refactor: adjust project structure

2024-11-01 15:54:05 +08:00
parent 1e3c4881d0
commit 1dee14e32d
17 changed files with 58 additions and 40 deletions
--- a/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
+++ b/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
@@ -0,0 +1,160 @@
+package aliyuncas
+
+import (
+	"context"
+	"fmt"
+	"strings"
+	"time"
+
+	aliyunCas "github.com/alibabacloud-go/cas-20200407/v3/client"
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+)
+
+type AliyunCASUploaderConfig struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	AccessKeySecret string `json:"accessKeySecret"`
+	Region          string `json:"region"`
+}
+
+type AliyunCASUploader struct {
+	config    *AliyunCASUploaderConfig
+	sdkClient *aliyunCas.Client
+}
+
+func New(config *AliyunCASUploaderConfig) (*AliyunCASUploader, error) {
+	client, err := (&AliyunCASUploader{}).createSdkClient(
+		config.AccessKeyId,
+		config.AccessKeySecret,
+		config.Region,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &AliyunCASUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *AliyunCASUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+
+	// 查询证书列表，避免重复上传
+	// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-listusercertificateorder
+	// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-getusercertificatedetail
+	listUserCertificateOrderPage := int64(1)
+	listUserCertificateOrderLimit := int64(50)
+	for {
+		listUserCertificateOrderReq := &aliyunCas.ListUserCertificateOrderRequest{
+			CurrentPage: tea.Int64(listUserCertificateOrderPage),
+			ShowSize:    tea.Int64(listUserCertificateOrderLimit),
+			OrderType:   tea.String("CERT"),
+		}
+		listUserCertificateOrderResp, err := u.sdkClient.ListUserCertificateOrder(listUserCertificateOrderReq)
+		if err != nil {
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.ListUserCertificateOrder'")
+		}
+
+		if listUserCertificateOrderResp.Body.CertificateOrderList != nil {
+			for _, certDetail := range listUserCertificateOrderResp.Body.CertificateOrderList {
+				if strings.EqualFold(certX509.SerialNumber.Text(16), *certDetail.SerialNo) {
+					getUserCertificateDetailReq := &aliyunCas.GetUserCertificateDetailRequest{
+						CertId: certDetail.CertificateId,
+					}
+					getUserCertificateDetailResp, err := u.sdkClient.GetUserCertificateDetail(getUserCertificateDetailReq)
+					if err != nil {
+						return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.GetUserCertificateDetail'")
+					}
+
+					var isSameCert bool
+					if *getUserCertificateDetailResp.Body.Cert == certPem {
+						isSameCert = true
+					} else {
+						oldCertX509, err := x509.ParseCertificateFromPEM(*getUserCertificateDetailResp.Body.Cert)
+						if err != nil {
+							continue
+						}
+
+						isSameCert = x509.EqualCertificate(certX509, oldCertX509)
+					}
+
+					// 如果已存在相同证书，直接返回已有的证书信息
+					if isSameCert {
+						return &uploader.UploadResult{
+							CertId:   fmt.Sprintf("%d", tea.Int64Value(certDetail.CertificateId)),
+							CertName: *certDetail.Name,
+						}, nil
+					}
+				}
+			}
+		}
+
+		if listUserCertificateOrderResp.Body.CertificateOrderList == nil || len(listUserCertificateOrderResp.Body.CertificateOrderList) < int(listUserCertificateOrderLimit) {
+			break
+		} else {
+			listUserCertificateOrderPage += 1
+			if listUserCertificateOrderPage > 99 { // 避免死循环
+				break
+			}
+		}
+	}
+
+	// 生成新证书名（需符合阿里云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate_%d", time.Now().UnixMilli())
+
+	// 上传新证书
+	// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-uploadusercertificate
+	uploadUserCertificateReq := &aliyunCas.UploadUserCertificateRequest{
+		Name: tea.String(certName),
+		Cert: tea.String(certPem),
+		Key:  tea.String(privkeyPem),
+	}
+	uploadUserCertificateResp, err := u.sdkClient.UploadUserCertificate(uploadUserCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.UploadUserCertificate'")
+	}
+
+	certId = fmt.Sprintf("%d", tea.Int64Value(uploadUserCertificateResp.Body.CertId))
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func (u *AliyunCASUploader) createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunCas.Client, error) {
+	if region == "" {
+		region = "cn-hangzhou" // CAS 服务默认区域：华东一杭州
+	}
+
+	aConfig := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+
+	var endpoint string
+	switch region {
