coosld/dnsmgr
1
0
Fork 0
mirror of https://github.com/netcccyun/dnsmgr.git synced 2026-02-21 15:31:12 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: 证书私钥 EC 指示

Browse Source
This commit is contained in:
TomyJan 2025-11-04 18:57:55 +08:00
parent 3bd45367b0
commit b58db855ca
No known key found for this signature in database
GPG Key ID: D4B681B06A7F8CDA
4 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
app/controller/Cert.php
View File

@ -304,6 +304,8 @@ class Cert extends BaseController
} }
} }
$privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey);
$order = [ $order = [
'aid' => 0, 'aid' => 0,
'keytype' => $certInfo['keytype'], 'keytype' => $certInfo['keytype'],
@ -367,6 +369,8 @@ class Cert extends BaseController
if ($certInfo['code'] == -1) return json($certInfo); if ($certInfo['code'] == -1) return json($certInfo);
$domains = $certInfo['domains']; $domains = $certInfo['domains'];
$privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey);
$order = [ $order = [
'aid' => 0, 'aid' => 0,
'keytype' => $certInfo['keytype'], 'keytype' => $certInfo['keytype'],

18
app/lib/CertHelper.php
View File

@ -407,6 +407,24 @@ location / {
return false; return false;
} }
/**
* 确保ECC私钥使用EC专用格式标识
* 某些程序需要EC标识才能正确识别ECC私钥
*/
public static function ensureECPrivateKeyFormat($private_key)
{
if (strpos($private_key, '-----BEGIN EC PRIVATE KEY-----') !== false) {
return $private_key;
}
if (strpos($private_key, '-----BEGIN PRIVATE KEY-----') !== false) {
$private_key = preg_replace('/^-----BEGIN PRIVATE KEY-----$/m', '-----BEGIN EC PRIVATE KEY-----', $private_key);
$private_key = preg_replace('/^-----END PRIVATE KEY-----$/m', '-----END EC PRIVATE KEY-----', $private_key);
}
return $private_key;
}
public static function getPfx($fullchain, $privatekey, $pwd = '123456') public static function getPfx($fullchain, $privatekey, $pwd = '123456')
{ {
openssl_pkcs12_export($fullchain, $pfx, $privatekey, $pwd); openssl_pkcs12_export($fullchain, $pfx, $privatekey, $pwd);

5
app/lib/acme/ACMECert.php
View File

@ -4,6 +4,7 @@ namespace app\lib\acme;
use Exception; use Exception;
use stdClass; use stdClass;
use app\lib\CertHelper;
/** /**
* ACMECert * ACMECert
@ -368,10 +369,12 @@ class ACMECert extends ACMEv2
if (version_compare(PHP_VERSION, '7.1.0') < 0) throw new Exception('PHP >= 7.1.0 required for EC keys !'); if (version_compare(PHP_VERSION, '7.1.0') < 0) throw new Exception('PHP >= 7.1.0 required for EC keys !');
$map = array('256' => 'prime256v1', '384' => 'secp384r1', '521' => 'secp521r1'); $map = array('256' => 'prime256v1', '384' => 'secp384r1', '521' => 'secp521r1');
if (isset($map[$curve_name])) $curve_name = $map[$curve_name]; if (isset($map[$curve_name])) $curve_name = $map[$curve_name];
return $this->generateKey(array( $pem = $this->generateKey(array(
'curve_name' => $curve_name, 'curve_name' => $curve_name,
'private_key_type' => OPENSSL_KEYTYPE_EC 'private_key_type' => OPENSSL_KEYTYPE_EC
)); ));
return CertHelper::ensureECPrivateKeyFormat($pem);
} }
public function parseCertificate($cert_pem) public function parseCertificate($cert_pem)

5
app/service/CertOrderService.php
View File

@ -342,7 +342,10 @@ class CertOrderService
throw $e; throw $e;
} }
$this->order['issuer'] = $result['issuer']; $this->order['issuer'] = $result['issuer'];
Db::name('cert_order')->where('id', $this->order['id'])->update(['fullchain' => $result['fullchain'], 'privatekey' => $result['private_key'], 'issuer' => $result['issuer'], 'issuetime' => date('Y-m-d H:i:s', $result['validFrom']), 'expiretime' => date('Y-m-d H:i:s', $result['validTo'])]);
$private_key = CertHelper::ensureECPrivateKeyFormat($result['private_key']);
Db::name('cert_order')->where('id', $this->order['id'])->update(['fullchain' => $result['fullchain'], 'privatekey' => $private_key, 'issuer' => $result['issuer'], 'issuetime' => date('Y-m-d H:i:s', $result['validFrom']), 'expiretime' => date('Y-m-d H:i:s', $result['validTo'])]);
$this->saveResult(3); $this->saveResult(3);
$this->resetRetry(); $this->resetRetry();
} }