新增多种签发机构

domain_admin/api/issue_certificate_api.py

@@ -17,6 +17,8 @@
 from domain_admin.service import issue_certificate_service
 from domain_admin.utils import ip_util, domain_util, fabric_util, datetime_util, validate_util
 from domain_admin.utils.acme_util.challenge_type import ChallengeType
+from domain_admin.utils.acme_util.key_type_enum import KEY_TYPE_OPTIONS, KeyTypeEnum
+from domain_admin.utils.acme_util.directory_type_enum import DIRECTORY_URL_OPTIONS, DirectoryTypeEnum
 from domain_admin.utils.flask_ext.app_exception import AppException
 from domain_admin.utils.open_api import aliyun_domain_api
 from domain_admin.utils.open_api.aliyun_domain_api import RecordTypeEnum
@@ -30,8 +32,15 @@ def issue_certificate():
     current_user_id = g.user_id
 
     domains = request.json['domains']
-
-    issue_certificate_id = issue_certificate_service.issue_certificate(domains, current_user_id)
+    directory_type = request.json.get('directory_type') or DirectoryTypeEnum.LETS_ENCRYPT
+    key_type = request.json.get('key_type') or KeyTypeEnum.RSA
+
+    issue_certificate_id = issue_certificate_service.issue_certificate(
+        domains=domains,
+        user_id=current_user_id,
+        directory_type=directory_type,
+        key_type=key_type
+    )
 
     issue_certificate_row = IssueCertificateModel.get_by_id(issue_certificate_id)
 
@@ -274,7 +283,7 @@ def get_issue_certificate_by_id():
         data['deploy_host'] = HostModel.get_or_none(HostModel.id == issue_certificate_row.challenge_deploy_id)
 
     elif issue_certificate_row.challenge_deploy_type_id == ChallengeDeployTypeEnum.DNS:
-        data['deploy_dns'] = DnsModel.get_or_none(HostModel.id == issue_certificate_row.challenge_deploy_id)
+        data['deploy_dns'] = DnsModel.get_or_none(DnsModel.id == issue_certificate_row.challenge_deploy_id)
 
     return data
 
@@ -401,3 +410,14 @@ def update_row_auto_renew():
         ).execute()
     else:
         raise AppException("不支持自动续期")
+
+
+def get_issue_certificate_options():
+    """
+    获取常量
+    :return:
+    """
+    return {
+        'KEY_TYPE_OPTIONS': KEY_TYPE_OPTIONS,
+        'DIRECTORY_URL_OPTIONS': DIRECTORY_URL_OPTIONS
+    }

domain_admin/enums/challenge_deploy_type_enum.py

@@ -0,0 +1,13 @@
+# -*- coding: utf-8 -*-
+"""
+@File    : challenge_deploy_type_enum.py
+@Date    : 2024-06-27
+"""
+
+class ChallengeDeployTypeEnum(object):
+    """
+    验证文件部署方式
+    """
+    SSH = 0
+
+    DNS = 1

domain_admin/enums/ssl_deploy_type_enum.py

@@ -0,0 +1,13 @@
+# -*- coding: utf-8 -*-
+"""
+@File    : ssl_deploy_type_enum.py
+@Date    : 2024-06-27
+"""
+
+class SSLDeployTypeEnum(object):
+    """
+    ssl证书部署方式
+    """
+    SSH = 0
+
+    WEB_HOOK = 1

domain_admin/enums/valid_status_enum.py

@@ -0,0 +1,13 @@
+# -*- coding: utf-8 -*-
+"""
+@File    : valid_status_enum.py
+@Date    : 2024-06-27
+"""
+
+class ValidStatus(object):
+    """
+    验证状态
+    """
+    PENDING = 'pending'
+
+    VALID = 'valid'

domain_admin/enums/version_enum.py

@@ -197,3 +197,4 @@ class VersionEnum(object):
     Version_1632 = '1.6.32'
     Version_1633 = '1.6.33'
     Version_1634 = '1.6.34'
+    Version_1635 = '1.6.35'

domain_admin/migrate/history/migrate_1634_to_1635.py

@@ -0,0 +1,39 @@
+# -*- coding: utf-8 -*-
+"""
+@File    : migrate_1634_to_1635.py
+@Date    : 2024-06-24
+
+cmd:
+$ python domain_admin/migrate/migrate_1634_to_1635.py
+"""
+from __future__ import print_function, unicode_literals, absolute_import, division
+
+from domain_admin.migrate import migrate_common
+from domain_admin.model.base_model import db
+from domain_admin.model.issue_certificate_model import IssueCertificateModel, DeployStatusEnum
+
+
+def execute_migrate():
+    """
+    版本升级 1.6.34 => 1.6.35
+    :return:
+    """
+    migrator = migrate_common.get_migrator(db)
+
+    migrate_rows = [
+        # directory_type
+        migrator.add_column(
+            table=IssueCertificateModel._meta.table_name,
+            column_name=IssueCertificateModel.directory_type.name,
+            field=IssueCertificateModel.directory_type
+        ),
+
+        # key_type
+        migrator.add_column(
+            table=IssueCertificateModel._meta.table_name,
+            column_name=IssueCertificateModel.key_type.name,
+            field=IssueCertificateModel.key_type
+        ),
+    ]
+
+    migrate_common.try_execute_migrate(migrate_rows)

domain_admin/migrate/migrate_config.py

@@ -28,7 +28,7 @@
     migrate_162_to_163,
     migrate_168_to_169,
     migrate_1610_to_1611,
-    migrate_1625_to_1626, migrate_1633_to_1634)
+    migrate_1625_to_1626, migrate_1633_to_1634, migrate_1634_to_1635)
 
 # 参数说明
 # local_versions 本地版本
@@ -388,4 +388,14 @@
         'migrate_func': migrate_1633_to_1634.execute_migrate,
         'update_version': VersionEnum.Version_1634
     },
+
+    # 2024-06-27
+    # 1.6.34 => 1.6.35
+    {
+        'local_versions': [
+            VersionEnum.Version_1634,
+        ],
+        'migrate_func': migrate_1634_to_1635.execute_migrate,
+        'update_version': VersionEnum.Version_1635
+    },
 ]

domain_admin/model/issue_certificate_model.py

@@ -10,52 +10,20 @@
 from peewee import CharField, IntegerField, DateTimeField, AutoField, TextField, BooleanField
 from playhouse.shortcuts import model_to_dict
 
+from domain_admin.enums.challenge_deploy_type_enum import ChallengeDeployTypeEnum
+from domain_admin.enums.deploy_status_enum import DeployStatusEnum
+from domain_admin.enums.ssl_deploy_type_enum import SSLDeployTypeEnum
+from domain_admin.enums.valid_status_enum import ValidStatus
 from domain_admin.model.base_model import BaseModel
 from domain_admin.utils import datetime_util
 from domain_admin.utils.acme_util.challenge_type import ChallengeType
+from domain_admin.utils.acme_util.directory_type_enum import DirectoryTypeEnum
+from domain_admin.utils.acme_util.key_type_enum import KeyTypeEnum
 
 # 常量
 URI_ROOT_PATH = ".well-known/acme-challenge"
 
 
-class ValidStatus(object):
-    """
-    验证状态
-    """
-    PENDING = 'pending'
-
-    VALID = 'valid'
-
-
-class ChallengeDeployTypeEnum(object):
-    """
-    验证文件部署方式
-    """
-    SSH = 0
-
-    DNS = 1
-
-
-class SSLDeployTypeEnum(object):
-    """
-    ssl证书部署方式
-    """
-    SSH = 0
-
-    WEB_HOOK = 1
-
-
-class DeployStatusEnum(object):
-    """
-    部署状态
-    """
-    UNKNOWN = 0
-
-    SUCCESS = 1
-
-    ERROR = 2
-
-
 class IssueCertificateModel(BaseModel):
     """
     申请证书
@@ -86,6 +54,12 @@ class IssueCertificateModel(BaseModel):
     # SSL过期时间
     expire_time = DateTimeField(default=None, null=True)
 
+    # 证书提供商 @since v1.6.35
+    directory_type = CharField(default=DirectoryTypeEnum.LETS_ENCRYPT, null=True)
+
+    # 加密方式 @since v1.6.35
+    key_type = CharField(default=KeyTypeEnum.RSA, null=True)
+
     # 域名验证类型 http dns
     challenge_type = CharField(default=ChallengeType.HTTP01, null=True)
 
@@ -96,7 +70,7 @@ class IssueCertificateModel(BaseModel):
     challenge_deploy_id = IntegerField(default=0)
 
     # 验证文件部署状态
-    challenge_deploy_status = IntegerField(default=DeployStatusEnum.UNKNOWN)
+    challenge_deploy_status = IntegerField(default=DeployStatusEnum.PENDING)
 
     # 验证文件部署目录
     deploy_verify_path = CharField(default=None, null=True)
@@ -139,7 +113,7 @@ class IssueCertificateModel(BaseModel):
     deploy_header_raw = TextField(default=None, null=True)
 
     # ssl证书文件部署状态
-    ssl_deploy_status = IntegerField(default=DeployStatusEnum.UNKNOWN)
+    ssl_deploy_status = IntegerField(default=DeployStatusEnum.PENDING)
 
     # 自动续期
     is_auto_renew = BooleanField(default=False)

domain_admin/router/api_map.py

@@ -180,6 +180,7 @@
     '/api/notifyWebHook': issue_certificate_api.notify_web_hook,
     '/api/addDnsDomainRecord': issue_certificate_api.add_dns_domain_record,
     '/api/updateRowAutoRenew': issue_certificate_api.update_row_auto_renew,
+    '/api/getIssueCertificateOptions': issue_certificate_api.get_issue_certificate_options,
 
     # 主机管理
     '/api/addHost': host_api.add_host,

domain_admin/service/issue_certificate_service.py

@@ -20,30 +20,40 @@
 from domain_admin.utils import datetime_util, fabric_util, domain_util
 from domain_admin.utils.acme_util import acme_v2_api
 from domain_admin.utils.acme_util.challenge_type import ChallengeType
+from domain_admin.utils.acme_util.directory_type_enum import DirectoryTypeEnum
+from domain_admin.utils.acme_util.key_type_enum import KeyTypeEnum
 from domain_admin.utils.cert_util import cert_common
 from domain_admin.utils.flask_ext.app_exception import AppException
 from domain_admin.utils.open_api import aliyun_domain_api
 from domain_admin.utils.open_api.aliyun_domain_api import RecordTypeEnum
 from domain_admin import config
 
 
-def issue_certificate(domains, user_id):
+def issue_certificate(
+        domains, user_id,
+        directory_type=DirectoryTypeEnum.LETS_ENCRYPT,
+        key_type=KeyTypeEnum.RSA
+):
     """
     申请新证书
+    :param key_type:
+    :param directory_type:
     :param domains:
     :param user_id:
     :return:
     """
     # Issue certificate
 
     # Create domain private key and CSR
-    pkey_pem, csr_pem = acme_v2_api.new_csr_comp(domains)
+    pkey_pem, csr_pem = acme_v2_api.new_csr_comp(domains=domains, key_type=key_type)
 
     issue_certificate_row = IssueCertificateModel.create(
         user_id=user_id,
         # challenge_type=challenge_type,
         domain_raw=json.dumps(domains),
         ssl_certificate_key=pkey_pem,
+        directory_type=directory_type,
+        key_type=key_type,
         # status='pending',
     )
 
@@ -61,9 +71,13 @@ def get_certificate_challenges(issue_certificate_id):
     domains = issue_certificate_row.domains
     pkey_pem = issue_certificate_row.ssl_certificate_key
 
-    pkey_pem, csr_pem = acme_v2_api.new_csr_comp(domains, pkey_pem)
+    pkey_pem, csr_pem = acme_v2_api.new_csr_comp(
+        domains=domains,
+        pkey_pem=pkey_pem,
+        key_type=issue_certificate_row.key_type
+    )
 
-    acme_client = acme_v2_api.get_acme_client()
+    acme_client = acme_v2_api.get_acme_client(directory_type=issue_certificate_row.directory_type)
     orderr = acme_client.new_order(csr_pem)
 
     # Select HTTP-01 within offered challenges by the CA server
@@ -93,8 +107,11 @@ def verify_certificate(issue_certificate_id, challenge_type):
     :param challenge_type:
     :return:
     """
+
+    issue_certificate_row = IssueCertificateModel.get_by_id(issue_certificate_id)
+
     items = get_certificate_challenges(issue_certificate_id)
-    acme_client = acme_v2_api.get_acme_client()
+    acme_client = acme_v2_api.get_acme_client(directory_type=issue_certificate_row.directory_type)
 
     verify_count = 0
     for item in items:
@@ -157,10 +174,14 @@ def renew_certificate(row_id):
     pkey_pem = issue_certificate_row.ssl_certificate_key
     domains = issue_certificate_row.domains
 
-    acme_client = acme_v2_api.get_acme_client()
+    acme_client = acme_v2_api.get_acme_client(directory_type=issue_certificate_row.directory_type)
 
     # Create domain private key and CSR
-    pkey_pem, csr_pem = acme_v2_api.new_csr_comp(domains, pkey_pem)
+    pkey_pem, csr_pem = acme_v2_api.new_csr_comp(
+        domains=domains,
+        pkey_pem=pkey_pem,
+        key_type=issue_certificate_row.key_type
+    )
 
     orderr = acme_client.new_order(csr_pem)
 
@@ -244,7 +265,10 @@ def renew_certificate_row(row):
     :return:
     """
     # 重新申请
-    pkey_pem, csr_pem = acme_v2_api.new_csr_comp(row.domains)
+    pkey_pem, csr_pem = acme_v2_api.new_csr_comp(
+        domains=row.domains,
+        key_type=row.key_type
+    )
 
     IssueCertificateModel.update(
         ssl_certificate_key=pkey_pem,