feat: support jks format

2025-10-05 14:04:54 +00:00 · 2024-10-28 11:49:44 +08:00
parent 009e8fb976
commit b47a1a13cb
9 changed files with 321 additions and 22 deletions
--- a/internal/deployer/deployer.go
+++ b/internal/deployer/deployer.go
@@ -1,11 +1,15 @@
 package deployer

 import (
+	"bytes"
 	"context"
 	"encoding/json"
+	"encoding/pem"
 	"errors"
 	"fmt"
+	"time"

+	"github.com/pavlo-v-chernykh/keystore-go/v4"
 	"github.com/pocketbase/pocketbase/models"
 	"software.sslmate.com/src/go-pkcs12"

@@ -187,7 +191,7 @@ func getDeployVariables(conf domain.DeployConfig) map[string]string {
 	return rs
 }

-func convertPemToPfx(certificate string, privateKey string, password string) ([]byte, error) {
+func convertPEMToPFX(certificate string, privateKey string, password string) ([]byte, error) {
 	cert, err := x509.ParseCertificateFromPEM(certificate)
 	if err != nil {
 		return nil, err
@@ -205,3 +209,38 @@ func convertPemToPfx(certificate string, privateKey string, password string) ([]

 	return pfxData, nil
 }
+
+func convertPEMToJKS(certificate string, privateKey string, alias string, keypass string, storepass string) ([]byte, error) {
+	certBlock, _ := pem.Decode([]byte(certificate))
+	if certBlock == nil {
+		return nil, errors.New("failed to decode certificate PEM")
+	}
+
+	privkeyBlock, _ := pem.Decode([]byte(privateKey))
+	if privkeyBlock == nil {
+		return nil, errors.New("failed to decode private key PEM")
+	}
+
+	ks := keystore.New()
+	entry := keystore.PrivateKeyEntry{
+		CreationTime: time.Now(),
+		PrivateKey:   privkeyBlock.Bytes,
+		CertificateChain: []keystore.Certificate{
+			{
+				Type:    "X509",
+				Content: certBlock.Bytes,
+			},
+		},
+	}
+
+	if err := ks.SetPrivateKeyEntry(alias, entry, []byte(keypass)); err != nil {
+		return nil, err
+	}
+
+	var buf bytes.Buffer
+	if err := ks.Store(&buf, []byte(storepass)); err != nil {
+		return nil, err
+	}
+
+	return buf.Bytes(), nil
+}
--- a/internal/deployer/local.go
+++ b/internal/deployer/local.go
@@ -17,6 +17,18 @@ type LocalDeployer struct {
 	infos  []string
 }

+const (
+	certFormatPEM = "pem"
+	certFormatPFX = "pfx"
+	certFormatJKS = "jks"
+)
+
+const (
+	shellEnvSh         = "sh"
+	shellEnvCmd        = "cmd"
+	shellEnvPowershell = "powershell"
+)
+
 func NewLocalDeployer(option *DeployerOption) (Deployer, error) {
 	return &LocalDeployer{
 		option: option,
@@ -50,8 +62,8 @@ func (d *LocalDeployer) Deploy(ctx context.Context) error {
 	}

 	// 写入证书和私钥文件
-	switch d.option.DeployConfig.GetConfigOrDefaultAsString("format", "pem") {
-	case "pem":
+	switch d.option.DeployConfig.GetConfigOrDefaultAsString("format", certFormatPEM) {
+	case certFormatPEM:
 		if err := fs.WriteFileString(d.option.DeployConfig.GetConfigAsString("certPath"), d.option.Certificate.Certificate); err != nil {
 			return fmt.Errorf("failed to save certificate file: %w", err)
 		}
@@ -64,8 +76,12 @@ func (d *LocalDeployer) Deploy(ctx context.Context) error {

 		d.infos = append(d.infos, toStr("保存私钥成功", nil))

-	case "pfx":
-		pfxData, err := convertPemToPfx(d.option.Certificate.Certificate, d.option.Certificate.PrivateKey, d.option.DeployConfig.GetConfigAsString("pfxPassword"))
+	case certFormatPFX:
+		pfxData, err := convertPEMToPFX(
+			d.option.Certificate.Certificate,
+			d.option.Certificate.PrivateKey,
+			d.option.DeployConfig.GetConfigAsString("pfxPassword"),
+		)
 		if err != nil {
 			return fmt.Errorf("failed to convert pem to pfx %w", err)
 		}
@@ -74,6 +90,24 @@ func (d *LocalDeployer) Deploy(ctx context.Context) error {
 			return fmt.Errorf("failed to save certificate file: %w", err)
 		}

