@certd/plugin-cert 1.21.2 → 1.22.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +13 -0
- package/dist/access/eab-access.d.ts +4 -0
- package/dist/access/eab-access.js +46 -0
- package/dist/access/index.d.ts +1 -0
- package/dist/access/index.js +2 -0
- package/dist/bundle.js +1 -1
- package/dist/d/plugin/cert-plugin/acme.d.ts +0 -2
- package/dist/d/plugin/cert-plugin/index.d.ts +0 -1
- package/dist/dns-provider/api.d.ts +27 -0
- package/dist/dns-provider/api.js +2 -0
- package/dist/dns-provider/base.d.ts +8 -0
- package/dist/dns-provider/base.js +7 -0
- package/dist/dns-provider/decorator.d.ts +3 -0
- package/dist/dns-provider/decorator.js +26 -0
- package/dist/dns-provider/index.d.ts +4 -0
- package/dist/dns-provider/index.js +5 -0
- package/dist/dns-provider/registry.d.ts +2 -0
- package/dist/dns-provider/registry.js +3 -0
- package/dist/index.d.ts +3 -0
- package/dist/index.js +4 -0
- package/dist/plugin/cert-plugin/acme.d.ts +54 -0
- package/dist/plugin/cert-plugin/acme.js +203 -0
- package/dist/plugin/cert-plugin/base.d.ts +49 -0
- package/dist/plugin/cert-plugin/base.js +259 -0
- package/dist/plugin/cert-plugin/cert-reader.d.ts +16 -0
- package/dist/plugin/cert-plugin/cert-reader.js +45 -0
- package/dist/plugin/cert-plugin/index.d.ts +16 -0
- package/dist/plugin/cert-plugin/index.js +171 -0
- package/dist/plugin/cert-plugin/lego.d.ts +16 -0
- package/dist/plugin/cert-plugin/lego.js +153 -0
- package/dist/plugin/index.d.ts +2 -0
- package/dist/plugin/index.js +3 -0
- package/dist/plugin-cert.mjs +11786 -0
- package/dist/plugin-cert.umd.js +28 -0
- package/fix-esm-import-paths.js +96 -0
- package/package.json +10 -10
- package/rollup.config.js +1 -1
- package/stats.html +6177 -0
- package/test/user.secret.js +7 -0
- package/test/user.secret.ts +4 -0
- package/tsconfig.json +33 -10
- package/tsconfig.tsbuildinfo +1 -0
- package/vite.config.ts +1 -1
|
@@ -0,0 +1,259 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
import { AbstractTaskPlugin, TaskInput, TaskOutput } from "@certd/pipeline";
|
|
11
|
+
import dayjs from "dayjs";
|
|
12
|
+
import { CertReader } from "./cert-reader.js";
|
|
13
|
+
import JSZip from "jszip";
|
|
14
|
+
export { CertReader };
|
|
15
|
+
export class CertApplyBasePlugin extends AbstractTaskPlugin {
|
|
16
|
+
domains;
|
|
17
|
+
email;
|
|
18
|
+
renewDays;
|
|
19
|
+
forceUpdate;
|
|
20
|
+
successNotify = true;
|
|
21
|
+
intro;
|
|
22
|
+
// @TaskInput({
|
|
23
|
+
// title: "CsrInfo",
|
|
24
|
+
// helper: "暂时没有用",
|
|
25
|
+
// })
|
|
26
|
+
csrInfo;
|
|
27
|
+
logger;
|
|
28
|
+
userContext;
|
|
29
|
+
accessService;
|
|
30
|
+
http;
|
|
31
|
+
lastStatus;
|
|
32
|
+
cert;
|
|
33
|
+
async onInstance() {
|
|
34
|
+
this.accessService = this.ctx.accessService;
|
|
35
|
+
this.logger = this.ctx.logger;
|
|
36
|
+
this.userContext = this.ctx.userContext;
|
|
37
|
+
this.http = this.ctx.http;
|
|
38
|
+
this.lastStatus = this.ctx.lastStatus;
|
|
39
|
+
await this.onInit();
|
|
40
|
+
}
|
|
41
|
+
async execute() {
|
|
42
|
+
const oldCert = await this.condition();
|
|
43
|
+
if (oldCert != null) {
|
|
44
|
+
return await this.output(oldCert, false);
|
|
45
|
+
}
|
|
46
|
+
const cert = await this.doCertApply();
|
|
47
|
+
if (cert != null) {
|
|
48
|
+
await this.output(cert, true);
|
|
49
|
+
//清空后续任务的状态,让后续任务能够重新执行
|
|
50
|
+
this.clearLastStatus();
|
|
51
|
+
if (this.successNotify) {
|
|
52
|
+
await this.sendSuccessEmail();
|
|
53
|
+
}
|
|
54
|
+
}
|
|
55
|
+
else {
|
|
56
|
+
throw new Error("申请证书失败");
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
async output(certReader, isNew) {
|
|
60
|
+
const cert = certReader.toCertInfo();
|
|
61
|
+
this.cert = cert;
|
|
62
|
+
if (isNew) {
|
|
63
|
+
const applyTime = dayjs(certReader.detail.validity.notBefore).format("YYYYMMDD_HHmmss");
|
|
64
|
+
await this.zipCert(cert, applyTime);
|
|
65
|
+
}
|
|
66
|
+
else {
|
|
67
|
+
this.extendsFiles();
|
|
68
|
+
}
|
|
69
|
+
// thi
|
|
70
|
+
// s.logger.info(JSON.stringify(certReader.detail));
|
|
71
|
+
}
|
|
72
|
+
async zipCert(cert, applyTime) {
|
|
73
|
+
const zip = new JSZip();
|
|
74
|
+
zip.file("cert.crt", cert.crt);
|
|
75
|
+
zip.file("cert.key", cert.key);
|
|
76
|
+
const domain_name = this.domains[0].replace(".", "_").replace("*", "_");
|
|
77
|
+
const filename = `cert_${domain_name}_${applyTime}.zip`;
|
|
78
|
+
const content = await zip.generateAsync({ type: "nodebuffer" });
|
|
79
|
+
this.saveFile(filename, content);
|
|
80
|
+
this.logger.info(`已保存文件:${filename}`);
|
|
81
|
+
}
|
|
82
|
+
/**
|
|
83
|
+
* 是否更新证书
|
|
84
|
+
