jiazhizhong/certimate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: adapt new logging to uploader, deployer and notifier providers

Browse Source
This commit is contained in:
Fu Diwei
2025-03-17 13:24:42 +08:00
parent c13a7a7873
commit b620052b88
92 changed files with 1358 additions and 1023 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
internal/pkg/core/uploader/providers/1panel-ssl/1panel_ssl.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"errors"
"fmt"
"log/slog"
"net/url"
"strings"
"time"
@@ -23,6 +24,7 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
logger *slog.Logger
sdkClient *opsdk.Client
}
@@ -40,15 +42,26 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 遍历证书列表,避免重复上传
if res, err := u.getExistCert(ctx, certPem, privkeyPem); err != nil {
return nil, err
} else if res != nil {
u.logger.Info("ssl certificate already exists")
return res, nil
}
@@ -63,6 +76,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
PrivateKey: privkeyPem,
}
uploadWebsiteSSLResp, err := u.sdkClient.UploadWebsiteSSL(uploadWebsiteSSLReq)
u.logger.Debug("sdk request '1panel.UploadWebsiteSSL'", slog.Any("request", uploadWebsiteSSLReq), slog.Any("response", uploadWebsiteSSLResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.UploadWebsiteSSL'")
}
@@ -86,6 +100,7 @@ func (u *UploaderProvider) getExistCert(ctx context.Context, certPem string, pri
PageSize: searchWebsiteSSLPageSize,
}
searchWebsiteSSLResp, err := u.sdkClient.SearchWebsiteSSL(searchWebsiteSSLReq)
u.logger.Debug("sdk request '1panel.SearchWebsiteSSL'", slog.Any("request", searchWebsiteSSLReq), slog.Any("response", searchWebsiteSSLResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request '1panel.SearchWebsiteSSL'")
}
@@ -93,7 +108,7 @@ func (u *UploaderProvider) getExistCert(ctx context.Context, certPem string, pri
for _, sslItem := range searchWebsiteSSLResp.Data.Items {
if strings.TrimSpace(sslItem.PEM) == strings.TrimSpace(certPem) &&
strings.TrimSpace(sslItem.PrivateKey) == strings.TrimSpace(privkeyPem) {
// 如果已存在相同证书,直接返回已有的证书信息
// 如果已存在相同证书,直接返回
return &uploader.UploadResult{
CertId: fmt.Sprintf("%d", sslItem.ID),
CertName: sslItem.Description,

42
internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go
View File

@@ -3,11 +3,12 @@
import (
"context"
"fmt"
"log/slog"
"strings"
"time"
aliyunCas "github.com/alibabacloud-go/cas-20200407/v3/client"
aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
alicas "github.com/alibabacloud-go/cas-20200407/v3/client"
aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
"github.com/alibabacloud-go/tea/tea"
xerrors "github.com/pkg/errors"
@@ -26,7 +27,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *aliyunCas.Client
logger *slog.Logger
sdkClient *alicas.Client
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -36,21 +38,27 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
panic("config is nil")
}
client, err := createSdkClient(
config.AccessKeyId,
config.AccessKeySecret,
config.Region,
)
client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
if err != nil {
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 解析证书内容
certX509, err := certs.ParseCertificateFromPEM(certPem)
@@ -64,12 +72,13 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
listUserCertificateOrderPage := int64(1)
listUserCertificateOrderLimit := int64(50)
for {
listUserCertificateOrderReq := &aliyunCas.ListUserCertificateOrderRequest{
listUserCertificateOrderReq := &alicas.ListUserCertificateOrderRequest{
CurrentPage: tea.Int64(listUserCertificateOrderPage),
ShowSize: tea.Int64(listUserCertificateOrderLimit),
OrderType: tea.String("CERT"),
}
listUserCertificateOrderResp, err := u.sdkClient.ListUserCertificateOrder(listUserCertificateOrderReq)
u.logger.Debug("sdk request 'cas.ListUserCertificateOrder'", slog.Any("request", listUserCertificateOrderReq), slog.Any("response", listUserCertificateOrderResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.ListUserCertificateOrder'")
}
@@ -77,10 +86,11 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
if listUserCertificateOrderResp.Body.CertificateOrderList != nil {
for _, certDetail := range listUserCertificateOrderResp.Body.CertificateOrderList {
if strings.EqualFold(certX509.SerialNumber.Text(16), *certDetail.SerialNo) {
getUserCertificateDetailReq := &aliyunCas.GetUserCertificateDetailRequest{
getUserCertificateDetailReq := &alicas.GetUserCertificateDetailRequest{
CertId: certDetail.CertificateId,
}
getUserCertificateDetailResp, err := u.sdkClient.GetUserCertificateDetail(getUserCertificateDetailReq)
u.logger.Debug("sdk request 'cas.GetUserCertificateDetail'", slog.Any("request", getUserCertificateDetailReq), slog.Any("response", getUserCertificateDetailResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.GetUserCertificateDetail'")
}
@@ -97,8 +107,9 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
isSameCert = certs.EqualCertificate(certX509, oldCertX509)
}
// 如果已存在相同证书,直接返回已有的证书信息
// 如果已存在相同证书,直接返回
if isSameCert {
u.logger.Info("ssl certificate already exists")
return &uploader.UploadResult{
CertId: fmt.Sprintf("%d", tea.Int64Value(certDetail.CertificateId)),
CertName: *certDetail.Name,
@@ -121,12 +132,13 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 上传新证书
// REF: https://help.aliyun.com/zh/ssl-certificate/developer-reference/api-cas-2020-04-07-uploadusercertificate
uploadUserCertificateReq := &aliyunCas.UploadUserCertificateRequest{
uploadUserCertificateReq := &alicas.UploadUserCertificateRequest{
Name: tea.String(certName),
Cert: tea.String(certPem),
Key: tea.String(privkeyPem),
}
uploadUserCertificateResp, err := u.sdkClient.UploadUserCertificate(uploadUserCertificateReq)
u.logger.Debug("sdk request 'cas.UploadUserCertificate'", slog.Any("request", uploadUserCertificateReq), slog.Any("response", uploadUserCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'cas.UploadUserCertificate'")
}
@@ -138,7 +150,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}, nil
}
func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunCas.Client, error) {
func createSdkClient(accessKeyId, accessKeySecret, region string) (*alicas.Client, error) {
if region == "" {
region = "cn-hangzhou" // CAS 服务默认区域:华东一杭州
}
@@ -152,13 +164,13 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunCas.Cl
endpoint = fmt.Sprintf("cas.%s.aliyuncs.com", region)
}
config := &aliyunOpen.Config{
config := &aliopen.Config{
Endpoint: tea.String(endpoint),
AccessKeyId: tea.String(accessKeyId),
AccessKeySecret: tea.String(accessKeySecret),
}
client, err := aliyunCas.NewClient(config)
client, err := alicas.NewClient(config)
if err != nil {
return nil, err
}

