wood/certimate
1
0
Fork 0
mirror of https://github.com/woodchen-ink/certimate.git synced 2025-07-18 09:21:56 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor: clean code

Browse Source
This commit is contained in:
Fu Diwei 2025-06-25 17:07:28 +08:00 committed by RHQYZ
parent 45e4d14897
commit 64063554c2
10 changed files with 55 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/core/ssl-deployer/providers/huaweicloud-elb/huaweicloud_elb.go
View File

@ -297,21 +297,20 @@ func (d *SSLDeployerProvider) modifyListenerCertificate(ctx context.Context, clo
return fmt.Errorf("failed to execute sdk request 'elb.ShowCertificate': %w", err)
}
for _, certificate := range *listOldCertificateResp.Certificates {
oldCertificate := certificate
newCertificate := showNewCertificateResp.Certificate
for _, oldCertInfo := range *listOldCertificateResp.Certificates {
newCertInfo := showNewCertificateResp.Certificate
if oldCertificate.SubjectAlternativeNames != nil && newCertificate.SubjectAlternativeNames != nil {
if slices.Equal(*oldCertificate.SubjectAlternativeNames, *newCertificate.SubjectAlternativeNames) {
if oldCertInfo.SubjectAlternativeNames != nil && newCertInfo.SubjectAlternativeNames != nil {
if slices.Equal(*oldCertInfo.SubjectAlternativeNames, *newCertInfo.SubjectAlternativeNames) {
continue
}
} else {
if oldCertificate.Domain == newCertificate.Domain {
if oldCertInfo.Domain == newCertInfo.Domain {
continue
}
}
sniCertIds = append(sniCertIds, certificate.Id)
sniCertIds = append(sniCertIds, oldCertInfo.Id)
}
updateListenerReq.Body.Listener.SniContainerRefs = &sniCertIds

10
pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas.go
View File

@ -93,13 +93,13 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
}
if listUserCertificateOrderResp.Body.CertificateOrderList != nil {
for _, certDetail := range listUserCertificateOrderResp.Body.CertificateOrderList {
if !strings.EqualFold(certX509.SerialNumber.Text(16), *certDetail.SerialNo) {
for _, certOrder := range listUserCertificateOrderResp.Body.CertificateOrderList {
if !strings.EqualFold(certX509.SerialNumber.Text(16), *certOrder.SerialNo) {
continue
}
getUserCertificateDetailReq := &alicas.GetUserCertificateDetailRequest{
CertId: certDetail.CertificateId,
CertId: certOrder.CertificateId,
}
getUserCertificateDetailResp, err := m.sdkClient.GetUserCertificateDetail(getUserCertificateDetailReq)
m.logger.Debug("sdk request 'cas.GetUserCertificateDetail'", slog.Any("request", getUserCertificateDetailReq), slog.Any("response", getUserCertificateDetailResp))
@ -123,8 +123,8 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
if isSameCert {
m.logger.Info("ssl certificate already exists")
return &core.SSLManageUploadResult{
CertId: fmt.Sprintf("%d", tea.Int64Value(certDetail.CertificateId)),
CertName: *certDetail.Name,
CertId: fmt.Sprintf("%d", tea.Int64Value(certOrder.CertificateId)),
CertName: *certOrder.Name,
ExtendedData: map[string]any{
"instanceId": tea.StringValue(getUserCertificateDetailResp.Body.InstanceId),
"certIdentifier": tea.StringValue(getUserCertificateDetailResp.Body.CertIdentifier),

12
pkg/core/ssl-manager/providers/aliyun-slb/aliyun_slb.go
View File

@ -86,16 +86,16 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
if describeServerCertificatesResp.Body.ServerCertificates != nil && describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate != nil {
fingerprint := sha256.Sum256(certX509.Raw)
fingerprintHex := hex.EncodeToString(fingerprint[:])
for _, certDetail := range describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate {
isSameCert := *certDetail.IsAliCloudCertificate == 0 &&
strings.EqualFold(fingerprintHex, strings.ReplaceAll(*certDetail.Fingerprint, ":", "")) &&
strings.EqualFold(certX509.Subject.CommonName, *certDetail.CommonName)
for _, serverCert := range describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate {
isSameCert := *serverCert.IsAliCloudCertificate == 0 &&
strings.EqualFold(fingerprintHex, strings.ReplaceAll(*serverCert.Fingerprint, ":", "")) &&
strings.EqualFold(certX509.Subject.CommonName, *serverCert.CommonName)
// 如果已存在相同证书,直接返回
if isSameCert {
m.logger.Info("ssl certificate already exists")
return &core.SSLManageUploadResult{
CertId: *certDetail.ServerCertificateId,
CertName: *certDetail.ServerCertificateName,
CertId: *serverCert.ServerCertificateId,
CertName: *serverCert.ServerCertificateName,
}, nil
}
}

