@certd/plugin-cert 1.38.2 → 1.38.4

package/test/dist/cert-plugin.test.js

@@ -0,0 +1,14 @@
+import { expect } from "chai";
+describe("test/cert-plugin.ts", () => {
+    it("should throw error when expires is null or undefined", () => {
+        expect(() => {
+            // @ts-ignore
+            instance.isWillExpire(undefined);
+        }).throw("过期时间不能为空");
+        expect(() => {
+            // @ts-ignore
+            instance.isWillExpire(null);
+        }).throw("过期时间不能为空");
+    });
+});
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2VydC1wbHVnaW4udGVzdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL2NlcnQtcGx1Z2luLnRlc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLE1BQU0sQ0FBQztBQUU5QixRQUFRLENBQUMscUJBQXFCLEVBQUUsR0FBRyxFQUFFO0lBQ25DLEVBQUUsQ0FBQyxzREFBc0QsRUFBRSxHQUFHLEVBQUU7UUFDOUQsTUFBTSxDQUFDLEdBQUcsRUFBRTtZQUNWLGFBQWE7WUFDYixRQUFRLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ25DLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUVyQixNQUFNLENBQUMsR0FBRyxFQUFFO1lBQ1YsYUFBYTtZQUNiLFFBQVEsQ0FBQyxZQUFZLENBQUMsSUFBSSxDQUFDLENBQUM7UUFDOUIsQ0FBQyxDQUFDLENBQUMsS0FBSyxDQUFDLFVBQVUsQ0FBQyxDQUFDO0lBQ3ZCLENBQUMsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyxDQUFDLENBQUMifQ==

package/test/dist/test/cert-plugin.test.js

@@ -0,0 +1,15 @@
+import { expect } from "chai";
+import { CertApplyPlugin } from "../src";
+describe("test/cert-plugin.ts", () => {
+    it("should throw error when expires is null or undefined", () => {
+        expect(() => {
+            // @ts-ignore
+            new CertApplyPlugin().isWillExpire(undefined);
+        }).throw("过期时间不能为空");
+        expect(() => {
+            // @ts-ignore
+            new CertApplyPlugin().isWillExpire(null);
+        }).throw("过期时间不能为空");
+    });
+});
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiY2VydC1wbHVnaW4udGVzdC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL2NlcnQtcGx1Z2luLnRlc3QudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUFFLE1BQU0sRUFBRSxNQUFNLE1BQU0sQ0FBQztBQUM5QixPQUFPLEVBQUUsZUFBZSxFQUFFLE1BQU0sUUFBUSxDQUFDO0FBRXpDLFFBQVEsQ0FBQyxxQkFBcUIsRUFBRSxHQUFHLEVBQUU7SUFDbkMsRUFBRSxDQUFDLHNEQUFzRCxFQUFFLEdBQUcsRUFBRTtRQUM5RCxNQUFNLENBQUMsR0FBRyxFQUFFO1lBQ1YsYUFBYTtZQUNiLElBQUksZUFBZSxFQUFFLENBQUMsWUFBWSxDQUFDLFNBQVMsQ0FBQyxDQUFDO1FBQ2hELENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsQ0FBQztRQUVyQixNQUFNLENBQUMsR0FBRyxFQUFFO1lBQ1YsYUFBYTtZQUNiLElBQUksZUFBZSxFQUFFLENBQUMsWUFBWSxDQUFDLElBQUksQ0FBQyxDQUFDO1FBQzNDLENBQUMsQ0FBQyxDQUFDLEtBQUssQ0FBQyxVQUFVLENBQUMsQ0FBQztJQUN2QixDQUFDLENBQUMsQ0FBQztBQUNMLENBQUMsQ0FBQyxDQUFDIn0=

package/dist/cert-reader.d.ts

@@ -1,51 +0,0 @@
-import { CertInfo } from "./acme.js";
-import { CertificateInfo } from "@certd/acme-client";
-import { ILogger } from "@certd/basic";
-export type CertReaderHandleContext = {
-    reader: CertReader;
-    tmpCrtPath: string;
-    tmpKeyPath: string;
-    tmpOcPath?: string;
-    tmpPfxPath?: string;
-    tmpDerPath?: string;
-    tmpIcPath?: string;
-    tmpJksPath?: string;
-    tmpOnePath?: string;
-    tmpP7bPath?: string;
-};
-export type CertReaderHandle = (ctx: CertReaderHandleContext) => Promise<void>;
-export type HandleOpts = {
-    logger: ILogger;
-    handle: CertReaderHandle;
-};
-export declare class CertReader {
-    cert: CertInfo;
-    detail: CertificateInfo;
-    effective: number;
-    expires: number;
-    constructor(certInfo: CertInfo);
-    getIc(): any;
-    getOc(): string;
-    toCertInfo(format?: string): CertInfo;
-    getCrtDetail(crt?: string): {
-        detail: CertificateInfo;
-        effective: Date;
-        expires: Date;
-    };
-    static readCertDetail(crt: string): {
-        detail: CertificateInfo;
-        effective: Date;
-        expires: Date;
-    };
-    getAllDomains(): any;
-    getAltNames(): string[];
-    static getMainDomain(crt: string): string;
-    getMainDomain(): string;
-    static getMainDomainFromDetail(detail: CertificateInfo): string;
-    saveToFile(type: "crt" | "key" | "pfx" | "der" | "oc" | "one" | "ic" | "jks" | "p7b", filepath?: string): string;
-    readCertFile(opts: HandleOpts): Promise<void>;
-    buildCertFileName(suffix: string, applyTime: any, prefix?: string): string;
-    buildCertName(prefix?: string): string;
-    static appendTimeSuffix(name?: string): string;
-    static buildCertName(cert: any): string;
-}