39
internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go
View File

@@ -5,12 +5,13 @@ import (
"crypto/sha256"
"encoding/hex"
"fmt"
"log/slog"
"regexp"
"strings"
"time"
aliyunOpen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
aliyunSlb "github.com/alibabacloud-go/slb-20140515/v4/client"
aliopen "github.com/alibabacloud-go/darabonba-openapi/v2/client"
alislb "github.com/alibabacloud-go/slb-20140515/v4/client"
"github.com/alibabacloud-go/tea/tea"
xerrors "github.com/pkg/errors"
@@ -29,7 +30,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *aliyunSlb.Client
logger *slog.Logger
sdkClient *alislb.Client
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -39,21 +41,27 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
panic("config is nil")
}
client, err := createSdkClient(
config.AccessKeyId,
config.AccessKeySecret,
config.Region,
)
client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret, config.Region)
if err != nil {
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 解析证书内容
certX509, err := certs.ParseCertificateFromPEM(certPem)
@@ -63,10 +71,11 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 查询证书列表,避免重复上传
// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-describeservercertificates
describeServerCertificatesReq := &aliyunSlb.DescribeServerCertificatesRequest{
describeServerCertificatesReq := &alislb.DescribeServerCertificatesRequest{
RegionId: tea.String(u.config.Region),
}
describeServerCertificatesResp, err := u.sdkClient.DescribeServerCertificates(describeServerCertificatesReq)
u.logger.Debug("sdk request 'slb.DescribeServerCertificates'", slog.Any("request", describeServerCertificatesReq), slog.Any("response", describeServerCertificatesResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'slb.DescribeServerCertificates'")
}
@@ -78,8 +87,9 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
isSameCert := *certDetail.IsAliCloudCertificate == 0 &&
strings.EqualFold(fingerprintHex, strings.ReplaceAll(*certDetail.Fingerprint, ":", "")) &&
strings.EqualFold(certX509.Subject.CommonName, *certDetail.CommonName)
// 如果已存在相同证书,直接返回已有的证书信息
// 如果已存在相同证书,直接返回
if isSameCert {
u.logger.Info("ssl certificate already exists")
return &uploader.UploadResult{
CertId: *certDetail.ServerCertificateId,
CertName: *certDetail.ServerCertificateName,
@@ -100,13 +110,14 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 上传新证书
// REF: https://help.aliyun.com/zh/slb/classic-load-balancer/developer-reference/api-slb-2014-05-15-uploadservercertificate
uploadServerCertificateReq := &aliyunSlb.UploadServerCertificateRequest{
uploadServerCertificateReq := &alislb.UploadServerCertificateRequest{
RegionId: tea.String(u.config.Region),
ServerCertificateName: tea.String(certName),
ServerCertificate: tea.String(certPem),
PrivateKey: tea.String(privkeyPem),
}
uploadServerCertificateResp, err := u.sdkClient.UploadServerCertificate(uploadServerCertificateReq)
u.logger.Debug("sdk request 'slb.UploadServerCertificate'", slog.Any("request", uploadServerCertificateReq), slog.Any("response", uploadServerCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'slb.UploadServerCertificate'")
}
@@ -118,7 +129,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}, nil
}
func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Client, error) {
func createSdkClient(accessKeyId, accessKeySecret, region string) (*alislb.Client, error) {
// 接入点一览 https://api.aliyun.com/product/Slb
var endpoint string
switch region {
@@ -132,13 +143,13 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Cl
endpoint = fmt.Sprintf("slb.%s.aliyuncs.com", region)
}
config := &aliyunOpen.Config{
config := &aliopen.Config{
Endpoint: tea.String(endpoint),
AccessKeyId: tea.String(accessKeyId),
AccessKeySecret: tea.String(accessKeySecret),
}
client, err := aliyunSlb.NewClient(config)
client, err := alislb.NewClient(config)
if err != nil {
return nil, err
}

37
internal/pkg/core/uploader/providers/aws-acm/aws_acm.go
View File

@@ -2,11 +2,12 @@
import (
"context"
"log/slog"
aws "github.com/aws/aws-sdk-go-v2/aws"
awsCfg "github.com/aws/aws-sdk-go-v2/config"
awsCred "github.com/aws/aws-sdk-go-v2/credentials"
awsAcm "github.com/aws/aws-sdk-go-v2/service/acm"
awscfg "github.com/aws/aws-sdk-go-v2/config"
awscred "github.com/aws/aws-sdk-go-v2/credentials"
awsacm "github.com/aws/aws-sdk-go-v2/service/acm"
xerrors "github.com/pkg/errors"
"golang.org/x/exp/slices"
@@ -25,7 +26,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *awsAcm.Client
logger *slog.Logger
sdkClient *awsacm.Client
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -42,10 +44,20 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 解析证书内容
certX509, err := certs.ParseCertificateFromPEM(certPem)
@@ -62,11 +74,12 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
listCertificatesNextToken := new(string)
listCertificatesMaxItems := int32(1000)
for {
listCertificatesReq := &awsAcm.ListCertificatesInput{
listCertificatesReq := &awsacm.ListCertificatesInput{
NextToken: listCertificatesNextToken,
MaxItems: aws.Int32(listCertificatesMaxItems),
}
listCertificatesResp, err := u.sdkClient.ListCertificates(context.TODO(), listCertificatesReq)
u.logger.Debug("sdk request 'acm.ListCertificates'", slog.Any("request", listCertificatesReq), slog.Any("response", listCertificatesResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'acm.ListCertificates'")
}
@@ -87,7 +100,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 最后对比证书内容
// REF: https://docs.aws.amazon.com/en_us/acm/latest/APIReference/API_ListTagsForCertificate.html
getCertificateReq := &awsAcm.GetCertificateInput{
getCertificateReq := &awsacm.GetCertificateInput{
CertificateArn: certSummary.CertificateArn,
}
getCertificateResp, err := u.sdkClient.GetCertificate(context.TODO(), getCertificateReq)
@@ -110,6 +123,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}
// 如果以上信息都一致,则视为已存在相同证书,直接返回
u.logger.Info("ssl certificate already exists")
return &uploader.UploadResult{
CertId: *certSummary.CertificateArn,
}, nil
@@ -124,12 +138,13 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 导入证书
// REF: https://docs.aws.amazon.com/en_us/acm/latest/APIReference/API_ImportCertificate.html
importCertificateReq := &awsAcm.ImportCertificateInput{
importCertificateReq := &awsacm.ImportCertificateInput{
Certificate: ([]byte)(scertPem),
CertificateChain: ([]byte)(bcertPem),
PrivateKey: ([]byte)(privkeyPem),
}
importCertificateResp, err := u.sdkClient.ImportCertificate(context.TODO(), importCertificateReq)
u.logger.Debug("sdk request 'acm.ImportCertificate'", slog.Any("request", importCertificateReq), slog.Any("response", importCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'acm.ImportCertificate'")
}
@@ -139,15 +154,15 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}, nil
}
func createSdkClient(accessKeyId, secretAccessKey, region string) (*awsAcm.Client, error) {
cfg, err := awsCfg.LoadDefaultConfig(context.TODO())
func createSdkClient(accessKeyId, secretAccessKey, region string) (*awsacm.Client, error) {
cfg, err := awscfg.LoadDefaultConfig(context.TODO())
if err != nil {
return nil, err
}
client := awsAcm.NewFromConfig(cfg, func(o *awsAcm.Options) {
client := awsacm.NewFromConfig(cfg, func(o *awsacm.Options) {
o.Region = region
o.Credentials = aws.NewCredentialsCache(awsCred.NewStaticCredentialsProvider(accessKeyId, secretAccessKey, ""))
o.Credentials = aws.NewCredentialsCache(awscred.NewStaticCredentialsProvider(accessKeyId, secretAccessKey, ""))
})
return client, nil
}