*/
|
|
85
|
+
async condition() {
|
|
86
|
+
if (this.forceUpdate) {
|
|
87
|
+
return null;
|
|
88
|
+
}
|
|
89
|
+
let inputChanged = false;
|
|
90
|
+
const oldInput = JSON.stringify(this.lastStatus?.input?.domains);
|
|
91
|
+
const thisInput = JSON.stringify(this.domains);
|
|
92
|
+
if (oldInput !== thisInput) {
|
|
93
|
+
inputChanged = true;
|
|
94
|
+
}
|
|
95
|
+
let oldCert = undefined;
|
|
96
|
+
try {
|
|
97
|
+
oldCert = await this.readLastCert();
|
|
98
|
+
}
|
|
99
|
+
catch (e) {
|
|
100
|
+
this.logger.warn("读取cert失败:", e);
|
|
101
|
+
}
|
|
102
|
+
if (oldCert == null) {
|
|
103
|
+
this.logger.info("还未申请过,准备申请新证书");
|
|
104
|
+
return null;
|
|
105
|
+
}
|
|
106
|
+
if (inputChanged) {
|
|
107
|
+
this.logger.info("输入参数变更,申请新证书");
|
|
108
|
+
return null;
|
|
109
|
+
}
|
|
110
|
+
const ret = this.isWillExpire(oldCert.expires, this.renewDays);
|
|
111
|
+
if (!ret.isWillExpire) {
|
|
112
|
+
this.logger.info(`证书还未过期:过期时间${dayjs(oldCert.expires).format("YYYY-MM-DD HH:mm:ss")},剩余${ret.leftDays}天`);
|
|
113
|
+
return oldCert;
|
|
114
|
+
}
|
|
115
|
+
this.logger.info("即将过期,开始更新证书");
|
|
116
|
+
return null;
|
|
117
|
+
}
|
|
118
|
+
formatCert(pem) {
|
|
119
|
+
pem = pem.replace(/\r/g, "");
|
|
120
|
+
pem = pem.replace(/\n\n/g, "\n");
|
|
121
|
+
pem = pem.replace(/\n$/g, "");
|
|
122
|
+
return pem;
|
|
123
|
+
}
|
|
124
|
+
formatCerts(cert) {
|
|
125
|
+
const newCert = {
|
|
126
|
+
crt: this.formatCert(cert.crt),
|
|
127
|
+
key: this.formatCert(cert.key),
|
|
128
|
+
csr: this.formatCert(cert.csr),
|
|
129
|
+
};
|
|
130
|
+
return newCert;
|
|
131
|
+
}
|
|
132
|
+
async readLastCert() {
|
|
133
|
+
const cert = this.lastStatus?.status?.output?.cert;
|
|
134
|
+
if (cert == null) {
|
|
135
|
+
return undefined;
|
|
136
|
+
}
|
|
137
|
+
return new CertReader(cert);
|
|
138
|
+
}
|
|
139
|
+
/**
|
|
140
|
+
* 检查是否过期,默认提前20天
|
|
141
|
+
* @param expires
|
|
142
|
+
* @param maxDays
|
|
143
|
+
* @returns {boolean}
|
|
144
|
+
*/
|
|
145
|
+
isWillExpire(expires, maxDays = 20) {
|
|
146
|
+
if (expires == null) {
|
|
147
|
+
throw new Error("过期时间不能为空");
|
|
148
|
+
}
|
|
149
|
+
// 检查有效期
|
|
150
|
+
const leftDays = dayjs(expires).diff(dayjs(), "day");
|
|
151
|
+
return {
|
|
152
|
+
isWillExpire: leftDays < maxDays,
|
|
153
|
+
leftDays,
|
|
154
|
+
};
|
|
155
|
+
}
|
|
156
|
+
async sendSuccessEmail() {
|
|
157
|
+
try {
|
|
158
|
+
this.logger.info("发送成功邮件通知:" + this.email);
|
|
159
|
+
const subject = `【CertD】证书申请成功【${this.domains[0]}】`;
|
|
160
|
+
await this.ctx.emailService.send({
|
|
161
|
+
userId: this.ctx.pipeline.userId,
|
|
162
|
+
receivers: [this.email],
|
|
163
|
+
subject: subject,
|
|
164
|
+
content: `证书申请成功,域名:${this.domains.join(",")}`,
|
|
165
|
+
});
|
|
166
|
+
}
|
|
167
|
+
catch (e) {
|
|
168
|
+
this.logger.error("send email error", e);
|
|
169
|
+
}
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
__decorate([
|
|
173
|
+
TaskInput({
|
|
174
|
+
title: "域名",
|
|
175
|
+
component: {
|
|
176
|
+
name: "a-select",
|
|
177
|
+
vModel: "value",
|
|
178
|
+
mode: "tags",
|
|
179
|
+
open: false,
|
|
180
|
+
},
|
|
181
|
+
required: true,
|
|
182
|
+
col: {
|
|
183
|
+
span: 24,
|
|
184
|
+
},
|
|
185
|
+
order: -1,
|
|
186
|
+
helper: "1、支持通配符域名,例如: *.foo.com、foo.com、*.test.handsfree.work\n" +
|
|
187
|
+
"2、支持多个域名、多个子域名、多个通配符域名打到一个证书上(域名必须是在同一个DNS提供商解析)\n" +
|
|
188
|
+
"3、多级子域名要分成多个域名输入(*.foo.com的证书不能用于xxx.yyy.foo.com、foo.com)\n" +
|
|
189
|
+
"4、输入一个回车之后,再输入下一个",
|
|
190
|
+
}),
|
|
191
|
+
__metadata("design:type", Array)
|
|
192
|
+
], CertApplyBasePlugin.prototype, "domains", void 0);
|
|
193
|
+
__decorate([
|
|
194
|
+
TaskInput({
|
|
195
|
+
title: "邮箱",
|
|
196
|
+
component: {
|
|
197
|
+
name: "a-input",
|
|
198
|
+
vModel: "value",
|
|
199
|
+
},
|
|
200
|
+
required: true,
|
|
201
|
+
order: -1,
|
|
202
|
+
helper: "请输入邮箱",
|
|
203
|
+
}),
|
|
204
|
+
__metadata("design:type", String)
|
|
205
|
+
], CertApplyBasePlugin.prototype, "email", void 0);
|
|
206
|
+
__decorate([
|
|
207
|
+
TaskInput({
|
|
208
|
+
title: "更新天数",
|
|
209
|
+
value: 20,
|
|
210
|
+
component: {
|
|
211
|
+
name: "a-input-number",
|
|
212
|
+
vModel: "value",
|
|
213
|
+
},
|
|
214
|
+
required: true,
|
|
215
|
+
order: 100,
|
|
216
|
+
helper: "到期前多少天后更新证书,注意:流水线默认不会自动运行,请设置定时器,每天定时运行本流水线",
|
|
217
|
+
}),
|
|
218
|
+
__metadata("design:type", Number)
|
|
219
|
+
], CertApplyBasePlugin.prototype, "renewDays", void 0);
|
|
220
|
+
__decorate([
|
|
221
|
+
TaskInput({
|
|
222
|
+
title: "强制更新",
|
|
223
|
+
component: {
|
|
224
|
+
name: "a-switch",
|
