From 45e4d148975c3fa027375c01d4358892c66e6388 Mon Sep 17 00:00:00 2001 From: Fu Diwei Date: Wed, 25 Jun 2025 14:32:37 +0800 Subject: [PATCH] feat: optimize uploading certificates to huaweicloud scm --- internal/domain/workflow.go | 5 +- .../huaweicloud-scm/huaweicloud_scm.go | 48 ++++++++++++------- 2 files changed, 33 insertions(+), 20 deletions(-) diff --git a/internal/domain/workflow.go b/internal/domain/workflow.go index 04ba1e4f..16895229 100644 --- a/internal/domain/workflow.go +++ b/internal/domain/workflow.go @@ -70,11 +70,11 @@ type WorkflowNodeConfigForApply struct { ChallengeType string `json:"challengeType"` // TODO: 验证方式。目前仅支持 dns-01 Provider string `json:"provider"` // DNS 提供商 ProviderAccessId string `json:"providerAccessId"` // DNS 提供商授权记录 ID - ProviderConfig map[string]any `json:"providerConfig"` // DNS 提供商额外配置 + ProviderConfig map[string]any `json:"providerConfig,omitempty"` // DNS 提供商额外配置 CAProvider string `json:"caProvider,omitempty"` // CA 提供商(零值时使用全局配置) CAProviderAccessId string `json:"caProviderAccessId,omitempty"` // CA 提供商授权记录 ID CAProviderConfig map[string]any `json:"caProviderConfig,omitempty"` // CA 提供商额外配置 - KeyAlgorithm string `json:"keyAlgorithm"` // 证书算法 + KeyAlgorithm string `json:"keyAlgorithm,omitempty"` // 证书算法 ACMEProfile string `json:"acmeProfile,omitempty"` // ACME Profiles Extension Nameservers string `json:"nameservers,omitempty"` // DNS 服务器列表,以半角分号分隔 DnsPropagationWait int32 `json:"dnsPropagationWait,omitempty"` // DNS 传播等待时间,等同于 lego 的 `--dns-propagation-wait` 参数 @@ -124,6 +124,7 @@ func (n *WorkflowNode) GetConfigForApply() WorkflowNodeConfigForApply { return WorkflowNodeConfigForApply{ Domains: xmaps.GetString(n.Config, "domains"), ContactEmail: xmaps.GetString(n.Config, "contactEmail"), + ChallengeType: xmaps.GetString(n.Config, "challengeType"), Provider: xmaps.GetString(n.Config, "provider"), ProviderAccessId: xmaps.GetString(n.Config, "providerAccessId"), ProviderConfig: xmaps.GetKVMapAny(n.Config, "providerConfig"), diff --git a/pkg/core/ssl-manager/providers/huaweicloud-scm/huaweicloud_scm.go b/pkg/core/ssl-manager/providers/huaweicloud-scm/huaweicloud_scm.go index 7084aaf2..e60010b8 100644 --- a/pkg/core/ssl-manager/providers/huaweicloud-scm/huaweicloud_scm.go +++ b/pkg/core/ssl-manager/providers/huaweicloud-scm/huaweicloud_scm.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "log/slog" + "strings" "time" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" @@ -95,6 +96,17 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if listCertificatesResp.Certificates != nil { for _, certDetail := range *listCertificatesResp.Certificates { + // 先对比证书通用名称 + if !strings.EqualFold(certX509.Subject.CommonName, certDetail.Domain) { + continue + } + + // 再对比证书有效期 + if certX509.NotAfter.Local().Format(time.DateTime) != strings.TrimSuffix(certDetail.ExpireTime, ".0") { + continue + } + + // 最后对比证书内容 exportCertificateReq := &hcscmmodel.ExportCertificateRequest{ CertificateId: certDetail.Id, } @@ -105,27 +117,27 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey continue } return nil, fmt.Errorf("failed to execute sdk request 'scm.ExportCertificate': %w", err) - } - - var isSameCert bool - if *exportCertificateResp.Certificate == certPEM { - isSameCert = true } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(*exportCertificateResp.Certificate) - if err != nil { - continue + var isSameCert bool + if *exportCertificateResp.Certificate == certPEM { + isSameCert = true + } else { + oldCertX509, err := xcert.ParseCertificateFromPEM(*exportCertificateResp.Certificate) + if err != nil { + continue + } + + isSameCert = xcert.EqualCertificate(certX509, oldCertX509) } - isSameCert = xcert.EqualCertificate(certX509, oldCertX509) - } - - // 如果已存在相同证书,直接返回 - if isSameCert { - m.logger.Info("ssl certificate already exists") - return &core.SSLManageUploadResult{ - CertId: certDetail.Id, - CertName: certDetail.Name, - }, nil + // 如果已存在相同证书,直接返回 + if isSameCert { + m.logger.Info("ssl certificate already exists") + return &core.SSLManageUploadResult{ + CertId: certDetail.Id, + CertName: certDetail.Name, + }, nil + } } } }