feat: 优化证书信息获取

2026-02-04 13:47:15 +08:00 · 2024-06-23 02:42:01 +08:00
parent 55eaa26970
commit 10439d7d97
2 changed files with 26 additions and 28 deletions
--- a/app/console/commands/cert_renew.go
+++ b/app/console/commands/cert_renew.go
@@ -2,8 +2,6 @@ package commands

 import (
 	"context"
-	"crypto/x509"
-	"encoding/pem"

 	"github.com/goravel/framework/contracts/console"
 	"github.com/goravel/framework/contracts/console/command"
@@ -12,6 +10,7 @@ import (

 	"github.com/TheTNB/panel/app/models"
 	"github.com/TheTNB/panel/internal/services"
+	panelcert "github.com/TheTNB/panel/pkg/cert"
 	"github.com/TheTNB/panel/pkg/types"
 )

@@ -54,18 +53,15 @@ func (receiver *CertRenew) Handle(console.Context) error {
 			continue
 		}

-		block, _ := pem.Decode([]byte(cert.Cert))
-		if block != nil {
-			data, err := x509.ParseCertificate(block.Bytes)
-			if err != nil {
-				continue
-			}
+		decode, err := panelcert.ParseCert(cert.Cert)
+		if err != nil {
+			continue
+		}

-			// 结束时间大于 7 天的证书不续签
-			endTime := carbon.FromStdTime(data.NotAfter)
-			if endTime.Gt(carbon.Now().AddDays(7)) {
-				continue
-			}
+		// 结束时间大于 7 天的证书不续签
+		endTime := carbon.FromStdTime(decode.NotAfter)
+		if endTime.Gt(carbon.Now().AddDays(7)) {
+			continue
 		}

 		certService := services.NewCertImpl()
--- a/internal/services/website.go
+++ b/internal/services/website.go
@@ -2,8 +2,6 @@
 package services

 import (
-	"crypto/x509"
-	"encoding/pem"
 	"errors"
 	"fmt"
 	"regexp"
@@ -16,6 +14,7 @@ import (
 	requests "github.com/TheTNB/panel/app/http/requests/website"
 	"github.com/TheTNB/panel/app/models"
 	"github.com/TheTNB/panel/internal"
+	"github.com/TheTNB/panel/pkg/cert"
 	"github.com/TheTNB/panel/pkg/io"
 	"github.com/TheTNB/panel/pkg/shell"
 	"github.com/TheTNB/panel/pkg/str"
@@ -452,6 +451,14 @@ func (r *WebsiteImpl) SaveConfig(config requests.SaveConfig) error {
 	// SSL
 	ssl := config.Ssl
 	website.Ssl = ssl
+	if ssl {
+		if _, err = cert.ParseCert(config.SslCertificate); err != nil {
+			return errors.New("TLS证书格式错误")
+		}
+		if _, err = cert.ParseKey(config.SslCertificateKey); err != nil {
+			return errors.New("TLS私钥格式错误")
+		}
+	}
 	if err = io.Write("/www/server/vhost/ssl/"+website.Name+".pem", config.SslCertificate, 0644); err != nil {
 		return err
 	}
@@ -620,25 +627,20 @@ func (r *WebsiteImpl) GetConfig(id uint) (types.WebsiteSetting, error) {
 		setting.OpenBasedir = false
 	}

-	cert, _ := io.Read("/www/server/vhost/ssl/" + website.Name + ".pem")
-	setting.SslCertificate = cert
+	crt, _ := io.Read("/www/server/vhost/ssl/" + website.Name + ".pem")
+	setting.SslCertificate = crt
 	key, _ := io.Read("/www/server/vhost/ssl/" + website.Name + ".key")
 	setting.SslCertificateKey = key
 	if setting.Ssl {
 		ssl := str.Cut(config, "# ssl标记位开始", "# ssl标记位结束")
 		setting.HttpRedirect = strings.Contains(ssl, "# http重定向标记位")
 		setting.Hsts = strings.Contains(ssl, "# hsts标记位")
-
-		block, _ := pem.Decode([]byte(cert))
-		if block != nil {
-			cert, err := x509.ParseCertificate(block.Bytes)
-			if err == nil {
-				setting.SslNotBefore = cert.NotBefore.Format("2006-01-02 15:04:05")
-				setting.SslNotAfter = cert.NotAfter.Format("2006-01-02 15:04:05")
-				setting.SslIssuer = cert.Issuer.CommonName
-				setting.SslOCSPServer = cert.OCSPServer
-				setting.SSlDNSNames = cert.DNSNames
-			}
+		if decode, err := cert.ParseCert(crt); err == nil {
+			setting.SslNotBefore = decode.NotBefore.Format("2006-01-02 15:04:05")
+			setting.SslNotAfter = decode.NotAfter.Format("2006-01-02 15:04:05")
+			setting.SslIssuer = decode.Issuer.CommonName
+			setting.SslOCSPServer = decode.OCSPServer
+			setting.SSlDNSNames = decode.DNSNames
 		}
 	} else {
 		setting.HttpRedirect = false