wood/certimate
1
0
Fork 0
mirror of https://github.com/woodchen-ink/certimate.git synced 2025-07-18 09:21:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat: optimize uploading certificates to huaweicloud scm

Browse Source
This commit is contained in:
Fu Diwei 2025-06-25 14:32:37 +08:00 committed by RHQYZ
parent b6307875dd
commit 45e4d14897
2 changed files with 33 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
internal/domain/workflow.go
View File

@ -70,11 +70,11 @@ type WorkflowNodeConfigForApply struct {
ChallengeType string `json:"challengeType"` // TODO: 验证方式。目前仅支持 dns-01 ChallengeType string `json:"challengeType"` // TODO: 验证方式。目前仅支持 dns-01
Provider string `json:"provider"` // DNS 提供商 Provider string `json:"provider"` // DNS 提供商
ProviderAccessId string `json:"providerAccessId"` // DNS 提供商授权记录 ID ProviderAccessId string `json:"providerAccessId"` // DNS 提供商授权记录 ID
ProviderConfig map[string]any `json:"providerConfig"` // DNS 提供商额外配置 ProviderConfig map[string]any `json:"providerConfig,omitempty"` // DNS 提供商额外配置
CAProvider string `json:"caProvider,omitempty"` // CA 提供商(零值时使用全局配置) CAProvider string `json:"caProvider,omitempty"` // CA 提供商(零值时使用全局配置)
CAProviderAccessId string `json:"caProviderAccessId,omitempty"` // CA 提供商授权记录 ID CAProviderAccessId string `json:"caProviderAccessId,omitempty"` // CA 提供商授权记录 ID
CAProviderConfig map[string]any `json:"caProviderConfig,omitempty"` // CA 提供商额外配置 CAProviderConfig map[string]any `json:"caProviderConfig,omitempty"` // CA 提供商额外配置
KeyAlgorithm string `json:"keyAlgorithm"` // 证书算法 KeyAlgorithm string `json:"keyAlgorithm,omitempty"` // 证书算法
ACMEProfile string `json:"acmeProfile,omitempty"` // ACME Profiles Extension ACMEProfile string `json:"acmeProfile,omitempty"` // ACME Profiles Extension
Nameservers string `json:"nameservers,omitempty"` // DNS 服务器列表,以半角分号分隔 Nameservers string `json:"nameservers,omitempty"` // DNS 服务器列表,以半角分号分隔
DnsPropagationWait int32 `json:"dnsPropagationWait,omitempty"` // DNS 传播等待时间,等同于 lego 的 `--dns-propagation-wait` 参数 DnsPropagationWait int32 `json:"dnsPropagationWait,omitempty"` // DNS 传播等待时间,等同于 lego 的 `--dns-propagation-wait` 参数
@ -124,6 +124,7 @@ func (n *WorkflowNode) GetConfigForApply() WorkflowNodeConfigForApply {
return WorkflowNodeConfigForApply{ return WorkflowNodeConfigForApply{
Domains: xmaps.GetString(n.Config, "domains"), Domains: xmaps.GetString(n.Config, "domains"),
ContactEmail: xmaps.GetString(n.Config, "contactEmail"), ContactEmail: xmaps.GetString(n.Config, "contactEmail"),
ChallengeType: xmaps.GetString(n.Config, "challengeType"),
Provider: xmaps.GetString(n.Config, "provider"), Provider: xmaps.GetString(n.Config, "provider"),
ProviderAccessId: xmaps.GetString(n.Config, "providerAccessId"), ProviderAccessId: xmaps.GetString(n.Config, "providerAccessId"),
ProviderConfig: xmaps.GetKVMapAny(n.Config, "providerConfig"), ProviderConfig: xmaps.GetKVMapAny(n.Config, "providerConfig"),

48
pkg/core/ssl-manager/providers/huaweicloud-scm/huaweicloud_scm.go
View File

@ -5,6 +5,7 @@ import (
"errors" "errors"
"fmt" "fmt"
"log/slog" "log/slog"
"strings"
"time" "time"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
@ -95,6 +96,17 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
if listCertificatesResp.Certificates != nil { if listCertificatesResp.Certificates != nil {
for _, certDetail := range *listCertificatesResp.Certificates { for _, certDetail := range *listCertificatesResp.Certificates {
// 先对比证书通用名称
if !strings.EqualFold(certX509.Subject.CommonName, certDetail.Domain) {
continue
}
// 再对比证书有效期
if certX509.NotAfter.Local().Format(time.DateTime) != strings.TrimSuffix(certDetail.ExpireTime, ".0") {
continue
}
// 最后对比证书内容
exportCertificateReq := &hcscmmodel.ExportCertificateRequest{ exportCertificateReq := &hcscmmodel.ExportCertificateRequest{
CertificateId: certDetail.Id, CertificateId: certDetail.Id,
} }
@ -105,27 +117,27 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
continue continue
} }
return nil, fmt.Errorf("failed to execute sdk request 'scm.ExportCertificate': %w", err) return nil, fmt.Errorf("failed to execute sdk request 'scm.ExportCertificate': %w", err)
}
var isSameCert bool
if *exportCertificateResp.Certificate == certPEM {
isSameCert = true
} else { } else {
oldCertX509, err := xcert.ParseCertificateFromPEM(*exportCertificateResp.Certificate) var isSameCert bool
if err != nil { if *exportCertificateResp.Certificate == certPEM {
continue isSameCert = true
} else {
oldCertX509, err := xcert.ParseCertificateFromPEM(*exportCertificateResp.Certificate)
if err != nil {
continue
}
isSameCert = xcert.EqualCertificate(certX509, oldCertX509)
} }
isSameCert = xcert.EqualCertificate(certX509, oldCertX509) // 如果已存在相同证书,直接返回
} if isSameCert {
m.logger.Info("ssl certificate already exists")
// 如果已存在相同证书,直接返回 return &core.SSLManageUploadResult{
if isSameCert { CertId: certDetail.Id,
m.logger.Info("ssl certificate already exists") CertName: certDetail.Name,
return &core.SSLManageUploadResult{ }, nil
CertId: certDetail.Id, }
CertName: certDetail.Name,
}, nil
} }
} }
} }