From b2bf9efc1a196f8d6d1fd1afdba9c746cbbfb6b4 Mon Sep 17 00:00:00 2001 From: TomyJan Date: Wed, 24 Dec 2025 18:22:36 +0800 Subject: [PATCH 1/3] =?UTF-8?q?Revert=20"fix:=20=E8=AF=81=E4=B9=A6?= =?UTF-8?q?=E7=A7=81=E9=92=A5=20EC=20=E6=8C=87=E7=A4=BA"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit ba418da84c5683b5a8630583a237370dc5b7fe7b. --- app/controller/Cert.php | 8 ++------ app/service/CertOrderService.php | 5 ++++- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/app/controller/Cert.php b/app/controller/Cert.php index 33550cd..7768f86 100644 --- a/app/controller/Cert.php +++ b/app/controller/Cert.php @@ -304,9 +304,7 @@ class Cert extends BaseController } } - if ($certInfo['keytype'] == 'ECC') { - $privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey); - } + $privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey); $order = [ 'aid' => 0, @@ -371,9 +369,7 @@ class Cert extends BaseController if ($certInfo['code'] == -1) return json($certInfo); $domains = $certInfo['domains']; - if ($certInfo['keytype'] == 'ECC') { - $privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey); - } + $privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey); $order = [ 'aid' => 0, diff --git a/app/service/CertOrderService.php b/app/service/CertOrderService.php index 0935ec4..6b8f276 100644 --- a/app/service/CertOrderService.php +++ b/app/service/CertOrderService.php @@ -342,7 +342,10 @@ class CertOrderService throw $e; } $this->order['issuer'] = $result['issuer']; - Db::name('cert_order')->where('id', $this->order['id'])->update(['fullchain' => $result['fullchain'], 'privatekey' => $result['private_key'], 'issuer' => $result['issuer'], 'issuetime' => date('Y-m-d H:i:s', $result['validFrom']), 'expiretime' => date('Y-m-d H:i:s', $result['validTo'])]); + + $private_key = CertHelper::ensureECPrivateKeyFormat($result['private_key']); + + Db::name('cert_order')->where('id', $this->order['id'])->update(['fullchain' => $result['fullchain'], 'privatekey' => $private_key, 'issuer' => $result['issuer'], 'issuetime' => date('Y-m-d H:i:s', $result['validFrom']), 'expiretime' => date('Y-m-d H:i:s', $result['validTo'])]); $this->saveResult(3); $this->resetRetry(); } From 9b20331bffdd322fca4de6e9d7145515d639e0f4 Mon Sep 17 00:00:00 2001 From: TomyJan Date: Wed, 24 Dec 2025 18:22:47 +0800 Subject: [PATCH 2/3] =?UTF-8?q?Revert=20"fix:=20=E8=AF=81=E4=B9=A6?= =?UTF-8?q?=E7=A7=81=E9=92=A5=20EC=20=E6=8C=87=E7=A4=BA"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This reverts commit b58db855ca84cf7526687a0d6bf7ae87b79802e6. --- app/controller/Cert.php | 4 ---- app/lib/CertHelper.php | 18 ------------------ app/lib/acme/ACMECert.php | 5 +---- app/service/CertOrderService.php | 5 +---- 4 files changed, 2 insertions(+), 30 deletions(-) diff --git a/app/controller/Cert.php b/app/controller/Cert.php index 7768f86..1693395 100644 --- a/app/controller/Cert.php +++ b/app/controller/Cert.php @@ -304,8 +304,6 @@ class Cert extends BaseController } } - $privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey); - $order = [ 'aid' => 0, 'keytype' => $certInfo['keytype'], @@ -369,8 +367,6 @@ class Cert extends BaseController if ($certInfo['code'] == -1) return json($certInfo); $domains = $certInfo['domains']; - $privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey); - $order = [ 'aid' => 0, 'keytype' => $certInfo['keytype'], diff --git a/app/lib/CertHelper.php b/app/lib/CertHelper.php index 7b3c3db..fa8f3ca 100644 --- a/app/lib/CertHelper.php +++ b/app/lib/CertHelper.php @@ -407,24 +407,6 @@ location / { return false; } - /** - * 确保ECC私钥使用EC专用格式标识 - * 某些程序需要EC标识才能正确识别ECC私钥 - */ - public static function ensureECPrivateKeyFormat($private_key) - { - if (strpos($private_key, '-----BEGIN EC PRIVATE KEY-----') !== false) { - return $private_key; - } - - if (strpos($private_key, '-----BEGIN PRIVATE KEY-----') !