AccessKey = $config['AccessKey']; $this->SecretKey = $config['SecretKey']; $this->client = new QiniuClient($this->AccessKey, $this->SecretKey, isset($config['proxy']) ? $config['proxy'] == 1 : false); } public function check() { if (empty($this->AccessKey) || empty($this->SecretKey)) throw new Exception('必填参数不能为空'); $this->client->request('GET', '/sslcert'); return true; } public function deploy($fullchain, $privatekey, $config, &$info) { $domains = $config['domain']; if (empty($domains)) throw new Exception('绑定的域名不能为空'); $certInfo = openssl_x509_parse($fullchain, true); if (!$certInfo) throw new Exception('证书解析失败'); $cert_name = str_replace('*.', '', $certInfo['subject']['CN']) . '-' . $certInfo['validFrom_time_t']; $cert_id = $this->get_cert_id($fullchain, $privatekey, $certInfo['subject']['CN'], $cert_name); $info['cert_id'] = $cert_id; $info['cert_name'] = $cert_name; if ($config['product'] == 'upload') return; foreach (explode(',', $domains) as $domain) { if (empty($domain)) continue; if ($config['product'] == 'cdn') { $this->deploy_cdn($domain, $cert_id); } elseif ($config['product'] == 'oss') { $this->deploy_oss($domain, $cert_id); } elseif ($config['product'] == 'pili') { $this->deploy_pili($config['pili_hub'], $domain, $cert_name); } else { throw new Exception('未知的产品类型'); } } } private function deploy_cdn($domain, $cert_id) { try { $data = $this->client->request('GET', '/domain/' . $domain); } catch (Exception $e) { throw new Exception('获取域名信息失败:' . $e->getMessage()); } if (isset($data['https']['certId']) && $data['https']['certId'] == $cert_id) { $this->log('域名 ' . $domain . ' 证书已部署，无需重复操作'); return; } if (empty($data['https']['certId'])) { $param = [ 'certid' => $cert_id, ]; $this->client->request('PUT', '/domain/' . $domain . '/sslize', null, $param); } else { $param = [ 'certid' => $cert_id, 'forceHttps' => $data['https']['forceHttps'], 'http2Enable' => $data['https']['http2Enable'], ]; $this->client->request('PUT', '/domain/' . $domain . '/httpsconf', null, $param); } $this->log('CDN域名 ' . $domain . ' 证书部署成功！'); } private function deploy_oss($domain, $cert_id) { $param = [ 'certid' => $cert_id, 'domain' => $domain, ]; $this->client->request('POST', '/cert/bind', null, $param); $this->log('OSS域名 ' . $domain . ' 证书部署成功！'); } private function deploy_pili($hub, $domain, $cert_name) { $param = [ 'CertName' => $cert_name, ]; $this->client->pili_request('POST', '/v2/hubs/'.$hub.'/domains/'.$domain.'/cert', null, $param); $this->log('视频直播域名 ' . $domain . ' 证书部署成功！'); } private function get_cert_id($fullchain, $privatekey, $common_name, $cert_name) { $cert_id = null; $marker = ''; do { $query = ['marker' => $marker, 'limit' => 100]; $data = $this->client->request('GET', '/sslcert', $query); if (empty($data['certs'])) break; $marker = $data['marker']; foreach ($data['certs'] as $cert) { if ($cert_name == $cert['name']) { $cert_id = $cert['certid']; $this->log('证书' . $cert_name . '已存在，证书ID:' . $cert_id); } elseif ($cert['not_after'] < time()) { try { $this->client->request('DELETE', '/sslcert/' . $cert['certid']); $this->log('证书' . $cert['name'] . '已过期，删除证书成功'); } catch (Exception $e) { $this->log('证书' . $cert['name'] . '已过期，删除证书失败:' . $e->getMessage()); } usleep(300000); } } } while ($marker != ''); if (!$cert_id) { $param = [ 'name' => $cert_name, 'common_name' => $common_name, 'pri' => $privatekey, 'ca' => $fullchain, ]; try { $data = $this->client->request('POST', '/sslcert', null, $param); } catch (Exception $e) { throw new Exception('上传证书失败:' . $e->getMessage()); } $this->log('上传证书成功，证书ID:' . $data['certID']); $cert_id = $data['certID']; usleep(500000); } return $cert_id; } public function setLogger($func) { $this->logger = $func; } private function log($txt) { if ($this->logger) { call_user_func($this->logger, $txt); } } }