+	case "cn-hangzhou":
+		endpoint = "cas.aliyuncs.com"
+	default:
+		endpoint = fmt.Sprintf("cas.%s.aliyuncs.com", region)
+	}
+	aConfig.Endpoint = tea.String(endpoint)
+
+	client, err := aliyunCas.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go
+++ b/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go
@@ -0,0 +1,133 @@
+package aliyunslb
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"fmt"
+	"strings"
+	"time"
+
+	aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
+	aliyunSlb "github.com/alibabacloud-go/slb-20140515/v4/client"
+	"github.com/alibabacloud-go/tea/tea"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+)
+
+type AliyunSLBUploaderConfig struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	AccessKeySecret string `json:"accessKeySecret"`
+	Region          string `json:"region"`
+}
+
+type AliyunSLBUploader struct {
+	config    *AliyunSLBUploaderConfig
+	sdkClient *aliyunSlb.Client
+}
+
+func New(config *AliyunSLBUploaderConfig) (*AliyunSLBUploader, error) {
+	client, err := (&AliyunSLBUploader{}).createSdkClient(
+		config.AccessKeyId,
+		config.AccessKeySecret,
+		config.Region,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &AliyunSLBUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *AliyunSLBUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+
+	// 查询证书列表，避免重复上传
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeservercertificates
+	describeServerCertificatesReq := &aliyunSlb.DescribeServerCertificatesRequest{
+		RegionId: tea.String(u.config.Region),
+	}
+	describeServerCertificatesResp, err := u.sdkClient.DescribeServerCertificates(describeServerCertificatesReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeServerCertificates'")
+	}
+
+	if describeServerCertificatesResp.Body.ServerCertificates != nil && describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate != nil {
+		fingerprint := sha256.Sum256(certX509.Raw)
+		fingerprintHex := hex.EncodeToString(fingerprint[:])
+		for _, certDetail := range describeServerCertificatesResp.Body.ServerCertificates.ServerCertificate {
+			isSameCert := *certDetail.IsAliCloudCertificate == 0 &&
+				strings.EqualFold(fingerprintHex, strings.ReplaceAll(*certDetail.Fingerprint, ":", "")) &&
+				strings.EqualFold(certX509.Subject.CommonName, *certDetail.CommonName)
+			// 如果已存在相同证书，直接返回已有的证书信息
+			if isSameCert {
+				return &uploader.UploadResult{
+					CertId:   *certDetail.ServerCertificateId,
+					CertName: *certDetail.ServerCertificateName,
+				}, nil
+			}
+		}
+	}
+
+	// 生成新证书名（需符合阿里云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate_%d", time.Now().UnixMilli())
+
+	// 上传新证书
+	// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-uploadservercertificate
+	uploadServerCertificateReq := &aliyunSlb.UploadServerCertificateRequest{
+		RegionId:              tea.String(u.config.Region),
+		ServerCertificateName: tea.String(certName),
+		ServerCertificate:     tea.String(certPem),
+		PrivateKey:            tea.String(privkeyPem),
+	}
+	uploadServerCertificateResp, err := u.sdkClient.UploadServerCertificate(uploadServerCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'slb.UploadServerCertificate'")
+	}
+
+	certId = *uploadServerCertificateResp.Body.ServerCertificateId
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func (u *AliyunSLBUploader) createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Client, error) {
+	if region == "" {
+		region = "cn-hangzhou" // SLB 服务默认区域：华东一杭州
+	}
+
+	aConfig := &aliyunOpen.Config{
+		AccessKeyId:     tea.String(accessKeyId),
+		AccessKeySecret: tea.String(accessKeySecret),
+	}
+
+	var endpoint string
+	switch region {
+	case "cn-hangzhou":
+	case "cn-hangzhou-finance":
+	case "cn-shanghai-finance-1":
+	case "cn-shenzhen-finance-1":
+		endpoint = "slb.aliyuncs.com"
+	default:
+		endpoint = fmt.Sprintf("slb.%s.aliyuncs.com", region)
+	}
+	aConfig.Endpoint = tea.String(endpoint)
+
+	client, err := aliyunSlb.NewClient(aConfig)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
@@ -0,0 +1,217 @@
+package huaweicloudelb
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
+	hcElb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3"
+	hcElbModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model"
+	hcElbRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region"
+	hcIam "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3"
