsTUFBTTtZQUNOLE1BQU07U0FDUCxDQUFDLENBQUM7SUFDTCxDQUFDLENBQUM7QUFDSixDQUFDIn0=

package/dist/dns-provider/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./api.js";
+export * from "./registry.js";
+export * from "./decorator.js";
+export * from "./base.js";

package/dist/dns-provider/index.js

@@ -0,0 +1,5 @@
+export * from "./api.js";
+export * from "./registry.js";
+export * from "./decorator.js";
+export * from "./base.js";
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZG5zLXByb3ZpZGVyL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLGNBQWMsVUFBVSxDQUFDO0FBQ3pCLGNBQWMsZUFBZSxDQUFDO0FBQzlCLGNBQWMsZ0JBQWdCLENBQUM7QUFDL0IsY0FBYyxXQUFXLENBQUMifQ==

package/dist/dns-provider/registry.d.ts

@@ -0,0 +1,2 @@
+import { Registry } from "@certd/pipeline";
+export declare const dnsProviderRegistry: Registry<unknown>;

package/dist/dns-provider/registry.js

@@ -0,0 +1,3 @@
+import { Registry } from "@certd/pipeline";
+export const dnsProviderRegistry = new Registry("dnsProvider");
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoicmVnaXN0cnkuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvZG5zLXByb3ZpZGVyL3JlZ2lzdHJ5LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxRQUFRLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUUzQyxNQUFNLENBQUMsTUFBTSxtQkFBbUIsR0FBRyxJQUFJLFFBQVEsQ0FBQyxhQUFhLENBQUMsQ0FBQyJ9

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+export * from "./plugin/index.js";
+export * from "./dns-provider/index.js";
+export * from "./access/index.js";

package/dist/index.js

@@ -0,0 +1,4 @@
+export * from "./plugin/index.js";
+export * from "./dns-provider/index.js";
+export * from "./access/index.js";
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsY0FBYyxtQkFBbUIsQ0FBQztBQUNsQyxjQUFjLHlCQUF5QixDQUFDO0FBQ3hDLGNBQWMsbUJBQW1CLENBQUMifQ==

package/dist/plugin/cert-plugin/acme.d.ts

@@ -0,0 +1,54 @@
+import * as acme from "@certd/acme-client";
+import { Logger } from "log4js";
+import { IContext } from "@certd/pipeline";
+import { IDnsProvider } from "../../dns-provider/index.js";
+import { ClientExternalAccountBindingOptions } from "@certd/acme-client";
+export type CertInfo = {
+    crt: string;
+    key: string;
+    csr: string;
+};
+export type SSLProvider = "letsencrypt" | "buypass" | "zerossl";
+export declare class AcmeService {
+    userContext: IContext;
+    logger: Logger;
+    sslProvider: SSLProvider;
+    skipLocalVerify: boolean;
+    eab?: ClientExternalAccountBindingOptions;
+    constructor(options: {
+        userContext: IContext;
+        logger: Logger;
+        sslProvider: SSLProvider;
+        eab?: ClientExternalAccountBindingOptions;
+        skipLocalVerify?: boolean;
+    });
+    getAccountConfig(email: string): Promise<any>;
+    buildAccountKey(email: string): string;
+    saveAccountConfig(email: string, conf: any): Promise<void>;
+    getAcmeClient(email: string, isTest?: boolean): Promise<acme.Client>;
+    createNewKey(): Promise<string>;
+    parseDomain(fullDomain: string): string;
+    challengeCreateFn(authz: any, challenge: any, keyAuthorization: string, dnsProvider: IDnsProvider): Promise<any>;
+    /**
+     * Function used to remove an ACME challenge response
+     *
+     * @param {object} authz Authorization object
+     * @param {object} challenge Selected challenge
+     * @param {string} keyAuthorization Authorization key
+     * @param recordItem  challengeCreateFn create record item
+     * @param dnsProvider dnsProvider
+     * @returns {Promise}
+     */
+    challengeRemoveFn(authz: any, challenge: any, keyAuthorization: string, recordItem: any, dnsProvider: IDnsProvider): Promise<void>;
+    order(options: {
+        email: string;
+        domains: string | string[];
+        dnsProvider: any;
+        csrInfo: any;
+        isTest?: boolean;
+    }): Promise<CertInfo>;
+    buildCommonNameByDomains(domains: string | string[]): {
+        commonName: string;
+        altNames: string[] | undefined;
+    };
+}

