package ssl import ( "bytes" "crypto" "crypto/ecdsa" "crypto/elliptic" "crypto/rand" "crypto/rsa" "crypto/x509" "crypto/x509/pkix" "encoding/json" "encoding/pem" "fmt" "github.com/go-acme/lego/v4/providers/dns/cloudflare" "os" "path" "testing" "time" "github.com/1Panel-dev/1Panel/backend/utils/files" "gopkg.in/yaml.v3" "github.com/go-acme/lego/v4/acme/api" "github.com/go-acme/lego/v4/certcrypto" "github.com/go-acme/lego/v4/certificate" "github.com/go-acme/lego/v4/challenge" "github.com/go-acme/lego/v4/challenge/dns01" "github.com/go-acme/lego/v4/lego" "github.com/go-acme/lego/v4/registration" "log" ) type AppList struct { Version string `json:"version"` Tags []Tag `json:"tags"` Items []AppDefine `json:"items"` } type NewAppDefine struct { Name string `yaml:"name"` Tags []string `yaml:"tags"` Title string `yaml:"title"` Type string `yaml:"type"` Description string `yaml:"description"` AdditionalProperties AppDefine `yaml:"additionalProperties"` } type NewAppConfig struct { AdditionalProperties map[string]interface{} `yaml:"additionalProperties"` } type AppDefine struct { Key string `json:"key" yaml:"key"` Name string `json:"name" yaml:"name"` Tags []string `json:"tags" yaml:"tags"` Versions []string `json:"versions" yaml:"-"` ShortDescZh string `json:"shortDescZh" yaml:"shortDescZh"` ShortDescEn string `json:"shortDescEn" yaml:"shortDescEn"` Type string `json:"type" yaml:"type"` CrossVersionUpdate bool `json:"crossVersionUpdate" yaml:"crossVersionUpdate"` Limit int `json:"limit" yaml:"limit"` Recommend int `json:"recommend" yaml:"recommend"` Website string `json:"website" yaml:"website"` Github string `json:"github" yaml:"github"` Document string `json:"document" yaml:"document"` } type Tag struct { Key string `json:"key" yaml:"key"` Name string `json:"name" yaml:"name"` } func getTagName(key string, tags []Tag) string { result := "应用" for _, tag := range tags { if tag.Key == key { return tag.Name } } return result } func TestAppToV2(t *testing.T) { oldDir := "/Users/wangzhengkun/projects/github.com/1Panel-dev/appstore/apps" newDir := "/Users/wangzhengkun/projects/github.com/1Panel-dev/appstore/apps_new" listJsonDir := path.Join(oldDir, "list.json") fileOp := files.NewFileOp() content, err := fileOp.GetContent(listJsonDir) if err != nil { panic(err) } appList := &AppList{} if err = json.Unmarshal(content, appList); err != nil { panic(err) } for _, appDefine := range appList.Items { newAppDefine := &NewAppDefine{ Name: appDefine.Name, Tags: []string{getTagName(appDefine.Tags[0], appList.Tags)}, Type: getTagName(appDefine.Tags[0], appList.Tags), Title: appDefine.ShortDescZh, Description: appDefine.ShortDescZh, AdditionalProperties: appDefine, } yamlContent, err := yaml.Marshal(newAppDefine) if err != nil { panic(err) } oldAppDir := oldDir + "/" + appDefine.Key newAppDir := newDir + "/" + appDefine.Key if !fileOp.Stat(newAppDir) { if err := fileOp.CreateDir(newAppDir, 0755); err != nil { panic(err) } } // logo oldLogoPath := oldAppDir + "/metadata/logo.png" if err := fileOp.CopyFile(oldLogoPath, newAppDir); err != nil { panic(err) } for _, version := range appDefine.Versions { oldVersionDir := oldAppDir + "/versions/" + version if err := fileOp.CopyDir(oldVersionDir, newAppDir); err != nil { panic(err) } oldConfigPath := oldVersionDir + "/config.json" configContent, err := fileOp.GetContent(oldConfigPath) if err != nil { panic(err) } var result map[string]interface{} if err := json.Unmarshal(configContent, &result); err != nil { panic(err) } newConfigD := &NewAppConfig{} newConfigD.AdditionalProperties = result configYamlByte, err := yaml.Marshal(newConfigD) if err != nil { panic(err) } newVersionDir := newAppDir + "/" + version if err := fileOp.WriteFile(newVersionDir+"/data.yml", bytes.NewReader(configYamlByte), 0755); err != nil { panic(err) } if err := fileOp.WriteFile(newAppDir+"/data.yml", bytes.NewReader(yamlContent), 0755); err != nil { panic(err) } _ = fileOp.DeleteFile(newVersionDir + "/config.json") oldReadMefile := newVersionDir + "/README.md" _ = fileOp.Cut([]string{oldReadMefile}, newAppDir, "", false) _ = fileOp.DeleteFile(oldReadMefile) } } } func TestCreatePrivate(t *testing.T) { priKey, err := rsa.GenerateKey(rand.Reader, 2048) if err != nil { panic(err) } derStream := x509.MarshalPKCS1PrivateKey(priKey) block := &pem.Block{ Type: "privateKey", Bytes: derStream, } file, err := os.Create("private.key") if err != nil { return } if err = pem.Encode(file, block); err != nil { return } } func TestSSL(t *testing.T) { priKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { log.Fatalf("Failed to generate private key: %v", err) } myUser := AcmeUser{ Email: "you2@yours.com", Key: priKey, } config := lego.NewConfig(&myUser) //config.CADirURL = "https://acme-v02.api.letsencrypt.org/directory" config.CADirURL = "https://acme-staging-v02.api.letsencrypt.org/directory" config.CADirURL = "https://acme.zerossl.com/v2/DV90" config.UserAgent = "acm_go/0.0.1" config.Certificate.KeyType = certcrypto.RSA2048 //config.HTTPClient = httpClient client, err := lego.NewClient(config) if err != nil { panic(err) } reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) if err != nil { panic(err) } myUser.Registration = reg //获取证书 //certificates, err := client.Certificate.Get("https://acme-v02.api.letsencrypt.org/acme/cert/049cb98a8b3ea5a73f08dcdcf89263af8323", true) //if err != nil { // panic(err) //} //certificates, err = client.Certificate.Renew(*certificates, true, true, "") //if err != nil { // panic(err) //} //申请证书 ewDomain := "tuxpanel.com" request := certificate.ObtainRequest{ Domains: []string{ewDomain}, // 证书链 Bundle: true, } err = client.Challenge.SetDNS01Provider(&manualDnsProvider{}, dns01.AddDNSTimeout(6*time.Minute)) if err != nil { panic(err) } core, err := api.New(config.HTTPClient, config.UserAgent, config.CADirURL, reg.URI, priKey) if err != nil { panic(err) } order, err := core.Orders.New([]string{ewDomain}) if err != nil { panic(err) } auth, err := core.Authorizations.Get(order.Authorizations[0]) if err != nil { panic(err) } domain := challenge.GetTargetedDomain(auth) chlng, err := challenge.FindChallenge(challenge.DNS01, auth) if err != nil { panic(err) } keyAuth, err := core.GetKeyAuthorization(chlng.Token) if err != nil { panic(err) } fqdn, value := dns01.GetRecord(domain, keyAuth) fmt.Println("fqdn", fqdn, value) // //keyAuth, err := client.Challenge.core.GetKeyAuthorization(chlng.Token) //if err != nil { // panic(err) //} // //httpProvider, err := webroot.NewHTTPProvider("/opt/1Panel/data/apps/nginx/nginx-1/www/wwwroot") //if err != nil { // panic(err) //} // //err = client.Challenge.SetHTTP01Provider(httpProvider) //if err != nil { // panic(err) //} //err = client.Challenge.SetTLSALPN01Provider(tlsalpn01.NewProviderServer("43.142.178.16", "443")) //if err != nil { // panic(err) //} certificates, err := client.Certificate.Obtain(request) if err != nil { panic(err) } fmt.Println("---private---") fmt.Println(string(certificates.PrivateKey)) fmt.Println("---.pem---") fmt.Println(string(certificates.Certificate)) fmt.Println("---.domain---") fmt.Println(certificates.Domain) fmt.Println("---.certUrl---") fmt.Println(certificates.CertURL) fmt.Println("---.csr---") fmt.Println(certificates.CSR) fmt.Println("---.cert