diff --git a/pkg/core/ssl-deployer/providers/huaweicloud-elb/huaweicloud_elb.go b/pkg/core/ssl-deployer/providers/huaweicloud-elb/huaweicloud_elb.go index a6c29e36..6325fbe8 100644 --- a/pkg/core/ssl-deployer/providers/huaweicloud-elb/huaweicloud_elb.go +++ b/pkg/core/ssl-deployer/providers/huaweicloud-elb/huaweicloud_elb.go @@ -297,21 +297,20 @@ func (d *SSLDeployerProvider) modifyListenerCertificate(ctx context.Context, clo return fmt.Errorf("failed to execute sdk request 'elb.ShowCertificate': %w", err) } - for _, certificate := range *listOldCertificateResp.Certificates { - oldCertificate := certificate - newCertificate := showNewCertificateResp.Certificate + for _, oldCertInfo := range *listOldCertificateResp.Certificates { + newCertInfo := showNewCertificateResp.Certificate - if oldCertificate.SubjectAlternativeNames != nil && newCertificate.SubjectAlternativeNames != nil { - if slices.Equal(*oldCertificate.SubjectAlternativeNames, *newCertificate.SubjectAlternativeNames) { + if oldCertInfo.SubjectAlternativeNames != nil && newCertInfo.SubjectAlternativeNames != nil { + if slices.Equal(*oldCertInfo.SubjectAlternativeNames, *newCertInfo.SubjectAlternativeNames) { continue } } else { - if oldCertificate.Domain == newCertificate.Domain { + if oldCertInfo.Domain == newCertInfo.Domain { continue } } - sniCertIds = append(sniCertIds, certificate.Id) + sniCertIds = append(sniCertIds, oldCertInfo.Id) } updateListenerReq.Body.Listener.SniContainerRefs = &sniCertIds diff --git a/pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas.go b/pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas.go index bcbecd3b..52e480c4 100644 --- a/pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas.go +++ b/pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas.go @@ -93,13 +93,13 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey } if listUserCertificateOrderResp.Body.CertificateOrderList != nil { - for _, certDetail := range listUserCertificateOrderResp.Body.CertificateOrderList { - if !strings.EqualFold(certX509.SerialNumber.Text(16), *certDetail.SerialNo) { + for _, certOrder := range listUserCertificateOrderResp.Body.CertificateOrderList { + if !strings.EqualFold(certX509.SerialNumber.Text(16), *certOrder.SerialNo) { continue } getUserCertificateDetailReq := &alicas.GetUserCertificateDetailRequest{ - CertId: certDetail.CertificateId, + CertId: certOrder.CertificateId, } getUserCertificateDetailResp, err := m.sdkClient.GetUserCertificateDetail(getUserCertificateDetailReq) m.logger.Debug("sdk request 'cas.GetUserCertificateDetail'", slog.Any("request", getUserCertificateDetailReq), slog.Any("response", getUserCertificateDetailResp)) @@ -123,8 +123,8 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if isSameCert { m.logger.Info("ssl certificate already exists") return &core.SSLManageUploadResult{ - CertId: fmt.Sprintf("%d", tea.Int64Value(certDetail.CertificateId)), - CertName: *certDetail.Name, + CertId: fmt.Sprintf("%d", tea.Int64Value(certOrder.CertificateId)), + CertName: *certOrder.Name, ExtendedData: map[string]any{ "instanceId": tea.StringValue(getUserCertificateDetailResp.Body.InstanceId), "certIdentifier": tea.StringValue(getUserCertificateDetailResp.Body.CertIdentifier), diff --git a/pkg/core/ssl-manager/providers/aliyun-slb/aliyun_slb.go b/pkg/core/ssl-manager/providers/aliyun-slb/aliyun_slb.go index eced6360..3bf2aa90 100644 --- a/pkg/core/ssl-manager/providers/aliyun-slb/aliyun_slb.go +++ b/pkg/core/ssl-manager/providers/aliyun-slb/aliyun_slb.go @@ -86,16 +86,16 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if describeServerCertificatesResp.Body.ServerCertificates != nil && describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate != nil { fingerprint := sha256.Sum256(certX509.Raw) fingerprintHex := hex.EncodeToString(fingerprint[:]) - for _, certDetail := range describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate { - isSameCert := *certDetail.IsAliCloudCertificate == 0 && - strings.EqualFold(fingerprintHex, strings.ReplaceAll(*certDetail.Fingerprint, ":", "")) && - strings.EqualFold(certX509.Subject.CommonName, *certDetail.CommonName) + for _, serverCert := range describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate { + isSameCert := *serverCert.IsAliCloudCertificate == 0 && + strings.EqualFold(fingerprintHex, strings.ReplaceAll(*serverCert.Fingerprint, ":", "")) && + strings.EqualFold(certX509.Subject.CommonName, *serverCert.CommonName) // 如果已存在相同证书,直接返回 if isSameCert { m.logger.Info("ssl certificate already exists") return &core.SSLManageUploadResult{ - CertId: *certDetail.ServerCertificateId, - CertName: *certDetail.ServerCertificateName, + CertId: *serverCert.ServerCertificateId, + CertName: *serverCert.ServerCertificateName, }, nil } } diff --git a/pkg/core/ssl-manager/providers/byteplus-cdn/byteplus_cdn.go b/pkg/core/ssl-manager/providers/byteplus-cdn/byteplus_cdn.go index cc42c749..32a4b6ed 100644 --- a/pkg/core/ssl-manager/providers/byteplus-cdn/byteplus_cdn.go +++ b/pkg/core/ssl-manager/providers/byteplus-cdn/byteplus_cdn.go @@ -87,17 +87,17 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey } if listCertInfoResp.Result.CertInfo != nil { - for _, certDetail := range listCertInfoResp.Result.CertInfo { + for _, certInfo := range listCertInfoResp.Result.CertInfo { fingerprintSha1 := sha1.Sum(certX509.Raw) fingerprintSha256 := sha256.Sum256(certX509.Raw) - isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certDetail.CertFingerprint.Sha1) && - strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certDetail.CertFingerprint.Sha256) + isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certInfo.CertFingerprint.Sha1) && + strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certInfo.CertFingerprint.Sha256) // 如果已存在相同证书,直接返回 if isSameCert { m.logger.Info("ssl certificate already exists") return &core.SSLManageUploadResult{ - CertId: certDetail.CertId, - CertName: certDetail.Desc, + CertId: certInfo.CertId, + CertName: certInfo.Desc, }, nil } } diff --git a/pkg/core/ssl-manager/providers/huaweicloud-elb/huaweicloud_elb.go b/pkg/core/ssl-manager/providers/huaweicloud-elb/huaweicloud_elb.go index 131572a3..15ad5e6f 100644 --- a/pkg/core/ssl-manager/providers/huaweicloud-elb/huaweicloud_elb.go +++ b/pkg/core/ssl-manager/providers/huaweicloud-elb/huaweicloud_elb.go @@ -95,12 +95,12 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey } if listCertificatesResp.Certificates != nil { - for _, certDetail := range *listCertificatesResp.Certificates { + for _, certInfo := range *listCertificatesResp.Certificates { var isSameCert bool - if certDetail.Certificate == certPEM { + if certInfo.Certificate == certPEM { isSameCert = true } else { - oldCertX509, err := xcert.ParseCertificateFromPEM(certDetail.Certificate) + oldCertX509, err := xcert.ParseCertificateFromPEM(certInfo.Certificate) if err != nil { continue } @@ -112,8 +112,8 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if isSameCert { m.logger.Info("ssl certificate already exists") return &core.SSLManageUploadResult{ - CertId: certDetail.Id, - CertName: certDetail.Name, + CertId: certInfo.Id, + CertName: certInfo.Name, }, nil } } diff --git a/pkg/core/ssl-manager/providers/rainyun-sslcenter/rainyun_sslcenter.go b/pkg/core/ssl-manager/providers/rainyun-sslcenter/rainyun_sslcenter.go index 1fc930d6..50aa64da 100644 --- a/pkg/core/ssl-manager/providers/rainyun-sslcenter/rainyun_sslcenter.go +++ b/pkg/core/ssl-manager/providers/rainyun-sslcenter/rainyun_sslcenter.go @@ -114,19 +114,19 @@ func (m *SSLManagerProvider) findCertIfExists(ctx