package/dist/plugin/cert-plugin/acme.js

@@ -0,0 +1,203 @@
+// @ts-ignore
+import * as acme from "@certd/acme-client";
+import _ from "lodash-es";
+import psl from "psl";
+export class AcmeService {
+    userContext;
+    logger;
+    sslProvider;
+    skipLocalVerify = true;
+    eab;
+    constructor(options) {
+        this.userContext = options.userContext;
+        this.logger = options.logger;
+        this.sslProvider = options.sslProvider || "letsencrypt";
+        this.eab = options.eab;
+        this.skipLocalVerify = options.skipLocalVerify ?? false;
+        acme.setLogger((text) => {
+            this.logger.info(text);
+        });
+    }
+    async getAccountConfig(email) {
+        return (await this.userContext.getObj(this.buildAccountKey(email))) || {};
+    }
+    buildAccountKey(email) {
+        return `acme.config.${this.sslProvider}.${email}`;
+    }
+    async saveAccountConfig(email, conf) {
+        await this.userContext.setObj(this.buildAccountKey(email), conf);
+    }
+    async getAcmeClient(email, isTest = false) {
+        const conf = await this.getAccountConfig(email);
+        if (conf.key == null) {
+            conf.key = await this.createNewKey();
+            await this.saveAccountConfig(email, conf);
+        }
+        let directoryUrl = "";
+        if (isTest) {
+            directoryUrl = acme.directory[this.sslProvider].staging;
+        }
+        else {
+            directoryUrl = acme.directory[this.sslProvider].production;
+        }
+        const client = new acme.Client({
+            directoryUrl: directoryUrl,
+            accountKey: conf.key,
+            accountUrl: conf.accountUrl,
+            externalAccountBinding: this.eab,
+            backoffAttempts: 30,
+            backoffMin: 5000,
+            backoffMax: 10000,
+        });
+        if (conf.accountUrl == null) {
+            const accountPayload = {
+                termsOfServiceAgreed: true,
+                contact: [`mailto:${email}`],
+                externalAccountBinding: this.eab,
+            };
+            await client.createAccount(accountPayload);
+            conf.accountUrl = client.getAccountUrl();
+            await this.saveAccountConfig(email, conf);
+        }
+        return client;
+    }
+    async createNewKey() {
+        const key = await acme.forge.createPrivateKey();
+        return key.toString();
+    }
+    parseDomain(fullDomain) {
+        const parsed = psl.parse(fullDomain);
+        if (parsed.error) {
+            throw new Error(`解析${fullDomain}域名失败:` + JSON.stringify(parsed.error));
+        }
+        return parsed.domain;
+    }
+    async challengeCreateFn(authz, challenge, keyAuthorization, dnsProvider) {
+        this.logger.info("Triggered challengeCreateFn()");
+        /* http-01 */
+        const fullDomain = authz.identifier.value;
+        if (challenge.type === "http-01") {