+	hcIamModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model"
+	hcIamRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+)
+
+type HuaweiCloudELBUploaderConfig struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	SecretAccessKey string `json:"secretAccessKey"`
+	Region          string `json:"region"`
+}
+
+type HuaweiCloudELBUploader struct {
+	config    *HuaweiCloudELBUploaderConfig
+	sdkClient *hcElb.ElbClient
+}
+
+func New(config *HuaweiCloudELBUploaderConfig) (*HuaweiCloudELBUploader, error) {
+	client, err := (&HuaweiCloudELBUploader{}).createSdkClient(
+		config.AccessKeyId,
+		config.SecretAccessKey,
+		config.Region,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client: %w")
+	}
+
+	return &HuaweiCloudELBUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	newCert, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+
+	// 遍历查询已有证书，避免重复上传
+	// REF: https://support.huaweicloud.com/api-elb/ListCertificates.html
+	listCertificatesPage := 1
+	listCertificatesLimit := int32(2000)
+	var listCertificatesMarker *string = nil
+	for {
+		listCertificatesReq := &hcElbModel.ListCertificatesRequest{
+			Limit:  cast.Int32Ptr(listCertificatesLimit),
+			Marker: listCertificatesMarker,
+			Type:   &[]string{"server"},
+		}
+		listCertificatesResp, err := u.sdkClient.ListCertificates(listCertificatesReq)
+		if err != nil {
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'elb.ListCertificates'")
+		}
+
+		if listCertificatesResp.Certificates != nil {
+			for _, certDetail := range *listCertificatesResp.Certificates {
+				var isSameCert bool
+				if certDetail.Certificate == certPem {
+					isSameCert = true
+				} else {
+					cert, err := x509.ParseCertificateFromPEM(certDetail.Certificate)
+					if err != nil {
+						continue
+					}
+
+					isSameCert = x509.EqualCertificate(cert, newCert)
+				}
+
+				// 如果已存在相同证书，直接返回已有的证书信息
+				if isSameCert {
+					return &uploader.UploadResult{
+						CertId:   certDetail.Id,
+						CertName: certDetail.Name,
+					}, nil
+				}
+			}
+		}
+
+		if listCertificatesResp.Certificates == nil || len(*listCertificatesResp.Certificates) < int(listCertificatesLimit) {
+			break
+		} else {
+			listCertificatesMarker = listCertificatesResp.PageInfo.NextMarker
+			listCertificatesPage++
+			if listCertificatesPage >= 9 { // 避免死循环
+				break
+			}
+		}
+	}
+
+	// 获取项目 ID
+	// REF: https://support.huaweicloud.com/api-iam/iam_06_0001.html
+	projectId, err := u.getSdkProjectId(u.config.Region, u.config.AccessKeyId, u.config.SecretAccessKey)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to get SDK project id")
+	}
+
+	// 生成新证书名（需符合华为云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
+	// 创建新证书
+	// REF: https://support.huaweicloud.com/api-elb/CreateCertificate.html
+	createCertificateReq := &hcElbModel.CreateCertificateRequest{
+		Body: &hcElbModel.CreateCertificateRequestBody{
+			Certificate: &hcElbModel.CreateCertificateOption{
+				ProjectId:   cast.StringPtr(projectId),
+				Name:        cast.StringPtr(certName),
+				Certificate: cast.StringPtr(certPem),
+				PrivateKey:  cast.StringPtr(privkeyPem),
+			},
+		},
+	}
+	createCertificateResp, err := u.sdkClient.CreateCertificate(createCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'elb.CreateCertificate'")
+	}
+
+	certId = createCertificateResp.Certificate.Id
+	certName = createCertificateResp.Certificate.Name
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func (u *HuaweiCloudELBUploader) createSdkClient(accessKeyId, secretAccessKey, region string) (*hcElb.ElbClient, error) {
+	if region == "" {
+		region = "cn-north-4" // ELB 服务默认区域：华北四北京
+	}
+
+	auth, err := basic.NewCredentialsBuilder().
+		WithAk(accessKeyId).
+		WithSk(secretAccessKey).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	hcRegion, err := hcElbRegion.SafeValueOf(region)
+	if err != nil {
+		return nil, err
+	}
+
+	hcClient, err := hcElb.ElbClientBuilder().
+		WithRegion(hcRegion).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	client := hcElb.NewElbClient(hcClient)
+	return client, nil
+}
+
+func (u *HuaweiCloudELBUploader) getSdkProjectId(accessKeyId, secretAccessKey, region string) (string, error) {
+	if region == "" {
+		region = "cn-north-4" // IAM 服务默认区域：华北四北京
+	}
+
+	auth, err := global.NewCredentialsBuilder().
+		WithAk(accessKeyId).
+		WithSk(secretAccessKey).