+		d.infos = append(d.infos, toStr("保存证书成功", nil))
+
+	case certFormatJKS:
+		jksData, err := convertPEMToJKS(
+			d.option.Certificate.Certificate,
+			d.option.Certificate.PrivateKey,
+			d.option.DeployConfig.GetConfigAsString("jksAlias"),
+			d.option.DeployConfig.GetConfigAsString("jksKeypass"),
+			d.option.DeployConfig.GetConfigAsString("jksStorepass"),
+		)
+		if err != nil {
+			return fmt.Errorf("failed to convert pem to pfx %w", err)
+		}
+
+		if err := fs.WriteFile(d.option.DeployConfig.GetConfigAsString("certPath"), jksData); err != nil {
+			return fmt.Errorf("failed to save certificate file: %w", err)
+		}
+
 		d.infos = append(d.infos, toStr("保存证书成功", nil))
 	}

@@ -95,13 +129,13 @@ func (d *LocalDeployer) execCommand(command string) (string, string, error) {
 	var cmd *exec.Cmd

 	switch d.option.DeployConfig.GetConfigAsString("shell") {
-	case "sh":
+	case shellEnvSh:
 		cmd = exec.Command("sh", "-c", command)

-	case "cmd":
+	case shellEnvCmd:
 		cmd = exec.Command("cmd", "/C", command)

-	case "powershell":
+	case shellEnvPowershell:
 		cmd = exec.Command("powershell", "-Command", command)

 	case "":
--- a/internal/deployer/ssh.go
+++ b/internal/deployer/ssh.go
@@ -12,6 +12,7 @@ import (
 	"golang.org/x/crypto/ssh"

 	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/utils/fs"
 )

 type SSHDeployer struct {
@@ -61,8 +62,8 @@ func (d *SSHDeployer) Deploy(ctx context.Context) error {
 	}

 	// 上传证书和私钥文件
-	switch d.option.DeployConfig.GetConfigOrDefaultAsString("format", "pem") {
-	case "pem":
+	switch d.option.DeployConfig.GetConfigOrDefaultAsString("format", certFormatPEM) {
+	case certFormatPEM:
 		if err := d.writeSftpFileString(client, d.option.DeployConfig.GetConfigAsString("certPath"), d.option.Certificate.Certificate); err != nil {
 			return fmt.Errorf("failed to upload certificate file: %w", err)
 		}
@@ -75,8 +76,12 @@ func (d *SSHDeployer) Deploy(ctx context.Context) error {

 		d.infos = append(d.infos, toStr("SSH 上传私钥成功", nil))

-	case "pfx":
-		pfxData, err := convertPemToPfx(d.option.Certificate.Certificate, d.option.Certificate.PrivateKey, d.option.DeployConfig.GetConfigAsString("pfxPassword"))
+	case certFormatPFX:
+		pfxData, err := convertPEMToPFX(
+			d.option.Certificate.Certificate,
+			d.option.Certificate.PrivateKey,
+			d.option.DeployConfig.GetConfigAsString("pfxPassword"),
+		)
 		if err != nil {
 			return fmt.Errorf("failed to convert pem to pfx %w", err)
 		}
@@ -86,6 +91,24 @@ func (d *SSHDeployer) Deploy(ctx context.Context) error {
 		}

 		d.infos = append(d.infos, toStr("SSH 上传证书成功", nil))
+
+	case certFormatJKS:
+		jksData, err := convertPEMToJKS(
+			d.option.Certificate.Certificate,
+			d.option.Certificate.PrivateKey,
+			d.option.DeployConfig.GetConfigAsString("jksAlias"),
+			d.option.DeployConfig.GetConfigAsString("jksKeypass"),
+			d.option.DeployConfig.GetConfigAsString("jksStorepass"),
+		)
+		if err != nil {
+			return fmt.Errorf("failed to convert pem to pfx %w", err)
+		}
+
+		if err := fs.WriteFile(d.option.DeployConfig.GetConfigAsString("certPath"), jksData); err != nil {
+			return fmt.Errorf("failed to save certificate file: %w", err)
+		}
+
+		d.infos = append(d.infos, toStr("保存证书成功", nil))
 	}

 	// 执行命令