+            const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
+            const fileContents = keyAuthorization;
+            this.logger.info(`Creating challenge response for ${fullDomain} at path: ${filePath}`);
+            /* Replace this */
+            this.logger.info(`Would write "${fileContents}" to path "${filePath}"`);
+            // await fs.writeFileAsync(filePath, fileContents);
+        }
+        else if (challenge.type === "dns-01") {
+            /* dns-01 */
+            const dnsRecord = `_acme-challenge.${fullDomain}`;
+            const recordValue = keyAuthorization;
+            this.logger.info(`Creating TXT record for ${fullDomain}: ${dnsRecord}`);
+            /* Replace this */
+            this.logger.info(`Would create TXT record "${dnsRecord}" with value "${recordValue}"`);
+            const domain = this.parseDomain(fullDomain);
+            this.logger.info("解析到域名domain=", domain);
+            return await dnsProvider.createRecord({
+                fullRecord: dnsRecord,
+                type: "TXT",
+                value: recordValue,
+                domain,
+            });
+        }
+    }
+    /**
+     * Function used to remove an ACME challenge response
+     *
+     * @param {object} authz Authorization object
+     * @param {object} challenge Selected challenge
+     * @param {string} keyAuthorization Authorization key
+     * @param recordItem  challengeCreateFn create record item
+     * @param dnsProvider dnsProvider
+     * @returns {Promise}
+     */
+    async challengeRemoveFn(authz, challenge, keyAuthorization, recordItem, dnsProvider) {
+        this.logger.info("Triggered challengeRemoveFn()");
+        /* http-01 */
+        const fullDomain = authz.identifier.value;
+        if (challenge.type === "http-01") {
+            const filePath = `/var/www/html/.well-known/acme-challenge/${challenge.token}`;
+            this.logger.info(`Removing challenge response for ${fullDomain} at path: ${filePath}`);
+            /* Replace this */
+            this.logger.info(`Would remove file on path "${filePath}"`);
+            // await fs.unlinkAsync(filePath);
+        }
+        else if (challenge.type === "dns-01") {
+            const dnsRecord = `_acme-challenge.${fullDomain}`;
+            const recordValue = keyAuthorization;
+            this.logger.info(`Removing TXT record for ${fullDomain}: ${dnsRecord}`);
+            /* Replace this */
+            this.logger.info(`Would remove TXT record "${dnsRecord}" with value "${recordValue}"`);
+            const domain = this.parseDomain(fullDomain);
+            try {
+                await dnsProvider.removeRecord({
+                    fullRecord: dnsRecord,
+                    type: "TXT",
+                    value: keyAuthorization,
+                    record: recordItem,
+                    domain,
+                });
+            }
+            catch (e) {
+                this.logger.error("删除解析记录出错：", e);
+                throw e;
+            }
+        }
+    }
+    async order(options) {
+        const { email, isTest, domains, csrInfo, dnsProvider } = options;
+        const client = await this.getAcmeClient(email, isTest);
+        /* Create CSR */
+        const { commonName, altNames } = this.buildCommonNameByDomains(domains);
+        const [key, csr] = await acme.forge.createCsr({
+            commonName,
+            ...csrInfo,
+            altNames,
+        });
+        if (dnsProvider == null) {
+            throw new Error("dnsProvider 不能为空");
+        }
+        /* 自动申请证书 */
+        const crt = await client.auto({
+            csr,
+            email: email,
+            termsOfServiceAgreed: true,
+            skipChallengeVerification: this.skipLocalVerify,
+            challengePriority: ["dns-01"],
+            challengeCreateFn: async (authz, challenge, keyAuthorization) => {
+                return await this.challengeCreateFn(authz, challenge, keyAuthorization, dnsProvider);
+            },
+            challengeRemoveFn: async (authz, challenge, keyAuthorization, recordItem) => {
+                return await this.challengeRemoveFn(authz, challenge, keyAuthorization, recordItem, dnsProvider);
+            },
+        });
+        const cert = {
+            crt: crt.toString(),
+            key: key.toString(),
+            csr: csr.toString(),
+        };
+        /* Done */
+        this.logger.debug(`CSR:\n${cert.csr}`);
+        this.logger.debug(`Certificate:\n${cert.crt}`);
+        this.logger.info("证书申请成功");
+        return cert;
+    }
+    buildCommonNameByDomains(domains) {
+        if (typeof domains === "string") {
+            domains = domains.split(",");
+        }
+        if (domains.length === 0) {
+            throw new Error("domain can not be empty");
+        }
+        const commonName = domains[0];
+        let altNames = undefined;
+        if (domains.length > 1) {
+            altNames = _.slice(domains, 1);
+        }
+        return {
+            commonName,
+            altNames,
+        };
+    }
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNtZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9wbHVnaW4vY2VydC1wbHVnaW4vYWNtZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiQUFBQSxhQUFhO0FBQ2IsT0FBTyxLQUFLLElBQUksTUFBTSxvQkFBb0IsQ0FBQztBQUMzQyxPQUFPLENBQUMsTUFBTSxXQUFXLENBQUM7QUFLMUIsT0FBTyxHQUFHLE1BQU0sS0FBSyxDQUFDO0FBU3RCLE1BQU0sT0FBTyxXQUFXO0lBQ3RCLFdBQVcsQ0FBVztJQUN0QixNQUFNLENBQVM7SUFDZixXQUFXLENBQWM7SUFDekIsZUFBZSxHQUFHLElBQUksQ0FBQztJQUN2QixHQUFHLENBQXVDO0lBQzFDLFlBQVksT0FNWDtRQUNDLElBQUksQ0FBQyxXQUFXLEdBQUcsT0FBTyxDQUFDLFdBQVcsQ0FBQztRQUN2QyxJQUFJLENBQUMsTUFBTSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUM7UUFDN0IsSUFBSSxDQUFDLFdBQVcsR0