10
pkg/core/ssl-manager/providers/byteplus-cdn/byteplus_cdn.go
View File

@ -87,17 +87,17 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
}
if listCertInfoResp.Result.CertInfo != nil {
for _, certDetail := range listCertInfoResp.Result.CertInfo {
for _, certInfo := range listCertInfoResp.Result.CertInfo {
fingerprintSha1 := sha1.Sum(certX509.Raw)
fingerprintSha256 := sha256.Sum256(certX509.Raw)
isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certDetail.CertFingerprint.Sha1) &&
strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certDetail.CertFingerprint.Sha256)
isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certInfo.CertFingerprint.Sha1) &&
strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certInfo.CertFingerprint.Sha256)
// 如果已存在相同证书,直接返回
if isSameCert {
m.logger.Info("ssl certificate already exists")
return &core.SSLManageUploadResult{
CertId: certDetail.CertId,
CertName: certDetail.Desc,
CertId: certInfo.CertId,
CertName: certInfo.Desc,
}, nil
}
}

10
pkg/core/ssl-manager/providers/huaweicloud-elb/huaweicloud_elb.go
View File

@ -95,12 +95,12 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
}
if listCertificatesResp.Certificates != nil {
for _, certDetail := range *listCertificatesResp.Certificates {
for _, certInfo := range *listCertificatesResp.Certificates {
var isSameCert bool
if certDetail.Certificate == certPEM {
if certInfo.Certificate == certPEM {
isSameCert = true
} else {
oldCertX509, err := xcert.ParseCertificateFromPEM(certDetail.Certificate)
oldCertX509, err := xcert.ParseCertificateFromPEM(certInfo.Certificate)
if err != nil {
continue
}
@ -112,8 +112,8 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
if isSameCert {
m.logger.Info("ssl certificate already exists")
return &core.SSLManageUploadResult{
CertId: certDetail.Id,
CertName: certDetail.Name,
CertId: certInfo.Id,
CertName: certInfo.Name,
}, nil
}
}

10
pkg/core/ssl-manager/providers/rainyun-sslcenter/rainyun_sslcenter.go
View File

@ -114,19 +114,19 @@ func (m *SSLManagerProvider) findCertIfExists(ctx context.Context, certPEM strin
}
if sslCenterListResp.Data != nil && sslCenterListResp.Data.Records != nil {
for _, sslItem := range sslCenterListResp.Data.Records {
for _, sslRecord := range sslCenterListResp.Data.Records {
// 先对比证书的多域名
if sslItem.Domain != strings.Join(certX509.DNSNames, ", ") {
if sslRecord.Domain != strings.Join(certX509.DNSNames, ", ") {
continue
}
// 再对比证书的有效期
if sslItem.StartDate != certX509.NotBefore.Unix() || sslItem.ExpireDate != certX509.NotAfter.Unix() {
if sslRecord.StartDate != certX509.NotBefore.Unix() || sslRecord.ExpireDate != certX509.NotAfter.Unix() {
continue
}
// 最后对比证书内容
sslCenterGetResp, err := m.sdkClient.SslCenterGet(sslItem.ID)
sslCenterGetResp, err := m.sdkClient.SslCenterGet(sslRecord.ID)
if err != nil {
return nil, fmt.Errorf("failed to execute sdk request 'sslcenter.Get': %w", err)
}
@ -148,7 +148,7 @@ func (m *SSLManagerProvider) findCertIfExists(ctx context.Context, certPEM strin
// 如果已存在相同证书,直接返回
if isSameCert {
return &core.SSLManageUploadResult{
CertId: fmt.Sprintf("%d", sslItem.ID),
CertId: fmt.Sprintf("%d", sslRecord.ID),
}, nil
}
}

16
pkg/core/ssl-manager/providers/ucloud-ussl/ucloud_ussl.go
View File

@ -143,24 +143,24 @@ func (m *SSLManagerProvider) findCertIfExists(ctx context.Context, certPEM strin
}
if getCertificateListResp.CertificateList != nil {
for _, certInfo := range getCertificateListResp.CertificateList {
for _, certItem := range getCertificateListResp.CertificateList {
// 优刻得未提供可唯一标识证书的字段,只能通过多个字段尝试对比来判断是否为同一证书
// 先分别对比证书的多域名、品牌、有效期,再对比签名算法
if len(certX509.DNSNames) == 0 || certInfo.Domains != strings.Join(certX509.DNSNames, ",") {
if len(certX509.DNSNames) == 0 || certItem.Domains != strings.Join(certX509.DNSNames, ",") {
continue
}
if len(certX509.Issuer.Organization) == 0 || certInfo.Brand != certX509.Issuer.Organization[0] {
if len(certX509.Issuer.Organization) == 0 || certItem.Brand != certX509.Issuer.Organization[0] {
continue
}
if int64(certInfo.NotBefore) != certX509.NotBefore.UnixMilli() || int64(certInfo.NotAfter) != certX509.NotAfter.UnixMilli() {
if int64(certItem.NotBefore) != certX509.NotBefore.UnixMilli() || int64(certItem.NotAfter) != certX509.NotAfter.UnixMilli() {
continue
}
getCertificateDetailInfoReq := m.sdkClient.NewGetCertificateDetailInfoRequest()
getCertificateDetailInfoReq.CertificateID = ucloud.Int(certInfo.CertificateID)
getCertificateDetailInfoReq.CertificateID = ucloud.Int(certItem.CertificateID)
if m.config.ProjectId != "" {
getCertificateDetailInfoReq.ProjectId = ucloud.String(m.config.ProjectId)
}
@ -212,10 +212,10 @@ func (m *SSLManagerProvider) findCertIfExists(ctx context.Context, certPEM strin
}
return &core.SSLManageUploadResult{
CertId: fmt.Sprintf("%d", certInfo.CertificateID),
CertName: certInfo.Name,
CertId: fmt.Sprintf("%d", certItem.CertificateID),
CertName: certItem.Name,
ExtendedData: map[string]any{
"resourceId": certInfo.CertificateSN,
"resourceId": certItem.CertificateSN,
},
}, nil
}

10
pkg/core/ssl-manager/providers/volcengine-cdn/volcengine_cdn.go
View File

@ -88,17 +88,17 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
}
if listCertInfoResp.Result.CertInfo != nil {
for _, certDetail := range listCertInfoResp.Result.CertInfo {
for _, certInfo := range listCertInfoResp.Result.CertInfo {
fingerprintSha1 := sha1.Sum(certX509.Raw)
fingerprintSha256 := sha256.Sum256(certX509.Raw)
isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certDetail.CertFingerprint.Sha1) &&
strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certDetail.CertFingerprint.Sha256)
isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certInfo.CertFingerprint.Sha1) &&
strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certInfo.CertFingerprint.Sha256)
// 如果已存在相同证书,直接返回
if isSameCert {
m.logger.Info("ssl certificate already exists")
return &core.SSLManageUploadResult{
CertId: certDetail.CertId,
CertName: certDetail.Desc,
CertId: certInfo.CertId,
CertName: certInfo.Desc,
}, nil
}
}

8
pkg/core/ssl-manager/providers/volcengine-live/volcengine_live.go
View File

@ -70,11 +70,11 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
return nil, fmt.Errorf("failed to execute sdk request 'live.ListCertV2': %w", err)
}
if listCertResp.Result.CertList != nil {
for _, certDetail := range listCertResp.Result.CertList {
for _, certInfo := range listCertResp.Result.CertList {
// 查询证书详细信息
// REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E7%9C%8B%E8%AF%81%E4%B9%A6%E8%AF%A6%E6%83%85
describeCertDetailSecretReq := &velive.DescribeCertDetailSecretV2Body{
ChainID: ve.String(certDetail.ChainID),
ChainID: ve.String(certInfo.ChainID),
}
describeCertDetailSecretResp, err := m.sdkClient.DescribeCertDetailSecretV2(ctx, describeCertDetailSecretReq)
m.logger.Debug("sdk request 'live.DescribeCertDetailSecretV2'", slog.Any("request", describeCertDetailSecretReq), slog.Any("response", describeCertDetailSecretResp))
@ -99,8 +99,8 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
if isSameCert {
m.logger.Info("ssl certificate already exists")
return &core.SSLManageUploadResult{
CertId: certDetail.ChainID,
CertName: certDetail.CertName,
CertId: certInfo.ChainID,
CertName: certInfo.CertName,
}, nil
}
}

12
pkg/core/ssl-manager/providers/wangsu-certificate/wangsu_certificate.go
View File

@ -71,16 +71,16 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
}
if listCertificatesResp.Certificates != nil {
for _, certificate := range listCertificatesResp.Certificates {
for _, certRecord := range listCertificatesResp.Certificates {
// 对比证书序列号
if !strings.EqualFold(certX509.SerialNumber.Text(16), certificate.Serial) {
if !strings.EqualFold(certX509.SerialNumber.Text(16), certRecord.Serial) {
continue
}
// 再对比证书有效期
cstzone := time.FixedZone("CST", 8*60*60)
oldCertNotBefore, _ := time.ParseInLocation(time.DateTime, certificate.ValidityFrom, cstzone)
oldCertNotAfter, _ := time.ParseInLocation(time.DateTime, certificate.ValidityTo, cstzone)
oldCertNotBefore, _ := time.ParseInLocation(time.DateTime, certRecord.ValidityFrom, cstzone)
oldCertNotAfter, _ := time.ParseInLocation(time.DateTime, certRecord.ValidityTo, cstzone)
if !certX509.NotBefore.Equal(oldCertNotBefore) || !certX509.NotAfter.Equal(oldCertNotAfter) {
continue
}
@ -88,8 +88,8 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
// 如果以上信息都一致,则视为已存在相同证书,直接返回
m.logger.Info("ssl certificate already exists")
return &core.SSLManageUploadResult{
CertId: certificate.CertificateId,
CertName: certificate.Name,
CertId: certRecord.CertificateId,
CertName: certRecord.Name,
}, nil
}
}