336 lines
12 KiB
PHP
336 lines
12 KiB
PHP
<?php
|
|
|
|
namespace app\lib\deploy;
|
|
|
|
use app\lib\DeployInterface;
|
|
use app\lib\CertHelper;
|
|
use Exception;
|
|
|
|
class btpanel implements DeployInterface
|
|
{
|
|
private $logger;
|
|
private $url;
|
|
private $key;
|
|
private $version;
|
|
private $proxy;
|
|
|
|
public function __construct($config)
|
|
{
|
|
$this->url = rtrim($config['url'], '/');
|
|
$this->key = $config['key'];
|
|
$this->version = isset($config['version']) ? intval($config['version']) : 0;
|
|
$this->proxy = $config['proxy'] == 1;
|
|
}
|
|
|
|
public function check()
|
|
{
|
|
if (empty($this->url) || empty($this->key)) throw new Exception('请填写面板地址和接口密钥');
|
|
|
|
if ($this->version == 1) {
|
|
$path = '/config/get_config';
|
|
$response = $this->request($path, []);
|
|
$result = json_decode($response, true);
|
|
if (isset($result['panel']['status']) && $result['panel']['status']) {
|
|
return true;
|
|
} else {
|
|
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
|
|
}
|
|
} else {
|
|
$path = '/config?action=get_config';
|
|
$response = $this->request($path, []);
|
|
$result = json_decode($response, true);
|
|
if (isset($result['status']) && ($result['status'] == 1 || isset($result['sites_path']))) {
|
|
return true;
|
|
} else {
|
|
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
|
|
}
|
|
}
|
|
}
|
|
|
|
public function deploy($fullchain, $privatekey, $config, &$info)
|
|
{
|
|
if ($config['type'] == '1') {
|
|
$this->deployPanel($fullchain, $privatekey);
|
|
$this->log("面板证书部署成功");
|
|
return;
|
|
}
|
|
|
|
$isIIS = $config['type'] == '0' && $this->version == 1 && isset($config['is_iis']) && $config['is_iis'] == '1';
|
|
if ($isIIS) {
|
|
$response = $this->request('/panel/get_config', []);
|
|
$result = json_decode($response, true);
|
|
if (isset($result['paths']['soft'])) {
|
|
if ($result['config']['webserver'] != 'iis') {
|
|
throw new Exception('当前安装的Web服务器不是IIS');
|
|
}
|
|
$panel_path = $result['paths']['soft'];
|
|
} else {
|
|
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
|
|
}
|
|
|
|
$pfx_dir = $panel_path . '/temp/ssl/' . getMillisecond();
|
|
$pfx_path = $pfx_dir . '/cert.pfx';
|
|
$pfx_password = '123456';
|
|
$pfx = CertHelper::getPfx($fullchain, $privatekey, $pfx_password);
|
|
$data = [
|
|
['name' => 'path', 'contents' => $pfx_dir],
|
|
['name' => 'filename', 'contents' => 'cert.pfx'],
|
|
['name' => 'size', 'contents' => strlen($pfx)],
|
|
['name' => 'start', 'contents' => '0'],
|
|
['name' => 'blob', 'filename' => 'cert.pfx', 'contents' => $pfx],
|
|
['name' => 'force', 'contents' => 'true'],
|
|
];
|
|
$response = $this->request('/files/upload', $data, true);
|
|
$result = json_decode($response, true);
|
|
if (isset($result['status']) && $result['status']) {
|
|
} else {
|
|
throw new Exception(isset($result['msg']) ? $result['msg'] : '面板地址无法连接');
|
|
}
|
|
}
|
|
|
|
$sites = explode("\n", $config['sites']);
|
|
$success = 0;
|
|
$errmsg = null;
|
|
foreach ($sites as $site) {
|
|
$siteName = trim($site);
|
|
if (empty($siteName)) continue;
|
|
if ($config['type'] == '3') {
|
|
try {
|
|
$this->deployDocker($siteName, $fullchain, $privatekey);
|
|
$this->log("Docker域名 {$siteName} 证书部署成功");
|
|
$success++;
|
|
} catch (Exception $e) {
|
|