FBRyxPQUFPLENBQUMsV0FBVyxJQUFJLGFBQWEsQ0FBQztRQUN4RCxJQUFJLENBQUMsR0FBRyxHQUFHLE9BQU8sQ0FBQyxHQUFHLENBQUM7UUFDdkIsSUFBSSxDQUFDLGVBQWUsR0FBRyxPQUFPLENBQUMsZUFBZSxJQUFJLEtBQUssQ0FBQztRQUN4RCxJQUFJLENBQUMsU0FBUyxDQUFDLENBQUMsSUFBWSxFQUFFLEVBQUU7WUFDOUIsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDekIsQ0FBQyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLGdCQUFnQixDQUFDLEtBQWE7UUFDbEMsT0FBTyxDQUFDLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLElBQUksRUFBRSxDQUFDO0lBQzVFLENBQUM7SUFFRCxlQUFlLENBQUMsS0FBYTtRQUMzQixPQUFPLGVBQWUsSUFBSSxDQUFDLFdBQVcsSUFBSSxLQUFLLEVBQUUsQ0FBQztJQUNwRCxDQUFDO0lBRUQsS0FBSyxDQUFDLGlCQUFpQixDQUFDLEtBQWEsRUFBRSxJQUFTO1FBQzlDLE1BQU0sSUFBSSxDQUFDLFdBQVcsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxLQUFLLENBQUMsRUFBRSxJQUFJLENBQUMsQ0FBQztJQUNuRSxDQUFDO0lBRUQsS0FBSyxDQUFDLGFBQWEsQ0FBQyxLQUFhLEVBQUUsTUFBTSxHQUFHLEtBQUs7UUFDL0MsTUFBTSxJQUFJLEdBQUcsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLENBQUMsS0FBSyxDQUFDLENBQUM7UUFDaEQsSUFBSSxJQUFJLENBQUMsR0FBRyxJQUFJLElBQUksRUFBRSxDQUFDO1lBQ3JCLElBQUksQ0FBQyxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7WUFDckMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQzVDLENBQUM7UUFDRCxJQUFJLFlBQVksR0FBRyxFQUFFLENBQUM7UUFDdEIsSUFBSSxNQUFNLEVBQUUsQ0FBQztZQUNYLFlBQVksR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQyxPQUFPLENBQUM7UUFDMUQsQ0FBQzthQUFNLENBQUM7WUFDTixZQUFZLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsV0FBVyxDQUFDLENBQUMsVUFBVSxDQUFDO1FBQzdELENBQUM7UUFDRCxNQUFNLE1BQU0sR0FBRyxJQUFJLElBQUksQ0FBQyxNQUFNLENBQUM7WUFDN0IsWUFBWSxFQUFFLFlBQVk7WUFDMUIsVUFBVSxFQUFFLElBQUksQ0FBQyxHQUFHO1lBQ3BCLFVBQVUsRUFBRSxJQUFJLENBQUMsVUFBVTtZQUMzQixzQkFBc0IsRUFBRSxJQUFJLENBQUMsR0FBRztZQUNoQyxlQUFlLEVBQUUsRUFBRTtZQUNuQixVQUFVLEVBQUUsSUFBSTtZQUNoQixVQUFVLEVBQUUsS0FBSztTQUNsQixDQUFDLENBQUM7UUFFSCxJQUFJLElBQUksQ0FBQyxVQUFVLElBQUksSUFBSSxFQUFFLENBQUM7WUFDNUIsTUFBTSxjQUFjLEdBQUc7Z0JBQ3JCLG9CQUFvQixFQUFFLElBQUk7Z0JBQzFCLE9BQU8sRUFBRSxDQUFDLFVBQVUsS0FBSyxFQUFFLENBQUM7Z0JBQzVCLHNCQUFzQixFQUFFLElBQUksQ0FBQyxHQUFHO2FBQ2pDLENBQUM7WUFDRixNQUFNLE1BQU0sQ0FBQyxhQUFhLENBQUMsY0FBYyxDQUFDLENBQUM7WUFDM0MsSUFBSSxDQUFDLFVBQVUsR0FBRyxNQUFNLENBQUMsYUFBYSxFQUFFLENBQUM7WUFDekMsTUFBTSxJQUFJLENBQUMsaUJBQWlCLENBQUMsS0FBSyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQzVDLENBQUM7UUFDRCxPQUFPLE1BQU0sQ0FBQztJQUNoQixDQUFDO0lBRUQsS0FBSyxDQUFDLFlBQVk7UUFDaEIsTUFBTSxHQUFHLEdBQUcsTUFBTSxJQUFJLENBQUMsS0FBSyxDQUFDLGdCQUFnQixFQUFFLENBQUM7UUFDaEQsT0FBTyxHQUFHLENBQUMsUUFBUSxFQUFFLENBQUM7SUFDeEIsQ0FBQztJQUVELFdBQVcsQ0FBQyxVQUFrQjtRQUM1QixNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBcUIsQ0FBQztRQUN6RCxJQUFJLE1BQU0sQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUNqQixNQUFNLElBQUksS0FBSyxDQUFDLEtBQUssVUFBVSxPQUFPLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLENBQUMsQ0FBQztRQUN6RSxDQUFDO1FBQ0QsT0FBTyxNQUFNLENBQUMsTUFBZ0IsQ0FBQztJQUNqQyxDQUFDO0lBQ0QsS0FBSyxDQUFDLGlCQUFpQixDQUFDLEtBQVUsRUFBRSxTQUFjLEVBQUUsZ0JBQXdCLEVBQUUsV0FBeUI7UUFDckcsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsK0JBQStCLENBQUMsQ0FBQztRQUVsRCxhQUFhO1FBQ2IsTUFBTSxVQUFVLEdBQUcsS0FBSyxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUM7UUFDMUMsSUFBSSxTQUFTLENBQUMsSUFBSSxLQUFLLFNBQVMsRUFBRSxDQUFDO1lBQ2pDLE1BQU0sUUFBUSxHQUFHLDRDQUE0QyxTQUFTLENBQUMsS0FBSyxFQUFFLENBQUM7WUFDL0UsTUFBTSxZQUFZLEdBQUcsZ0JBQWdCLENBQUM7WUFFdEMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsbUNBQW1DLFVBQVUsYUFBYSxRQUFRLEVBQUUsQ0FBQyxDQUFDO1lBRXZGLGtCQUFrQjtZQUNsQixJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxnQkFBZ0IsWUFBWSxjQUFjLFFBQVEsR0FBRyxDQUFDLENBQUM7WUFDeEUsbURBQW1EO1FBQ3JELENBQUM7YUFBTSxJQUFJLFNBQVMsQ0FBQyxJQUFJLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDdkMsWUFBWTtZQUNaLE1BQU0sU0FBUyxHQUFHLG1CQUFtQixVQUFVLEVBQUUsQ0FBQztZQUNsRCxNQUFNLFdBQVcsR0FBRyxnQkFBZ0IsQ0FBQztZQUVyQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQywyQkFBMkIsVUFBVSxLQUFLLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFDeEUsa0JBQWtCO1lBQ2xCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDRCQUE0QixTQUFTLGlCQUFpQixXQUFXLEdBQUcsQ0FBQyxDQUFDO1lBRXZGLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDLENBQUM7WUFDNUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsY0FBYyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1lBQ3pDLE9BQU8sTUFBTSxXQUFXLENBQUMsWUFBWSxDQUFDO2dCQUNwQyxVQUFVLEVBQUUsU0FBUztnQkFDckIsSUFBSSxFQUFFLEtBQUs7Z0JBQ1gsS0FBSyxFQUFFLFdBQVc7Z0JBQ2xCLE1BQU07YUFDUCxDQUFDLENBQUM7UUFDTCxDQUFDO0lBQ0gsQ0FBQztJQUVEOzs7Ozs7Ozs7T0FTRztJQUVILEtBQUssQ0FBQyxpQkFBaUIsQ0FBQyxLQUFVLEVBQUUsU0FBYyxFQUFFLGdCQUF3QixFQUFFLFVBQWUsRUFBRSxXQUF5QjtRQUN0SCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQywrQkFBK0IsQ0FBQyxDQUFDO1FBRWxELGFBQWE7UUFDYixNQUFNLFVBQVUsR0FBRyxLQUFLLENBQUMsVUFBVSxDQUFDLEtBQUssQ0FBQztRQUMxQyxJQUFJLFNBQVMsQ0FBQyxJQUFJLEtBQUssU0FBUyxFQUFFLENBQUM7WUFDakMsTUFBTSxRQUFRLEdBQUcsNENBQTRDLFNBQVMsQ0FBQyxLQUFLLEVBQUUsQ0FBQztZQUUvRSxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxtQ0FBbUMsVUFBVSxhQUFhLFFBQVEsRUFBRSxDQUFDLENBQUM7WUFFdkYsa0JBQWtCO1lBQ2xCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDhCQUE4QixRQUFRLEdBQUcsQ0FBQyxDQUFDO1lBQzVELGtDQUFrQztRQUNwQyxDQUFDO2FBQU0sSUFBSSxTQUFTLENBQUMsSUFBSSxLQUFLLFFBQVEsRUFBRSxDQUFDO1lBQ3ZDLE1BQU0sU0FBUyxHQUFHLG1CQUFtQixVQUFVLEVBQUUsQ0FBQztZQUNsRCxNQUFNLFdBQVcsR0FBRyxnQkFBZ0IsQ0FBQztZQUVyQyxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQywyQkFBMkIsVUFBVSxLQUFLLFNBQVMsRUFBRSxDQUFDLENBQUM7WUFFeEUsa0JBQWtCO1lBQ2xCLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLDRCQUE0QixTQUFTLGlCQUFpQixXQUFXLEdBQUcsQ0FBQyxDQUFDO1lBRXZGLE1BQU0sTUFBTSxHQUFHLElBQUksQ0FBQyxXQUFXLENBQUMsVUFBVSxDQUFDLENBQUM7WUFFNUMsSUFBSSxDQUFDO2dCQUNILE1BQU0sV0FBVyxDQUFDLFlBQVksQ0FBQztvQkFDN0IsVUFBVSxFQUFFLFNBQVM7b0JBQ3JCLElBQUksRUFBRSxLQUFLO29CQUNYLEtBQUssRUFBRSxnQkFBZ0I7b0JBQ3ZCLE1