wood/certimate
1
0
Fork 0
mirror of https://github.com/woodchen-ink/certimate.git synced 2025-07-18 01:11:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: optimize uploading certificates to huaweicloud scm

Browse Source
This commit is contained in:
Fu Diwei 2025-06-25 14:32:37 +08:00 committed by RHQYZ
parent b6307875dd
commit 45e4d14897
2 changed files with 33 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
internal/domain/workflow.go
View File

@ -70,11 +70,11 @@ type WorkflowNodeConfigForApply struct {
ChallengeType string `json:"challengeType"` // TODO: 验证方式。目前仅支持 dns-01
Provider string `json:"provider"` // DNS 提供商
ProviderAccessId string `json:"providerAccessId"` // DNS 提供商授权记录 ID
ProviderConfig map[string]any `json:"providerConfig"` // DNS 提供商额外配置
ProviderConfig map[string]any `json:"providerConfig,omitempty"` // DNS 提供商额外配置
CAProvider string `json:"caProvider,omitempty"` // CA 提供商(零值时使用全局配置)
CAProviderAccessId string `json:"caProviderAccessId,omitempty"` // CA 提供商授权记录 ID
CAProviderConfig map[string]any `json:"caProviderConfig,omitempty"` // CA 提供商额外配置
KeyAlgorithm string `json:"keyAlgorithm"` // 证书算法
KeyAlgorithm string `json:"keyAlgorithm,omitempty"` // 证书算法
ACMEProfile string `json:"acmeProfile,omitempty"` // ACME Profiles Extension
Nameservers string `json:"nameservers,omitempty"` // DNS 服务器列表,以半角分号分隔
DnsPropagationWait int32 `json:"dnsPropagationWait,omitempty"` // DNS 传播等待时间,等同于 lego 的 `--dns-propagation-wait` 参数
@ -124,6 +124,7 @@ func (n *WorkflowNode) GetConfigForApply() WorkflowNodeConfigForApply {
return WorkflowNodeConfigForApply{
Domains: xmaps.GetString(n.Config, "domains"),
ContactEmail: xmaps.GetString(n.Config, "contactEmail"),
ChallengeType: xmaps.GetString(n.Config, "challengeType"),
Provider: xmaps.GetString(n.Config, "provider"),
ProviderAccessId: xmaps.GetString(n.Config, "providerAccessId"),
ProviderConfig: xmaps.GetKVMapAny(n.Config, "providerConfig"),

48
pkg/core/ssl-manager/providers/huaweicloud-scm/huaweicloud_scm.go
View File

@ -5,6 +5,7 @@ import (
"errors"
"fmt"
"log/slog"
"strings"
"time"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
@ -95,6 +96,17 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
if listCertificatesResp.Certificates != nil {
for _, certDetail := range *listCertificatesResp.Certificates {
// 先对比证书通用名称
if !strings.EqualFold(certX509.Subject.CommonName, certDetail.Domain) {
continue
}
// 再对比证书有效期
if certX509.NotAfter.Local().Format(time.DateTime) != strings.TrimSuffix(certDetail.ExpireTime, ".0") {
continue
}
// 最后对比证书内容
exportCertificateReq := &hcscmmodel.ExportCertificateRequest{
CertificateId: certDetail.Id,
}
@ -105,27 +117,27 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
continue
}
return nil, fmt.Errorf("failed to execute sdk request 'scm.ExportCertificate': %w", err)
}
var isSameCert bool
if *exportCertificateResp.Certificate == certPEM {
isSameCert = true
} else {
oldCertX509, err := xcert.ParseCertificateFromPEM(*exportCertificateResp.Certificate)
if err != nil {
continue
var isSameCert bool
if *exportCertificateResp.Certificate == certPEM {
isSameCert = true
} else {
oldCertX509, err := xcert.ParseCertificateFromPEM(*exportCertificateResp.Certificate)
if err != nil {
continue
}
isSameCert = xcert.EqualCertificate(certX509, oldCertX509)
}
isSameCert = xcert.EqualCertificate(certX509, oldCertX509)
}
// 如果已存在相同证书,直接返回
if isSameCert {
m.logger.Info("ssl certificate already exists")
return &core.SSLManageUploadResult{
CertId: certDetail.Id,
CertName: certDetail.Name,
}, nil
// 如果已存在相同证书,直接返回
if isSameCert {
m.logger.Info("ssl certificate already exists")
return &core.SSLManageUploadResult{
CertId: certDetail.Id,
CertName: certDetail.Name,
}, nil
}
}
}
}