feat: 续签证书不重置私钥 (#5458)

Refs https://github.com/1Panel-dev/1Panel/issues/5314
2025-03-13 17:24:44 +08:00 · 2024-06-14 16:20:39 +08:00 · 2024-06-14 16:20:39 +08:00 · 25b0725570
commit 25b0725570
parent 2513c10d22
2 changed files with 29 additions and 5 deletions
--- a/backend/app/service/website_ssl.go
+++ b/backend/app/service/website_ssl.go
@ -2,6 +2,7 @@ package service

 import (
 	"context"
+	"crypto"
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
@ -226,9 +227,32 @@ func (w WebsiteSSLService) ObtainSSL(apply request.WebsiteSSLApply) error {
 		domains = append(domains, strings.Split(websiteSSL.Domains, ",")...)
 	}

-	privateKey, err := certcrypto.GeneratePrivateKey(ssl.KeyType(websiteSSL.KeyType))
-	if err != nil {
-		return err
+	var privateKey crypto.PrivateKey
+	if websiteSSL.PrivateKey == "" {
+		privateKey, err = certcrypto.GeneratePrivateKey(ssl.KeyType(websiteSSL.KeyType))
+		if err != nil {
+			return err
+		}
+	} else {
+		block, _ := pem.Decode([]byte(websiteSSL.PrivateKey))
+		if block == nil {
+			return buserr.New("invalid PEM block")
+		}
+		var privKey crypto.PrivateKey
+		keyType := ssl.KeyType(websiteSSL.KeyType)
+		switch keyType {
+		case certcrypto.EC256, certcrypto.EC384:
+			privKey, err = x509.ParseECPrivateKey(block.Bytes)
+			if err != nil {
+				return nil
+			}
+		case certcrypto.RSA2048, certcrypto.RSA3072, certcrypto.RSA4096:
+			privKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
+			if err != nil {
+				return nil
+			}
+		}
+		privateKey = privKey
 	}

 	websiteSSL.Status = constant.SSLApply
@ -382,7 +406,7 @@ func (w WebsiteSSLService) Update(update request.WebsiteSSLUpdate) error {
 	updateParams["primary_domain"] = update.PrimaryDomain
 	updateParams["description"] = update.Description
 	updateParams["provider"] = update.Provider
-	updateParams["key_type"] = update.KeyType
+	//updateParams["key_type"] = update.KeyType
 	updateParams["push_dir"] = update.PushDir
 	updateParams["disable_cname"] = update.DisableCNAME
 	updateParams["skip_dns"] = update.SkipDNS
--- a/frontend/src/views/website/ssl/create/index.vue
+++ b/frontend/src/views/website/ssl/create/index.vue
@ -53,7 +53,7 @@
                        </el-select>
                    </el-form-item>
                    <el-form-item :label="$t('website.keyType')" prop="keyType">
-                        <el-select v-model="ssl.keyType">
+                        <el-select v-model="ssl.keyType" :disabled="operate == 'edit'">
                            <el-option
                                v-for="(keyType, index) in KeyTypes"
                                :key="index"