15
internal/pkg/core/uploader/providers/azure-keyvault/azure_keyvault.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"crypto/x509"
"fmt"
"log/slog"
"time"
"github.com/Azure/azure-sdk-for-go/sdk/azcore"
@@ -32,6 +33,7 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
logger *slog.Logger
sdkClient *azcertificates.Client
}
@@ -49,10 +51,20 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 解析证书内容
certX509, err := certs.ParseCertificateFromPEM(certPem)
@@ -103,6 +115,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 最后对比证书内容
getCertificateResp, err := u.sdkClient.GetCertificate(context.TODO(), certItem.ID.Name(), certItem.ID.Version(), nil)
u.logger.Debug("sdk request 'keyvault.GetCertificate'", slog.String("request.certificateName", certItem.ID.Name()), slog.String("request.certificateVersion", certItem.ID.Version()), slog.Any("response", getCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'keyvault.GetCertificate'")
} else {
@@ -117,6 +130,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}
// 如果以上信息都一致,则视为已存在相同证书,直接返回
u.logger.Info("ssl certificate already exists")
return &uploader.UploadResult{
CertId: string(*certItem.ID),
CertName: certItem.ID.Name(),
@@ -142,6 +156,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
},
}
importCertificateResp, err := u.sdkClient.ImportCertificate(context.TODO(), certName, importCertificateParams, nil)
u.logger.Debug("sdk request 'keyvault.ImportCertificate'", slog.String("request.certificateName", certName), slog.Any("request.parameters", importCertificateParams), slog.Any("response", importCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'keyvault.ImportCertificate'")
}

37
internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go
View File

@@ -6,10 +6,11 @@ import (
"crypto/sha256"
"encoding/hex"
"fmt"
"log/slog"
"strings"
"time"
bpCdn "github.com/byteplus-sdk/byteplus-sdk-golang/service/cdn"
bytepluscdn "github.com/byteplus-sdk/byteplus-sdk-golang/service/cdn"
xerrors "github.com/pkg/errors"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
@@ -25,7 +26,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *bpCdn.CDN
logger *slog.Logger
sdkClient *bytepluscdn.CDN
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -35,16 +37,26 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
panic("config is nil")
}
client := bpCdn.NewInstance()
client := bytepluscdn.NewInstance()
client.Client.SetAccessKey(config.AccessKey)
client.Client.SetSecretKey(config.SecretKey)
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 解析证书内容
certX509, err := certs.ParseCertificateFromPEM(certPem)
@@ -57,13 +69,14 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
listCertInfoPageNum := int64(1)
listCertInfoPageSize := int64(100)
listCertInfoTotal := 0
listCertInfoReq := &bpCdn.ListCertInfoRequest{
PageNum: bpCdn.GetInt64Ptr(listCertInfoPageNum),
PageSize: bpCdn.GetInt64Ptr(listCertInfoPageSize),
Source: bpCdn.GetStrPtr("cert_center"),
listCertInfoReq := &bytepluscdn.ListCertInfoRequest{
PageNum: bytepluscdn.GetInt64Ptr(listCertInfoPageNum),
PageSize: bytepluscdn.GetInt64Ptr(listCertInfoPageSize),
Source: bytepluscdn.GetStrPtr("cert_center"),
}
for {
listCertInfoResp, err := u.sdkClient.ListCertInfo(listCertInfoReq)
u.logger.Debug("sdk request 'cdn.ListCertInfo'", slog.Any("request", listCertInfoReq), slog.Any("response", listCertInfoResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.ListCertInfo'")
}
@@ -74,8 +87,9 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
fingerprintSha256 := sha256.Sum256(certX509.Raw)
isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certDetail.CertFingerprint.Sha1) &&
strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certDetail.CertFingerprint.Sha256)
// 如果已存在相同证书,直接返回已有的证书信息
// 如果已存在相同证书,直接返回
if isSameCert {
u.logger.Info("ssl certificate already exists")
return &uploader.UploadResult{
CertId: certDetail.CertId,
CertName: certDetail.Desc,
@@ -99,13 +113,14 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 上传新证书
// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-addcertificate
addCertificateReq := &bpCdn.AddCertificateRequest{
addCertificateReq := &bytepluscdn.AddCertificateRequest{
Certificate: certPem,
PrivateKey: privkeyPem,
Source: bpCdn.GetStrPtr("cert_center"),
Desc: bpCdn.GetStrPtr(certName),
Source: bytepluscdn.GetStrPtr("cert_center"),
Desc: bytepluscdn.GetStrPtr(certName),
}
addCertificateResp, err := u.sdkClient.AddCertificate(addCertificateReq)
u.logger.Debug("sdk request 'cdn.AddCertificate'", slog.Any("request", addCertificateReq), slog.Any("response", addCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.AddCertificate'")
}

26
internal/pkg/core/uploader/providers/dogecloud/dogecloud.go
View File

@@ -3,12 +3,13 @@
import (
"context"
"fmt"
"log/slog"
"time"
xerrors "github.com/pkg/errors"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
doge "github.com/usual2970/certimate/internal/pkg/vendors/dogecloud-sdk"
dogesdk "github.com/usual2970/certimate/internal/pkg/vendors/dogecloud-sdk"
)
type UploaderConfig struct {
@@ -20,7 +21,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *doge.Client
logger *slog.Logger
sdkClient *dogesdk.Client
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -30,20 +32,27 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
panic("config is nil")
}
client, err := createSdkClient(
config.AccessKey,
config.SecretKey,
)
client, err := createSdkClient(config.AccessKey, config.SecretKey)
if err != nil {
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 生成新证书名(需符合多吉云命名规则)
var certId, certName string
@@ -52,6 +61,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 上传新证书
// REF: https://docs.dogecloud.com/cdn/api-cert-upload
uploadSslCertResp, err := u.sdkClient.UploadCdnCert(certName, certPem, privkeyPem)
u.logger.Debug("sdk request 'cdn.UploadCdnCert'", slog.Any("response", uploadSslCertResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.UploadCdnCert'")
}
@@ -63,7 +73,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}, nil
}
func createSdkClient(accessKey, secretKey string) (*doge.Client, error) {
client := doge.NewClient(accessKey, secretKey)
func createSdkClient(accessKey, secretKey string) (*dogesdk.Client, error) {
client := dogesdk.NewClient(accessKey, secretKey)
return client, nil
}

13
internal/pkg/core/uploader/providers/gcore-cdn/gcore_cdn.go
View File

@@ -4,6 +4,7 @@ import (
"context"
"errors"
"fmt"
"log/slog"
"time"
gprovider "github.com/G-Core/gcorelabscdn-go/gcore/provider"
@@ -21,6 +22,7 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
logger *slog.Logger
sdkClient *gsslcerts.Service
}
@@ -38,10 +40,20 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 生成新证书名(需符合 Gcore 命名规则)
var certId, certName string
@@ -57,6 +69,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
ValidateRootCA: false,
}
createCertificateResp, err := u.sdkClient.Create(context.TODO(), createCertificateReq)
u.logger.Debug("sdk request 'sslcerts.Create'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'sslcerts.Create'")
}

61
internal/pkg/core/uploader/providers/huaweicloud-elb/huaweicloud_elb.go
View File

