From b58db855ca84cf7526687a0d6bf7ae87b79802e6 Mon Sep 17 00:00:00 2001 From: TomyJan Date: Tue, 4 Nov 2025 18:57:55 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E8=AF=81=E4=B9=A6=E7=A7=81=E9=92=A5=20E?= =?UTF-8?q?C=20=E6=8C=87=E7=A4=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/controller/Cert.php | 4 ++++ app/lib/CertHelper.php | 18 ++++++++++++++++++ app/lib/acme/ACMECert.php | 5 ++++- app/service/CertOrderService.php | 5 ++++- 4 files changed, 30 insertions(+), 2 deletions(-) diff --git a/app/controller/Cert.php b/app/controller/Cert.php index 1693395..7768f86 100644 --- a/app/controller/Cert.php +++ b/app/controller/Cert.php @@ -304,6 +304,8 @@ class Cert extends BaseController } } + $privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey); + $order = [ 'aid' => 0, 'keytype' => $certInfo['keytype'], @@ -367,6 +369,8 @@ class Cert extends BaseController if ($certInfo['code'] == -1) return json($certInfo); $domains = $certInfo['domains']; + $privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey); + $order = [ 'aid' => 0, 'keytype' => $certInfo['keytype'], diff --git a/app/lib/CertHelper.php b/app/lib/CertHelper.php index fa8f3ca..7b3c3db 100644 --- a/app/lib/CertHelper.php +++ b/app/lib/CertHelper.php @@ -407,6 +407,24 @@ location / { return false; } + /** + * 确保ECC私钥使用EC专用格式标识 + * 某些程序需要EC标识才能正确识别ECC私钥 + */ + public static function ensureECPrivateKeyFormat($private_key) + { + if (strpos($private_key, '-----BEGIN EC PRIVATE KEY-----') !== false) { + return $private_key; + } + + if (strpos($private_key, '-----BEGIN PRIVATE KEY-----') !== false) { + $private_key = preg_replace('/^-----BEGIN PRIVATE KEY-----$/m', '-----BEGIN EC PRIVATE KEY-----', $private_key); + $private_key = preg_replace('/^-----END PRIVATE KEY-----$/m', '-----END EC PRIVATE KEY-----', $private_key); + } + + return $private_key; + } + public static function getPfx($fullchain, $privatekey, $pwd = '123456') { openssl_pkcs12_export($fullchain, $pfx, $privatekey, $pwd); diff --git a/app/lib/acme/ACMECert.php b/app/lib/acme/ACMECert.php index 5c7ab27..1eada49 100644 --- a/app/lib/acme/ACMECert.php +++ b/app/lib/acme/ACMECert.php @@ -4,6 +4,7 @@ namespace app\lib\acme; use Exception; use stdClass; +use app\lib\CertHelper; /** * ACMECert @@ -368,10 +369,12 @@ class ACMECert extends ACMEv2 if (version_compare(PHP_VERSION, '7.1.0') < 0) throw new Exception('PHP >= 7.1.0 required for EC keys !'); $map = array('256' => 'prime256v1', '384' => 'secp384r1', '521' => 'secp521r1'); if (isset($map[$curve_name])) $curve_name = $map[$curve_name]; - return $this->generateKey(array( + $pem = $this->generateKey(array( 'curve_name' => $curve_name, 'private_key_type' => OPENSSL_KEYTYPE_EC )); + + return CertHelper::ensureECPrivateKeyFormat($pem); } public function parseCertificate($cert_pem) diff --git a/app/service/CertOrderService.php b/app/service/CertOrderService.php index 0935ec4..6b8f276 100644 --- a/app/service/CertOrderService.php +++ b/app/service/CertOrderService.php @@ -342,7 +342,10 @@ class CertOrderService throw $e; } $this->order['issuer'] = $result['issuer']; - Db::name('cert_order')->where('id', $this->order['id'])->update(['fullchain' => $result['fullchain'], 'privatekey' => $result['private_key'], 'issuer' => $result['issuer'], 'issuetime' => date('Y-m-d H:i:s', $result['validFrom']), 'expiretime' => date('Y-m-d H:i:s', $result['validTo'])]); + + $private_key = CertHelper::ensureECPrivateKeyFormat($result['private_key']); + + Db::name('cert_order')->where('id', $this->order['id'])->update(['fullchain' => $result['fullchain'], 'privatekey' => $private_key, 'issuer' => $result['issuer'], 'issuetime' => date('Y-m-d H:i:s', $result['validFrom']), 'expiretime' => date('Y-m-d H:i:s', $result['validTo'])]); $this->saveResult(3); $this->resetRetry(); }