|
225
|
+
vModel: "checked",
|
|
226
|
+
},
|
|
227
|
+
order: 100,
|
|
228
|
+
helper: "是否强制重新申请证书",
|
|
229
|
+
}),
|
|
230
|
+
__metadata("design:type", String)
|
|
231
|
+
], CertApplyBasePlugin.prototype, "forceUpdate", void 0);
|
|
232
|
+
__decorate([
|
|
233
|
+
TaskInput({
|
|
234
|
+
title: "成功后邮件通知",
|
|
235
|
+
value: true,
|
|
236
|
+
component: {
|
|
237
|
+
name: "a-switch",
|
|
238
|
+
vModel: "checked",
|
|
239
|
+
},
|
|
240
|
+
order: 100,
|
|
241
|
+
helper: "申请成功后是否发送邮件通知",
|
|
242
|
+
}),
|
|
243
|
+
__metadata("design:type", Object)
|
|
244
|
+
], CertApplyBasePlugin.prototype, "successNotify", void 0);
|
|
245
|
+
__decorate([
|
|
246
|
+
TaskInput({
|
|
247
|
+
title: "配置说明",
|
|
248
|
+
order: 9999,
|
|
249
|
+
helper: "运行策略请选择总是运行,其他证书部署任务请选择成功后跳过;当证书快到期前将会自动重新申请证书,然后会清空后续任务的成功状态,部署任务将会重新运行",
|
|
250
|
+
}),
|
|
251
|
+
__metadata("design:type", String)
|
|
252
|
+
], CertApplyBasePlugin.prototype, "intro", void 0);
|
|
253
|
+
__decorate([
|
|
254
|
+
TaskOutput({
|
|
255
|
+
title: "域名证书",
|
|
256
|
+
}),
|
|
257
|
+
__metadata("design:type", Object)
|
|
258
|
+
], CertApplyBasePlugin.prototype, "cert", void 0);
|
|
259
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYmFzZS5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uLy4uL3NyYy9wbHVnaW4vY2VydC1wbHVnaW4vYmFzZS50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOzs7Ozs7Ozs7QUFBQSxPQUFPLEVBQUUsa0JBQWtCLEVBQThDLFNBQVMsRUFBRSxVQUFVLEVBQUUsTUFBTSxpQkFBaUIsQ0FBQztBQUN4SCxPQUFPLEtBQUssTUFBTSxPQUFPLENBQUM7QUFHMUIsT0FBTyxFQUFFLFVBQVUsRUFBRSxNQUFNLGtCQUFrQixDQUFDO0FBQzlDLE9BQU8sS0FBSyxNQUFNLE9BQU8sQ0FBQztBQUUxQixPQUFPLEVBQUUsVUFBVSxFQUFFLENBQUM7QUFHdEIsTUFBTSxPQUFnQixtQkFBb0IsU0FBUSxrQkFBa0I7SUFvQmxFLE9BQU8sQ0FBWTtJQVluQixLQUFLLENBQVU7SUFhZixTQUFTLENBQVU7SUFXbkIsV0FBVyxDQUFVO0lBWXJCLGFBQWEsR0FBRyxJQUFJLENBQUM7SUFPckIsS0FBSyxDQUFVO0lBRWYsZUFBZTtJQUNmLHNCQUFzQjtJQUN0QixxQkFBcUI7SUFDckIsS0FBSztJQUNMLE9BQU8sQ0FBVTtJQUVqQixNQUFNLENBQVU7SUFDaEIsV0FBVyxDQUFZO0lBQ3ZCLGFBQWEsQ0FBa0I7SUFDL0IsSUFBSSxDQUFjO0lBQ2xCLFVBQVUsQ0FBUTtJQUtsQixJQUFJLENBQVk7SUFFaEIsS0FBSyxDQUFDLFVBQVU7UUFDZCxJQUFJLENBQUMsYUFBYSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsYUFBYSxDQUFDO1FBQzVDLElBQUksQ0FBQyxNQUFNLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxNQUFNLENBQUM7UUFDOUIsSUFBSSxDQUFDLFdBQVcsR0FBRyxJQUFJLENBQUMsR0FBRyxDQUFDLFdBQVcsQ0FBQztRQUN4QyxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQyxHQUFHLENBQUMsSUFBSSxDQUFDO1FBQzFCLElBQUksQ0FBQyxVQUFVLEdBQUcsSUFBSSxDQUFDLEdBQUcsQ0FBQyxVQUFrQixDQUFDO1FBQzlDLE1BQU0sSUFBSSxDQUFDLE1BQU0sRUFBRSxDQUFDO0lBQ3RCLENBQUM7SUFNRCxLQUFLLENBQUMsT0FBTztRQUNYLE1BQU0sT0FBTyxHQUFHLE1BQU0sSUFBSSxDQUFDLFNBQVMsRUFBRSxDQUFDO1FBQ3ZDLElBQUksT0FBTyxJQUFJLElBQUksRUFBRTtZQUNuQixPQUFPLE1BQU0sSUFBSSxDQUFDLE1BQU0sQ0FBQyxPQUFPLEVBQUUsS0FBSyxDQUFDLENBQUM7U0FDMUM7UUFDRCxNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxXQUFXLEVBQUUsQ0FBQztRQUN0QyxJQUFJLElBQUksSUFBSSxJQUFJLEVBQUU7WUFDaEIsTUFBTSxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQztZQUM5Qix1QkFBdUI7WUFDdkIsSUFBSSxDQUFDLGVBQWUsRUFBRSxDQUFDO1lBRXZCLElBQUksSUFBSSxDQUFDLGFBQWEsRUFBRTtnQkFDdEIsTUFBTSxJQUFJLENBQUMsZ0JBQWdCLEVBQUUsQ0FBQzthQUMvQjtTQUNGO2FBQU07WUFDTCxNQUFNLElBQUksS0FBSyxDQUFDLFFBQVEsQ0FBQyxDQUFDO1NBQzNCO0lBQ0gsQ0FBQztJQUVELEtBQUssQ0FBQyxNQUFNLENBQUMsVUFBc0IsRUFBRSxLQUFjO1FBQ2pELE1BQU0sSUFBSSxHQUFhLFVBQVUsQ0FBQyxVQUFVLEVBQUUsQ0FBQztRQUMvQyxJQUFJLENBQUMsSUFBSSxHQUFHLElBQUksQ0FBQztRQUVqQixJQUFJLEtBQUssRUFBRTtZQUNULE1BQU0sU0FBUyxHQUFHLEtBQUssQ0FBQyxVQUFVLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxTQUFTLENBQUMsQ0FBQyxNQUFNLENBQUMsaUJBQWlCLENBQUMsQ0FBQztZQUN4RixNQUFNLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxFQUFFLFNBQVMsQ0FBQyxDQUFDO1NBQ3JDO2FBQU07WUFDTCxJQUFJLENBQUMsWUFBWSxFQUFFLENBQUM7U0FDckI7UUFDRCxNQUFNO1FBQ04sb0RBQW9EO0lBQ3RELENBQUM7SUFFRCxLQUFLLENBQUMsT0FBTyxDQUFDLElBQWMsRUFBRSxTQUFpQjtRQUM3QyxNQUFNLEdBQUcsR0FBRyxJQUFJLEtBQUssRUFBRSxDQUFDO1FBQ3hCLEdBQUcsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLElBQUksQ0FBQyxHQUFHLENBQUMsQ0FBQztRQUMvQixHQUFHLENBQUMsSUFBSSxDQUFDLFVBQVUsRUFBRSxJQUFJLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDL0IsTUFBTSxXQUFXLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsQ0FBQyxPQUFPLENBQUMsR0FBRyxFQUFFLEdBQUcsQ0FBQyxDQUFDLE9BQU8sQ0FBQyxHQUFHLEVBQUUsR0FBRyxDQUFDLENBQUM7UUFDeEUsTUFBTSxRQUFRLEdBQUcsUUFBUSxXQUFXLElBQUksU0FBUyxNQUFNLENBQUM7UUFDeEQsTUFBTSxPQUFPLEdBQUcsTUFBTSxHQUFHLENBQUMsYUFBYSxDQUFDLEVBQUUsSUFBSSxFQUFFLFlBQVksRUFBRSxDQUFDLENBQUM7UUFDaEUsSUFBSSxDQUFDLFFBQVEsQ0FBQyxRQUFRLEVBQUUsT0FBTyxDQUFDLENBQUM7UUFDakMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsU0FBUyxRQUFRLEVBQUUsQ0FBQyxDQUFDO0lBQ3hDLENBQUM7SUFFRDs7T0FFRztJQUNILEtBQUssQ0FBQyxTQUFTO1FBQ2IsSUFBSSxJQUFJLENBQUMsV0FBVyxFQUFFO1lBQ3BCLE9BQU8sSUFBSSxDQUFDO1NBQ2I7UUFFRCxJQUFJLFlBQVksR0FBRyxLQUFLLENBQUM7UUFDekIsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxJQUFJLENBQUMsVUFBVSxFQUFFLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNqRSxNQUFNLFNBQVMsR0FBRyxJQUFJLENBQUMsU0FBUyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQztRQUMvQyxJQUFJLFFBQVEsS0FBSyxTQUFTLEVBQUU7WUFDMUIsWUFBWSxHQUFHLElBQUksQ0FBQztTQUNyQjtRQUVELElBQUksT0FBTyxHQUEyQixTQUFTLENBQUM7UUFDaEQsSUFBSTtZQUNGLE9BQU8sR0FBRyxNQUFNLElBQUksQ0FBQyxZQUFZLEVBQUUsQ0FBQztTQUNyQztRQUFDLE9BQU8sQ0FBQyxFQUFFO1lBQ1YsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxFQUFFLENBQUMsQ0FBQyxDQUFDO1NBQ2xDO1FBQ0QsSUFBSSxPQUFPLElBQUksSUFBSSxFQUFFO1lBQ25CLElBQUksQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLGVBQWUsQ0FBQyxDQUFDO1lBQ2xDLE9BQU8sSUFBSSxDQUFDO1NBQ2I7UUFFRCxJQUFJLFlBQVksRUFBRTtZQUNoQixJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxjQUFjLENBQUMsQ0FBQztZQUNqQyxPQUFPLElBQUksQ0FBQztTQUNiO1FBRUQsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLFlBQVksQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxTQUFTLENBQUMsQ0FBQztRQUMvRCxJQUFJLENBQUMsR0FBRyxDQUFDLFlBQVksRUFBRTtZQUNyQixJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxjQUFjLEtBQUssQ0FBQyxPQUFPLENBQUMsT0FBTyxDQUFDLENBQUMsTUFBTSxDQUFDLHFCQUFxQixDQUFDLE1BQU0sR0FBRyxDQUFDLFFBQVEsR0FBRyxDQUFDLENBQUM7WUFDMUcsT0FBTyxPQUFPLENBQUM7U0FDaEI7UUFDRCxJQUFJLENBQUMsTUFBTSxDQUFDLElBQUksQ0FBQyxhQUFhLENBQUMsQ0FBQztRQUNoQyxPQUFPLElBQUksQ0FBQztJQUNkLENBQUM7SUFFRCxVQUFVLENBQUMsR0FBVztRQUNwQixHQUFHLEdBQUcsR0FBRyxDQUFDLE9BQU8sQ0FBQyxLQUFLLEVBQUUsRUFBRSxDQUFDLENBQUM7UUFDN0IsR0FBRyxHQUFHLEdBQUcsQ0FBQyxPQUFPLENBQUMsT0FBTyxFQUFFLElBQUksQ0FBQyxDQUFDO1FBQ2pDLEdBQUcsR0FBRyxHQUFHLENBQUMsT0FBTyxDQUFDLE1BQU0sRUFBRSxFQUFFLENBQUMsQ0FBQztRQUM5QixPQUFPLEdBQUcsQ0FBQztJQUNiLENBQUM7SUFFRCxXQUFXLENBQUMsSUFBK0M7UUFDekQsTUFBTSxPQUFPLEdBQWE7WUFDeEIsR0FBRyxFQUFFLElBQUksQ0FBQyxVQUFVLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQztZQUM5QixHQUFHLEVBQUUsSUFBSSxDQUFDLFVBQVUsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDO1lBQzlCLEdBQUcsRUFBRSxJQUFJLENBQUMsVUFBVSxDQUFDLElBQUksQ0FBQyxHQUFHLENBQUM7U0FDL0IsQ0FBQztRQUNGLE9BQU8sT0FBTyxDQUFDO0lBQ2pCLENBQUM7SUFFRCxLQUFLLENBQUMsWUFBWTtRQUNoQixNQUFNLElBQUksR0FBRyxJQUFJLENBQUMsVUFBVSxFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsSUFBSSxDQUFDO1FBQ25ELElBQUksSUFBSSxJQUFJLElBQUksRUFBRTtZQUNoQixPQUFPLFNBQVMsQ0FBQztTQUNsQjtRQUNELE9BQU8sSUFBSSxVQUFVLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDOUIsQ0FBQztJQUVEOzs7OztPQUtHO0lBQ0gsWUFBWSxDQUFDLE9BQWUsRUFBRSxPQUFPLEdBQUcsRUFBRTtRQUN4QyxJQUFJLE9BQU8sSUFBSSxJQUFJLEVBQUU7WUFDbkIsTUFBTSxJQUFJLEtBQUssQ0FBQyxVQUFVLENBQUMsQ0FBQztTQUM3QjtRQUNELFFBQVE7UUFDUixNQUFNLFFBQVEsR0FBRyxLQUFLLENBQUMsT0FBTyxDQUFDLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxFQUFFLEtBQUssQ0FBQyxDQUFDO1FBQ3JELE9BQU87WUFDTCxZQUFZLEVBQUUsUUFBUSxHQUFHLE9BQU87WUFDaEMsUUFBUTtTQUNULENBQUM7SUFDSixDQUFDO0lBRU8sS0FBSyxDQUFDLGdCQUFnQjtRQUM1QixJQUFJO1lBQ0YsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsV0FBVyxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQztZQUMzQyxNQUFNLE9BQU8sR0FBRyxpQkFBaUIsSUFBSSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUMsR0FBRyxDQUFDO1lBQ3BELE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDO2dCQUMvQixNQUFNLEVBQUUsSUFBSSxDQUFDLEdBQUcsQ0FBQyxRQUFRLENBQUMsTUFBTTtnQkFDaEMsU0FBUyxFQUFFLENBQUMsSUFBSSxDQUFDLEtBQUssQ0FBQztnQkFDdkIsT0FBTyxFQUFFLE9BQU87Z0JBQ2hCLE9BQU8sRUFBRSxhQUFhLElBQUksQ0FBQyxPQUFPLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFO2FBQy9DLENBQUMsQ0FBQztTQUNKO1FBQUMsT0FBTyxDQUFDLEVBQUU7WUFDVixJQUFJLENBQUMsTUFBTSxDQUFDLEtBQUssQ0FBQyxrQkFBa0IsRUFBRSxDQUFDLENBQUMsQ0FBQztTQUMxQztJQUNILENBQUM7Q0FDRjtBQXRQQztJQUFDLFNBQVMsQ0FBQztRQUNULEtBQUssRUFBRSxJQUFJO1FBQ1gsU0FBUyxFQUFFO1lBQ1QsSUFBSSxFQUFFLFVBQVU7WUFDaEIsTUFBTSxFQUFFLE9BQU87WUFDZixJQUFJLEVBQUUsTUFBTTtZQUNaLElBQUksRUFBRSxLQUFLO1NBQ1o7UUFDRCxRQUFRLEVBQUUsSUFBSTtRQUNkLEdBQUcsRUFBRTtZQUNILElBQUksRUFBRSxFQUFFO1NBQ1Q7UUFDRCxLQUFLLEVBQUUsQ0FBQyxDQUFDO1FBQ1QsTUFBTSxFQUNKLHlEQUF5RDtZQUN6RCxvREFBb0Q7WUFDcEQsNkRBQTZEO1lBQzdELG1CQUFtQjtLQUN0QixDQUFDOztvREFDaUI7QUFFbkI7SUFBQyxTQUFTLENBQUM7UUFDVCxLQUFLLEVBQUUsSUFBSTtRQUNYLFNBQVMsRUFBRTtZQUNULElBQUksRUFBRSxTQUFTO1lBQ2YsTUFBTSxFQUFFLE9BQU87U0FDaEI7UUFDRCxRQUFRLEVBQUUsSUFBSTtRQUNkLEtBQUssRUFBRSxDQUFDLENBQUM7UUFDVCxNQUFNLEVBQUUsT0FBTztLQUNoQixDQUFDOztrREFDYTtBQUVmO0lBQUMsU0FBUyxDQUFDO1FBQ1QsS0FBSyxFQUFFLE1BQU07UUFDYixLQUFLLEVBQUUsRUFBRTtRQUNULFNBQVMsRUFBRTtZQUNULElBQUksRUFBRSxnQkFBZ0I7WUFDdEIsTUFBTSxFQUFFLE9BQU87U0FDaEI7UUFDRCxRQUFRLEVBQUUsSUFBSTtRQUNkLEtBQUssRUFBRSxHQUFHO1FBQ1YsTUFBTSxFQUFFLDhDQUE4QztLQUN2RCxDQUFDOztzREFDaUI7QUFFbkI7SUFBQyxTQUFTLENBQUM7UUFDVCxLQUFLLEVBQUUsTUFBTTtRQUNiLFNBQVMsRUFBRTtZQUNULElBQUksRUFBRSxVQUFVO1lBQ2hCLE1BQU0sRUFBRSxTQUFTO1NBQ2xCO1FBQ0QsS0FBSyxFQUFFLEdBQUc7UUFDVixNQUFNLEVBQUUsWUFBWTtLQUNyQixDQUFDOzt3REFDbUI7QUFFckI7SUFBQyxTQUFTLENBQUM7UUFDVCxLQUFLLEVBQUUsU0FBUztRQUNoQixLQUFLLEVBQUUsSUFBSTtRQUNYLFNBQVMsRUFBRTtZQUNULElBQUksRUFBRSxVQUFVO1lBQ2hCLE1BQU0sRUFBRSxTQUFTO1NBQ2xCO1FBQ0QsS0FBSyxFQUFFLEdBQUc7UUFDVixNQUFNLEVBQUUsZUFBZTtLQUN4QixDQUFDOzswREFDbUI7QUFFckI7SUFBQyxTQUFTLENBQUM7UUFDVCxLQUFLLEVBQUUsTUFBTTtRQUNiLEtBQUssRUFBRSxJQUFJO1FBQ1gsTUFBTSxFQUFFLDBFQUEwRTtLQUNuRixDQUFDOztrREFDYTtBQWNmO0lBQUMsVUFBVSxDQUFDO1FBQ1YsS0FBSyxFQUFFLE1BQU07S0FDZCxDQUFDOztpREFDYyJ9
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import { CertInfo } from "./acme.js";
|
|
2
|
+
import forge from "node-forge";
|
|
3
|
+
export declare class CertReader implements CertInfo {
|
|
4
|
+
crt: string;
|
|
5
|
+
key: string;
|
|
6
|
+
csr: string;
|
|
7
|
+
detail: any;
|
|
8
|
+
expires: number;
|
|
9
|
+
constructor(certInfo: CertInfo);
|
|
10
|
+
toCertInfo(): CertInfo;
|
|
11
|
+
getCrtDetail(crt: string): {
|
|
12
|
+
detail: forge.pki.Certificate;
|
|
13
|
+
expires: Date;
|
|
14
|
+
};
|
|
15
|
+
saveToFile(type: "crt" | "key", filepath?: string): string;
|
|
16
|
+
}
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
import fs from "fs";
|
|
2
|
+
import os from "os";
|
|
3
|
+
import forge from "node-forge";
|
|
4
|
+
import path from "path";
|
|
5
|
+
export class CertReader {
|
|
6
|
+
crt;
|
|
7
|
+
key;
|
|
8
|
+
csr;
|
|
9
|
+
detail;
|
|
10
|
+
expires;
|
|
11
|
+
constructor(certInfo) {
|
|
12
|
+
this.crt = certInfo.crt;
|
|
13
|
+
this.key = certInfo.key;
|
|
14
|
+
this.csr = certInfo.csr;
|
|
15
|
+
const { detail, expires } = this.getCrtDetail(this.crt);
|
|
16
|
+
this.detail = detail;
|
|
17
|
+
this.expires = expires.getTime();
|
|
18
|
+
}
|
|
19
|
+
toCertInfo() {
|
|
20
|
+
return {
|
|
21
|
+
crt: this.crt,
|
|
22
|
+
key: this.key,
|
|
23
|
+
csr: this.csr,
|
|
24
|
+
};
|
|
25
|
+
}
|
|
26
|
+
getCrtDetail(crt) {
|
|
27
|
+
const pki = forge.pki;
|
|
28
|
+
const detail = pki.certificateFromPem(crt.toString());
|
|
29
|
+
const expires = detail.validity.notAfter;
|
|
30
|
+
return { detail, expires };
|
|
31
|
+
}
|
|
32
|
+
saveToFile(type, filepath) {
|
|
33
|
+
if (filepath == null) {
|
|
34
|
+
//写入临时目录
|
|
35
|
+
filepath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "", `cert.${type}`);
|
|
36
|
+
}
|
|
37
|
+
const dir = path.dirname(filepath);
|
|
38
|
+
if (!fs.existsSync(dir)) {
|
|
39
|
+
fs.mkdirSync(dir, { recursive: true });
|
|
40
|
+
}
|
|
41
|
+
fs.writeFileSync(filepath, this[type]);
|
|
42
|
+
return filepath;
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2VydC1yZWFkZXIuanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcGx1Z2luL2NlcnQtcGx1Z2luL2NlcnQtcmVhZGVyLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUNBLE9BQU8sRUFBRSxNQUFNLElBQUksQ0FBQztBQUNwQixPQUFPLEVBQUUsTUFBTSxJQUFJLENBQUM7QUFDcEIsT0FBTyxLQUFLLE1BQU0sWUFBWSxDQUFDO0FBQy9CLE9BQU8sSUFBSSxNQUFNLE1BQU0sQ0FBQztBQUN4QixNQUFNLE9BQU8sVUFBVTtJQUNyQixHQUFHLENBQVM7SUFDWixHQUFHLENBQVM7SUFDWixHQUFHLENBQVM7SUFFWixNQUFNLENBQU07SUFDWixPQUFPLENBQVM7SUFDaEIsWUFBWSxRQUFrQjtRQUM1QixJQUFJLENBQUMsR0FBRyxHQUFHLFFBQVEsQ0FBQyxHQUFHLENBQUM7UUFDeEIsSUFBSSxDQUFDLEdBQUcsR0FBRyxRQUFRLENBQUMsR0FBRyxDQUFDO1FBQ3hCLElBQUksQ0FBQyxHQUFHLEdBQUcsUUFBUSxDQUFDLEdBQUcsQ0FBQztRQUV4QixNQUFNLEVBQUUsTUFBTSxFQUFFLE9BQU8sRUFBRSxHQUFHLElBQUksQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxDQUFDO1FBQ3hELElBQUksQ0FBQyxNQUFNLEdBQUcsTUFBTSxDQUFDO1FBQ3JCLElBQUksQ0FBQyxPQUFPLEdBQUcsT0FBTyxDQUFDLE9BQU8sRUFBRSxDQUFDO0lBQ25DLENBQUM7SUFFRCxVQUFVO1FBQ1IsT0FBTztZQUNMLEdBQUcsRUFBRSxJQUFJLENBQUMsR0FBRztZQUNiLEdBQUcsRUFBRSxJQUFJLENBQUMsR0FBRztZQUNiLEdBQUcsRUFBRSxJQUFJLENBQUMsR0FBRztTQUNkLENBQUM7SUFDSixDQUFDO0lBRUQsWUFBWSxDQUFDLEdBQVc7UUFDdEIsTUFBTSxHQUFHLEdBQUcsS0FBSyxDQUFDLEdBQUcsQ0FBQztRQUN0QixNQUFNLE1BQU0sR0FBRyxHQUFHLENBQUMsa0JBQWtCLENBQUMsR0FBRyxDQUFDLFFBQVEsRUFBRSxDQUFDLENBQUM7UUFDdEQsTUFBTSxPQUFPLEdBQUcsTUFBTSxDQUFDLFFBQVEsQ0FBQyxRQUFRLENBQUM7UUFDekMsT0FBTyxFQUFFLE1BQU0sRUFBRSxPQUFPLEVBQUUsQ0FBQztJQUM3QixDQUFDO0lBRUQsVUFBVSxDQUFDLElBQW1CLEVBQUUsUUFBaUI7UUFDL0MsSUFBSSxRQUFRLElBQUksSUFBSSxFQUFFLENBQUM7WUFDckIsUUFBUTtZQUNSLFFBQVEsR0FBRyxJQUFJLENBQUMsSUFBSSxDQUFDLEVBQUUsQ0FBQyxNQUFNLEVBQUUsRUFBRSxhQUFhLEVBQUUsSUFBSSxDQUFDLEtBQUssQ0FBQyxJQUFJLENBQUMsTUFBTSxFQUFFLEdBQUcsT0FBTyxDQUFDLEdBQUcsRUFBRSxFQUFFLFFBQVEsSUFBSSxFQUFFLENBQUMsQ0FBQztRQUM3RyxDQUFDO1FBRUQsTUFBTSxHQUFHLEdBQUcsSUFBSSxDQUFDLE9BQU8sQ0FBQyxRQUFRLENBQUMsQ0FBQztRQUNuQyxJQUFJLENBQUMsRUFBRSxDQUFDLFVBQVUsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1lBQ3hCLEVBQUUsQ0FBQyxTQUFTLENBQUMsR0FBRyxFQUFFLEVBQUUsU0FBUyxFQUFFLElBQUksRUFBRSxDQUFDLENBQUM7UUFDekMsQ0FBQztRQUVELEVBQUUsQ0FBQyxhQUFhLENBQUMsUUFBUSxFQUFFLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDO1FBQ3ZDLE9BQU8sUUFBUSxDQUFDO0lBQ2xCLENBQUM7Q0FDRiJ9