@@ -4,16 +4,17 @@ import (
"context"
"errors"
"fmt"
"log/slog"
"time"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
hcElb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3"
hcElbModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model"
hcElbRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region"
hcIam "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3"
hcIamModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model"
hcIamRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region"
hcelb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3"
hcelbmodel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model"
hcelbregion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region"
hciam "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3"
hciammodel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model"
hciamregion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region"
xerrors "github.com/pkg/errors"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
@@ -32,7 +33,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *hcElb.ElbClient
logger *slog.Logger
sdkClient *hcelb.ElbClient
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -42,21 +44,27 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
panic("config is nil")
}
client, err := createSdkClient(
config.AccessKeyId,
config.SecretAccessKey,
config.Region,
)
client, err := createSdkClient(config.AccessKeyId, config.SecretAccessKey, config.Region)
if err != nil {
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 解析证书内容
certX509, err := certs.ParseCertificateFromPEM(certPem)
@@ -69,12 +77,13 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
listCertificatesLimit := int32(2000)
var listCertificatesMarker *string = nil
for {
listCertificatesReq := &hcElbModel.ListCertificatesRequest{
listCertificatesReq := &hcelbmodel.ListCertificatesRequest{
Limit: hwsdk.Int32Ptr(listCertificatesLimit),
Marker: listCertificatesMarker,
Type: &[]string{"server"},
}
listCertificatesResp, err := u.sdkClient.ListCertificates(listCertificatesReq)
u.logger.Debug("sdk request 'elb.ListCertificates'", slog.Any("request", listCertificatesReq), slog.Any("response", listCertificatesResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'elb.ListCertificates'")
}
@@ -93,8 +102,9 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
isSameCert = certs.EqualCertificate(certX509, oldCertX509)
}
// 如果已存在相同证书,直接返回已有的证书信息
// 如果已存在相同证书,直接返回
if isSameCert {
u.logger.Info("ssl certificate already exists")
return &uploader.UploadResult{
CertId: certDetail.Id,
CertName: certDetail.Name,
@@ -123,9 +133,9 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 创建新证书
// REF: https://support.huaweicloud.com/api-elb/CreateCertificate.html
createCertificateReq := &hcElbModel.CreateCertificateRequest{
Body: &hcElbModel.CreateCertificateRequestBody{
Certificate: &hcElbModel.CreateCertificateOption{
createCertificateReq := &hcelbmodel.CreateCertificateRequest{
Body: &hcelbmodel.CreateCertificateRequestBody{
Certificate: &hcelbmodel.CreateCertificateOption{
ProjectId: hwsdk.StringPtr(projectId),
Name: hwsdk.StringPtr(certName),
Certificate: hwsdk.StringPtr(certPem),
@@ -134,6 +144,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
},
}
createCertificateResp, err := u.sdkClient.CreateCertificate(createCertificateReq)
u.logger.Debug("sdk request 'elb.CreateCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'elb.CreateCertificate'")
}
@@ -146,7 +157,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}, nil
}
func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcElb.ElbClient, error) {
func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcelb.ElbClient, error) {
if region == "" {
region = "cn-north-4" // ELB 服务默认区域:华北四北京
}
@@ -159,12 +170,12 @@ func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcElb.ElbCli
return nil, err
}
hcRegion, err := hcElbRegion.SafeValueOf(region)
hcRegion, err := hcelbregion.SafeValueOf(region)
if err != nil {
return nil, err
}
hcClient, err := hcElb.ElbClientBuilder().
hcClient, err := hcelb.ElbClientBuilder().
WithRegion(hcRegion).
WithCredential(auth).
SafeBuild()
@@ -172,7 +183,7 @@ func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcElb.ElbCli
return nil, err
}
client := hcElb.NewElbClient(hcClient)
client := hcelb.NewElbClient(hcClient)
return client, nil
}
@@ -189,12 +200,12 @@ func getSdkProjectId(accessKeyId, secretAccessKey, region string) (string, error
return "", err
}
hcRegion, err := hcIamRegion.SafeValueOf(region)
hcRegion, err := hciamregion.SafeValueOf(region)
if err != nil {
return "", err
}
hcClient, err := hcIam.IamClientBuilder().
hcClient, err := hciam.IamClientBuilder().
WithRegion(hcRegion).
WithCredential(auth).
SafeBuild()
@@ -202,9 +213,9 @@ func getSdkProjectId(accessKeyId, secretAccessKey, region string) (string, error
return "", err
}
client := hcIam.NewIamClient(hcClient)
client := hciam.NewIamClient(hcClient)
request := &hcIamModel.KeystoneListProjectsRequest{
request := &hciammodel.KeystoneListProjectsRequest{
Name: &region,
}
response, err := client.KeystoneListProjects(request)

48
internal/pkg/core/uploader/providers/huaweicloud-scm/huaweicloud_scm.go
View File

@@ -3,12 +3,13 @@
import (
"context"
"fmt"
"log/slog"
"time"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
hcScm "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3"
hcScmModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/model"
hcScmRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/region"
hcscm "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3"
hcscmmodel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/model"
hcscmregion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/region"
xerrors "github.com/pkg/errors"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
@@ -27,7 +28,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *hcScm.ScmClient
logger *slog.Logger
sdkClient *hcscm.ScmClient
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -37,21 +39,27 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
panic("config is nil")
}
client, err := createSdkClient(
config.AccessKeyId,
config.SecretAccessKey,
config.Region,
)
client, err := createSdkClient(config.AccessKeyId, config.SecretAccessKey, config.Region)
if err != nil {
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 解析证书内容
certX509, err := certs.ParseCertificateFromPEM(certPem)
@@ -65,23 +73,25 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
listCertificatesLimit := int32(50)
listCertificatesOffset := int32(0)
for {
listCertificatesReq := &hcScmModel.ListCertificatesRequest{
listCertificatesReq := &hcscmmodel.ListCertificatesRequest{
Limit: hwsdk.Int32Ptr(listCertificatesLimit),
Offset: hwsdk.Int32Ptr(listCertificatesOffset),
SortDir: hwsdk.StringPtr("DESC"),
SortKey: hwsdk.StringPtr("certExpiredTime"),
}
listCertificatesResp, err := u.sdkClient.ListCertificates(listCertificatesReq)
u.logger.Debug("sdk request 'scm.ListCertificates'", slog.Any("request", listCertificatesReq), slog.Any("response", listCertificatesResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ListCertificates'")
}
if listCertificatesResp.Certificates != nil {
for _, certDetail := range *listCertificatesResp.Certificates {
exportCertificateReq := &hcScmModel.ExportCertificateRequest{
exportCertificateReq := &hcscmmodel.ExportCertificateRequest{
CertificateId: certDetail.Id,
}
exportCertificateResp, err := u.sdkClient.ExportCertificate(exportCertificateReq)
u.logger.Debug("sdk request 'scm.ExportCertificate'", slog.Any("request", exportCertificateReq), slog.Any("response", exportCertificateResp))
if err != nil {
if exportCertificateResp != nil && exportCertificateResp.HttpStatusCode == 404 {
continue
@@ -101,8 +111,9 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
isSameCert = certs.EqualCertificate(certX509, oldCertX509)
}
// 如果已存在相同证书,直接返回已有的证书信息
// 如果已存在相同证书,直接返回
if isSameCert {
u.logger.Info("ssl certificate already exists")
return &uploader.UploadResult{
CertId: certDetail.Id,
CertName: certDetail.Name,
@@ -124,14 +135,15 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 上传新证书
// REF: https://support.huaweicloud.com/api-ccm/ImportCertificate.html
importCertificateReq := &hcScmModel.ImportCertificateRequest{
Body: &hcScmModel.ImportCertificateRequestBody{
importCertificateReq := &hcscmmodel.ImportCertificateRequest{
Body: &hcscmmodel.ImportCertificateRequestBody{
Name: certName,
Certificate: certPem,
PrivateKey: privkeyPem,
},
}
importCertificateResp, err := u.sdkClient.ImportCertificate(importCertificateReq)
u.logger.Debug("sdk request 'scm.ImportCertificate'", slog.Any("request", importCertificateReq), slog.Any("response", importCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'scm.ImportCertificate'")
}
@@ -143,7 +155,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}, nil
}
func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcScm.ScmClient, error) {
func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcscm.ScmClient, error) {
if region == "" {
region = "cn-north-4" // SCM 服务默认区域:华北四北京
}
@@ -156,12 +168,12 @@ func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcScm.ScmCli
return nil, err
}
hcRegion, err := hcScmRegion.SafeValueOf(region)
hcRegion, err := hcscmregion.SafeValueOf(region)
if err != nil {
return nil, err
}
hcClient, err := hcScm.ScmClientBuilder().
hcClient, err := hcscm.ScmClientBuilder().
WithRegion(hcRegion).
WithCredential(auth).
SafeBuild()
@@ -169,6 +181,6 @@ func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcScm.ScmCli
return nil, err
}
client := hcScm.NewScmClient(hcClient)
client := hcscm.NewScmClient(hcClient)
return client, nil
}

