diff --git a/app/lib/CertHelper.php b/app/lib/CertHelper.php index fa8f3ca..c599705 100644 --- a/app/lib/CertHelper.php +++ b/app/lib/CertHelper.php @@ -174,6 +174,44 @@ location / { ], ] ], + 'litessl' => [ + 'name' => 'LiteSSL', + 'class' => 1, + 'icon' => 'litessl.ico', + 'wildcard' => true, + 'max_domains' => 100, + 'cname' => true, + 'note' => 'LiteSSL密钥获取', + 'inputs' => [ + 'email' => [ + 'name' => '邮箱地址', + 'type' => 'input', + 'placeholder' => 'EAB申请邮箱', + 'required' => true, + ], + 'kid' => [ + 'name' => 'EAB KID', + 'type' => 'input', + 'placeholder' => '', + 'required' => true, + ], + 'key' => [ + 'name' => 'EAB HMAC Key', + 'type' => 'input', + 'placeholder' => '', + 'required' => true, + ], + 'proxy' => [ + 'name' => '使用代理服务器', + 'type' => 'radio', + 'options' => [ + '0' => '否', + '1' => '是', + ], + 'value' => '0' + ], + ] + ], 'tencent' => [ 'name' => '腾讯云免费SSL', 'class' => 2, diff --git a/app/lib/cert/litessl.php b/app/lib/cert/litessl.php new file mode 100644 index 0000000..3d529b6 --- /dev/null +++ b/app/lib/cert/litessl.php @@ -0,0 +1,116 @@ +config = $config; + $this->ac = new ACMECert($this->directory, (int)$config['proxy']); + if ($ext) { + $this->ext = $ext; + $this->ac->loadAccountKey($ext['key']); + $this->ac->setAccount($ext['kid']); + } + } + + public function register() + { + if (empty($this->config['email'])) throw new Exception('邮件地址不能为空'); + if (empty($this->config['kid']) || empty($this->config['key'])) { + throw new Exception('EAB密钥不能为空'); + } + + if (!empty($this->ext['key'])) { + $kid = $this->ac->registerEAB(true, $this->config['kid'], $this->config['key'], $this->config['email']); + return ['kid' => $kid, 'key' => $this->ext['key']]; + } + + $key = $this->ac->generateRSAKey(2048); + $this->ac->loadAccountKey($key); + $kid = $this->ac->registerEAB(true, $this->config['kid'], $this->config['key'], $this->config['email']); + return ['kid' => $kid, 'key' => $key]; + } + + public function buyCert($domainList, &$order) + { + } + + public function createOrder($domainList, &$order, $keytype, $keysize) + { + $domain_config = []; + foreach ($domainList as $domain) { + if (empty($domain)) continue; + $domain_config[$domain] = ['challenge' => 'dns-01']; + } + if (empty($domain_config)) throw new Exception('域名列表不能为空'); + + $order = $this->ac->createOrder($domain_config); + + $dnsList = []; + if (!empty($order['challenges'])) { + foreach ($order['challenges'] as $opts) { + $mainDomain = getMainDomain($opts['domain']); + $name = substr($opts['key'], 0, -(strlen($mainDomain) + 1)); + /*if (!array_key_exists($mainDomain, $dnsList)) { + $dnsList[$mainDomain][] = ['name' => '@', 'type' => 'CAA', 'value' => '0 issue "litessl.cn"']; + }*/ + $dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['value']]; + } + } + + return $dnsList; + } + + public function authOrder($domainList, $order) + { + $this->ac->authOrder($order); + } + + public function getAuthStatus($domainList, $order) + { + return true; + } + + public function finalizeOrder($domainList, $order, $keytype, $keysize) + { + if (empty($domainList)) throw new Exception('域名列表不能为空'); + + if ($keytype == 'ECC') { + if (empty($keysize)) $keysize = '384'; + $private_key = $this->ac->generateECKey($keysize); + } else { + if (empty($keysize)) $keysize = '2048'; + $private_key = $this->ac->generateRSAKey($keysize); + } + $fullchain = $this->ac->finalizeOrder($domainList, $order, $private_key); + + $certInfo = openssl_x509_parse($fullchain, true); + if (!$certInfo) throw new Exception('证书解析失败'); + return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']]; + } + + public function revoke($order, $pem) + { + $this->ac->revoke($pem); + } + + public function cancel($order) + { + } + + public function setLogger($func) + { + $this->ac->setLogger($func); + } +} diff --git a/app/lib/deploy/kuocai.php b/app/lib/deploy/kuocai.php index 4d2d1e6..24d0bb9 100644 --- a/app/lib/deploy/kuocai.php +++ b/app/lib/deploy/kuocai.php @@ -70,7 +70,7 @@ class kuocai implements DeployInterface private function request($path, $params = null, $json = false) { - $url = 'https://kuocai.cn' . $path; + $url = 'https://www.kuocaicdn.com' . $path; $body = $json ? json_encode($params) : $params; $headers = []; if ($json) $headers['Content-Type'] = 'application/json';