From 55272fd51bfe243227c99cab8304e60f6c5ea5e2 Mon Sep 17 00:00:00 2001
From: net909 <net909@163.com>
Date: Sun, 25 May 2025 12:29:54 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E8=87=AA=E5=8A=A8=E8=8E=B7?=
 =?UTF-8?q?=E5=8F=96EAB?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app/lib/CertHelper.php       | 27 +++++++++++++++++++++++++--
 app/lib/cert/customacme.php  |  2 +-
 app/lib/cert/letsencrypt.php |  2 +-
 app/lib/cert/zerossl.php     | 11 ++++++++---
 4 files changed, 35 insertions(+), 7 deletions(-)

diff --git a/app/lib/CertHelper.php b/app/lib/CertHelper.php
index e16c2d5..d2522ed 100644
--- a/app/lib/CertHelper.php
+++ b/app/lib/CertHelper.php
@@ -49,7 +49,7 @@ class CertHelper
             'wildcard' => true,
             'max_domains' => 100,
             'cname' => true,
-            'note' => null,
+            'note' => '<a href="https://app.zerossl.com/developer" target="_blank" rel="noreferrer">ZeroSSL密钥手动获取</a>',
             'inputs' => [
                 'email' => [
                     'name' => '邮箱地址',
@@ -57,6 +57,29 @@ class CertHelper
                     'placeholder' => 'EAB申请邮箱',
                     'required' => true,
                 ],
+                'eabMode' => [
+                    'name' => 'EAB获取方式',
+                    'type' => 'radio',
+                    'options' => [
+                        'auto' => '自动获取',
+                        'manual' => '手动输入',
+                    ],
+                    'value' => 'manual'
+                ],
+                'kid' => [
+                    'name' => 'EAB KID',
+                    'type' => 'input',
+                    'placeholder' => '',
+                    'required' => true,
+                    'show' => 'eabMode==\'manual\'',
+                ],
+                'key' => [
+                    'name' => 'EAB HMAC Key',
+                    'type' => 'input',
+                    'placeholder' => '',
+                    'required' => true,
+                    'show' => 'eabMode==\'manual\'',
+                ],
                 'proxy' => [
                     'name' => '使用代理服务器',
                     'type' => 'radio',
@@ -90,7 +113,7 @@ class CertHelper
                         'auto' => '自动获取',
                         'manual' => '手动输入',
                     ],
-                    'value' => 'auto'
+                    'value' => 'manual'
                 ],
                 'kid' => [
                     'name' => 'keyId',
diff --git a/app/lib/cert/customacme.php b/app/lib/cert/customacme.php
index 5581391..0f00bce 100644
--- a/app/lib/cert/customacme.php
+++ b/app/lib/cert/customacme.php
@@ -15,7 +15,7 @@ class customacme implements CertInterface
     public function __construct($config, $ext = null)
     {
         $this->config = $config;
-        $this->ac = new ACMECert($config['directory'], $config['proxy'] == 1);
+        $this->ac = new ACMECert($config['directory'], (int)$config['proxy']);
         if ($ext) {
             $this->ext = $ext;
             $this->ac->loadAccountKey($ext['key']);
diff --git a/app/lib/cert/letsencrypt.php b/app/lib/cert/letsencrypt.php
index 66ba5cd..c679f13 100644
--- a/app/lib/cert/letsencrypt.php
+++ b/app/lib/cert/letsencrypt.php
@@ -20,7 +20,7 @@ class letsencrypt implements CertInterface
     {
         $this->config = $config;
         if (empty($config['mode'])) $config['mode'] = 'live';
-        $this->ac = new ACMECert($this->directories[$config['mode']], $config['proxy'] == 1);
+        $this->ac = new ACMECert($this->directories[$config['mode']], (int)$config['proxy']);
         if ($ext) {
             $this->ext = $ext;
             $this->ac->loadAccountKey($ext['key']);
diff --git a/app/lib/cert/zerossl.php b/app/lib/cert/zerossl.php
index 699f188..9391f86 100644
--- a/app/lib/cert/zerossl.php
+++ b/app/lib/cert/zerossl.php
@@ -16,7 +16,7 @@ class zerossl implements CertInterface
     public function __construct($config, $ext = null)
     {
         $this->config = $config;
-        $this->ac = new ACMECert($this->directory, $config['proxy'] == 1);
+        $this->ac = new ACMECert($this->directory, (int)$config['proxy']);
         if ($ext) {
             $this->ext = $ext;
             $this->ac->loadAccountKey($ext['key']);
@@ -27,7 +27,12 @@ class zerossl implements CertInterface
     public function register()
     {
         if (empty($this->config['email'])) throw new Exception('邮件地址不能为空');
-        $eab = $this->getEAB($this->config['email']);
+
+        if (isset($this->config['eabMode']) && $this->config['eabMode'] == 'auto') {
+            $eab = $this->getEAB($this->config['email']);
+        } else {
+            $eab = ['kid' => $this->config['kid'], 'key' => $this->config['key']];
+        }
 
         if (!empty($this->ext['key'])) {
             $kid = $this->ac->registerEAB(true, $eab['kid'], $eab['key'], $this->config['email']);
@@ -118,7 +123,7 @@ class zerossl implements CertInterface
         $response = curl_client($api, http_build_query(['email' => $email]), null, null, null, $this->config['proxy'] == 1);
         $result = json_decode($response['body'], true);
         if (!isset($result['success'])) {
-            throw new Exception('解析返回数据失败：' . $response['body']);
+            throw new Exception('获取EAB失败：' . $response['body']);
         } elseif (!$result['success'] && isset($result['error'])) {
             throw new Exception('获取EAB失败：' . $result['error']['code'] . ' - ' . $result['error']['type']);
         } elseif (!isset($result['eab_kid']) || !isset($result['eab_hmac_key'])) {