201 lines
7.3 KiB
PHP
201 lines
7.3 KiB
PHP
<?php
|
||
|
||
namespace app\lib\cert;
|
||
|
||
use app\lib\CertInterface;
|
||
use app\lib\client\TencentCloud;
|
||
use Exception;
|
||
|
||
class tencent implements CertInterface
|
||
{
|
||
private $SecretId;
|
||
private $SecretKey;
|
||
private $email;
|
||
private $endpoint = "ssl.tencentcloudapi.com";
|
||
private $service = "ssl";
|
||
private $version = "2019-12-05";
|
||
private $logger;
|
||
private $proxy;
|
||
private TencentCloud $client;
|
||
|
||
public function __construct($config, $ext = null)
|
||
{
|
||
$this->SecretId = $config['SecretId'];
|
||
$this->SecretKey = $config['SecretKey'];
|
||
$this->proxy = isset($config['proxy']) ? $config['proxy'] == 1 : false;
|
||
$this->client = new TencentCloud($this->SecretId, $this->SecretKey, $this->endpoint, $this->service, $this->version, null, $this->proxy);
|
||
$this->email = $config['email'];
|
||
}
|
||
|
||
public function register()
|
||
{
|
||
if (empty($this->SecretId) || empty($this->SecretKey) || empty($this->email)) throw new Exception('必填参数不能为空');
|
||
$this->request('DescribeCertificates', []);
|
||
return true;
|
||
}
|
||
|
||
public function buyCert($domainList, &$order) {}
|
||
|
||
public function createOrder($domainList, &$order, $keytype, $keysize)
|
||
{
|
||
if (empty($domainList)) throw new Exception('域名列表不能为空');
|
||
$domain = $domainList[0];
|
||
$param = [
|
||
'DvAuthMethod' => 'DNS',
|
||
'DomainName' => $domain,
|
||
'ContactEmail' => $this->email,
|
||
'CsrEncryptAlgo' => $keytype,
|
||
'CsrKeyParameter' => $keytype == 'ECC' ? 'prime256v1' : '2048',
|
||
];
|
||
$data = $this->request('ApplyCertificate', $param);
|
||
if (empty($data['CertificateId'])) throw new Exception('证书申请失败,CertificateId为空');
|
||
$order['CertificateId'] = $data['CertificateId'];
|
||
|
||
$param = [
|
||
'CertificateId' => $order['CertificateId'],
|
||
];
|
||
$data = $this->request('DescribeCertificate', $param);
|
||
$order['OrderId'] = $data['OrderId'];
|
||
|
||
$dnsList = [];
|
||
if (!empty($data['DvAuthDetail']['DvAuths'])) {
|
||
foreach ($data['DvAuthDetail']['DvAuths'] as $opts) {
|
||
$mainDomain = getMainDomain($opts['DvAuthKey']);
|
||
$name = substr($opts['DvAuthKey'], 0, -(strlen($mainDomain) + 1));
|
||
$dnsList[$mainDomain][] = ['name' => $name, 'type' => $opts['DvAuthVerifyType'] ?? 'CNAME', 'value' => $opts['DvAuthValue']];
|
||
}
|
||
}
|
||
|
||
return $dnsList;
|
||
}
|
||
|
||
public function authOrder($domainList, $order)
|
||
{
|
||
$param = [
|
||
'CertificateId' => $order['CertificateId'],
|
||
];
|
||
$data = $this->request('DescribeCertificate', $param);
|
||
if ($data['Status'] == 0 || $data['Status'] == 4) {
|
||
$this->request('CompleteCertificate', $param);
|
||
sleep(3);
|
||
}
|
||
}
|
||
|
||
public function getAuthStatus($domainList, $order)
|
||
{
|
||
$param = [
|
||
'CertificateId' => $order['CertificateId'],
|
||
];
|
||
$data = $this->request('DescribeCertificate', $param);
|
||
if ($data['Status'] == 1) {
|
||
return true;
|
||
} elseif ($data['Status'] == 2) {
|
||
throw new Exception('证书审核失败' . (empty($data['StatusMsg'] ? '' : ':' . $data['StatusMsg'])));
|
||
} else {
|
||
return false;
|
||
}
|
||
}
|
||
|
||
public function finalizeOrder($domainList, $order, $keytype, $keysize)
|
||
{
|
||
$param = [
|
||
'CertificateIds' => [$order['CertificateId']],
|
||
'SwitchStatus' => 1,
|
||
];
|
||
$this->request('ModifyCertificatesExpiringNotificationSwitch', $param);
|
||
|
||
if (!is_dir(app()->getRuntimePath() . 'cert')) mkdir(app()->getRuntimePath() . 'cert');
|
||
$param = [
|
||
'CertificateId' => $order['CertificateId'],
|
||
'ServiceType' => 'nginx',
|
||
];
|
||
$data = $this->request('DescribeDownloadCertificateUrl', $param);
|
||
$file_data = http_request($data['DownloadCertificateUrl'], null, null, null, null, $this->proxy);
|
||
$file_data = $file_data['body'] ?? null;
|
||
if (empty($file_data)) throw new Exception('下载证书失败');
|
||
$file_path = app()->getRuntimePath() . 'cert/' . $data['DownloadFilename'];
|
||
$file_name = substr($data['DownloadFilename'], 0, -4);
|
||
file_put_contents($file_path, $file_data);
|
||
|
||
$zip = new \ZipArchive;
|
||
if ($zip->open($file_path) === true) {
|
||
$zip->extractTo(app()->getRuntimePath() . 'cert/');
|
||
$zip->close();
|
||
} else {
|
||
throw new Exception('解压证书失败');
|
||
}
|
||
$cert_dir = app()->getRuntimePath() . 'cert/' . $file_name;
|
||
|
||
$items = scandir($cert_dir);
|
||
if ($items === false) throw new Exception('解压后的证书文件夹不存在');
|
||
$private_key = null;
|
||
$fullchain = null;
|
||
foreach ($items as $item) {
|
||
if (substr($item, -4) == '.key') {
|
||
$private_key = file_get_contents($cert_dir . '/' . $item);
|
||
} elseif (substr($item, -4) == '.crt') {
|
||
$fullchain = file_get_contents($cert_dir . '/' . $item);
|
||
}
|
||
}
|
||
if (empty($private_key) || empty($fullchain)) throw new Exception('解压后的证书文件夹内未找到证书文件');
|
||
|
||
clearDirectory($cert_dir);
|
||
rmdir($cert_dir);
|
||
unlink($file_path);
|
||
|
||
$certInfo = openssl_x509_parse($fullchain, true);
|
||
if (!$certInfo) throw new Exception('证书解析失败');
|
||
return ['private_key' => $private_key, 'fullchain' => $fullchain, 'issuer' => $certInfo['issuer']['CN'], 'subject' => $certInfo['subject']['CN'], 'validFrom' => $certInfo['validFrom_time_t'], 'validTo' => $certInfo['validTo_time_t']];
|
||
}
|
||
|
||
public function revoke($order, $pem)
|
||
{
|
||
$param = [
|
||
'CertificateId' => $order['CertificateId'],
|
||
];
|
||
$action = 'RevokeCertificate';
|
||
$data = $this->request($action, $param);
|
||
|
||
if (!empty($data['RevokeDomainValidateAuths'])) {
|
||
$dnsList = [];
|
||
foreach ($data['RevokeDomainValidateAuths'] as $opts) {
|
||
$mainDomain = getMainDomain($opts['DomainValidateAuthKey']);
|
||
$name = substr($opts['DomainValidateAuthKey'], 0, -(strlen($mainDomain) + 1));
|
||
$dnsList[$mainDomain][] = ['name' => $name, 'type' => 'TXT', 'value' => $opts['DomainValidateAuthValue']];
|
||
}
|
||
\app\utils\CertDnsUtils::addDns($dnsList, function ($txt) {
|
||
$this->log($txt);
|
||
});
|
||
}
|
||
}
|
||
|
||
public function cancel($order)
|
||
{
|
||
$param = [
|
||
'CertificateId' => $order['CertificateId'],
|
||
];
|
||
$action = 'CancelAuditCertificate';
|
||
$this->request($action, $param);
|
||
}
|
||
|
||
public function setLogger($func)
|
||
{
|
||
$this->logger = $func;
|
||
}
|
||
|
||
private function log($txt)
|
||
{
|
||
if ($this->logger) {
|
||
call_user_func($this->logger, $txt);
|
||
}
|
||
}
|
||
|
||
private function request($action, $param)
|
||
{
|
||
$this->log('Action:' . $action . PHP_EOL . 'Request:' . json_encode($param, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
|
||
$result = $this->client->request($action, $param);
|
||
$this->log('Response:' . json_encode($result, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES));
|
||
return $result;
|
||
}
|
||
}
|