+		SafeBuild()
+	if err != nil {
+		return "", err
+	}
+
+	hcRegion, err := hcIamRegion.SafeValueOf(region)
+	if err != nil {
+		return "", err
+	}
+
+	hcClient, err := hcIam.IamClientBuilder().
+		WithRegion(hcRegion).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return "", err
+	}
+
+	client := hcIam.NewIamClient(hcClient)
+	if err != nil {
+		return "", err
+	}
+
+	request := &hcIamModel.KeystoneListProjectsRequest{
+		Name: &region,
+	}
+	response, err := client.KeystoneListProjects(request)
+	if err != nil {
+		return "", err
+	} else if response.Projects == nil || len(*response.Projects) == 0 {
+		return "", errors.New("no project found")
+	}
+
+	return (*response.Projects)[0].Id, nil
+}
--- a/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
+++ b/internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
@@ -0,0 +1,170 @@
+package huaweicloudscm
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
+	hcScm "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3"
+	hcScmModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/model"
+	hcScmRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/region"
+	xerrors "github.com/pkg/errors"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+)
+
+type HuaweiCloudSCMUploaderConfig struct {
+	AccessKeyId     string `json:"accessKeyId"`
+	SecretAccessKey string `json:"secretAccessKey"`
+	Region          string `json:"region"`
+}
+
+type HuaweiCloudSCMUploader struct {
+	config    *HuaweiCloudSCMUploaderConfig
+	sdkClient *hcScm.ScmClient
+}
+
+func New(config *HuaweiCloudSCMUploaderConfig) (*HuaweiCloudSCMUploader, error) {
+	client, err := (&HuaweiCloudSCMUploader{}).createSdkClient(
+		config.AccessKeyId,
+		config.SecretAccessKey,
+		config.Region,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &HuaweiCloudSCMUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+
+	// 遍历查询已有证书，避免重复上传
+	// REF: https://support.huaweicloud.com/api-ccm/ListCertificates.html
+	// REF: https://support.huaweicloud.com/api-ccm/ExportCertificate_0.html
+	listCertificatesPage := 1
+	listCertificatesLimit := int32(50)
+	listCertificatesOffset := int32(0)
+	for {
+		listCertificatesReq := &hcScmModel.ListCertificatesRequest{
+			Limit:   cast.Int32Ptr(listCertificatesLimit),
+			Offset:  cast.Int32Ptr(listCertificatesOffset),
+			SortDir: cast.StringPtr("DESC"),
+			SortKey: cast.StringPtr("certExpiredTime"),
+		}
+		listCertificatesResp, err := u.sdkClient.ListCertificates(listCertificatesReq)
+		if err != nil {
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ListCertificates'")
+		}
+
+		if listCertificatesResp.Certificates != nil {
+			for _, certDetail := range *listCertificatesResp.Certificates {
+				exportCertificateReq := &hcScmModel.ExportCertificateRequest{
+					CertificateId: certDetail.Id,
+				}
+				exportCertificateResp, err := u.sdkClient.ExportCertificate(exportCertificateReq)
+				if err != nil {
+					if exportCertificateResp != nil && exportCertificateResp.HttpStatusCode == 404 {
+						continue
+					}
+					return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ExportCertificate'")
+				}
+
+				var isSameCert bool
+				if *exportCertificateResp.Certificate == certPem {
+					isSameCert = true
+				} else {
+					cert, err := x509.ParseCertificateFromPEM(*exportCertificateResp.Certificate)
+					if err != nil {
+						continue
+					}
+
+					isSameCert = x509.EqualCertificate(certX509, cert)
+				}
+
+				// 如果已存在相同证书，直接返回已有的证书信息
+				if isSameCert {
+					return &uploader.UploadResult{
+						CertId:   certDetail.Id,
+						CertName: certDetail.Name,
+					}, nil
+				}
+			}
+		}
+
+		if listCertificatesResp.Certificates == nil || len(*listCertificatesResp.Certificates) < int(listCertificatesLimit) {
+			break
+		} else {
+			listCertificatesOffset += listCertificatesLimit
+			listCertificatesPage += 1
+			if listCertificatesPage > 99 { // 避免死循环
+				break
+			}
+		}
+	}
+
+	// 生成新证书名（需符合华为云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
+	// 上传新证书
+	// REF: https://support.huaweicloud.com/api-ccm/ImportCertificate.html
+	importCertificateReq := &hcScmModel.ImportCertificateRequest{
+		Body: &hcScmModel.ImportCertificateRequestBody{
+			Name:        certName,
+			Certificate: certPem,
+			PrivateKey:  privkeyPem,
+		},
+	}
+	importCertificateResp, err := u.sdkClient.ImportCertificate(importCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ImportCertificate'")
+	}
+
+	certId = *importCertificateResp.CertificateId
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func (u *HuaweiCloudSCMUploader) createSdkClient(accessKeyId, secretAccessKey, region string) (*hcScm.ScmClient, error) {
+	if region == "" {
+		region = "cn-north-4" // SCM 服务默认区域：华北四北京
+	}
+
+	auth, err := basic.NewCredentialsBuilder().
