From 9945425f99cb99c68ab2efd6c0f46646b11dd949 Mon Sep 17 00:00:00 2001 From: Mr Chen Date: Sun, 10 Nov 2024 18:28:34 +0800 Subject: [PATCH] update --- class/core/mw.py | 6 ++--- web/admin/site/ssl.py | 9 +++++++ web/core/mw.py | 62 +++++++++++++++++++++++++++++++++++++++++++ web/utils/site.py | 58 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 131 insertions(+), 4 deletions(-) diff --git a/class/core/mw.py b/class/core/mw.py index 99fe840ab..40bc1771f 100755 --- a/class/core/mw.py +++ b/class/core/mw.py @@ -1832,11 +1832,9 @@ def getCertName(certPath): if hasattr(issuer, 'O'): result['issuer'] = issuer.O # 取到期时间 - result['notAfter'] = strfDate( - bytes.decode(x509.get_notAfter())[:-1]) + result['notAfter'] = strfDate(bytes.decode(x509.get_notAfter())[:-1]) # 取申请时间 - result['notBefore'] = strfDate( - bytes.decode(x509.get_notBefore())[:-1]) + result['notBefore'] = strfDate(bytes.decode(x509.get_notBefore())[:-1]) # 取可选名称 result['dns'] = [] for i in range(x509.get_extension_count()): diff --git a/web/admin/site/ssl.py b/web/admin/site/ssl.py index 7c9b0ad82..23d98e958 100644 --- a/web/admin/site/ssl.py +++ b/web/admin/site/ssl.py @@ -25,6 +25,15 @@ import thisdb from .site import blueprint +# 删除代理配置 +@blueprint.route('/get_ssl', endpoint='get_ssl', methods=['POST']) +@panel_login_required +def get_ssl(): + site_name = request.form.get('site_name', '') + ssl_type = request.form.get('ssl_type', '') + return MwSites.instance().getSsl(site_name, ssl_type) + + diff --git a/web/core/mw.py b/web/core/mw.py index f723c7bbd..60342257e 100644 --- a/web/core/mw.py +++ b/web/core/mw.py @@ -1175,6 +1175,68 @@ def getMyORM(): # 数据库 START # --------------------------------------------------------------------------------- +##################### ssl start ######################################### +# 获取证书名称 +def getCertName(certPath): + if not os.path.exists(certPath): + return None + try: + import OpenSSL + result = {} + x509 = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, readFile(certPath)) + # 取产品名称 + issuer = x509.get_issuer() + result['issuer'] = '' + if hasattr(issuer, 'CN'): + result['issuer'] = issuer.CN + if not result['issuer']: + is_key = [b'0', '0'] + issue_comp = issuer.get_components() + if len(issue_comp) == 1: + is_key = [b'CN', 'CN'] + for iss in issue_comp: + if iss[0] in is_key: + result['issuer'] = iss[1].decode() + break + if not result['issuer']: + if hasattr(issuer, 'O'): + result['issuer'] = issuer.O + # 取到期时间 + result['notAfter'] = strfDate( + bytes.decode(x509.get_notAfter())[:-1]) + # 取申请时间 + result['notBefore'] = strfDate( + bytes.decode(x509.get_notBefore())[:-1]) + # 取可选名称 + result['dns'] = [] + for i in range(x509.get_extension_count()): + s_name = x509.get_extension(i) + if s_name.get_short_name() in [b'subjectAltName', 'subjectAltName']: + s_dns = str(s_name).split(',') + for d in s_dns: + result['dns'].append(d.split(':')[1]) + subject = x509.get_subject().get_components() + # 取主要认证名称 + if len(subject) == 1: + result['subject'] = subject[0][1].decode() + else: + if not result['dns']: + for sub in subject: + if sub[0] == b'CN': + result['subject'] = sub[1].decode() + break + if 'subject' in result: + result['dns'].append(result['subject']) + else: + result['subject'] = result['dns'][0] + result['endtime'] = int(int(time.mktime(time.strptime( + result['notAfter'], "%Y-%m-%d")) - time.time()) / 86400) + return result + except Exception as e: + writeFileLog(getTracebackInfo()) + return None +##################### ssl end ######################################### + ##################### notify start ######################################### diff --git a/web/utils/site.py b/web/utils/site.py index f876760f2..8445e960d 100644 --- a/web/utils/site.py +++ b/web/utils/site.py @@ -1290,6 +1290,64 @@ location ^~ {from} {\n\ return mw.returnData(True, "删除反代成功!") + + # 是否跳转到https + def isToHttps(self, site_name): + file = self.getHostConf(site_name) + conf = mw.readFile(file) + if conf: + # if conf.find('HTTP_TO_HTTPS_START') != -1: + # return True + if conf.find('$server_port !~ 443') != -1: + return True + return False + + def getSsl(self, site_name, ssl_type): + + path = self.sslDir + '/' + site_name + + file = self.getHostConf(site_name) + content = mw.readFile(file) + + key_text = 'ssl_certificate' + status = True + stype = 0 + if content.find(key_text) == -1: + status = False + stype = -1 + + to_https = self.isToHttps(site_name) + + sid = mw.M('sites').where("name=?", (site_name,)).getField('id') + domains = mw.M('domain').where("pid=?", (sid,)).field('name').select() + + csr_path = path + '/fullchain.pem' # 生成证书路径 + key_path = path + '/privkey.pem' # 密钥文件路径 + + cert_data = None + if ssl_type == 'lets': + csr_path = self.sslLetsDir + '/' + site_name + '/fullchain.pem' # 生成证书路径 + key_path = self.sslLetsDir + '/' + site_name + '/privkey.pem' # 密钥文件路径 + elif ssl_type == 'acme': + acme_dir = mw.getAcmeDomainDir(site_name) + csr_path = acme_dir + '/fullchain.cer' # 生成证书路径 + key_path = acme_dir + '/' + site_name + '.key' # 密钥文件路径 + + key = mw.readFile(key_path) + csr = mw.readFile(csr_path) + cert_data = mw.getCertName(csr_path) + data = { + 'status': status, + 'domain': domains, + 'key': key, + 'csr': csr, + 'type': stype, + 'httpTohttps': to_https, + 'cert_data': cert_data, + } + return mw.returnData(True, 'OK', data) + + def setPhpVersion(self, siteName, version): # nginx file = self.getHostConf(siteName)