62
internal/pkg/core/uploader/providers/huaweicloud-waf/huaweicloud_waf.go
View File

@@ -4,16 +4,17 @@ import (
"context"
"errors"
"fmt"
"log/slog"
"time"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
hcIam "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3"
hcIamModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model"
hcIamRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region"
hcWaf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1"
hcWafModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model"
hcWafRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region"
hciam "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3"
hciammodel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/model"
hciamregion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/iam/v3/region"
hcwaf "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1"
hcwafmodel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/model"
hcwafregion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/waf/v1/region"
xerrors "github.com/pkg/errors"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
@@ -32,7 +33,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *hcWaf.WafClient
logger *slog.Logger
sdkClient *hcwaf.WafClient
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -42,21 +44,27 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
panic("config is nil")
}
client, err := createSdkClient(
config.AccessKeyId,
config.SecretAccessKey,
config.Region,
)
client, err := createSdkClient(config.AccessKeyId, config.SecretAccessKey, config.Region)
if err != nil {
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 解析证书内容
certX509, err := certs.ParseCertificateFromPEM(certPem)
@@ -70,21 +78,23 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
listCertificatesPage := int32(1)
listCertificatesPageSize := int32(100)
for {
listCertificatesReq := &hcWafModel.ListCertificatesRequest{
listCertificatesReq := &hcwafmodel.ListCertificatesRequest{
Page: hwsdk.Int32Ptr(listCertificatesPage),
Pagesize: hwsdk.Int32Ptr(listCertificatesPageSize),
}
listCertificatesResp, err := u.sdkClient.ListCertificates(listCertificatesReq)
u.logger.Debug("sdk request 'waf.ShowCertificate'", slog.Any("request", listCertificatesReq), slog.Any("response", listCertificatesResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'waf.ListCertificates'")
}
if listCertificatesResp.Items != nil {
for _, certItem := range *listCertificatesResp.Items {
showCertificateReq := &hcWafModel.ShowCertificateRequest{
showCertificateReq := &hcwafmodel.ShowCertificateRequest{
CertificateId: certItem.Id,
}
showCertificateResp, err := u.sdkClient.ShowCertificate(showCertificateReq)
u.logger.Debug("sdk request 'waf.ShowCertificate'", slog.Any("request", showCertificateReq), slog.Any("response", showCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'waf.ShowCertificate'")
}
@@ -101,8 +111,9 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
isSameCert = certs.EqualCertificate(certX509, oldCertX509)
}
// 如果已存在相同证书,直接返回已有的证书信息
// 如果已存在相同证书,直接返回
if isSameCert {
u.logger.Info("ssl certificate already exists")
return &uploader.UploadResult{
CertId: certItem.Id,
CertName: certItem.Name,
@@ -124,14 +135,15 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 创建证书
// REF: https://support.huaweicloud.com/api-waf/CreateCertificate.html
createCertificateReq := &hcWafModel.CreateCertificateRequest{
Body: &hcWafModel.CreateCertificateRequestBody{
createCertificateReq := &hcwafmodel.CreateCertificateRequest{
Body: &hcwafmodel.CreateCertificateRequestBody{
Name: certName,
Content: certPem,
Key: privkeyPem,
},
}
createCertificateResp, err := u.sdkClient.CreateCertificate(createCertificateReq)
u.logger.Debug("sdk request 'waf.CreateCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'waf.CreateCertificate'")
}
@@ -144,7 +156,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}, nil
}
func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcWaf.WafClient, error) {
func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcwaf.WafClient, error) {
projectId, err := getSdkProjectId(accessKeyId, secretAccessKey, region)
if err != nil {
return nil, err
@@ -159,12 +171,12 @@ func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcWaf.WafCli
return nil, err
}
hcRegion, err := hcWafRegion.SafeValueOf(region)
hcRegion, err := hcwafregion.SafeValueOf(region)
if err != nil {
return nil, err
}
hcClient, err := hcWaf.WafClientBuilder().
hcClient, err := hcwaf.WafClientBuilder().
WithRegion(hcRegion).
WithCredential(auth).
SafeBuild()
@@ -172,7 +184,7 @@ func createSdkClient(accessKeyId, secretAccessKey, region string) (*hcWaf.WafCli
return nil, err
}
client := hcWaf.NewWafClient(hcClient)
client := hcwaf.NewWafClient(hcClient)
return client, nil
}
@@ -185,12 +197,12 @@ func getSdkProjectId(accessKeyId, secretAccessKey, region string) (string, error
return "", err
}
hcRegion, err := hcIamRegion.SafeValueOf(region)
hcRegion, err := hciamregion.SafeValueOf(region)
if err != nil {
return "", err
}
hcClient, err := hcIam.IamClientBuilder().
hcClient, err := hciam.IamClientBuilder().
WithRegion(hcRegion).
WithCredential(auth).
SafeBuild()
@@ -198,9 +210,9 @@ func getSdkProjectId(accessKeyId, secretAccessKey, region string) (string, error
return "", err
}
client := hcIam.NewIamClient(hcClient)
client := hciam.NewIamClient(hcClient)
request := &hcIamModel.KeystoneListProjectsRequest{
request := &hciammodel.KeystoneListProjectsRequest{
Name: &region,
}
response, err := client.KeystoneListProjects(request)