+		WithAk(accessKeyId).
+		WithSk(secretAccessKey).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	hcRegion, err := hcScmRegion.SafeValueOf(region)
+	if err != nil {
+		return nil, err
+	}
+
+	hcClient, err := hcScm.ScmClientBuilder().
+		WithRegion(hcRegion).
+		WithCredential(auth).
+		SafeBuild()
+	if err != nil {
+		return nil, err
+	}
+
+	client := hcScm.NewScmClient(hcClient)
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/qiniu-sslcert/qiniu_sslcert.go
+++ b/internal/pkg/core/uploader/providers/qiniu-sslcert/qiniu_sslcert.go
@@ -0,0 +1,70 @@
+package qiniusslcert
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/qiniu/go-sdk/v7/auth"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+	qiniuEx "github.com/usual2970/certimate/internal/pkg/vendors/qiniu-sdk"
+)
+
+type QiniuSSLCertUploaderConfig struct {
+	AccessKey string `json:"accessKey"`
+	SecretKey string `json:"secretKey"`
+}
+
+type QiniuSSLCertUploader struct {
+	config    *QiniuSSLCertUploaderConfig
+	sdkClient *qiniuEx.Client
+}
+
+func New(config *QiniuSSLCertUploaderConfig) (*QiniuSSLCertUploader, error) {
+	client, err := (&QiniuSSLCertUploader{}).createSdkClient(
+		config.AccessKey,
+		config.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &QiniuSSLCertUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *QiniuSSLCertUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+
+	// 生成新证书名（需符合七牛云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
+	// 上传新证书
+	// REF: https://developer.qiniu.com/fusion/8593/interface-related-certificate
+	uploadSslCertResp, err := u.sdkClient.UploadSslCert(certName, certX509.Subject.CommonName, privkeyPem, certPem)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.UploadSslCert'")
+	}
+
+	certId = uploadSslCertResp.CertID
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func (u *QiniuSSLCertUploader) createSdkClient(accessKey, secretKey string) (*qiniuEx.Client, error) {
+	credential := auth.New(accessKey, secretKey)
+	client := qiniuEx.NewClient(credential)
+	return client, nil
+}
--- a/internal/pkg/core/uploader/providers/tencentcloud-ssl/tencentcloud_ssl.go
+++ b/internal/pkg/core/uploader/providers/tencentcloud-ssl/tencentcloud_ssl.go
@@ -0,0 +1,66 @@
+package tencentcloudssl
+
+import (
+	"context"
+
+	xerrors "github.com/pkg/errors"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+)
+
+type TencentCloudSSLUploaderConfig struct {
+	SecretId  string `json:"secretId"`
+	SecretKey string `json:"secretKey"`
+}
+
+type TencentCloudSSLUploader struct {
+	config    *TencentCloudSSLUploaderConfig
+	sdkClient *tcSsl.Client
+}
+
+func New(config *TencentCloudSSLUploaderConfig) (*TencentCloudSSLUploader, error) {
+	client, err := (&TencentCloudSSLUploader{}).createSdkClient(
+		config.SecretId,
+		config.SecretKey,
+	)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create sdk client")
+	}
+
+	return &TencentCloudSSLUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *TencentCloudSSLUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 上传新证书
+	// REF: https://cloud.tencent.com/document/product/400/41665
+	uploadCertificateReq := tcSsl.NewUploadCertificateRequest()
+	uploadCertificateReq.CertificatePublicKey = common.StringPtr(certPem)
+	uploadCertificateReq.CertificatePrivateKey = common.StringPtr(privkeyPem)
+	uploadCertificateReq.Repeatable = common.BoolPtr(false)
+	uploadCertificateResp, err := u.sdkClient.UploadCertificate(uploadCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'ssl.UploadCertificate'")
+	}
+
+	certId := *uploadCertificateResp.Response.CertificateId
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: "",
+	}, nil
+}
+
+func (u *TencentCloudSSLUploader) createSdkClient(secretId, secretKey string) (*tcSsl.Client, error) {
+	credential := common.NewCredential(secretId, secretKey)
+	client, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}