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import type { CertInfo, SSLProvider } from "./acme.js";
|
|
2
|
+
import { AcmeService } from "./acme.js";
|
|
3
|
+
import { CertReader } from "./cert-reader.js";
|
|
4
|
+
import { CertApplyBasePlugin } from "./base.js";
|
|
5
|
+
export { CertReader };
|
|
6
|
+
export type { CertInfo };
|
|
7
|
+
export declare class CertApplyPlugin extends CertApplyBasePlugin {
|
|
8
|
+
sslProvider: SSLProvider;
|
|
9
|
+
eabAccessId: number;
|
|
10
|
+
dnsProviderType: string;
|
|
11
|
+
dnsProviderAccess: string;
|
|
12
|
+
skipLocalVerify: boolean;
|
|
13
|
+
acme: AcmeService;
|
|
14
|
+
onInit(): Promise<void>;
|
|
15
|
+
doCertApply(): Promise<CertReader>;
|
|
16
|
+
}
|
|
@@ -0,0 +1,171 @@
|
|
|
1
|
+
var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
|
|
2
|
+
var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
|
|
3
|
+
if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
|
|
4
|
+
else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
|
|
5
|
+
return c > 3 && r && Object.defineProperty(target, key, r), r;
|
|
6
|
+
};
|
|
7
|
+
var __metadata = (this && this.__metadata) || function (k, v) {
|
|
8
|
+
if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
|
|
9
|
+
};
|
|
10
|
+
import { Decorator, IsTaskPlugin, pluginGroups, RunStrategy, TaskInput } from "@certd/pipeline";
|
|
11
|
+
import { AcmeService } from "./acme.js";
|
|
12
|
+
import _ from "lodash-es";
|
|
13
|
+
import { dnsProviderRegistry } from "../../dns-provider/index.js";
|
|
14
|
+
import { CertReader } from "./cert-reader.js";
|
|
15
|
+
import { CertApplyBasePlugin } from "./base.js";
|
|
16
|
+
export { CertReader };
|
|
17
|
+
let CertApplyPlugin = class CertApplyPlugin extends CertApplyBasePlugin {
|
|
18
|
+
sslProvider;
|
|
19
|
+
eabAccessId;
|
|
20
|
+
dnsProviderType;
|
|
21
|
+
dnsProviderAccess;
|
|
22
|
+
skipLocalVerify = false;
|
|
23
|
+
acme;
|
|
24
|
+
async onInit() {
|
|
25
|
+
let eab = null;
|
|
26
|
+
if (this.eabAccessId) {
|
|
27
|
+
eab = await this.ctx.accessService.getById(this.eabAccessId);
|
|
28
|
+
}
|
|
29
|
+
this.acme = new AcmeService({
|
|
30
|
+
userContext: this.userContext,
|
|
31
|
+
logger: this.logger,
|
|
32
|
+
sslProvider: this.sslProvider,
|
|
33
|
+
eab,
|
|
34
|
+
skipLocalVerify: this.skipLocalVerify,
|
|
35
|
+
});
|
|
36
|
+
}
|
|
37
|
+
async doCertApply() {
|
|
38
|
+
const email = this["email"];
|
|
39
|
+
const domains = this["domains"];
|
|
40
|
+
const dnsProviderType = this["dnsProviderType"];
|
|
41
|
+
const dnsProviderAccessId = this["dnsProviderAccess"];
|
|
42
|
+
const csrInfo = _.merge({
|
|
43
|
+
country: "CN",
|
|
44
|
+
state: "GuangDong",
|
|
45
|
+
locality: "ShengZhen",
|
|
46
|
+
organization: "CertD Org.",
|
|
47
|
+
organizationUnit: "IT Department",
|
|
48
|
+
emailAddress: email,
|
|
49
|
+
}, this.csrInfo ? JSON.parse(this.csrInfo) : {});
|
|
50
|
+
this.logger.info("开始申请证书,", email, domains);
|
|
51
|
+
const dnsProviderPlugin = dnsProviderRegistry.get(dnsProviderType);
|
|
52
|
+
const DnsProviderClass = dnsProviderPlugin.target;
|
|
53
|
+
const dnsProviderDefine = dnsProviderPlugin.define;
|
|
54
|
+
const access = await this.accessService.getById(dnsProviderAccessId);
|
|
55
|
+
// @ts-ignore
|
|
56
|
+
const dnsProvider = new DnsProviderClass();
|
|
57
|
+
const context = { access, logger: this.logger, http: this.http };
|
|
58
|
+
Decorator.inject(dnsProviderDefine.autowire, dnsProvider, context);
|
|
59
|
+
dnsProvider.setCtx(context);
|
|
60
|
+
await dnsProvider.onInstance();
|
|
61
|
+
try {
|
|
62
|
+
const cert = await this.acme.order({
|
|
63
|
+
email,
|
|
64
|
+
domains,
|
|
65
|
+
dnsProvider,
|
|
66
|
+
csrInfo,
|
|
67
|
+
isTest: false,
|
|
68
|
+
});
|
|
69
|
+
const certInfo = this.formatCerts(cert);
|
|
70
|
+
return new CertReader(certInfo);
|
|
71
|
+
}
|
|
72
|
+
catch (e) {
|
|
73
|
+
const message = e.message;
|
|
74
|
+
if (message.indexOf("redundant with a wildcard domain in the same request") >= 0) {
|
|
75
|
+
this.logger.error(e);
|