package/dist/cert-reader.js

@@ -1,205 +0,0 @@
-import fs from "fs";
-import os from "os";
-import path from "path";
-import { crypto } from "@certd/acme-client";
-import dayjs from "dayjs";
-import { uniq } from "lodash-es";
-const formats = {
-    pem: ["crt", "key", "ic"],
-    one: ["one"],
-    pfx: ["pfx"],
-    der: ["der"],
-    jks: ["jks"],
-    p7b: ["p7b", "key"],
-};
-export class CertReader {
-    cert;
-    detail;
-    //毫秒时间戳
-    effective;
-    //毫秒时间戳
-    expires;
-    constructor(certInfo) {
-        this.cert = certInfo;
-        if (!certInfo.ic) {
-            this.cert.ic = this.getIc();
-        }
-        if (!certInfo.oc) {
-            this.cert.oc = this.getOc();
-        }
-        if (!certInfo.one) {
-            this.cert.one = this.cert.crt + "\n" + this.cert.key;
-        }
-        try {
-            const { detail, effective, expires } = this.getCrtDetail(this.cert.crt);
-            this.detail = detail;
-            this.effective = effective.getTime();
-            this.expires = expires.getTime();
-        }
-        catch (e) {
-            throw new Error("证书解析失败:" + e.message);
-        }
-    }
-    getIc() {
-        //中间证书ic， 就是crt的第一个 -----END CERTIFICATE----- 之后的内容
-        const endStr = "-----END CERTIFICATE-----";
-        const firstBlockEndIndex = this.cert.crt.indexOf(endStr);
-        const start = firstBlockEndIndex + endStr.length + 1;
-        if (this.cert.crt.length <= start) {
-            return "";
-        }
-        const ic = this.cert.crt.substring(start);
-        if (ic == null) {
-            return "";
-        }
-        return ic?.trim();
-    }
-    getOc() {
-        //原始证书 就是crt的第一个 -----END CERTIFICATE----- 之前的内容
-        const endStr = "-----END CERTIFICATE-----";
-        const arr = this.cert.crt.split(endStr);
-        return arr[0] + endStr;
-    }
-    toCertInfo(format) {
-        if (!format) {
-            return this.cert;
-        }
-        const formatArr = formats[format];
-        const res = {};
-        formatArr.forEach((key) => {
-            res[key] = this.cert[key];
-        });
-        return res;
-    }
-    getCrtDetail(crt = this.cert.crt) {
-        return CertReader.readCertDetail(crt);
-    }
-    static readCertDetail(crt) {
-        const detail = crypto.readCertificateInfo(crt.toString());
-        const effective = detail.notBefore;
-        const expires = detail.notAfter;
-        return { detail, effective, expires };
-    }
-    getAllDomains() {
-        const { detail } = this.getCrtDetail();
-        const domains = [];
-        if (detail.domains?.commonName) {
-            domains.push(detail.domains.commonName);
-        }
-        domains.push(...detail.domains.altNames);
-        //去重
-        return uniq(domains);
-    }
-    getAltNames() {
-        const { detail } = this.getCrtDetail();
-        return detail.domains.altNames;
-    }
-    static getMainDomain(crt) {
-        const { detail } = CertReader.readCertDetail(crt);
-        return CertReader.getMainDomainFromDetail(detail);
-    }
-    getMainDomain() {
-        const { detail } = this.getCrtDetail();
-        return CertReader.getMainDomainFromDetail(detail);
-    }
-    static getMainDomainFromDetail(detail) {
-        let domain = detail?.domains?.commonName;
-        if (domain == null) {