BQU0sRUFBRSxVQUFVO29CQUNsQixNQUFNO2lCQUNQLENBQUMsQ0FBQztZQUNMLENBQUM7WUFBQyxPQUFPLENBQUMsRUFBRSxDQUFDO2dCQUNYLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLFdBQVcsRUFBRSxDQUFDLENBQUMsQ0FBQztnQkFDbEMsTUFBTSxDQUFDLENBQUM7WUFDVixDQUFDO1FBQ0gsQ0FBQztJQUNILENBQUM7SUFFRCxLQUFLLENBQUMsS0FBSyxDQUFDLE9BQXdHO1FBQ2xILE1BQU0sRUFBRSxLQUFLLEVBQUUsTUFBTSxFQUFFLE9BQU8sRUFBRSxPQUFPLEVBQUUsV0FBVyxFQUFFLEdBQUcsT0FBTyxDQUFDO1FBQ2pFLE1BQU0sTUFBTSxHQUFnQixNQUFNLElBQUksQ0FBQyxhQUFhLENBQUMsS0FBSyxFQUFFLE1BQU0sQ0FBQyxDQUFDO1FBRXBFLGdCQUFnQjtRQUNoQixNQUFNLEVBQUUsVUFBVSxFQUFFLFFBQVEsRUFBRSxHQUFHLElBQUksQ0FBQyx3QkFBd0IsQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUV4RSxNQUFNLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQyxHQUFHLE1BQU0sSUFBSSxDQUFDLEtBQUssQ0FBQyxTQUFTLENBQUM7WUFDNUMsVUFBVTtZQUNWLEdBQUcsT0FBTztZQUNWLFFBQVE7U0FDVCxDQUFDLENBQUM7UUFDSCxJQUFJLFdBQVcsSUFBSSxJQUFJLEVBQUUsQ0FBQztZQUN4QixNQUFNLElBQUksS0FBSyxDQUFDLGtCQUFrQixDQUFDLENBQUM7UUFDdEMsQ0FBQztRQUNELFlBQVk7UUFDWixNQUFNLEdBQUcsR0FBRyxNQUFNLE1BQU0sQ0FBQyxJQUFJLENBQUM7WUFDNUIsR0FBRztZQUNILEtBQUssRUFBRSxLQUFLO1lBQ1osb0JBQW9CLEVBQUUsSUFBSTtZQUMxQix5QkFBeUIsRUFBRSxJQUFJLENBQUMsZUFBZTtZQUMvQyxpQkFBaUIsRUFBRSxDQUFDLFFBQVEsQ0FBQztZQUM3QixpQkFBaUIsRUFBRSxLQUFLLEVBQUUsS0FBeUIsRUFBRSxTQUFvQixFQUFFLGdCQUF3QixFQUFnQixFQUFFO2dCQUNuSCxPQUFPLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLEtBQUssRUFBRSxTQUFTLEVBQUUsZ0JBQWdCLEVBQUUsV0FBVyxDQUFDLENBQUM7WUFDdkYsQ0FBQztZQUNELGlCQUFpQixFQUFFLEtBQUssRUFBRSxLQUF5QixFQUFFLFNBQW9CLEVBQUUsZ0JBQXdCLEVBQUUsVUFBZSxFQUFnQixFQUFFO2dCQUNwSSxPQUFPLE1BQU0sSUFBSSxDQUFDLGlCQUFpQixDQUFDLEtBQUssRUFBRSxTQUFTLEVBQUUsZ0JBQWdCLEVBQUUsVUFBVSxFQUFFLFdBQVcsQ0FBQyxDQUFDO1lBQ25HLENBQUM7U0FDRixDQUFDLENBQUM7UUFFSCxNQUFNLElBQUksR0FBYTtZQUNyQixHQUFHLEVBQUUsR0FBRyxDQUFDLFFBQVEsRUFBRTtZQUNuQixHQUFHLEVBQUUsR0FBRyxDQUFDLFFBQVEsRUFBRTtZQUNuQixHQUFHLEVBQUUsR0FBRyxDQUFDLFFBQVEsRUFBRTtTQUNwQixDQUFDO1FBQ0YsVUFBVTtRQUNWLElBQUksQ0FBQyxNQUFNLENBQUMsS0FBSyxDQUFDLFNBQVMsSUFBSSxDQUFDLEdBQUcsRUFBRSxDQUFDLENBQUM7UUFDdkMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsaUJBQWlCLElBQUksQ0FBQyxHQUFHLEVBQUUsQ0FBQyxDQUFDO1FBQy9DLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQzNCLE9BQU8sSUFBSSxDQUFDO0lBQ2QsQ0FBQztJQUVELHdCQUF3QixDQUFDLE9BQTBCO1FBSWpELElBQUksT0FBTyxPQUFPLEtBQUssUUFBUSxFQUFFLENBQUM7WUFDaEMsT0FBTyxHQUFHLE9BQU8sQ0FBQyxLQUFLLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDL0IsQ0FBQztRQUNELElBQUksT0FBTyxDQUFDLE1BQU0sS0FBSyxDQUFDLEVBQUUsQ0FBQztZQUN6QixNQUFNLElBQUksS0FBSyxDQUFDLHlCQUF5QixDQUFDLENBQUM7UUFDN0MsQ0FBQztRQUNELE1BQU0sVUFBVSxHQUFHLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUM5QixJQUFJLFFBQVEsR0FBeUIsU0FBUyxDQUFDO1FBQy9DLElBQUksT0FBTyxDQUFDLE1BQU0sR0FBRyxDQUFDLEVBQUUsQ0FBQztZQUN2QixRQUFRLEdBQUcsQ0FBQyxDQUFDLEtBQUssQ0FBQyxPQUFPLEVBQUUsQ0FBQyxDQUFDLENBQUM7UUFDakMsQ0FBQztRQUNELE9BQU87WUFDTCxVQUFVO1lBQ1YsUUFBUTtTQUNULENBQUM7SUFDSixDQUFDO0NBQ0YifQ==