|
76
|
+
throw new Error(`通配符域名已经包含了普通域名,请删除其中一个(${message})`);
|
|
77
|
+
}
|
|
78
|
+
throw e;
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
};
|
|
82
|
+
__decorate([
|
|
83
|
+
TaskInput({
|
|
84
|
+
title: "证书提供商",
|
|
85
|
+
default: "letsencrypt",
|
|
86
|
+
component: {
|
|
87
|
+
name: "a-select",
|
|
88
|
+
vModel: "value",
|
|
89
|
+
options: [
|
|
90
|
+
{ value: "letsencrypt", label: "Let's Encrypt" },
|
|
91
|
+
// { value: "buypass", label: "Buypass" },
|
|
92
|
+
{ value: "zerossl", label: "ZeroSSL" },
|
|
93
|
+
],
|
|
94
|
+
},
|
|
95
|
+
required: true,
|
|
96
|
+
}),
|
|
97
|
+
__metadata("design:type", String)
|
|
98
|
+
], CertApplyPlugin.prototype, "sslProvider", void 0);
|
|
99
|
+
__decorate([
|
|
100
|
+
TaskInput({
|
|
101
|
+
title: "EAB授权",
|
|
102
|
+
component: {
|
|
103
|
+
name: "pi-access-selector",
|
|
104
|
+
type: "eab",
|
|
105
|
+
},
|
|
106
|
+
maybeNeed: true,
|
|
107
|
+
helper: "如果使用ZeroSSL证书,需要提供EAB授权, 请前往 https://app.zerossl.com/developer 生成 'EAB Credentials for ACME Clients' ",
|
|
108
|
+
}),
|
|
109
|
+
__metadata("design:type", Number)
|
|
110
|
+
], CertApplyPlugin.prototype, "eabAccessId", void 0);
|
|
111
|
+
__decorate([
|
|
112
|
+
TaskInput({
|
|
113
|
+
title: "DNS提供商",
|
|
114
|
+
component: {
|
|
115
|
+
name: "pi-dns-provider-selector",
|
|
116
|
+
},
|
|
117
|
+
required: true,
|
|
118
|
+
helper: "请选择dns解析提供商",
|
|
119
|
+
}),
|
|
120
|
+
__metadata("design:type", String)
|
|
121
|
+
], CertApplyPlugin.prototype, "dnsProviderType", void 0);
|
|
122
|
+
__decorate([
|
|
123
|
+
TaskInput({
|
|
124
|
+
title: "DNS解析授权",
|
|
125
|
+
component: {
|
|
126
|
+
name: "pi-access-selector",
|
|
127
|
+
},
|
|
128
|
+
required: true,
|
|
129
|
+
helper: "请选择dns解析提供商授权",
|
|
130
|
+
reference: [
|
|
131
|
+
{
|
|
132
|
+
src: "form.dnsProviderType",
|
|
133
|
+
dest: "component.type",
|
|
134
|
+
type: "computed",
|
|
135
|
+
},
|
|
136
|
+
],
|
|
137
|
+
}),
|
|
138
|
+
__metadata("design:type", String)
|
|
139
|
+
], CertApplyPlugin.prototype, "dnsProviderAccess", void 0);
|
|
140
|
+
__decorate([
|
|
141
|
+
TaskInput({
|
|
142
|
+
title: "跳过本地校验DNS",
|
|
143
|
+
default: false,
|
|
144
|
+
component: {
|
|
145
|
+
name: "a-switch",
|
|
146
|
+
vModel: "checked",
|
|
147
|
+
},
|
|
148
|
+
helper: "如果重试多次出现Authorization not found TXT record,导致无法申请成功,请尝试开启此选项",
|
|
149
|
+
}),
|
|
150
|
+
__metadata("design:type", Object)
|
|
151
|
+
], CertApplyPlugin.prototype, "skipLocalVerify", void 0);
|
|
152
|
+
CertApplyPlugin = __decorate([
|
|
153
|
+
IsTaskPlugin({
|
|
154
|
+
name: "CertApply",
|
|
155
|
+
title: "证书申请(JS版)",
|
|
156
|
+
group: pluginGroups.cert.key,
|
|
157
|
+
desc: "免费通配符域名证书申请,支持多个域名打到同一个证书上",
|
|
158
|
+
default: {
|
|
159
|
+
input: {
|
|
160
|
+
renewDays: 20,
|
|
161
|
+
forceUpdate: false,
|
|
162
|
+
},
|
|
163
|
+
strategy: {
|
|
164
|
+
runStrategy: RunStrategy.AlwaysRun,
|
|
165
|
+
},
|
|
166
|
+
},
|
|
167
|
+
})
|
|
168
|
+
], CertApplyPlugin);
|
|
169
|
+
export { CertApplyPlugin };
|
|
170
|
+
new CertApplyPlugin();
|
|
171
|
+
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi8uLi9zcmMvcGx1Z2luL2NlcnQtcGx1Z2luL2luZGV4LnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiI7Ozs7Ozs7OztBQUFBLE9BQU8sRUFBRSxTQUFTLEVBQUUsWUFBWSxFQUFFLFlBQVksRUFBRSxXQUFXLEVBQUUsU0FBUyxFQUFFLE1BQU0saUJBQWlCLENBQUM7QUFFaEcsT0FBTyxFQUFFLFdBQVcsRUFBRSxNQUFNLFdBQVcsQ0FBQztBQUN4QyxPQUFPLENBQUMsTUFBTSxXQUFXLENBQUM7QUFDMUIsT0FBTyxFQUF5QyxtQkFBbUIsRUFBRSxNQUFNLDZCQUE2QixDQUFDO0FBQ3pHLE9BQU8sRUFBRSxVQUFVLEVBQUUsTUFBTSxrQkFBa0IsQ0FBQztBQUM5QyxPQUFPLEVBQUUsbUJBQW1CLEVBQUUsTUFBTSxXQUFXLENBQUM7QUFFaEQsT0FBTyxFQUFFLFVBQVUsRUFBRSxDQUFDO0FBa0JmLElBQU0sZUFBZSxHQUFyQixNQUFNLGVBQWdCLFNBQVEsbUJBQW1CO0lBZXRELFdBQVcsQ0FBZTtJQVcxQixXQUFXLENBQVU7SUFVckIsZUFBZSxDQUFVO0lBaUJ6QixpQkFBaUIsQ0FBVTtJQVczQixlQUFlLEdBQUcsS0FBSyxDQUFDO0lBRXhCLElBQUksQ0FBZTtJQUVuQixLQUFLLENBQUMsTUFBTTtRQUNWLElBQUksR0FBRyxHQUFRLElBQUksQ0FBQztRQUNwQixJQUFJLElBQUksQ0FBQyxXQUFXLEVBQUU7WUFDcEIsR0FBRyxHQUFHLE1BQU0sSUFBSSxDQUFDLEdBQUcsQ0FBQyxhQUFhLENBQUMsT0FBTyxDQUFDLElBQUksQ0FBQyxXQUFXLENBQUMsQ0FBQztTQUM5RDtRQUNELElBQUksQ0FBQyxJQUFJLEdBQUcsSUFBSSxXQUFXLENBQUM7WUFDMUIsV0FBVyxFQUFFLElBQUksQ0FBQyxXQUFXO1lBQzdCLE1BQU0sRUFBRSxJQUFJLENBQUMsTUFBTTtZQUNuQixXQUFXLEVBQUUsSUFBSSxDQUFDLFdBQVc7WUFDN0IsR0FBRztZQUNILGVBQWUsRUFBRSxJQUFJLENBQUMsZUFBZTtTQUN0QyxDQUFDLENBQUM7SUFDTCxDQUFDO0lBRUQsS0FBSyxDQUFDLFdBQVc7UUFDZixNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUM7UUFDNUIsTUFBTSxPQUFPLEdBQUcsSUFBSSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2hDLE1BQU0sZUFBZSxHQUFHLElBQUksQ0