修复bug

2025-06-14 11:39:54 +08:00 · 2025-06-14 11:39:54 +08:00 · fed5afd41a
commit fed5afd41a
parent 78a2a188b9
1 changed files with 53 additions and 34 deletions
--- a/app.py
+++ b/app.py
@ -249,36 +249,45 @@ def create_certificate(ca_id, common_name, san_dns, san_ip, organization, organi

    # 创建CSR配置文件
    csr_config = f"""[req]
-    default_bits = {key_size}
-    prompt = no
-    default_md = sha256
-    distinguished_name = dn
-    req_extensions = req_ext
+default_bits = {key_size}
+prompt = no
+default_md = sha256
+distinguished_name = dn
+"""

-    [dn]
-    CN = {common_name}
-    O = {organization}
-    OU = {organizational_unit}
-    C = {country}
-    ST = {state}
-    L = {locality}
+    # 只有在有SAN时才添加扩展部分
+    has_san = bool(san_dns or san_ip)
+    if has_san:
+        csr_config += "req_extensions = req_ext\n"

-    [req_ext]
-    subjectAltName = @alt_names
+    csr_config += f"""
+[dn]
+CN = {common_name}
+O = {organization}
+OU = {organizational_unit}
+C = {country}
+ST = {state}
+L = {locality}
+"""

-    [alt_names]"""
+    if has_san:
+        csr_config += """
+[req_ext]
+subjectAltName = @alt_names

-    # 添加DNS SAN条目
-    if san_dns:
-        dns_entries = [dns.strip() for dns in san_dns.split(',') if dns.strip()]
-        for i, dns in enumerate(dns_entries, 1):
-            csr_config += f"\nDNS.{i} = {dns}"
+[alt_names]"""

-    # 添加IP SAN条目
-    if san_ip:
-        ip_entries = [ip.strip() for ip in san_ip.split(',') if ip.strip()]
-        for i, ip in enumerate(ip_entries, 1):
-            csr_config += f"\nIP.{i} = {ip}"
+        # 添加DNS SAN条目
+        if san_dns:
+            dns_entries = [dns.strip() for dns in san_dns.split(',') if dns.strip()]
+            for i, dns in enumerate(dns_entries, 1):
+                csr_config += f"\nDNS.{i} = {dns}"
+
+        # 添加IP SAN条目
+        if san_ip:
+            ip_entries = [ip.strip() for ip in san_ip.split(',') if ip.strip()]
+            for i, ip in enumerate(ip_entries, 1):
+                csr_config += f"\nIP.{i} = {ip}"

    # 确保配置文件不以空行结尾
    csr_config = csr_config.strip()
@ -288,17 +297,27 @@ def create_certificate(ca_id, common_name, san_dns, san_ip, organization, organi
        f.write(csr_config)

    # 生成CSR
-    subprocess.run([
-        'openssl', 'req', '-new', '-key', key_path, '-out', csr_path,
-        '-config', config_path
-    ], check=True)
+    try:
+        subprocess.run([
+            'openssl', 'req', '-new', '-key', key_path, '-out', csr_path,
+            '-config', config_path
+        ], check=True)
+    except subprocess.CalledProcessError as e:
+        print(f"OpenSSL错误: {e}")
+        print("CSR配置文件内容:")
+        print(csr_config)
+        return None

    # 使用CA签名证书
-    subprocess.run([
-        'openssl', 'x509', '-req', '-in', csr_path, '-CA', ca['cert_path'],
-        '-CAkey', ca['key_path'], '-CAcreateserial', '-out', cert_path,
-        '-days', str(days_valid), '-sha256'
-    ], check=True)
+    try:
+        subprocess.run([
+            'openssl', 'x509', '-req', '-in', csr_path, '-CA', ca['cert_path'],
+            '-CAkey', ca['key_path'], '-CAcreateserial', '-out', cert_path,
+            '-days', str(days_valid), '-sha256'
+        ], check=True)
+    except subprocess.CalledProcessError as e:
+        print(f"签名证书错误: {e}")
+        return None

    # 计算过期时间
    expires_at = datetime.now() + timedelta(days=days_valid)