fix: uploading certificates duplicated to aliyun cas

2025-07-18 01:11:55 +08:00 · 2025-06-27 13:30:01 +08:00 · 2025-06-27 13:30:01 +08:00 · d6882cbc4f
commit d6882cbc4f
parent f29cdae648
3 changed files with 94 additions and 7 deletions
--- a/pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas.go
+++ b/pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas.go
@ -94,10 +94,20 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey

 		if listUserCertificateOrderResp.Body.CertificateOrderList != nil {
 			for _, certOrder := range listUserCertificateOrderResp.Body.CertificateOrderList {
-				if !strings.EqualFold(certX509.SerialNumber.Text(16), *certOrder.SerialNo) {
+				// 先对比证书通用名称
+				if !strings.EqualFold(certX509.Subject.CommonName, tea.StringValue(certOrder.CommonName)) {
 					continue
 				}

+				// 再对比证书序列号
+				// 注意阿里云 CAS 会在序列号前补零，需去除后再比较
+				oldCertSN := strings.TrimLeft(tea.StringValue(certOrder.SerialNo), "0")
+				newCertSN := strings.TrimLeft(certX509.SerialNumber.Text(16), "0")
+				if !strings.EqualFold(newCertSN, oldCertSN) {
+					continue
+				}
+
+				// 最后对比证书内容
 				getUserCertificateDetailReq := &alicas.GetUserCertificateDetailRequest{
 					CertId: certOrder.CertificateId,
 				}
--- a/pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas_test.go
+++ b/pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas_test.go
@ -0,0 +1,77 @@
+package aliyuncas_test
+
+import (
+	"context"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+
+	provider "github.com/certimate-go/certimate/pkg/core/ssl-manager/providers/aliyun-cas"
+)
+
+var (
+	fInputCertPath   string
+	fInputKeyPath    string
+	fAccessKeyId     string
+	fAccessKeySecret string
+	fRegion          string
+)
+
+func init() {
+	argsPrefix := "CERTIMATE_SSLMANAGER_ALIYUNCAS_"
+
+	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+	flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
+	flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
+	flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
+}
+
+/*
+Shell command to run this test:
+
+	go test -v ./aliyun_cas_test.go -args \
+	--CERTIMATE_SSLMANAGER_ALIYUNCAS_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_SSLMANAGER_ALIYUNCAS_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_SSLMANAGER_ALIYUNCAS_ACCESSKEYID="your-access-key-id" \
+	--CERTIMATE_SSLMANAGER_ALIYUNCAS_ACCESSKEYSECRET="your-access-key-secret" \
+	--CERTIMATE_SSLMANAGER_ALIYUNCAS_REGION="cn-hangzhou"
+*/
+func TestDeploy(t *testing.T) {
+	flag.Parse()
+
+	t.Run("Deploy", func(t *testing.T) {
+		t.Log(strings.Join([]string{
+			"args:",
+			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+			fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
+			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
+			fmt.Sprintf("REGION: %v", fRegion),
+		}, "\n"))
+
+		sslmanager, err := provider.NewSSLManagerProvider(&provider.SSLManagerProviderConfig{
+			AccessKeyId:     fAccessKeyId,
+			AccessKeySecret: fAccessKeySecret,
+			Region:          fRegion,
+		})
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		fInputCertData, _ := os.ReadFile(fInputCertPath)
+		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+		res, err := sslmanager.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		sres, _ := json.Marshal(res)
+		t.Logf("ok: %s", string(sres))
+	})
+}
--- a/pkg/core/ssl-manager/providers/baiducloud-cert/baiducloud_cert_test.go
+++ b/pkg/core/ssl-manager/providers/baiducloud-cert/baiducloud_cert_test.go
@ -20,7 +20,7 @@ var (
 )

 func init() {
-	argsPrefix := "CERTIMATE_SSLMANAGER_BAIDUCLOUDCAS_"
+	argsPrefix := "CERTIMATE_SSLMANAGER_BAIDUCLOUDCERT_"

 	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
 	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
@ -31,11 +31,11 @@ func init() {
 /*
 Shell command to run this test:

-	go test -v ./baiducloud_cas_test.go -args \
-	--CERTIMATE_SSLMANAGER_BAIDUCLOUDCAS_INPUTCERTPATH="/path/to/your-input-cert.pem" \
-	--CERTIMATE_SSLMANAGER_BAIDUCLOUDCAS_INPUTKEYPATH="/path/to/your-input-key.pem" \
-	--CERTIMATE_SSLMANAGER_BAIDUCLOUDCAS_ACCESSKEYID="your-access-key-id" \
-	--CERTIMATE_SSLMANAGER_BAIDUCLOUDCAS_SECRETACCESSKEY="your-access-key-secret"
+	go test -v ./baiducloud_cert_test.go -args \
+	--CERTIMATE_SSLMANAGER_BAIDUCLOUDCERT_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_SSLMANAGER_BAIDUCLOUDCERT_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_SSLMANAGER_BAIDUCLOUDCERT_ACCESSKEYID="your-access-key-id" \
+	--CERTIMATE_SSLMANAGER_BAIDUCLOUDCERT_SECRETACCESSKEY="your-access-key-secret"
 */
 func TestDeploy(t *testing.T) {
 	flag.Parse()