35
internal/pkg/core/uploader/providers/jdcloud-ssl/jdcloud_ssl.go
View File

@@ -5,12 +5,13 @@ import (
"crypto/sha256"
"encoding/hex"
"fmt"
"log/slog"
"strings"
"time"
jdCore "github.com/jdcloud-api/jdcloud-sdk-go/core"
jdSslApi "github.com/jdcloud-api/jdcloud-sdk-go/services/ssl/apis"
jdSslClient "github.com/jdcloud-api/jdcloud-sdk-go/services/ssl/client"
jdcore "github.com/jdcloud-api/jdcloud-sdk-go/core"
jdsslapi "github.com/jdcloud-api/jdcloud-sdk-go/services/ssl/apis"
jdsslclient "github.com/jdcloud-api/jdcloud-sdk-go/services/ssl/client"
xerrors "github.com/pkg/errors"
"golang.org/x/exp/slices"
@@ -27,7 +28,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *jdSslClient.SslClient
logger *slog.Logger
sdkClient *jdsslclient.SslClient
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -44,10 +46,20 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 解析证书内容
certX509, err := certs.ParseCertificateFromPEM(certPem)
@@ -66,11 +78,12 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
describeCertsPageNumber := 1
describeCertsPageSize := 10
for {
describeCertsReq := jdSslApi.NewDescribeCertsRequest()
describeCertsReq := jdsslapi.NewDescribeCertsRequest()
describeCertsReq.SetDomainName(certX509.Subject.CommonName)
describeCertsReq.SetPageNumber(describeCertsPageNumber)
describeCertsReq.SetPageSize(describeCertsPageSize)
describeCertsResp, err := u.sdkClient.DescribeCerts(describeCertsReq)
u.logger.Debug("sdk request 'ssl.DescribeCerts'", slog.Any("request", describeCertsReq), slog.Any("response", describeCertsResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'ssl.DescribeCerts'")
}
@@ -101,6 +114,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}
// 如果以上信息都一致,则视为已存在相同证书,直接返回
u.logger.Info("ssl certificate already exists")
return &uploader.UploadResult{
CertId: certDetail.CertId,
CertName: certDetail.CertName,
@@ -119,8 +133,9 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 上传证书
// REF: https://docs.jdcloud.com/cn/ssl-certificate/api/uploadcert
uploadCertReq := jdSslApi.NewUploadCertRequest(certName, privkeyPem, certPem)
uploadCertReq := jdsslapi.NewUploadCertRequest(certName, privkeyPem, certPem)
uploadCertResp, err := u.sdkClient.UploadCert(uploadCertReq)
u.logger.Debug("sdk request 'ssl.UploadCertificate'", slog.Any("request", uploadCertReq), slog.Any("response", uploadCertResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'ssl.UploadCertificate'")
}
@@ -131,9 +146,9 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}, nil
}
func createSdkClient(accessKeyId, accessKeySecret string) (*jdSslClient.SslClient, error) {
clientCredentials := jdCore.NewCredentials(accessKeyId, accessKeySecret)
client := jdSslClient.NewSslClient(clientCredentials)
client.SetLogger(jdCore.NewDefaultLogger(jdCore.LogWarn))
func createSdkClient(accessKeyId, accessKeySecret string) (*jdsslclient.SslClient, error) {
clientCredentials := jdcore.NewCredentials(accessKeyId, accessKeySecret)
client := jdsslclient.NewSslClient(clientCredentials)
client.SetLogger(jdcore.NewDefaultLogger(jdcore.LogWarn))
return client, nil
}

26
internal/pkg/core/uploader/providers/qiniu-sslcert/qiniu_sslcert.go
View File

@@ -3,6 +3,7 @@
import (
"context"
"fmt"
"log/slog"
"time"
xerrors "github.com/pkg/errors"
@@ -10,7 +11,7 @@ import (
"github.com/usual2970/certimate/internal/pkg/core/uploader"
"github.com/usual2970/certimate/internal/pkg/utils/certs"
qiniuEx "github.com/usual2970/certimate/internal/pkg/vendors/qiniu-sdk"
qiniusdk "github.com/usual2970/certimate/internal/pkg/vendors/qiniu-sdk"
)
type UploaderConfig struct {
@@ -22,7 +23,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *qiniuEx.Client
logger *slog.Logger
sdkClient *qiniusdk.Client
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -32,20 +34,27 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
panic("config is nil")
}
client, err := createSdkClient(
config.AccessKey,
config.SecretKey,
)
client, err := createSdkClient(config.AccessKey, config.SecretKey)
if err != nil {
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 解析证书内容
certX509, err := certs.ParseCertificateFromPEM(certPem)
@@ -60,6 +69,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 上传新证书
// REF: https://developer.qiniu.com/fusion/8593/interface-related-certificate
uploadSslCertResp, err := u.sdkClient.UploadSslCert(context.TODO(), certName, certX509.Subject.CommonName, certPem, privkeyPem)
u.logger.Debug("sdk request 'ssl.UploadCertificate'", slog.Any("response", uploadSslCertResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.UploadSslCert'")
}
@@ -71,8 +81,8 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}, nil
}
func createSdkClient(accessKey, secretKey string) (*qiniuEx.Client, error) {
func createSdkClient(accessKey, secretKey string) (*qiniusdk.Client, error) {
credential := auth.New(accessKey, secretKey)
client := qiniuEx.NewClient(credential)
client := qiniusdk.NewClient(credential)
return client, nil
}

28
internal/pkg/core/uploader/providers/tencentcloud-ssl/tencentcloud_ssl.go
View File

@@ -2,11 +2,12 @@
import (
"context"
"log/slog"
xerrors "github.com/pkg/errors"
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
tcssl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
)
@@ -20,7 +21,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *tcSsl.Client
logger *slog.Logger
sdkClient *tcssl.Client
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -30,28 +32,36 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
panic("config is nil")
}
client, err := createSdkClient(
config.SecretId,
config.SecretKey,
)
client, err := createSdkClient(config.SecretId, config.SecretKey)
if err != nil {
return nil, xerrors.Wrap(err, "failed to create sdk client")
}
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 上传新证书
// REF: https://cloud.tencent.com/document/product/400/41665
uploadCertificateReq := tcSsl.NewUploadCertificateRequest()
uploadCertificateReq := tcssl.NewUploadCertificateRequest()
uploadCertificateReq.CertificatePublicKey = common.StringPtr(certPem)
uploadCertificateReq.CertificatePrivateKey = common.StringPtr(privkeyPem)
uploadCertificateReq.Repeatable = common.BoolPtr(false)
uploadCertificateResp, err := u.sdkClient.UploadCertificate(uploadCertificateReq)
u.logger.Debug("sdk request 'ssl.UploadCertificate'", slog.Any("request", uploadCertificateReq), slog.Any("response", uploadCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'ssl.UploadCertificate'")
}
@@ -63,9 +73,9 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}, nil
}
func createSdkClient(secretId, secretKey string) (*tcSsl.Client, error) {
func createSdkClient(secretId, secretKey string) (*tcssl.Client, error) {
credential := common.NewCredential(secretId, secretKey)
client, err := tcSsl.NewClient(credential, "", profile.NewClientProfile())
client, err := tcssl.NewClient(credential, "", profile.NewClientProfile())
if err != nil {
return nil, err
}