FBQyxpQkFBaUIsQ0FBQyxDQUFDO1FBQ2hELE1BQU0sbUJBQW1CLEdBQUcsSUFBSSxDQUFDLG1CQUFtQixDQUFDLENBQUM7UUFDdEQsTUFBTSxPQUFPLEdBQUcsQ0FBQyxDQUFDLEtBQUssQ0FDckI7WUFDRSxPQUFPLEVBQUUsSUFBSTtZQUNiLEtBQUssRUFBRSxXQUFXO1lBQ2xCLFFBQVEsRUFBRSxXQUFXO1lBQ3JCLFlBQVksRUFBRSxZQUFZO1lBQzFCLGdCQUFnQixFQUFFLGVBQWU7WUFDakMsWUFBWSxFQUFFLEtBQUs7U0FDcEIsRUFDRCxJQUFJLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDLElBQUksQ0FBQyxPQUFPLENBQUMsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUM3QyxDQUFDO1FBQ0YsSUFBSSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsU0FBUyxFQUFFLEtBQUssRUFBRSxPQUFPLENBQUMsQ0FBQztRQUU1QyxNQUFNLGlCQUFpQixHQUFHLG1CQUFtQixDQUFDLEdBQUcsQ0FBQyxlQUFlLENBQUMsQ0FBQztRQUNuRSxNQUFNLGdCQUFnQixHQUFHLGlCQUFpQixDQUFDLE1BQU0sQ0FBQztRQUNsRCxNQUFNLGlCQUFpQixHQUFHLGlCQUFpQixDQUFDLE1BQTJCLENBQUM7UUFDeEUsTUFBTSxNQUFNLEdBQUcsTUFBTSxJQUFJLENBQUMsYUFBYSxDQUFDLE9BQU8sQ0FBQyxtQkFBbUIsQ0FBQyxDQUFDO1FBRXJFLGFBQWE7UUFDYixNQUFNLFdBQVcsR0FBaUIsSUFBSSxnQkFBZ0IsRUFBRSxDQUFDO1FBQ3pELE1BQU0sT0FBTyxHQUF1QixFQUFFLE1BQU0sRUFBRSxNQUFNLEVBQUUsSUFBSSxDQUFDLE1BQU0sRUFBRSxJQUFJLEVBQUUsSUFBSSxDQUFDLElBQUksRUFBRSxDQUFDO1FBQ3JGLFNBQVMsQ0FBQyxNQUFNLENBQUMsaUJBQWlCLENBQUMsUUFBUSxFQUFFLFdBQVcsRUFBRSxPQUFPLENBQUMsQ0FBQztRQUNuRSxXQUFXLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQyxDQUFDO1FBQzVCLE1BQU0sV0FBVyxDQUFDLFVBQVUsRUFBRSxDQUFDO1FBRS9CLElBQUk7WUFDRixNQUFNLElBQUksR0FBRyxNQUFNLElBQUksQ0FBQyxJQUFJLENBQUMsS0FBSyxDQUFDO2dCQUNqQyxLQUFLO2dCQUNMLE9BQU87Z0JBQ1AsV0FBVztnQkFDWCxPQUFPO2dCQUNQLE1BQU0sRUFBRSxLQUFLO2FBQ2QsQ0FBQyxDQUFDO1lBRUgsTUFBTSxRQUFRLEdBQUcsSUFBSSxDQUFDLFdBQVcsQ0FBQyxJQUFJLENBQUMsQ0FBQztZQUN4QyxPQUFPLElBQUksVUFBVSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1NBQ2pDO1FBQUMsT0FBTyxDQUFNLEVBQUU7WUFDZixNQUFNLE9BQU8sR0FBVyxDQUFDLENBQUMsT0FBTyxDQUFDO1lBQ2xDLElBQUksT0FBTyxDQUFDLE9BQU8sQ0FBQyxzREFBc0QsQ0FBQyxJQUFJLENBQUMsRUFBRTtnQkFDaEYsSUFBSSxDQUFDLE1BQU0sQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7Z0JBQ3JCLE1BQU0sSUFBSSxLQUFLLENBQUMsMEJBQTBCLE9BQU8sR0FBRyxDQUFDLENBQUM7YUFDdkQ7WUFDRCxNQUFNLENBQUMsQ0FBQztTQUNUO0lBQ0gsQ0FBQztDQUNGLENBQUE7QUFuSUM7SUFBQyxTQUFTLENBQUM7UUFDVCxLQUFLLEVBQUUsT0FBTztRQUNkLE9BQU8sRUFBRSxhQUFhO1FBQ3RCLFNBQVMsRUFBRTtZQUNULElBQUksRUFBRSxVQUFVO1lBQ2hCLE1BQU0sRUFBRSxPQUFPO1lBQ2YsT0FBTyxFQUFFO2dCQUNQLEVBQUUsS0FBSyxFQUFFLGFBQWEsRUFBRSxLQUFLLEVBQUUsZUFBZSxFQUFFO2dCQUNoRCwwQ0FBMEM7Z0JBQzFDLEVBQUUsS0FBSyxFQUFFLFNBQVMsRUFBRSxLQUFLLEVBQUUsU0FBUyxFQUFFO2FBQ3ZDO1NBQ0Y7UUFDRCxRQUFRLEVBQUUsSUFBSTtLQUNmLENBQUM7O29EQUN3QjtBQUUxQjtJQUFDLFNBQVMsQ0FBQztRQUNULEtBQUssRUFBRSxPQUFPO1FBQ2QsU0FBUyxFQUFFO1lBQ1QsSUFBSSxFQUFFLG9CQUFvQjtZQUMxQixJQUFJLEVBQUUsS0FBSztTQUNaO1FBQ0QsU0FBUyxFQUFFLElBQUk7UUFDZixNQUFNLEVBQUUsdUdBQXVHO0tBQ2hILENBQUM7O29EQUNtQjtBQUVyQjtJQUFDLFNBQVMsQ0FBQztRQUNULEtBQUssRUFBRSxRQUFRO1FBQ2YsU0FBUyxFQUFFO1lBQ1QsSUFBSSxFQUFFLDBCQUEwQjtTQUNqQztRQUNELFFBQVEsRUFBRSxJQUFJO1FBQ2QsTUFBTSxFQUFFLGFBQWE7S0FDdEIsQ0FBQzs7d0RBQ3VCO0FBRXpCO0lBQUMsU0FBUyxDQUFDO1FBQ1QsS0FBSyxFQUFFLFNBQVM7UUFDaEIsU0FBUyxFQUFFO1lBQ1QsSUFBSSxFQUFFLG9CQUFvQjtTQUMzQjtRQUNELFFBQVEsRUFBRSxJQUFJO1FBQ2QsTUFBTSxFQUFFLGVBQWU7UUFDdkIsU0FBUyxFQUFFO1lBQ1Q7Z0JBQ0UsR0FBRyxFQUFFLHNCQUFzQjtnQkFDM0IsSUFBSSxFQUFFLGdCQUFnQjtnQkFDdEIsSUFBSSxFQUFFLFVBQVU7YUFDakI7U0FDRjtLQUNGLENBQUM7OzBEQUN5QjtBQUUzQjtJQUFDLFNBQVMsQ0FBQztRQUNULEtBQUssRUFBRSxXQUFXO1FBQ2xCLE9BQU8sRUFBRSxLQUFLO1FBQ2QsU0FBUyxFQUFFO1lBQ1QsSUFBSSxFQUFFLFVBQVU7WUFDaEIsTUFBTSxFQUFFLFNBQVM7U0FDbEI7UUFDRCxNQUFNLEVBQUUsOERBQThEO0tBQ3ZFLENBQUM7O3dEQUNzQjtBQWhFYixlQUFlO0lBZjNCLFlBQVksQ0FBQztRQUNaLElBQUksRUFBRSxXQUFXO1FBQ2pCLEtBQUssRUFBRSxXQUFXO1FBQ2xCLEtBQUssRUFBRSxZQUFZLENBQUMsSUFBSSxDQUFDLEdBQUc7UUFDNUIsSUFBSSxFQUFFLDRCQUE0QjtRQUNsQyxPQUFPLEVBQUU7WUFDUCxLQUFLLEVBQUU7Z0JBQ0wsU0FBUyxFQUFFLEVBQUU7Z0JBQ2IsV0FBVyxFQUFFLEtBQUs7YUFDbkI7WUFDRCxRQUFRLEVBQUU7Z0JBQ1IsV0FBVyxFQUFFLFdBQVcsQ0FBQyxTQUFTO2FBQ25DO1NBQ0Y7S0FDRixDQUFDO0dBQ1csZUFBZSxDQW9JM0I7U0FwSVksZUFBZTtBQXNJNUIsSUFBSSxlQUFlLEVBQUUsQ0FBQyJ9
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
import type { CertInfo } from "./acme.js";
|
|
2
|
+
import { CertReader } from "./cert-reader.js";
|
|
3
|
+
import { CertApplyBasePlugin } from "./base.js";
|
|
4
|
+
import { EabAccess } from "../../access";
|
|
5
|
+
export { CertReader };
|
|
6
|
+
export type { CertInfo };
|
|
7
|
+
export declare class CertApplyLegoPlugin extends CertApplyBasePlugin {
|
|
8
|
+
dnsType: string;
|
|
9
|
+
environment: string;
|
|
10
|
+
legoEabAccessId: number;
|
|
11
|
+
customArgs: string;
|
|
12
|
+
eab?: EabAccess;
|
|
13
|
+
onInstance(): Promise<void>;
|
|
14
|
+
onInit(): Promise<void>;
|
|
15
|
+
doCertApply(): Promise<CertReader>;
|
|
16
|
+
}
|