$errmsg = $e->getMessage();
|
|
$this->log("Docker域名 {$siteName} 证书部署失败:" . $errmsg);
|
|
}
|
|
} elseif ($config['type'] == '2') {
|
|
try {
|
|
$this->deployMailSys($siteName, $fullchain, $privatekey);
|
|
$this->log("邮局域名 {$siteName} 证书部署成功");
|
|
$success++;
|
|
} catch (Exception $e) {
|
|
$errmsg = $e->getMessage();
|
|
$this->log("邮局域名 {$siteName} 证书部署失败:" . $errmsg);
|
|
}
|
|
} elseif ($isIIS) {
|
|
try {
|
|
$this->deployIISSite($siteName, $pfx_path, $pfx_password);
|
|
$this->log("域名 {$siteName} 证书部署成功");
|
|
$success++;
|
|
} catch (Exception $e) {
|
|
$errmsg = $e->getMessage();
|
|
$this->log("域名 {$siteName} 证书部署失败:" . $errmsg);
|
|
}
|
|
} else {
|
|
try {
|
|
$this->deploySite($siteName, $fullchain, $privatekey);
|
|
$this->log("网站 {$siteName} 证书部署成功");
|
|
$success++;
|
|
} catch (Exception $e) {
|
|
$errmsg = $e->getMessage();
|
|
$this->log("网站 {$siteName} 证书部署失败:" . $errmsg);
|
|
}
|
|
}
|
|
}
|
|
if ($success == 0) {
|
|
throw new Exception($errmsg ? $errmsg : '要部署的网站不存在');
|
|
}
|
|
}
|
|
|
|
private function deployPanel($fullchain, $privatekey)
|
|
{
|
|
if ($this->version == 1) {
|
|
$path = '/config/set_panel_ssl';
|
|
$data = [
|
|
'ssl_key' => $privatekey,
|
|
'ssl_pem' => $fullchain,
|
|
];
|
|
$response = $this->request($path, $data);
|
|
$result = json_decode($response, true);
|
|
if (isset($result['status']) && $result['status']) {
|
|
return true;
|
|
} elseif (isset($result['msg'])) {
|
|
throw new Exception($result['msg']);
|
|
} else {
|
|
throw new Exception($response ? $response : '返回数据解析失败');
|
|
}
|
|
} else {
|
|
$path = '/config?action=SavePanelSSL';
|
|
$data = [
|
|
'privateKey' => $privatekey,
|
|
'certPem' => $fullchain,
|
|
];
|
|
$response = $this->request($path, $data);
|
|
$result = json_decode($response, true);
|
|
if (isset($result['status']) && $result['status']) {
|
|
return true;
|
|
} elseif (isset($result['msg'])) {
|
|
throw new Exception($result['msg']);
|
|
} else {
|
|
throw new Exception($response ? $response : '返回数据解析失败');
|
|
}
|
|
}
|
|
}
|
|
|
|
private function deploySite($siteName, $fullchain, $privatekey)
|
|
{
|
|
if ($this->version == 1) {
|
|
$path = '/datalist/get_data_list';
|
|
$data = [
|
|
'table' => 'sites',
|
|
'search_type' => 'PHP',
|
|
'search' => $siteName,
|
|
'p' => 1,
|
|
'limit' => 10,
|
|
'type' => -1,
|
|
];
|
|
$response = $this->request($path, $data);
|
|
$result = json_decode($response, true);
|
|
if (isset($result['data'])) {
|
|
if (empty($result['data'])) throw new Exception("网站 {$siteName} 不存在");
|
|
$siteId = null;
|
|
foreach ($result['data'] as $item) {
|
|
if ($item['name'] == $siteName) {
|
|
$siteId = $item['id'];
|
|
break;
|
|
}
|
|
}
|
|
if (is_null($siteId)) throw new Exception("网站 {$siteName} 不存在");
|
|
$path = '/site/set_site_ssl';
|
|
$data = [
|
|
'siteid' => $siteId,
|
|
'status' => 'true',
|
|
'sslType' => '',
|
|
'cert' => $fullchain,
|
|
'key' => $privatekey,
|
|
];
|
|
$response = $this->request($path, $data);
|
|
$result = json_decode($response, true);
|
|
if (isset($result['status']) && $result['status']) {
|
|
return true;
|
|
} elseif (isset($result['msg'])) {
|
|
throw new Exception($result['msg']);
|
|
} else {
|
|
throw new Exception($response ? $response : '返回数据解析失败');
|
|
}
|
|
return true;
|
|
} elseif (isset($result['msg'])) {
