2020-09-30 17:46:43 +08:00
|
|
|
package services
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
"encoding/json"
|
|
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/db/models"
|
2021-01-25 16:40:03 +08:00
|
|
|
"github.com/TeaOSLab/EdgeAPI/internal/db/models/acme"
|
2020-09-30 17:46:43 +08:00
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
|
|
|
|
|
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// SSL证书相关服务
|
|
|
|
|
type SSLCertService struct {
|
2020-11-24 15:02:44 +08:00
|
|
|
BaseService
|
2020-09-30 17:46:43 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 创建Cert
|
|
|
|
|
func (this *SSLCertService) CreateSSLCert(ctx context.Context, req *pb.CreateSSLCertRequest) (*pb.CreateSSLCertResponse, error) {
|
|
|
|
|
// 校验请求
|
2020-12-18 21:18:53 +08:00
|
|
|
adminId, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-09-30 17:46:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
|
|
|
certId, err := models.SharedSSLCertDAO.CreateCert(tx, adminId, userId, req.IsOn, req.Name, req.Description, req.ServerName, req.IsCA, req.CertData, req.KeyData, req.TimeBeginAt, req.TimeEndAt, req.DnsNames, req.CommonNames)
|
2020-09-30 17:46:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2020-12-18 21:18:53 +08:00
|
|
|
return &pb.CreateSSLCertResponse{SslCertId: certId}, nil
|
2020-09-30 17:46:43 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 修改Cert
|
2020-11-13 18:22:22 +08:00
|
|
|
func (this *SSLCertService) UpdateSSLCert(ctx context.Context, req *pb.UpdateSSLCertRequest) (*pb.RPCSuccess, error) {
|
2020-09-30 17:46:43 +08:00
|
|
|
// 校验请求
|
2020-12-18 21:18:53 +08:00
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-09-30 17:46:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
2020-12-18 21:18:53 +08:00
|
|
|
// 检查权限
|
|
|
|
|
if userId > 0 {
|
2021-01-01 23:31:30 +08:00
|
|
|
err := models.SharedSSLCertDAO.CheckUserCert(tx, req.SslCertId, userId)
|
2020-12-18 21:18:53 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
err = models.SharedSSLCertDAO.UpdateCert(tx, req.SslCertId, req.IsOn, req.Name, req.Description, req.ServerName, req.IsCA, req.CertData, req.KeyData, req.TimeBeginAt, req.TimeEndAt, req.DnsNames, req.CommonNames)
|
2020-09-30 17:46:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-24 15:02:44 +08:00
|
|
|
return this.Success()
|
2020-09-30 17:46:43 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 查找证书配置
|
|
|
|
|
func (this *SSLCertService) FindEnabledSSLCertConfig(ctx context.Context, req *pb.FindEnabledSSLCertConfigRequest) (*pb.FindEnabledSSLCertConfigResponse, error) {
|
|
|
|
|
// 校验请求
|
2020-12-18 21:18:53 +08:00
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-09-30 17:46:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
2020-12-18 21:18:53 +08:00
|
|
|
// 检查权限
|
|
|
|
|
if userId > 0 {
|
2021-01-01 23:31:30 +08:00
|
|
|
err := models.SharedSSLCertDAO.CheckUserCert(tx, req.SslCertId, userId)
|
2020-12-18 21:18:53 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-08-22 11:35:33 +08:00
|
|
|
config, err := models.SharedSSLCertDAO.ComposeCertConfig(tx, req.SslCertId, nil)
|
2020-09-30 17:46:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
configJSON, err := json.Marshal(config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2020-12-18 21:18:53 +08:00
|
|
|
return &pb.FindEnabledSSLCertConfigResponse{SslCertJSON: configJSON}, nil
|
2020-09-30 17:46:43 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 删除证书
|
2020-11-13 18:22:22 +08:00
|
|
|
func (this *SSLCertService) DeleteSSLCert(ctx context.Context, req *pb.DeleteSSLCertRequest) (*pb.RPCSuccess, error) {
|
2020-09-30 17:46:43 +08:00
|
|
|
// 校验请求
|
2020-12-18 21:18:53 +08:00
|
|
|
_, userId, err := this.ValidateAdminAndUser(ctx, 0, 0)
|
2020-09-30 17:46:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
2020-12-18 21:18:53 +08:00
|
|
|
// 检查权限
|
|
|
|
|
if userId > 0 {
|
2021-01-01 23:31:30 +08:00
|
|
|
err := models.SharedSSLCertDAO.CheckUserCert(tx, req.SslCertId, userId)
|
2020-12-18 21:18:53 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
err = models.SharedSSLCertDAO.DisableSSLCert(tx, req.SslCertId)
|
2020-09-30 17:46:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-25 21:19:22 +08:00
|
|
|
// 停止相关ACME任务
|
2021-01-25 16:40:03 +08:00
|
|
|
err = acme.SharedACMETaskDAO.DisableAllTasksWithCertId(tx, req.SslCertId)
|
2020-11-25 21:19:22 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-24 15:02:44 +08:00
|
|
|
return this.Success()
|
2020-09-30 17:46:43 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 计算匹配的Cert数量
|
2020-11-12 14:41:28 +08:00
|
|
|
func (this *SSLCertService) CountSSLCerts(ctx context.Context, req *pb.CountSSLCertRequest) (*pb.RPCCountResponse, error) {
|
2020-09-30 17:46:43 +08:00
|
|
|
// 校验请求
|
2020-12-18 21:18:53 +08:00
|
|
|
_, _, err := this.ValidateAdminAndUser(ctx, 0, req.UserId)
|
2020-09-30 17:46:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
|
|
|
count, err := models.SharedSSLCertDAO.CountCerts(tx, req.IsCA, req.IsAvailable, req.IsExpired, int64(req.ExpiringDays), req.Keyword, req.UserId)
|
2020-09-30 17:46:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2020-11-24 17:36:47 +08:00
|
|
|
return this.SuccessCount(count)
|
2020-09-30 17:46:43 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 列出单页匹配的Cert
|
|
|
|
|
func (this *SSLCertService) ListSSLCerts(ctx context.Context, req *pb.ListSSLCertsRequest) (*pb.ListSSLCertsResponse, error) {
|
|
|
|
|
// 校验请求
|
2020-12-18 21:18:53 +08:00
|
|
|
_, _, err := this.ValidateAdminAndUser(ctx, 0, req.UserId)
|
2020-09-30 17:46:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-01 23:31:30 +08:00
|
|
|
tx := this.NullTx()
|
|
|
|
|
|
|
|
|
|
certIds, err := models.SharedSSLCertDAO.ListCertIds(tx, req.IsCA, req.IsAvailable, req.IsExpired, int64(req.ExpiringDays), req.Keyword, req.UserId, req.Offset, req.Size)
|
2020-09-30 17:46:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
certConfigs := []*sslconfigs.SSLCertConfig{}
|
|
|
|
|
for _, certId := range certIds {
|
2021-08-22 11:35:33 +08:00
|
|
|
certConfig, err := models.SharedSSLCertDAO.ComposeCertConfig(tx, certId, nil)
|
2020-09-30 17:46:43 +08:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// 这里不需要数据内容
|
|
|
|
|
certConfig.CertData = nil
|
|
|
|
|
certConfig.KeyData = nil
|
|
|
|
|
|
|
|
|
|
certConfigs = append(certConfigs, certConfig)
|
|
|
|
|
}
|
|
|
|
|
certConfigsJSON, err := json.Marshal(certConfigs)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2020-12-18 21:18:53 +08:00
|
|
|
return &pb.ListSSLCertsResponse{SslCertsJSON: certConfigsJSON}, nil
|
2020-09-30 17:46:43 +08:00
|
|
|
}
|
