Merge branch 'main' into feat/cloud-load-balance

2025-07-28 20:08:34 +00:00 · 2024-10-29 09:12:39 +08:00
parent e1a3a3e7c7 edeac86f06
commit aeaa45b713
39 changed files with 2637 additions and 308 deletions
--- a/internal/deployer/deployer.go
+++ b/internal/deployer/deployer.go
@@ -1,16 +1,21 @@
 package deployer

 import (
+	"bytes"
 	"context"
 	"encoding/json"
+	"encoding/pem"
 	"errors"
 	"fmt"
-	"strings"
+	"time"

+	"github.com/pavlo-v-chernykh/keystore-go/v4"
 	"github.com/pocketbase/pocketbase/models"
+	"software.sslmate.com/src/go-pkcs12"

 	"github.com/usual2970/certimate/internal/applicant"
 	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
 	"github.com/usual2970/certimate/internal/utils/app"
 )

@@ -38,7 +43,6 @@ const (
 type DeployerOption struct {
 	DomainId     string                `json:"domainId"`
 	Domain       string                `json:"domain"`
-	Product      string                `json:"product"`
 	Access       string                `json:"access"`
 	AccessRecord *models.Record        `json:"-"`
 	DeployConfig domain.DeployConfig   `json:"deployConfig"`
@@ -90,7 +94,6 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep
 	option := &DeployerOption{
 		DomainId:     record.Id,
 		Domain:       record.GetString("domain"),
-		Product:      getProduct(deployConfig.Type),
 		Access:       access.GetString("config"),
 		AccessRecord: access,
 		DeployConfig: deployConfig,
@@ -145,14 +148,6 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep
 	return nil, errors.New("unsupported deploy target")
 }

-func getProduct(t string) string {
-	rs := strings.Split(t, "-")
-	if len(rs) < 2 {
-		return ""
-	}
-	return rs[1]
-}
-
 func toStr(tag string, data any) string {
 	if data == nil {
 		return tag
@@ -195,3 +190,57 @@ func getDeployVariables(conf domain.DeployConfig) map[string]string {

 	return rs
 }
+
+func convertPEMToPFX(certificate string, privateKey string, password string) ([]byte, error) {
+	cert, err := x509.ParseCertificateFromPEM(certificate)
+	if err != nil {
+		return nil, err
+	}
+
+	privkey, err := x509.ParsePKCS1PrivateKeyFromPEM(privateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	pfxData, err := pkcs12.LegacyRC2.Encode(privkey, cert, nil, password)
+	if err != nil {
+		return nil, fmt.Errorf("failed to encode as pfx %w", err)
+	}
+
+	return pfxData, nil
+}
+
+func convertPEMToJKS(certificate string, privateKey string, alias string, keypass string, storepass string) ([]byte, error) {
+	certBlock, _ := pem.Decode([]byte(certificate))
+	if certBlock == nil {
+		return nil, errors.New("failed to decode certificate PEM")
+	}
+
+	privkeyBlock, _ := pem.Decode([]byte(privateKey))
+	if privkeyBlock == nil {
+		return nil, errors.New("failed to decode private key PEM")
+	}
+
+	ks := keystore.New()
+	entry := keystore.PrivateKeyEntry{
+		CreationTime: time.Now(),
+		PrivateKey:   privkeyBlock.Bytes,
+		CertificateChain: []keystore.Certificate{
+			{
+				Type:    "X509",
+				Content: certBlock.Bytes,
+			},
+		},
+	}
+
+	if err := ks.SetPrivateKeyEntry(alias, entry, []byte(keypass)); err != nil {
+		return nil, err
+	}
+
+	var buf bytes.Buffer
+	if err := ks.Store(&buf, []byte(storepass)); err != nil {
+		return nil, err
+	}
+
+	return buf.Bytes(), nil
+}