mirror of
https://github.com/netcccyun/dnsmgr.git
synced 2026-02-21 15:31:12 +08:00
fix: 证书私钥 EC 指示
This commit is contained in:
parent
3bd45367b0
commit
b58db855ca
@ -304,6 +304,8 @@ class Cert extends BaseController
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey);
|
||||||
|
|
||||||
$order = [
|
$order = [
|
||||||
'aid' => 0,
|
'aid' => 0,
|
||||||
'keytype' => $certInfo['keytype'],
|
'keytype' => $certInfo['keytype'],
|
||||||
@ -367,6 +369,8 @@ class Cert extends BaseController
|
|||||||
if ($certInfo['code'] == -1) return json($certInfo);
|
if ($certInfo['code'] == -1) return json($certInfo);
|
||||||
$domains = $certInfo['domains'];
|
$domains = $certInfo['domains'];
|
||||||
|
|
||||||
|
$privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey);
|
||||||
|
|
||||||
$order = [
|
$order = [
|
||||||
'aid' => 0,
|
'aid' => 0,
|
||||||
'keytype' => $certInfo['keytype'],
|
'keytype' => $certInfo['keytype'],
|
||||||
|
|||||||
@ -407,6 +407,24 @@ location / {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 确保ECC私钥使用EC专用格式标识
|
||||||
|
* 某些程序需要EC标识才能正确识别ECC私钥
|
||||||
|
*/
|
||||||
|
public static function ensureECPrivateKeyFormat($private_key)
|
||||||
|
{
|
||||||
|
if (strpos($private_key, '-----BEGIN EC PRIVATE KEY-----') !== false) {
|
||||||
|
return $private_key;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (strpos($private_key, '-----BEGIN PRIVATE KEY-----') !== false) {
|
||||||
|
$private_key = preg_replace('/^-----BEGIN PRIVATE KEY-----$/m', '-----BEGIN EC PRIVATE KEY-----', $private_key);
|
||||||
|
$private_key = preg_replace('/^-----END PRIVATE KEY-----$/m', '-----END EC PRIVATE KEY-----', $private_key);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $private_key;
|
||||||
|
}
|
||||||
|
|
||||||
public static function getPfx($fullchain, $privatekey, $pwd = '123456')
|
public static function getPfx($fullchain, $privatekey, $pwd = '123456')
|
||||||
{
|
{
|
||||||
openssl_pkcs12_export($fullchain, $pfx, $privatekey, $pwd);
|
openssl_pkcs12_export($fullchain, $pfx, $privatekey, $pwd);
|
||||||
|
|||||||
@ -4,6 +4,7 @@ namespace app\lib\acme;
|
|||||||
|
|
||||||
use Exception;
|
use Exception;
|
||||||
use stdClass;
|
use stdClass;
|
||||||
|
use app\lib\CertHelper;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ACMECert
|
* ACMECert
|
||||||
@ -368,10 +369,12 @@ class ACMECert extends ACMEv2
|
|||||||
if (version_compare(PHP_VERSION, '7.1.0') < 0) throw new Exception('PHP >= 7.1.0 required for EC keys !');
|
if (version_compare(PHP_VERSION, '7.1.0') < 0) throw new Exception('PHP >= 7.1.0 required for EC keys !');
|
||||||
$map = array('256' => 'prime256v1', '384' => 'secp384r1', '521' => 'secp521r1');
|
$map = array('256' => 'prime256v1', '384' => 'secp384r1', '521' => 'secp521r1');
|
||||||
if (isset($map[$curve_name])) $curve_name = $map[$curve_name];
|
if (isset($map[$curve_name])) $curve_name = $map[$curve_name];
|
||||||
return $this->generateKey(array(
|
$pem = $this->generateKey(array(
|
||||||
'curve_name' => $curve_name,
|
'curve_name' => $curve_name,
|
||||||
'private_key_type' => OPENSSL_KEYTYPE_EC
|
'private_key_type' => OPENSSL_KEYTYPE_EC
|
||||||
));
|
));
|
||||||
|
|
||||||
|
return CertHelper::ensureECPrivateKeyFormat($pem);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function parseCertificate($cert_pem)
|
public function parseCertificate($cert_pem)
|
||||||
|
|||||||
@ -342,7 +342,10 @@ class CertOrderService
|
|||||||
throw $e;
|
throw $e;
|
||||||
}
|
}
|
||||||
$this->order['issuer'] = $result['issuer'];
|
$this->order['issuer'] = $result['issuer'];
|
||||||
Db::name('cert_order')->where('id', $this->order['id'])->update(['fullchain' => $result['fullchain'], 'privatekey' => $result['private_key'], 'issuer' => $result['issuer'], 'issuetime' => date('Y-m-d H:i:s', $result['validFrom']), 'expiretime' => date('Y-m-d H:i:s', $result['validTo'])]);
|
|
||||||
|
$private_key = CertHelper::ensureECPrivateKeyFormat($result['private_key']);
|
||||||
|
|
||||||
|
Db::name('cert_order')->where('id', $this->order['id'])->update(['fullchain' => $result['fullchain'], 'privatekey' => $private_key, 'issuer' => $result['issuer'], 'issuetime' => date('Y-m-d H:i:s', $result['validFrom']), 'expiretime' => date('Y-m-d H:i:s', $result['validTo'])]);
|
||||||
$this->saveResult(3);
|
$this->saveResult(3);
|
||||||
$this->resetRetry();
|
$this->resetRetry();
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user