context.Context, certPEM strin } if sslCenterListResp.Data != nil && sslCenterListResp.Data.Records != nil { - for _, sslItem := range sslCenterListResp.Data.Records { + for _, sslRecord := range sslCenterListResp.Data.Records { // 先对比证书的多域名 - if sslItem.Domain != strings.Join(certX509.DNSNames, ", ") { + if sslRecord.Domain != strings.Join(certX509.DNSNames, ", ") { continue } // 再对比证书的有效期 - if sslItem.StartDate != certX509.NotBefore.Unix() || sslItem.ExpireDate != certX509.NotAfter.Unix() { + if sslRecord.StartDate != certX509.NotBefore.Unix() || sslRecord.ExpireDate != certX509.NotAfter.Unix() { continue } // 最后对比证书内容 - sslCenterGetResp, err := m.sdkClient.SslCenterGet(sslItem.ID) + sslCenterGetResp, err := m.sdkClient.SslCenterGet(sslRecord.ID) if err != nil { return nil, fmt.Errorf("failed to execute sdk request 'sslcenter.Get': %w", err) } @@ -148,7 +148,7 @@ func (m *SSLManagerProvider) findCertIfExists(ctx context.Context, certPEM strin // 如果已存在相同证书,直接返回 if isSameCert { return &core.SSLManageUploadResult{ - CertId: fmt.Sprintf("%d", sslItem.ID), + CertId: fmt.Sprintf("%d", sslRecord.ID), }, nil } } diff --git a/pkg/core/ssl-manager/providers/ucloud-ussl/ucloud_ussl.go b/pkg/core/ssl-manager/providers/ucloud-ussl/ucloud_ussl.go index 66824412..b6a3f851 100644 --- a/pkg/core/ssl-manager/providers/ucloud-ussl/ucloud_ussl.go +++ b/pkg/core/ssl-manager/providers/ucloud-ussl/ucloud_ussl.go @@ -143,24 +143,24 @@ func (m *SSLManagerProvider) findCertIfExists(ctx context.Context, certPEM strin } if getCertificateListResp.CertificateList != nil { - for _, certInfo := range getCertificateListResp.CertificateList { + for _, certItem := range getCertificateListResp.CertificateList { // 优刻得未提供可唯一标识证书的字段,只能通过多个字段尝试对比来判断是否为同一证书 // 先分别对比证书的多域名、品牌、有效期,再对比签名算法 - if len(certX509.DNSNames) == 0 || certInfo.Domains != strings.Join(certX509.DNSNames, ",") { + if len(certX509.DNSNames) == 0 || certItem.Domains != strings.Join(certX509.DNSNames, ",") { continue } - if len(certX509.Issuer.Organization) == 0 || certInfo.Brand != certX509.Issuer.Organization[0] { + if len(certX509.Issuer.Organization) == 0 || certItem.Brand != certX509.Issuer.Organization[0] { continue } - if int64(certInfo.NotBefore) != certX509.NotBefore.UnixMilli() || int64(certInfo.NotAfter) != certX509.NotAfter.UnixMilli() { + if int64(certItem.NotBefore) != certX509.NotBefore.UnixMilli() || int64(certItem.NotAfter) != certX509.NotAfter.UnixMilli() { continue } getCertificateDetailInfoReq := m.sdkClient.NewGetCertificateDetailInfoRequest() - getCertificateDetailInfoReq.CertificateID = ucloud.Int(certInfo.CertificateID) + getCertificateDetailInfoReq.CertificateID = ucloud.Int(certItem.CertificateID) if m.config.ProjectId != "" { getCertificateDetailInfoReq.ProjectId = ucloud.String(m.config.ProjectId) } @@ -212,10 +212,10 @@ func (m *SSLManagerProvider) findCertIfExists(ctx context.Context, certPEM strin } return &core.SSLManageUploadResult{ - CertId: fmt.Sprintf("%d", certInfo.CertificateID), - CertName: certInfo.Name, + CertId: fmt.Sprintf("%d", certItem.CertificateID), + CertName: certItem.Name, ExtendedData: map[string]any{ - "resourceId": certInfo.CertificateSN, + "resourceId": certItem.CertificateSN, }, }, nil } diff --git a/pkg/core/ssl-manager/providers/volcengine-cdn/volcengine_cdn.go b/pkg/core/ssl-manager/providers/volcengine-cdn/volcengine_cdn.go index 9ad13187..fd12f830 100644 --- a/pkg/core/ssl-manager/providers/volcengine-cdn/volcengine_cdn.go +++ b/pkg/core/ssl-manager/providers/volcengine-cdn/volcengine_cdn.go @@ -88,17 +88,17 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey } if listCertInfoResp.Result.CertInfo != nil { - for _, certDetail := range listCertInfoResp.Result.CertInfo { + for _, certInfo := range listCertInfoResp.Result.CertInfo { fingerprintSha1 := sha1.Sum(certX509.Raw) fingerprintSha256 := sha256.Sum256(certX509.Raw) - isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certDetail.CertFingerprint.Sha1) && - strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certDetail.CertFingerprint.Sha256) + isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certInfo.CertFingerprint.Sha1) && + strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certInfo.CertFingerprint.Sha256) // 如果已存在相同证书,直接返回 if isSameCert { m.logger.Info("ssl certificate already exists") return &core.SSLManageUploadResult{ - CertId: certDetail.CertId, - CertName: certDetail.Desc, + CertId: certInfo.CertId, + CertName: certInfo.Desc, }, nil } } diff --git a/pkg/core/ssl-manager/providers/volcengine-live/volcengine_live.go b/pkg/core/ssl-manager/providers/volcengine-live/volcengine_live.go index 147a8ec9..2f06683a 100644 --- a/pkg/core/ssl-manager/providers/volcengine-live/volcengine_live.go +++ b/pkg/core/ssl-manager/providers/volcengine-live/volcengine_live.go @@ -70,11 +70,11 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey return nil, fmt.Errorf("failed to execute sdk request 'live.ListCertV2': %w", err) } if listCertResp.Result.CertList != nil { - for _, certDetail := range listCertResp.Result.CertList { + for _, certInfo := range listCertResp.Result.CertList { // 查询证书详细信息 // REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E7%9C%8B%E8%AF%81%E4%B9%A6%E8%AF%A6%E6%83%85 describeCertDetailSecretReq := &velive.DescribeCertDetailSecretV2Body{ - ChainID: ve.String(certDetail.ChainID), + ChainID: ve.String(certInfo.ChainID), } describeCertDetailSecretResp, err := m.sdkClient.DescribeCertDetailSecretV2(ctx, describeCertDetailSecretReq) m.logger.Debug("sdk request 'live.DescribeCertDetailSecretV2'", slog.Any("request", describeCertDetailSecretReq), slog.Any("response", describeCertDetailSecretResp)) @@ -99,8 +99,8 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey if isSameCert { m.logger.Info("ssl certificate already exists") return &core.SSLManageUploadResult{ - CertId: certDetail.ChainID, - CertName: certDetail.CertName, + CertId: certInfo.ChainID, + CertName: certInfo.CertName, }, nil } } diff --git a/pkg/core/ssl-manager/providers/wangsu-certificate/wangsu_certificate.go b/pkg/core/ssl-manager/providers/wangsu-certificate/wangsu_certificate.go index d2523c9b..c94d8ca6 100644 --- a/pkg/core/ssl-manager/providers/wangsu-certificate/wangsu_certificate.go +++ b/pkg/core/ssl-manager/providers/wangsu-certificate/wangsu_certificate.go @@ -71,16 +71,16 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey } if listCertificatesResp.Certificates != nil { - for _, certificate := range listCertificatesResp.Certificates { + for _, certRecord := range listCertificatesResp.Certificates { // 对比证书序列号 - if !strings.EqualFold(certX509.SerialNumber.Text(16), certificate.Serial) { + if !strings.EqualFold(certX509.SerialNumber.Text(16), certRecord.Serial) { continue } // 再对比证书有效期 cstzone := time.FixedZone("CST", 8*60*60) - oldCertNotBefore, _ := time.ParseInLocation(time.DateTime, certificate.ValidityFrom, cstzone) - oldCertNotAfter, _ := time.ParseInLocation(time.DateTime, certificate.ValidityTo, cstzone) + oldCertNotBefore, _ := time.ParseInLocation(time.DateTime, certRecord.ValidityFrom, cstzone) + oldCertNotAfter, _ := time.ParseInLocation(time.DateTime, certRecord.ValidityTo, cstzone) if !certX509.NotBefore.Equal(oldCertNotBefore) || !certX509.NotAfter.Equal(oldCertNotAfter) { continue } @@ -88,8 +88,8 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey // 如果以上信息都一致,则视为已存在相同证书,直接返回 m.logger.Info("ssl certificate already exists") return &core.SSLManageUploadResult{ - CertId: certificate.CertificateId, - CertName: certificate.Name, + CertId: certRecord.CertificateId, + CertName: certRecord.Name, }, nil } }