package/dist/plugin/cert-plugin/base.d.ts

@@ -0,0 +1,49 @@
+import { AbstractTaskPlugin, HttpClient, IAccessService, IContext, Step } from "@certd/pipeline";
+import type { CertInfo } from "./acme.js";
+import { Logger } from "log4js";
+import { CertReader } from "./cert-reader.js";
+export { CertReader };
+export type { CertInfo };
+export declare abstract class CertApplyBasePlugin extends AbstractTaskPlugin {
+    domains: string[];
+    email: string;
+    renewDays: number;
+    forceUpdate: string;
+    successNotify: boolean;
+    intro: string;
+    csrInfo: string;
+    logger: Logger;
+    userContext: IContext;
+    accessService: IAccessService;
+    http: HttpClient;
+    lastStatus: Step;
+    cert?: CertInfo;
+    onInstance(): Promise<void>;
+    abstract onInit(): Promise<void>;
+    abstract doCertApply(): Promise<any>;
+    execute(): Promise<void>;
+    output(certReader: CertReader, isNew: boolean): Promise<void>;
+    zipCert(cert: CertInfo, applyTime: string): Promise<void>;
+    /**
+     * 是否更新证书
+     */
+    condition(): Promise<CertReader>;
+    formatCert(pem: string): string;
+    formatCerts(cert: {
+        crt: string;
+        key: string;
+        csr: string;
+    }): CertInfo;
+    readLastCert(): Promise<CertReader | undefined>;
+    /**
+     * 检查是否过期，默认提前20天
+     * @param expires
+     * @param maxDays
+     * @returns {boolean}
+     */
+    isWillExpire(expires: number, maxDays?: number): {
+        isWillExpire: boolean;
+        leftDays: number;
+    };
+    private sendSuccessEmail;
+}