string---") fmt.Println(string(certificates.IssuerCertificate)) cer1, _ := pem.Decode(certificates.Certificate) cert, err := x509.ParseCertificate(cer1.Bytes) if err != nil { panic(err) } fmt.Println(cert) cer2, _ := pem.Decode(certificates.IssuerCertificate) cert2, err := x509.ParseCertificate(cer2.Bytes) if err != nil { panic(err) } fmt.Println(cert2) } func generateCSR(privateKey crypto.PrivateKey, domain string) ([]byte, error) { // 创建证书请求的模板 template := x509.CertificateRequest{ Subject: pkix.Name{ CommonName: domain, }, SignatureAlgorithm: x509.ECDSAWithSHA256, } // 生成 CSR csrBytes, err := x509.CreateCertificateRequest(rand.Reader, &template, privateKey) if err != nil { return nil, err } // 将 CSR 编码为 PEM 格式 csrPEM := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE REQUEST", Bytes: csrBytes}) // 这里可以将 CSR 写入文件或者返回 err = os.WriteFile("csr.pem", csrPEM, 0644) if err != nil { return nil, err } return csrPEM, nil } func TestZeroSSL(t *testing.T) { //switch accountType { //case "letsencrypt": // config.CADirURL = "https://acme-staging-v02.api.letsencrypt.org/directory" //case "zerossl": // config.CADirURL = "https://acme.zerossl.com/v2/DV90" //case "buypass": // config.CADirURL = "https://api.test4.buypass.no/acme/directory" //} domain := "1panel.store" acmeServer := "https://acme.zerossl.com/v2/DV90" //acmeServer = "https://api.test4.buypass.no/acme/directory" // //acmeServer = "https://api.buypass.com/acme/directory" priKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { log.Fatalf("Failed to generate private key: %v", err) } user := AcmeUser{ Email: "zhengkunwang123@sina.com", Key: priKey, } config := lego.NewConfig(&user) // 设置ACME服务器URL config.CADirURL = acmeServer config.Certificate.KeyType = certcrypto.RSA2048 config.UserAgent = "acm_go/0.0.1" // 创建ACME客户端 client, err := lego.NewClient(config) if err != nil { log.Fatal(err) } // ZeroSSl kid := "xv1T5Ybi4G2otJlbCTVHjg" hmacEncoded := "pc-mEroSmg2quRpVr7e4L5YWzhm5mSDlk4_ivMUBzAkDjbym3Y6g7RLhR1joQH-JP94qy3PEczKVfw7QSLoh8A" eabOptions := registration.RegisterEABOptions{ TermsOfServiceAgreed: true, Kid: kid, HmacEncoded: hmacEncoded, } reg, err := client.Registration.RegisterWithExternalAccountBinding(eabOptions) if err != nil { log.Fatal(err) } // ZeroSSl //reg, err := client.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: true}) //if err != nil { // log.Fatal(err) //} user.Registration = reg cloudflareConfig := cloudflare.NewDefaultConfig() cloudflareConfig.AuthEmail = "zhengkunwang123@sina.com" cloudflareConfig.AuthKey = "c29c0d604897ec1c5c7f14746623524bf040a" p, err := cloudflare.NewDNSProviderConfig(cloudflareConfig) if err != nil { log.Fatal(err) } if err := client.Challenge.SetDNS01Provider(p, dns01.AddDNSTimeout(3*time.Minute)); err != nil { log.Fatal(err) } // 申请证书 pk, err := certcrypto.GeneratePrivateKey(certcrypto.EC256) if err != nil { return } request := certificate.ObtainRequest{ Domains: []string{domain}, Bundle: true, PrivateKey: pk, } certificates, err := client.Certificate.Obtain(request) if err != nil { log.Fatal(err) } // 保存证书 err = os.WriteFile("certificate.crt", certificates.Certificate, 0644) if err != nil { log.Fatal(err) } err = os.WriteFile("private.key", certificates.PrivateKey, 0644) if err != nil { log.Fatal(err) } } func TestGetEABCre(t *testing.T) { res, err := getZeroSSLEabCredentials("zen@11.com") if err != nil { panic(err) } fmt.Printf("%v", res) }