From ff0b020166d41f4756b58924f0e517dfd9c2f131 Mon Sep 17 00:00:00 2001
From: wanglei <34475144@qq.com>
Date: Mon, 10 Nov 2025 08:30:19 +0800
Subject: [PATCH] =?UTF-8?q?=E7=BC=96=E5=86=99=E7=94=9F=E6=88=90ssl?=
 =?UTF-8?q?=E8=AE=A4=E8=AF=81=E6=96=87=E4=BB=B6=E5=87=BD=E6=95=B0=E5=92=8C?=
 =?UTF-8?q?=E7=9B=B8=E5=85=B3=E7=9A=84=E6=B5=8B=E8=AF=95=E4=BE=8B=E5=AD=90?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 conf/nginx.conf           |   7 +++
 src/test/test.lua         |  18 ++++++
 src/util/generatorssl.lua | 124 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 149 insertions(+)
 create mode 100644 src/util/generatorssl.lua

diff --git a/conf/nginx.conf b/conf/nginx.conf
index 5df8465..efdf26a 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -80,4 +80,11 @@ http {
            }
         }
     }
+
+    server {
+        listen      9081 ssl http2;
+        server_name  *.*;
+        ssl_certificate ssl/metroid.crt;
+        ssl_certificate_key ssl/metroid.key;
+    }
 }
\ No newline at end of file
diff --git a/src/test/test.lua b/src/test/test.lua
index 9c56566..1e425a8 100644
--- a/src/test/test.lua
+++ b/src/test/test.lua
@@ -353,6 +353,24 @@ end
 --清除角色的权限数据
 --perm:clearRolePermissions("admin")
 
+
+local generateCert = require("util.generatorssl")
+-- 使用示例
+local success, files = generateCert:generate_self_signed_cert(
+        "example.com",
+        365,
+        2048,
+        "./ssl_certs"
+)
+
+if success then
+    print("SSL证书生成成功:")
+    print("私钥文件: "..files.key)
+    print("证书文件: "..files.cert)
+else
+    print("证书生成失败")
+end
+
 --[[
 --读取用户表、角色表和权限表中配置的权限数据
 local roleDao = require("dao.role")
diff --git a/src/util/generatorssl.lua b/src/util/generatorssl.lua
new file mode 100644
index 0000000..a1ffc58
--- /dev/null
+++ b/src/util/generatorssl.lua
@@ -0,0 +1,124 @@
+---
+--- Generated by EmmyLua(https://github.com/EmmyLua)
+--- Created by admin.
+--- DateTime: 2025/11/9 17:47
+---
+
+local openssl = require "openssl"
+local fs = require "lfs"
+
+local _M = {}
+function _M:generate_self_signed_cert(domain, days, key_size, output_dir)
+    -- 创建输出目录
+    if not fs.attributes(output_dir) then
+        fs.mkdir(output_dir)
+    end
+
+    -- 生成RSA私钥
+    local pkey = openssl.pkey.new {
+        type = "RSA",
+        bits = key_size or 2048
+    }
+
+    -- 创建X.509证书
+    local x509 = openssl.x509.new {
+        version = 3,
+        serial = openssl.rand.bytes(8),
+        subject = {
+            commonName = domain
+        },
+        notBefore = os.time(),
+        notAfter = os.time() + (days or 365) * 24 * 60 * 60,
+        pubkey = pkey
+    }
+
+    -- 设置扩展属性
+    x509:extensions {
+        {
+            object = "basicConstraints",
+            critical = true,
+            value = "CA:FALSE"
+        },
+        {
+            object = "keyUsage",
+            critical = true,
+            value = "digitalSignature,keyEncipherment"
+        },
+        {
+            object = "subjectAltName",
+            value = "DNS:"..domain
+        }
+    }
+
+    -- 自签名
+    x509:sign(pkey)
+
+    -- 保存文件
+    local key_path = output_dir.."/"..domain..".key"
+    local cert_path = output_dir.."/"..domain..".crt"
+
+    local key_file = io.open(key_path, "w")
+    key_file:write(pkey:export("PEM"))
+    key_file:close()
+
+    local cert_file = io.open(cert_path, "w")
+    cert_file:write(x509:export("PEM"))
+    cert_file:close()
+
+    -- 设置文件权限
+    os.execute("chmod 600 "..key_path)
+
+    return true, {key = key_path, cert = cert_path}
+end
+
+function _M:verify_cert_chain(cert_path, intermediate_path, root_path)
+    -- 加载所有证书
+    local function load_cert(file)
+        local f = io.open(file, "r")
+        if not f then return nil end
+        local data = f:read("*a")
+        f:close()
+        return openssl.x509.read(data)
+    end
+
+    local cert = load_cert(cert_path)
+    local intermediate = load_cert(intermediate_path)
+    local root = load_cert(root_path)
+
+    if not (cert and intermediate and root) then
+        return false, "证书加载失败"
+    end
+
+    -- 构建证书链
+    local store = openssl.x509.store.new()
+    store:add(root)
+    store:add(intermediate)
+
+    -- 验证链
+    local ctx = openssl.x509.store.ctx.new(store, cert)
+    ctx:add_cert(intermediate)
+
+    local ok, err = ctx:verify()
+    return ok, ok and "证书链验证通过" or ("验证失败: "..(err or "未知错误"))
+end
+
+return _M
+
+--[[
+local
+-- 使用示例
+local success, files = generate_self_signed_cert(
+        "example.com",
+        365,
+        2048,
+        "./ssl_certs"
+)
+
+if success then
+    print("SSL证书生成成功:")
+    print("私钥文件: "..files.key)
+    print("证书文件: "..files.cert)
+else
+    print("证书生成失败")
+end
+--]]
\ No newline at end of file