|
|
throw new Exception($result['msg']);
|
|
} else {
|
|
throw new Exception($response ? $response : '返回数据解析失败');
|
|
}
|
|
} else {
|
|
$path = '/site?action=SetSSL';
|
|
$data = [
|
|
'type' => '0',
|
|
'siteName' => $siteName,
|
|
'key' => $privatekey,
|
|
'csr' => $fullchain,
|
|
];
|
|
$response = $this->request($path, $data);
|
|
$result = json_decode($response, true);
|
|
if (isset($result['status']) && $result['status']) {
|
|
return true;
|
|
} elseif (isset($result['msg'])) {
|
|
throw new Exception($result['msg']);
|
|
} else {
|
|
throw new Exception($response ? $response : '返回数据解析失败');
|
|
}
|
|
}
|
|
}
|
|
|
|
private function deployIISSite($domain, $pfx_path, $password = '123456')
|
|
{
|
|
$path = '/site/set_site_domain_ssl';
|
|
$data = [
|
|
'domain' => $domain,
|
|
'path' => $pfx_path,
|
|
'password' => $password,
|
|
];
|
|
$response = $this->request($path, $data);
|
|
$result = json_decode($response, true);
|
|
if (isset($result['status']) && $result['status']) {
|
|
return true;
|
|
} elseif (isset($result['msg'])) {
|
|
throw new Exception($result['msg']);
|
|
} else {
|
|
throw new Exception($response ? $response : '返回数据解析失败');
|
|
}
|
|
}
|
|
|
|
private function deployMailSys($domain, $fullchain, $privatekey)
|
|
{
|
|
$path = '/plugin?action=a&name=mail_sys&s=set_mail_certificate_multiple';
|
|
$data = [
|
|
'domain' => $domain,
|
|
'key' => $privatekey,
|
|
'csr' => $fullchain,
|
|
'act' => 'add',
|
|
];
|
|
$response = $this->request($path, $data);
|
|
$result = json_decode($response, true);
|
|
if (isset($result['status']) && $result['status']) {
|
|
return true;
|
|
} elseif (isset($result['msg'])) {
|
|
throw new Exception($result['msg']);
|
|
} else {
|
|
throw new Exception($response ? $response : '返回数据解析失败');
|
|
}
|
|
}
|
|
|
|
private function deployDocker($domain, $fullchain, $privatekey)
|
|
{
|
|
$path = '/mod/docker/com/set_ssl';
|
|
$data = [
|
|
'site_name' => $domain,
|
|
'key' => $privatekey,
|
|
'csr' => $fullchain,
|
|
];
|
|
$response = $this->request($path, $data);
|
|
$result = json_decode($response, true);
|
|
if (isset($result['status']) && $result['status']) {
|
|
return true;
|
|
} elseif (isset($result['msg'])) {
|
|
throw new Exception($result['msg']);
|
|
} else {
|
|
throw new Exception($response ? $response : '返回数据解析失败');
|
|
}
|
|
}
|
|
|
|
public function setLogger($func)
|
|
{
|
|
$this->logger = $func;
|
|
}
|
|
|
|
private function log($txt)
|
|
{
|
|
if ($this->logger) {
|
|
call_user_func($this->logger, $txt);
|
|
}
|
|
}
|
|
|
|
private function request($path, $params, $file = false)
|
|
{
|
|
$url = $this->url . $path;
|
|
|
|
$now_time = time();
|
|
$headers = [];
|
|
if ($file) {
|
|
$post_data = [
|
|
['name' => 'request_token', 'contents' => md5($now_time . md5($this->key))],
|
|
['name' => 'request_time', 'contents' => $now_time],
|
|
];
|
|
$post_data = array_merge($post_data, $params);
|
|
$headers['Content-Type'] = 'multipart/form-data';
|
|
} else {
|
|
$post_data = [
|
|
'request_token' => md5($now_time . md5($this->key)),
|
|
'request_time' => $now_time
|
|
];
|
|
$post_data = array_merge($post_data, $params);
|
|
}
|
|
$response = http_request($url, $post_data, null, null, $headers, $this->proxy);
|
|
return $response['body'];
|
|
}
|
|
}
|