61
internal/pkg/core/uploader/providers/ucloud-ussl/ucloud_ussl.go
View File

@@ -8,16 +8,17 @@ import (
"encoding/hex"
"errors"
"fmt"
"log/slog"
"strings"
"time"
xerrors "github.com/pkg/errors"
usdk "github.com/ucloud/ucloud-sdk-go/ucloud"
uAuth "github.com/ucloud/ucloud-sdk-go/ucloud/auth"
"github.com/ucloud/ucloud-sdk-go/ucloud"
ucloudauth "github.com/ucloud/ucloud-sdk-go/ucloud/auth"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
"github.com/usual2970/certimate/internal/pkg/utils/certs"
usdkSsl "github.com/usual2970/certimate/internal/pkg/vendors/ucloud-sdk/ussl"
usslsdk "github.com/usual2970/certimate/internal/pkg/vendors/ucloud-sdk/ussl"
)
type UploaderConfig struct {
@@ -31,7 +32,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *usdkSsl.USSLClient
logger *slog.Logger
sdkClient *usslsdk.USSLClient
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -48,10 +50,20 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 生成新证书名(需符合优刻得命名规则)
var certId, certName string
@@ -66,14 +78,15 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 上传托管证书
// REF: https://docs.ucloud.cn/api/usslcertificate-api/upload_normal_certificate
uploadNormalCertificateReq := u.sdkClient.NewUploadNormalCertificateRequest()
uploadNormalCertificateReq.CertificateName = usdk.String(certName)
uploadNormalCertificateReq.SslPublicKey = usdk.String(certPemBase64)
uploadNormalCertificateReq.SslPrivateKey = usdk.String(privkeyPemBase64)
uploadNormalCertificateReq.SslMD5 = usdk.String(certMd5Hex)
uploadNormalCertificateReq.CertificateName = ucloud.String(certName)
uploadNormalCertificateReq.SslPublicKey = ucloud.String(certPemBase64)
uploadNormalCertificateReq.SslPrivateKey = ucloud.String(privkeyPemBase64)
uploadNormalCertificateReq.SslMD5 = ucloud.String(certMd5Hex)
if u.config.ProjectId != "" {
uploadNormalCertificateReq.ProjectId = usdk.String(u.config.ProjectId)
uploadNormalCertificateReq.ProjectId = ucloud.String(u.config.ProjectId)
}
uploadNormalCertificateResp, err := u.sdkClient.UploadNormalCertificate(uploadNormalCertificateReq)
u.logger.Debug("sdk request 'ussl.UploadNormalCertificate'", slog.Any("request", uploadNormalCertificateReq), slog.Any("response", uploadNormalCertificateResp))
if err != nil {
if uploadNormalCertificateResp != nil && uploadNormalCertificateResp.GetRetCode() == 80035 {
if res, err := u.getExistCert(ctx, certPem); err != nil {
@@ -81,6 +94,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
} else if res == nil {
return nil, errors.New("no certificate found")
} else {
u.logger.Info("ssl certificate already exists")
return res, nil
}
}
@@ -92,7 +106,7 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
return &uploader.UploadResult{
CertId: certId,
CertName: certName,
ExtendedData: map[string]interface{}{
ExtendedData: map[string]any{
"resourceId": uploadNormalCertificateResp.LongResourceID,
},
}, nil
@@ -112,15 +126,16 @@ func (u *UploaderProvider) getExistCert(ctx context.Context, certPem string) (re
getCertificateListLimit := int(1000)
for {
getCertificateListReq := u.sdkClient.NewGetCertificateListRequest()
getCertificateListReq.Mode = usdk.String("trust")
getCertificateListReq.Domain = usdk.String(certX509.Subject.CommonName)
getCertificateListReq.Sort = usdk.String("2")
getCertificateListReq.Page = usdk.Int(getCertificateListPage)
getCertificateListReq.PageSize = usdk.Int(getCertificateListLimit)
getCertificateListReq.Mode = ucloud.String("trust")
getCertificateListReq.Domain = ucloud.String(certX509.Subject.CommonName)
getCertificateListReq.Sort = ucloud.String("2")
getCertificateListReq.Page = ucloud.Int(getCertificateListPage)
getCertificateListReq.PageSize = ucloud.Int(getCertificateListLimit)
if u.config.ProjectId != "" {
getCertificateListReq.ProjectId = usdk.String(u.config.ProjectId)
getCertificateListReq.ProjectId = ucloud.String(u.config.ProjectId)
}
getCertificateListResp, err := u.sdkClient.GetCertificateList(getCertificateListReq)
u.logger.Debug("sdk request 'ussl.GetCertificateList'", slog.Any("request", getCertificateListReq), slog.Any("response", getCertificateListResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'ussl.GetCertificateList'")
}
@@ -143,9 +158,9 @@ func (u *UploaderProvider) getExistCert(ctx context.Context, certPem string) (re
}
getCertificateDetailInfoReq := u.sdkClient.NewGetCertificateDetailInfoRequest()
getCertificateDetailInfoReq.CertificateID = usdk.Int(certInfo.CertificateID)
getCertificateDetailInfoReq.CertificateID = ucloud.Int(certInfo.CertificateID)
if u.config.ProjectId != "" {
getCertificateDetailInfoReq.ProjectId = usdk.String(u.config.ProjectId)
getCertificateDetailInfoReq.ProjectId = ucloud.String(u.config.ProjectId)
}
getCertificateDetailInfoResp, err := u.sdkClient.GetCertificateDetailInfo(getCertificateDetailInfoReq)
if err != nil {
@@ -197,7 +212,7 @@ func (u *UploaderProvider) getExistCert(ctx context.Context, certPem string) (re
return &uploader.UploadResult{
CertId: fmt.Sprintf("%d", certInfo.CertificateID),
CertName: certInfo.Name,
ExtendedData: map[string]interface{}{
ExtendedData: map[string]any{
"resourceId": certInfo.CertificateSN,
},
}, nil
@@ -214,13 +229,13 @@ func (u *UploaderProvider) getExistCert(ctx context.Context, certPem string) (re
return nil, nil
}
func createSdkClient(privateKey, publicKey string) (*usdkSsl.USSLClient, error) {
cfg := usdk.NewConfig()
func createSdkClient(privateKey, publicKey string) (*usslsdk.USSLClient, error) {
cfg := ucloud.NewConfig()
credential := uAuth.NewCredential()
credential := ucloudauth.NewCredential()
credential.PrivateKey = privateKey
credential.PublicKey = publicKey
client := usdkSsl.NewClient(&cfg, &credential)
client := usslsdk.NewClient(&cfg, &credential)
return client, nil
}

27
internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go
View File

@@ -6,11 +6,12 @@ import (
"crypto/sha256"
"encoding/hex"
"fmt"
"log/slog"
"strings"
"time"
xerrors "github.com/pkg/errors"
veCdn "github.com/volcengine/volc-sdk-golang/service/cdn"
vecdn "github.com/volcengine/volc-sdk-golang/service/cdn"
ve "github.com/volcengine/volcengine-go-sdk/volcengine"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
@@ -26,7 +27,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *veCdn.CDN
logger *slog.Logger
sdkClient *vecdn.CDN
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -36,16 +38,26 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
panic("config is nil")
}
client := veCdn.NewInstance()
client := vecdn.NewInstance()
client.Client.SetAccessKey(config.AccessKeyId)
client.Client.SetSecretKey(config.AccessKeySecret)
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 解析证书内容
certX509, err := certs.ParseCertificateFromPEM(certPem)
@@ -58,13 +70,14 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
listCertInfoPageNum := int64(1)
listCertInfoPageSize := int64(100)
listCertInfoTotal := 0
listCertInfoReq := &veCdn.ListCertInfoRequest{
listCertInfoReq := &vecdn.ListCertInfoRequest{
PageNum: ve.Int64(listCertInfoPageNum),
PageSize: ve.Int64(listCertInfoPageSize),
Source: "volc_cert_center",
}
for {
listCertInfoResp, err := u.sdkClient.ListCertInfo(listCertInfoReq)
u.logger.Debug("sdk request 'cdn.ListCertInfo'", slog.Any("request", listCertInfoReq), slog.Any("response", listCertInfoResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.ListCertInfo'")
}
@@ -75,8 +88,9 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
fingerprintSha256 := sha256.Sum256(certX509.Raw)
isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certDetail.CertFingerprint.Sha1) &&
strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certDetail.CertFingerprint.Sha256)
// 如果已存在相同证书,直接返回已有的证书信息
// 如果已存在相同证书,直接返回
if isSameCert {
u.logger.Info("ssl certificate already exists")
return &uploader.UploadResult{
CertId: certDetail.CertId,
CertName: certDetail.Desc,
@@ -100,13 +114,14 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 上传新证书
// REF: https://www.volcengine.com/docs/6454/1245763
addCertificateReq := &veCdn.AddCertificateRequest{
addCertificateReq := &vecdn.AddCertificateRequest{
Certificate: certPem,
PrivateKey: privkeyPem,
Source: ve.String("volc_cert_center"),
Desc: ve.String(certName),
}
addCertificateResp, err := u.sdkClient.AddCertificate(addCertificateReq)
u.logger.Debug("sdk request 'cdn.AddCertificate'", slog.Any("request", addCertificateResp), slog.Any("response", addCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.AddCertificate'")
}