-            domain = detail?.domains?.altNames?.[0];
-        }
-        if (domain == null) {
-            domain = "unknown";
-        }
-        return domain;
-    }
-    saveToFile(type, filepath) {
-        if (!this.cert[type]) {
-            return;
-        }
-        if (filepath == null) {
-            //写入临时目录
-            filepath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + `_cert.${type}`);
-        }
-        const dir = path.dirname(filepath);
-        if (!fs.existsSync(dir)) {
-            fs.mkdirSync(dir, { recursive: true });
-        }
-        if (type === "crt" || type === "key" || type === "ic" || type === "oc" || type === "one" || type === "p7b") {
-            fs.writeFileSync(filepath, this.cert[type]);
-        }
-        else {
-            fs.writeFileSync(filepath, Buffer.from(this.cert[type], "base64"));
-        }
-        return filepath;
-    }
-    async readCertFile(opts) {
-        const logger = opts.logger;
-        logger.info("将证书写入本地缓存文件");
-        const tmpCrtPath = this.saveToFile("crt");
-        const tmpKeyPath = this.saveToFile("key");
-        const tmpPfxPath = this.saveToFile("pfx");
-        const tmpIcPath = this.saveToFile("ic");
-        const tmpOcPath = this.saveToFile("oc");
-        const tmpDerPath = this.saveToFile("der");
-        const tmpJksPath = this.saveToFile("jks");
-        const tmpOnePath = this.saveToFile("one");
-        const tmpP7bPath = this.saveToFile("p7b");
-        logger.info("本地文件写入成功");
-        try {
-            return await opts.handle({
-                reader: this,
-                tmpCrtPath,
-                tmpKeyPath,
-                tmpPfxPath,
-                tmpDerPath,
-                tmpIcPath,
-                tmpJksPath,
-                tmpOcPath,
-                tmpP7bPath,
-                tmpOnePath,
-            });
-        }
-        catch (err) {
-            logger.error("处理失败", err);
-            throw err;
-        }
-        finally {
-            //删除临时文件
-            logger.info("清理临时文件");
-            function removeFile(filepath) {
-                if (filepath) {
-                    fs.unlinkSync(filepath);
-                }
-            }
-            removeFile(tmpCrtPath);
-            removeFile(tmpKeyPath);
-            removeFile(tmpPfxPath);
-            removeFile(tmpOcPath);
-            removeFile(tmpDerPath);
-            removeFile(tmpIcPath);
-            removeFile(tmpJksPath);
-            removeFile(tmpOnePath);
-            removeFile(tmpP7bPath);
-        }
-    }
-    buildCertFileName(suffix, applyTime, prefix = "cert") {
-        let domain = this.getMainDomain();
-        domain = domain.replaceAll(".", "_").replaceAll("*", "_");
-        const timeStr = dayjs(applyTime).format("YYYYMMDDHHmmss");
-        return `${prefix}_${domain}_${timeStr}.${suffix}`;
-    }
-    buildCertName(prefix = "") {
-        let domain = this.getMainDomain();
-        domain = domain.replaceAll(".", "_").replaceAll("*", "_");
-        return `${prefix}_${domain}_${dayjs().format("YYYYMMDDHHmmssSSS")}`;
-    }
-    static appendTimeSuffix(name) {
-        if (name == null) {
-            name = "certd";
-        }
-        return name + "_" + dayjs().format("YYYYMMDDHHmmssSSS");
-    }
-    static buildCertName(cert) {
-        return new CertReader(cert).buildCertName();
-    }
-}

package/dist/convert.d.ts

@@ -1,26 +0,0 @@
-import { ILogger } from "@certd/basic";
-import type { CertInfo } from "../cert-plugin/acme.js";
-import { CertReader, CertReaderHandleContext } from "../cert-plugin/cert-reader.js";
-export { CertReader };
-export type { CertInfo };
-export declare class CertConverter {
-    logger: ILogger;
-    constructor(opts: {
-        logger: ILogger;
-    });
-    convert(opts: {
-        cert: CertInfo;
-        pfxPassword: string;
-        pfxArgs: string;
-    }): Promise<{
-        pfx: string;
-        der: string;
-        jks: string;
-        p7b: string;
-    }>;
-    exec(cmd: string): Promise<void>;
-    private convertPfx;
-    private convertDer;
-    convertP7b(opts: CertReaderHandleContext): Promise<string>;
-    convertJks(opts: CertReaderHandleContext, pfxPassword?: string): Promise<string>;
-}

package/dist/convert.js

@@ -1,123 +0,0 @@
-import { sp } from "@certd/basic";
-import { CertReader } from "../cert-plugin/cert-reader.js";
-import path from "path";
-import os from "os";
-import fs from "fs";
-export { CertReader };
-export class CertConverter {
-    logger;
-    constructor(opts) {
-        this.logger = opts.logger;
-    }
-    async convert(opts) {
-        const certReader = new CertReader(opts.cert);
-        let pfx;
-        let der;
-        let jks;
-        let p7b;
-        const handle = async (ctx) => {
-            // 调用openssl 转pfx
-            pfx = await this.convertPfx(ctx, opts.pfxPassword, opts.pfxArgs);
-            // 转der
-            der = await this.convertDer(ctx);
-            jks = await this.convertJks(ctx, opts.pfxPassword);
-            p7b = await this.convertP7b(ctx);
-        };
-        await certReader.readCertFile({ logger: this.logger, handle });
-        return {
-            pfx,
-            der,
-            jks,
-            p7b,
-        };
-    }
-    async exec(cmd) {
-        process.env.LANG = "zh_CN.GBK";
-        await sp.spawn({
-            cmd: cmd,
-            logger: this.logger,
-        });
-    }
-    async convertPfx(opts, pfxPassword, pfxArgs) {
-        const { tmpCrtPath, tmpKeyPath } = opts;
-        const pfxPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + "_cert.pfx");
-        const dir = path.dirname(pfxPath);
-        if (!fs.existsSync(dir)) {
-            fs.mkdirSync(dir, { recursive: true });
-        }
-        let passwordArg = "-passout pass:";
-        if (pfxPassword) {
-            passwordArg = `-password pass:${pfxPassword}`;
-        }
-        // 兼容server 2016，旧版本不能用sha256
-        const oldPfxCmd = `openssl pkcs12 ${pfxArgs} -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`;
-        // const newPfx = `openssl pkcs12 -export -out ${pfxPath} -inkey ${tmpKeyPath} -in ${tmpCrtPath} ${passwordArg}`;
-        await this.exec(oldPfxCmd);
-        const fileBuffer = fs.readFileSync(pfxPath);
-        const pfxCert = fileBuffer.toString("base64");
-        fs.unlinkSync(pfxPath);
-        return pfxCert;
-        //
-        // const applyTime = new Date().getTime();
-        // const filename = reader.buildCertFileName("pfx", applyTime);
-        // this.saveFile(filename, fileBuffer);
-    }
-    async convertDer(opts) {
-        const { tmpCrtPath } = opts;
-        const derPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + `_cert.der`);
-        const dir = path.dirname(derPath);
-        if (!fs.existsSync(dir)) {
-            fs.mkdirSync(dir, { recursive: true });
-        }
-        await this.exec(`openssl x509 -outform der -in ${tmpCrtPath} -out ${derPath}`);
-        const fileBuffer = fs.readFileSync(derPath);
-        const derCert = fileBuffer.toString("base64");
-        fs.unlinkSync(derPath);
-        return derCert;
-    }
-    async convertP7b(opts) {
-        const { tmpCrtPath } = opts;
-        const p7bPath = path.join(os.tmpdir(), "/certd/tmp/", Math.floor(Math.random() * 1000000) + `_cert.p7b`);
-        const dir = path.dirname(p7bPath);
-        if (!fs.existsSync(dir)) {
-            fs.mkdirSync(dir, { recursive: true });
-        }
-        //openssl crl2pkcs7 -nocrl \
-        //     -certfile your_domain.crt \
-        //     -certfile intermediate.crt \
-        //     -out chain.p7b
-        await this.exec(`openssl crl2pkcs7 -nocrl -certfile ${tmpCrtPath} -out ${p7bPath}`);
-        const fileBuffer = fs.readFileSync(p7bPath);
-        const p7bCert = fileBuffer.toString();
-        fs.unlinkSync(p7bPath);
-        return p7bCert;
-    }
-    async convertJks(opts, pfxPassword = "") {
-        const jksPassword = pfxPassword || "123456";
-        try {
-            const randomStr = Math.floor(Math.random() * 1000000) + "";
-            const p12Path = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.p12`);
-            const { tmpCrtPath, tmpKeyPath } = opts;
-            let passwordArg = "-passout pass:";
-            if (jksPassword) {
-                passwordArg = `-password pass:${jksPassword}`;
-            }
-            await this.exec(`openssl pkcs12 -export -in ${tmpCrtPath} -inkey ${tmpKeyPath} -out ${p12Path} -name certd ${passwordArg}`);
-            const jksPath = path.join(os.tmpdir(), "/certd/tmp/", randomStr + `_cert.jks`);
-            const dir = path.dirname(jksPath);
-            if (!fs.existsSync(dir)) {
-                fs.mkdirSync(dir, { recursive: true });
-            }
-            await this.exec(`keytool -importkeystore -srckeystore ${p12Path} -srcstoretype PKCS12 -srcstorepass "${jksPassword}" -destkeystore ${jksPath} -deststoretype PKCS12 -deststorepass "${jksPassword}" `);
-            fs.unlinkSync(p12Path);
-            const fileBuffer = fs.readFileSync(jksPath);
-            const certBase64 = fileBuffer.toString("base64");
-            fs.unlinkSync(jksPath);
-            return certBase64;
-        }
-        catch (e) {
-            this.logger.error("转换jks失败", e);
-            return;
-        }
-    }
-}