fix: 证书私钥 EC 指示

2025-11-04 18:57:55 +08:00
parent 3bd45367b0
commit b58db855ca
4 changed files with 30 additions and 2 deletions
--- a/app/controller/Cert.php
+++ b/app/controller/Cert.php
@@ -304,6 +304,8 @@ class Cert extends BaseController
                    }
                }

+                $privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey);
+                
                $order = [
                    'aid' => 0,
                    'keytype' => $certInfo['keytype'],
@@ -367,6 +369,8 @@ class Cert extends BaseController
                if ($certInfo['code'] == -1) return json($certInfo);
                $domains = $certInfo['domains'];

+                $privatekey = CertHelper::ensureECPrivateKeyFormat($privatekey);
+                
                $order = [
                    'aid' => 0,
                    'keytype' => $certInfo['keytype'],
--- a/app/lib/CertHelper.php
+++ b/app/lib/CertHelper.php
@@ -407,6 +407,24 @@ location / {
        return false;
    }

+    /**
+     * 确保ECC私钥使用EC专用格式标识
+     * 某些程序需要EC标识才能正确识别ECC私钥
+     */
+    public static function ensureECPrivateKeyFormat($private_key)
+    {
+        if (strpos($private_key, '-----BEGIN EC PRIVATE KEY-----') !== false) {
+            return $private_key;
+        }
+        
+        if (strpos($private_key, '-----BEGIN PRIVATE KEY-----') !== false) {
+            $private_key = preg_replace('/^-----BEGIN PRIVATE KEY-----$/m', '-----BEGIN EC PRIVATE KEY-----', $private_key);
+            $private_key = preg_replace('/^-----END PRIVATE KEY-----$/m', '-----END EC PRIVATE KEY-----', $private_key);
+        }
+        
+        return $private_key;
+    }
+
    public static function getPfx($fullchain, $privatekey, $pwd = '123456')
    {
        openssl_pkcs12_export($fullchain, $pfx, $privatekey, $pwd);
--- a/app/lib/acme/ACMECert.php
+++ b/app/lib/acme/ACMECert.php
@@ -4,6 +4,7 @@ namespace app\lib\acme;

 use Exception;
 use stdClass;
+use app\lib\CertHelper;

 /**
 * ACMECert
@@ -368,10 +369,12 @@ class ACMECert extends ACMEv2
 		if (version_compare(PHP_VERSION, '7.1.0') < 0) throw new Exception('PHP >= 7.1.0 required for EC keys !');
 		$map = array('256' => 'prime256v1', '384' => 'secp384r1', '521' => 'secp521r1');
 		if (isset($map[$curve_name])) $curve_name = $map[$curve_name];
-		return $this->generateKey(array(
+		$pem = $this->generateKey(array(
 			'curve_name' => $curve_name,
 			'private_key_type' => OPENSSL_KEYTYPE_EC
 		));
+		
+		return CertHelper::ensureECPrivateKeyFormat($pem);
 	}

 	public function parseCertificate($cert_pem)
--- a/app/service/CertOrderService.php
+++ b/app/service/CertOrderService.php
@@ -342,7 +342,10 @@ class CertOrderService
            throw $e;
        }
        $this->order['issuer'] = $result['issuer'];
-        Db::name('cert_order')->where('id', $this->order['id'])->update(['fullchain' => $result['fullchain'], 'privatekey' => $result['private_key'], 'issuer' => $result['issuer'], 'issuetime' => date('Y-m-d H:i:s', $result['validFrom']), 'expiretime' => date('Y-m-d H:i:s', $result['validTo'])]);
+        
+        $private_key = CertHelper::ensureECPrivateKeyFormat($result['private_key']);
+        
+        Db::name('cert_order')->where('id', $this->order['id'])->update(['fullchain' => $result['fullchain'], 'privatekey' => $private_key, 'issuer' => $result['issuer'], 'issuetime' => date('Y-m-d H:i:s', $result['validFrom']), 'expiretime' => date('Y-m-d H:i:s', $result['validTo'])]);
        $this->saveResult(3);
        $this->resetRetry();
    }