29
internal/pkg/core/uploader/providers/volcengine-certcenter/volcengine_certcenter.go
View File

@@ -2,13 +2,14 @@ package volcenginecertcenter
import (
"context"
"log/slog"
xerrors "github.com/pkg/errors"
ve "github.com/volcengine/volcengine-go-sdk/volcengine"
veSession "github.com/volcengine/volcengine-go-sdk/volcengine/session"
vesession "github.com/volcengine/volcengine-go-sdk/volcengine/session"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
vesdkCc "github.com/usual2970/certimate/internal/pkg/vendors/volcengine-sdk/certcenter"
veccsdk "github.com/usual2970/certimate/internal/pkg/vendors/volcengine-sdk/certcenter"
)
type UploaderConfig struct {
@@ -22,7 +23,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *vesdkCc.CertCenter
logger *slog.Logger
sdkClient *veccsdk.CertCenter
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -39,21 +41,32 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 上传证书
// REF: https://www.volcengine.com/docs/6638/1365580
importCertificateReq := &vesdkCc.ImportCertificateInput{
CertificateInfo: &vesdkCc.ImportCertificateInputCertificateInfo{
importCertificateReq := &veccsdk.ImportCertificateInput{
CertificateInfo: &veccsdk.ImportCertificateInputCertificateInfo{
CertificateChain: ve.String(certPem),
PrivateKey: ve.String(privkeyPem),
},
Repeatable: ve.Bool(false),
}
importCertificateResp, err := u.sdkClient.ImportCertificate(importCertificateReq)
u.logger.Debug("sdk request 'certcenter.ImportCertificate'", slog.Any("request", importCertificateReq), slog.Any("response", importCertificateResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'certcenter.ImportCertificate'")
}
@@ -70,18 +83,18 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
}, nil
}
func createSdkClient(accessKeyId, accessKeySecret, region string) (*vesdkCc.CertCenter, error) {
func createSdkClient(accessKeyId, accessKeySecret, region string) (*veccsdk.CertCenter, error) {
if region == "" {
region = "cn-beijing" // 证书中心默认区域:北京
}
config := ve.NewConfig().WithRegion(region).WithAkSk(accessKeyId, accessKeySecret)
session, err := veSession.NewSession(config)
session, err := vesession.NewSession(config)
if err != nil {
return nil, err
}
client := vesdkCc.New(session)
client := veccsdk.New(session)
return client, nil
}

32
internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go
View File

@@ -3,11 +3,12 @@ package volcenginelive
import (
"context"
"fmt"
"log/slog"
"strings"
"time"
xerrors "github.com/pkg/errors"
veLive "github.com/volcengine/volc-sdk-golang/service/live/v20230101"
velive "github.com/volcengine/volc-sdk-golang/service/live/v20230101"
ve "github.com/volcengine/volcengine-go-sdk/volcengine"
"github.com/usual2970/certimate/internal/pkg/core/uploader"
@@ -23,7 +24,8 @@ type UploaderConfig struct {
type UploaderProvider struct {
config *UploaderConfig
sdkClient *veLive.Live
logger *slog.Logger
sdkClient *velive.Live
}
var _ uploader.Uploader = (*UploaderProvider)(nil)
@@ -33,16 +35,26 @@ func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
panic("config is nil")
}
client := veLive.NewInstance()
client := velive.NewInstance()
client.SetAccessKey(config.AccessKeyId)
client.SetSecretKey(config.AccessKeySecret)
return &UploaderProvider{
config: config,
logger: slog.Default(),
sdkClient: client,
}, nil
}
func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
if logger == nil {
u.logger = slog.Default()
} else {
u.logger = logger
}
return u
}
func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
// 解析证书内容
certX509, err := certs.ParseCertificateFromPEM(certPem)
@@ -52,8 +64,9 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 查询证书列表,避免重复上传
// REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E8%AF%A2%E8%AF%81%E4%B9%A6%E5%88%97%E8%A1%A8
listCertReq := &veLive.ListCertV2Body{}
listCertReq := &velive.ListCertV2Body{}
listCertResp, err := u.sdkClient.ListCertV2(ctx, listCertReq)
u.logger.Debug("sdk request 'live.ListCertV2'", slog.Any("request", listCertReq), slog.Any("response", listCertResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'live.ListCertV2'")
}
@@ -61,10 +74,11 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
for _, certDetail := range listCertResp.Result.CertList {
// 查询证书详细信息
// REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E7%9C%8B%E8%AF%81%E4%B9%A6%E8%AF%A6%E6%83%85
describeCertDetailSecretReq := &veLive.DescribeCertDetailSecretV2Body{
describeCertDetailSecretReq := &velive.DescribeCertDetailSecretV2Body{
ChainID: ve.String(certDetail.ChainID),
}
describeCertDetailSecretResp, err := u.sdkClient.DescribeCertDetailSecretV2(ctx, describeCertDetailSecretReq)
u.logger.Debug("sdk request 'live.DescribeCertDetailSecretV2'", slog.Any("request", describeCertDetailSecretReq), slog.Any("response", describeCertDetailSecretResp))
if err != nil {
continue
}
@@ -82,8 +96,9 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
isSameCert = certs.EqualCertificate(certX509, oldCertX509)
}
// 如果已存在相同证书,直接返回已有的证书信息
// 如果已存在相同证书,直接返回
if isSameCert {
u.logger.Info("ssl certificate already exists")
return &uploader.UploadResult{
CertId: certDetail.ChainID,
CertName: certDetail.CertName,
@@ -98,16 +113,17 @@ func (u *UploaderProvider) Upload(ctx context.Context, certPem string, privkeyPe
// 上传新证书
// REF: https://www.volcengine.com/docs/6469/1186278#%E6%B7%BB%E5%8A%A0%E8%AF%81%E4%B9%A6
createCertReq := &veLive.CreateCertBody{
createCertReq := &velive.CreateCertBody{
CertName: ve.String(certName),
UseWay: "https",
ProjectName: ve.String("default"),
Rsa: veLive.CreateCertBodyRsa{
Rsa: velive.CreateCertBodyRsa{
Prikey: privkeyPem,
Pubkey: certPem,
},
}
createCertResp, err := u.sdkClient.CreateCert(ctx, createCertReq)
u.logger.Debug("sdk request 'live.CreateCert'", slog.Any("request", createCertReq), slog.Any("response", createCertResp))
if err != nil {
return nil, xerrors.Wrap(err, "failed to execute sdk request 'live.CreateCert'")
}

7
internal/pkg/core/uploader/uploader.go
View File

@@ -1,11 +1,16 @@
package uploader
import "context"
import (
"context"
"log/slog"
)
// 表示定义证书上传器的抽象类型接口。
// 云服务商通常会提供 SSL 证书管理服务,可供用户集中管理证书。
// 注意与 `Deployer` 区分,“上传”通常为“部署”的前置操作。
type Uploader interface {
WithLogger(logger *slog.Logger) Uploader
// 上传证书。
//
// 入参: