245 lines
6.5 KiB
Bash
Executable File
245 lines
6.5 KiB
Bash
Executable File
#!/bin/bash
|
||
|
||
# 证书管理脚本
|
||
# 用于设置证书目录结构和权限
|
||
|
||
set -e
|
||
|
||
# 颜色定义
|
||
RED='\033[0;31m'
|
||
GREEN='\033[0;32m'
|
||
YELLOW='\033[1;33m'
|
||
BLUE='\033[0;34m'
|
||
NC='\033[0m' # No Color
|
||
|
||
# 日志函数
|
||
log_info() {
|
||
echo -e "${BLUE}[INFO]${NC} $1"
|
||
}
|
||
|
||
log_success() {
|
||
echo -e "${GREEN}[SUCCESS]${NC} $1"
|
||
}
|
||
|
||
log_warning() {
|
||
echo -e "${YELLOW}[WARNING]${NC} $1"
|
||
}
|
||
|
||
log_error() {
|
||
echo -e "${RED}[ERROR]${NC} $1"
|
||
}
|
||
|
||
# 检查是否为root用户
|
||
check_root() {
|
||
if [[ $EUID -eq 0 ]]; then
|
||
log_warning "检测到root用户,建议使用普通用户运行此脚本"
|
||
fi
|
||
}
|
||
|
||
# 创建证书目录结构
|
||
create_cert_directories() {
|
||
log_info "创建证书目录结构..."
|
||
|
||
# 创建主证书目录
|
||
mkdir -p certs/wechat
|
||
mkdir -p certs/alipay
|
||
|
||
# 创建开发环境证书目录
|
||
mkdir -p src/main/resources/certs/dev/wechat
|
||
mkdir -p src/main/resources/certs/dev/alipay
|
||
|
||
log_success "证书目录结构创建完成"
|
||
}
|
||
|
||
# 设置证书目录权限
|
||
set_cert_permissions() {
|
||
log_info "设置证书目录权限..."
|
||
|
||
if [ -d "certs" ]; then
|
||
# 设置目录权限
|
||
chmod 755 certs/
|
||
chmod 755 certs/wechat/
|
||
chmod 755 certs/alipay/
|
||
|
||
# 设置证书文件权限(如果存在)
|
||
find certs/ -type f -name "*.pem" -exec chmod 444 {} \;
|
||
find certs/ -type f -name "*.crt" -exec chmod 444 {} \;
|
||
|
||
log_success "生产环境证书目录权限设置完成"
|
||
else
|
||
log_warning "生产环境证书目录不存在,跳过权限设置"
|
||
fi
|
||
|
||
if [ -d "src/main/resources/certs" ]; then
|
||
# 设置开发环境目录权限
|
||
chmod 755 src/main/resources/certs/
|
||
chmod 755 src/main/resources/certs/dev/
|
||
chmod 755 src/main/resources/certs/dev/wechat/
|
||
chmod 755 src/main/resources/certs/dev/alipay/
|
||
|
||
# 设置开发环境证书文件权限(如果存在)
|
||
find src/main/resources/certs/ -type f -name "*.pem" -exec chmod 444 {} \;
|
||
find src/main/resources/certs/ -type f -name "*.crt" -exec chmod 444 {} \;
|
||
|
||
log_success "开发环境证书目录权限设置完成"
|
||
else
|
||
log_warning "开发环境证书目录不存在,跳过权限设置"
|
||
fi
|
||
}
|
||
|
||
# 检查证书文件
|
||
check_certificates() {
|
||
log_info "检查证书文件..."
|
||
|
||
# 微信支付证书文件
|
||
wechat_files=("apiclient_key.pem" "apiclient_cert.pem" "wechatpay_cert.pem")
|
||
# 支付宝证书文件
|
||
alipay_files=("app_private_key.pem" "appCertPublicKey.crt" "alipayCertPublicKey.crt" "alipayRootCert.crt")
|
||
|
||
log_info "检查生产环境证书文件..."
|
||
for file in "${wechat_files[@]}"; do
|
||
if [ -f "certs/wechat/$file" ]; then
|
||
log_success "✓ certs/wechat/$file"
|
||
else
|
||
log_warning "✗ certs/wechat/$file (不存在)"
|
||
fi
|
||
done
|
||
|
||
for file in "${alipay_files[@]}"; do
|
||
if [ -f "certs/alipay/$file" ]; then
|
||
log_success "✓ certs/alipay/$file"
|
||
else
|
||
log_warning "✗ certs/alipay/$file (不存在)"
|
||
fi
|
||
done
|
||
|
||
log_info "检查开发环境证书文件..."
|
||
for file in "${wechat_files[@]}"; do
|
||
if [ -f "src/main/resources/certs/dev/wechat/$file" ]; then
|
||
log_success "✓ src/main/resources/certs/dev/wechat/$file"
|
||
else
|
||
log_warning "✗ src/main/resources/certs/dev/wechat/$file (不存在)"
|
||
fi
|
||
done
|
||
|
||
for file in "${alipay_files[@]}"; do
|
||
if [ -f "src/main/resources/certs/dev/alipay/$file" ]; then
|
||
log_success "✓ src/main/resources/certs/dev/alipay/$file"
|
||
else
|
||
log_warning "✗ src/main/resources/certs/dev/alipay/$file (不存在)"
|
||
fi
|
||
done
|
||
}
|
||
|
||
# 创建证书文件模板
|
||
create_cert_templates() {
|
||
log_info "创建证书文件模板..."
|
||
|
||
# 创建微信支付证书模板
|
||
if [ ! -f "certs/wechat/README.md" ]; then
|
||
cat > certs/wechat/README.md << 'EOF'
|
||
# 微信支付证书文件
|
||
|
||
请将以下证书文件放置在此目录:
|
||
|
||
1. **apiclient_key.pem** - 商户私钥证书
|
||
- 从微信商户平台下载
|
||
- 路径:账户中心 -> API安全 -> 下载证书
|
||
|
||
2. **apiclient_cert.pem** - 商户证书
|
||
- 从微信商户平台下载
|
||
- 与私钥证书一起下载
|
||
|
||
3. **wechatpay_cert.pem** - 微信支付平台证书
|
||
- 从微信商户平台下载
|
||
- 用于验证微信支付的回调通知
|
||
|
||
## 注意事项
|
||
|
||
- 证书文件权限应设置为 444(只读)
|
||
- 不要将证书文件提交到版本控制系统
|
||
- 定期检查证书有效期
|
||
EOF
|
||
log_success "微信支付证书README创建完成"
|
||
fi
|
||
|
||
# 创建支付宝证书模板
|
||
if [ ! -f "certs/alipay/README.md" ]; then
|
||
cat > certs/alipay/README.md << 'EOF'
|
||
# 支付宝证书文件
|
||
|
||
请将以下证书文件放置在此目录:
|
||
|
||
1. **app_private_key.pem** - 应用私钥
|
||
- 应用私钥文件
|
||
- 用于签名请求
|
||
|
||
2. **appCertPublicKey.crt** - 应用公钥证书
|
||
- 从支付宝开放平台下载
|
||
- 路径:应用详情 -> 开发设置 -> 接口加签方式
|
||
|
||
3. **alipayCertPublicKey.crt** - 支付宝公钥证书
|
||
- 从支付宝开放平台下载
|
||
- 用于验证支付宝的响应
|
||
|
||
4. **alipayRootCert.crt** - 支付宝根证书
|
||
- 从支付宝开放平台下载
|
||
- 根证书文件
|
||
|
||
## 注意事项
|
||
|
||
- 证书文件权限应设置为 444(只读)
|
||
- 不要将证书文件提交到版本控制系统
|
||
- 定期检查证书有效期
|
||
EOF
|
||
log_success "支付宝证书README创建完成"
|
||
fi
|
||
}
|
||
|
||
# 显示使用说明
|
||
show_usage() {
|
||
echo "证书管理脚本使用说明:"
|
||
echo ""
|
||
echo "命令:"
|
||
echo " $0 init - 初始化证书目录结构"
|
||
echo " $0 check - 检查证书文件状态"
|
||
echo " $0 perms - 设置证书文件权限"
|
||
echo " $0 all - 执行所有操作"
|
||
echo ""
|
||
echo "示例:"
|
||
echo " $0 init # 创建证书目录"
|
||
echo " $0 check # 检查证书文件"
|
||
echo " $0 all # 完整设置"
|
||
}
|
||
|
||
# 主函数
|
||
main() {
|
||
case "${1:-}" in
|
||
"init")
|
||
check_root
|
||
create_cert_directories
|
||
create_cert_templates
|
||
;;
|
||
"check")
|
||
check_certificates
|
||
;;
|
||
"perms")
|
||
set_cert_permissions
|
||
;;
|
||
"all")
|
||
check_root
|
||
create_cert_directories
|
||
create_cert_templates
|
||
set_cert_permissions
|
||
check_certificates
|
||
;;
|
||
*)
|
||
show_usage
|
||
exit 1
|
||
;;
|
||
esac
|
||
}
|
||
|
||
# 执行主函数
|
||
main "$@"
|