== false) { - $private_key = preg_replace('/^-----BEGIN PRIVATE KEY-----$/m', '-----BEGIN EC PRIVATE KEY-----', $private_key); - $private_key = preg_replace('/^-----END PRIVATE KEY-----$/m', '-----END EC PRIVATE KEY-----', $private_key); - } - - return $private_key; - } - public static function getPfx($fullchain, $privatekey, $pwd = '123456') { openssl_pkcs12_export($fullchain, $pfx, $privatekey, $pwd); diff --git a/app/lib/acme/ACMECert.php b/app/lib/acme/ACMECert.php index 1eada49..5c7ab27 100644 --- a/app/lib/acme/ACMECert.php +++ b/app/lib/acme/ACMECert.php @@ -4,7 +4,6 @@ namespace app\lib\acme; use Exception; use stdClass; -use app\lib\CertHelper; /** * ACMECert @@ -369,12 +368,10 @@ class ACMECert extends ACMEv2 if (version_compare(PHP_VERSION, '7.1.0') < 0) throw new Exception('PHP >= 7.1.0 required for EC keys !'); $map = array('256' => 'prime256v1', '384' => 'secp384r1', '521' => 'secp521r1'); if (isset($map[$curve_name])) $curve_name = $map[$curve_name]; - $pem = $this->generateKey(array( + return $this->generateKey(array( 'curve_name' => $curve_name, 'private_key_type' => OPENSSL_KEYTYPE_EC )); - - return CertHelper::ensureECPrivateKeyFormat($pem); } public function parseCertificate($cert_pem) diff --git a/app/service/CertOrderService.php b/app/service/CertOrderService.php index 6b8f276..0935ec4 100644 --- a/app/service/CertOrderService.php +++ b/app/service/CertOrderService.php @@ -342,10 +342,7 @@ class CertOrderService throw $e; } $this->order['issuer'] = $result['issuer']; - - $private_key = CertHelper::ensureECPrivateKeyFormat($result['private_key']); - - Db::name('cert_order')->where('id', $this->order['id'])->update(['fullchain' => $result['fullchain'], 'privatekey' => $private_key, 'issuer' => $result['issuer'], 'issuetime' => date('Y-m-d H:i:s', $result['validFrom']), 'expiretime' => date('Y-m-d H:i:s', $result['validTo'])]); + Db::name('cert_order')->where('id', $this->order['id'])->update(['fullchain' => $result['fullchain'], 'privatekey' => $result['private_key'], 'issuer' => $result['issuer'], 'issuetime' => date('Y-m-d H:i:s', $result['validFrom']), 'expiretime' => date('Y-m-d H:i:s', $result['validTo'])]); $this->saveResult(3); $this->resetRetry(); } From 96df6e1573bee9782c4b8f430e35908fc02207b0 Mon Sep 17 00:00:00 2001 From: TomyJan Date: Wed, 24 Dec 2025 18:45:08 +0800 Subject: [PATCH 3/3] =?UTF-8?q?fix:=20=E5=8F=88=E6=8B=8D=E4=BA=91SSL?= =?UTF-8?q?=E4=B8=8D=E5=85=BC=E5=AE=B9=E7=9A=84=E7=89=B9=E5=8C=96=E5=A4=84?= =?UTF-8?q?=E7=90=86=20(=20#358=20)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/lib/deploy/upyun.php | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/app/lib/deploy/upyun.php b/app/lib/deploy/upyun.php index 77ae4e9..287689c 100644 --- a/app/lib/deploy/upyun.php +++ b/app/lib/deploy/upyun.php @@ -31,9 +31,15 @@ class upyun implements DeployInterface $this->login(); $url = 'https://console.upyun.com/api/https/certificate/'; + // 如果是 EC 证书,调整私钥头为 EC PRIVATE KEY + $privatekey_send = $privatekey; + if ($this->isEcCertificate($fullchain)) { + $privatekey_send = str_replace('-----BEGIN PRIVATE KEY-----', '-----BEGIN EC PRIVATE KEY-----', $privatekey_send); + $privatekey_send = str_replace('-----END PRIVATE KEY-----', '-----END EC PRIVATE KEY-----', $privatekey_send); + } $params = [ 'certificate' => $fullchain, - 'private_key' => $privatekey, + 'private_key' => $privatekey_send, ]; $response = http_request($url, http_build_query($params), null, $this->cookie, null, $this->proxy); $result = json_decode($response['body'], true); @@ -130,4 +136,22 @@ class upyun implements DeployInterface call_user_func($this->logger, $txt); } } + + /** + * 判断是否为 EC (ECDSA) 证书 + */ + private function isEcCertificate($fullchain) + { + // 提取第一个证书 + if (!preg_match('/-----BEGIN CERTIFICATE-----\s*(.+?)\s*-----END CERTIFICATE-----/s', $fullchain, $m)) { + return false; + } + + $pubKey = openssl_pkey_get_public($m[0]); + if (!$pubKey) return false; + + $details = openssl_pkey_get_details($pubKey); + + return $details && ($details['type'] ?? 0) === OPENSSL_KEYTYPE_EC; + } }