EdgeAPI/internal/rpc/services/service_ssl_cert.go

package services

import (
	"context"
	"encoding/json"
	"github.com/TeaOSLab/EdgeAPI/internal/db/models"
	"github.com/TeaOSLab/EdgeAPI/internal/db/models/acme"
	"github.com/TeaOSLab/EdgeAPI/internal/errors"
	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
	"github.com/iwind/TeaGo/dbs"
	"github.com/iwind/TeaGo/types"
)

// SSLCertService SSL证书相关服务
type SSLCertService struct {
	BaseService
}

// CreateSSLCert 创建证书
func (this *SSLCertService) CreateSSLCert(ctx context.Context, req *pb.CreateSSLCertRequest) (*pb.CreateSSLCertResponse, error) {
	// 校验请求
	adminId, userId, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	// 用户ID
	if adminId > 0 && req.UserId > 0 {
		userId = req.UserId
	}

	var tx = this.NullTx()

	if req.TimeBeginAt < 0 {
		return nil, errors.New("invalid TimeBeginAt")
	}
	if req.TimeEndAt < 0 {
		return nil, errors.New("invalid TimeEndAt")
	}

	certId, err := models.SharedSSLCertDAO.CreateCert(tx, adminId, userId, req.IsOn, req.Name, req.Description, req.ServerName, req.IsCA, req.CertData, req.KeyData, req.TimeBeginAt, req.TimeEndAt, req.DnsNames, req.CommonNames)
	if err != nil {
		return nil, err
	}

	return &pb.CreateSSLCertResponse{SslCertId: certId}, nil
}

// CreateSSLCerts 创建一组证书
func (this *SSLCertService) CreateSSLCerts(ctx context.Context, req *pb.CreateSSLCertsRequest) (*pb.CreateSSLCertsResponse, error) {
	// 校验请求
	adminId, userId, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	if adminId > 0 {
		if req.UserId > 0 {
			userId = req.UserId
		} else {
			userId = 0
		}
	}

	var certIds = []int64{}
	err = this.RunTx(func(tx *dbs.Tx) error {
		for _, cert := range req.SSLCerts {
			certId, err := models.SharedSSLCertDAO.CreateCert(tx, adminId, userId, cert.IsOn, cert.Name, cert.Description, cert.ServerName, cert.IsCA, cert.CertData, cert.KeyData, cert.TimeBeginAt, cert.TimeEndAt, cert.DnsNames, cert.CommonNames)
			if err != nil {
				return err
			}
			certIds = append(certIds, certId)
		}
		return nil
	})
	if err != nil {
		return nil, err
	}
	return &pb.CreateSSLCertsResponse{SslCertIds: certIds}, nil
}

// UpdateSSLCert 修改Cert
func (this *SSLCertService) UpdateSSLCert(ctx context.Context, req *pb.UpdateSSLCertRequest) (*pb.RPCSuccess, error) {
	// 校验请求
	_, userId, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()

	if req.TimeBeginAt < 0 {
		return nil, errors.New("invalid TimeBeginAt")
	}
	if req.TimeEndAt < 0 {
		return nil, errors.New("invalid TimeEndAt")
	}

	// 检查权限
	if userId > 0 {
		err := models.SharedSSLCertDAO.CheckUserCert(tx, req.SslCertId, userId)
		if err != nil {
			return nil, err
		}
	}

	err = models.SharedSSLCertDAO.UpdateCert(tx, req.SslCertId, req.IsOn, req.Name, req.Description, req.ServerName, req.IsCA, req.CertData, req.KeyData, req.TimeBeginAt, req.TimeEndAt, req.DnsNames, req.CommonNames)
	if err != nil {
		return nil, err
	}

	return this.Success()
}

// FindEnabledSSLCertConfig 查找证书配置
func (this *SSLCertService) FindEnabledSSLCertConfig(ctx context.Context, req *pb.FindEnabledSSLCertConfigRequest) (*pb.FindEnabledSSLCertConfigResponse, error) {
	// 校验请求
	_, userId, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()

	// 检查权限
	if userId > 0 {
		err := models.SharedSSLCertDAO.CheckUserCert(tx, req.SslCertId, userId)
		if err != nil {
			return nil, err
		}
	}

	config, err := models.SharedSSLCertDAO.ComposeCertConfig(tx, req.SslCertId, false, nil, nil)
	if err != nil {
		return nil, err
	}

	configJSON, err := json.Marshal(config)
	if err != nil {
		return nil, err
	}
	return &pb.FindEnabledSSLCertConfigResponse{SslCertJSON: configJSON}, nil
}

// DeleteSSLCert 删除证书
func (this *SSLCertService) DeleteSSLCert(ctx context.Context, req *pb.DeleteSSLCertRequest) (*pb.RPCSuccess, error) {
	// 校验请求
	_, userId, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()

	// 检查权限
	if userId > 0 {
		err := models.SharedSSLCertDAO.CheckUserCert(tx, req.SslCertId, userId)
		if err != nil {
			return nil, err
		}
	}

	err = models.SharedSSLCertDAO.DisableSSLCert(tx, req.SslCertId)
	if err != nil {
		return nil, err
	}

	// 停止相关ACME任务
	err = acme.SharedACMETaskDAO.DisableAllTasksWithCertId(tx, req.SslCertId)
	if err != nil {
		return nil, err
	}

	return this.Success()
}

// CountSSLCerts 计算匹配的Cert数量
func (this *SSLCertService) CountSSLCerts(ctx context.Context, req *pb.CountSSLCertRequest) (*pb.RPCCountResponse, error) {
	// 校验请求
	adminId, userId, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()

	if adminId > 0 {
		userId = req.UserId
	} else if userId <= 0 {
		return nil, errors.New("invalid user")
	}

	count, err := models.SharedSSLCertDAO.CountCerts(tx, req.IsCA, req.IsAvailable, req.IsExpired, int64(req.ExpiringDays), req.Keyword, userId, req.Domains)
	if err != nil {
		return nil, err
	}

	return this.SuccessCount(count)
}

// ListSSLCerts 列出单页匹配的Cert
func (this *SSLCertService) ListSSLCerts(ctx context.Context, req *pb.ListSSLCertsRequest) (*pb.ListSSLCertsResponse, error) {
	// 校验请求
	adminId, userId, err := this.ValidateAdminAndUser(ctx, true)
	if err != nil {
		return nil, err
	}

	if adminId > 0 {
		userId = req.UserId
	} else if userId <= 0 {
		return nil, errors.New("invalid user")
	}

	var tx = this.NullTx()

	certIds, err := models.SharedSSLCertDAO.ListCertIds(tx, req.IsCA, req.IsAvailable, req.IsExpired, int64(req.ExpiringDays), req.Keyword, userId, req.Domains, req.Offset, req.Size)
	if err != nil {
		return nil, err
	}

	var certConfigs = []*sslconfigs.SSLCertConfig{}
	for _, certId := range certIds {
		certConfig, err := models.SharedSSLCertDAO.ComposeCertConfig(tx, certId, false, nil, nil)
		if err != nil {
			return nil, err
		}

		// 这里不需要数据内容
		certConfig.CertData = nil
		certConfig.KeyData = nil

		certConfigs = append(certConfigs, certConfig)
	}
	certConfigsJSON, err := json.Marshal(certConfigs)
	if err != nil {
		return nil, err
	}
	return &pb.ListSSLCertsResponse{SslCertsJSON: certConfigsJSON}, nil
}

// CountAllSSLCertsWithOCSPError 计算有OCSP错误的证书数量
func (this *SSLCertService) CountAllSSLCertsWithOCSPError(ctx context.Context, req *pb.CountAllSSLCertsWithOCSPErrorRequest) (*pb.RPCCountResponse, error) {
	_, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()
	count, err := models.SharedSSLCertDAO.CountAllSSLCertsWithOCSPError(tx, req.Keyword)
	if err != nil {
		return nil, err
	}
	return this.SuccessCount(count)
}

// ListSSLCertsWithOCSPError 列出有OCSP错误的证书
func (this *SSLCertService) ListSSLCertsWithOCSPError(ctx context.Context, req *pb.ListSSLCertsWithOCSPErrorRequest) (*pb.ListSSLCertsWithOCSPErrorResponse, error) {
	_, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()
	certs, err := models.SharedSSLCertDAO.ListSSLCertsWithOCSPError(tx, req.Keyword, req.Offset, req.Size)
	if err != nil {
		return nil, err
	}

	var pbCerts = []*pb.SSLCert{}
	for _, cert := range certs {
		pbCerts = append(pbCerts, &pb.SSLCert{
			Id:            int64(cert.Id),
			IsOn:          cert.IsOn,
			Name:          cert.Name,
			TimeBeginAt:   types.Int64(cert.TimeBeginAt),
			TimeEndAt:     types.Int64(cert.TimeEndAt),
			DnsNames:      cert.DecodeDNSNames(),
			CommonNames:   cert.DecodeCommonNames(),
			IsACME:        cert.IsACME,
			AcmeTaskId:    int64(cert.AcmeTaskId),
			Ocsp:          cert.Ocsp,
			OcspIsUpdated: cert.OcspIsUpdated == 1,
			OcspError:     cert.OcspError,
			Description:   cert.Description,
			IsCA:          cert.IsCA,
			ServerName:    cert.ServerName,
			CreatedAt:     int64(cert.CreatedAt),
			UpdatedAt:     int64(cert.UpdatedAt),
		})
	}

	return &pb.ListSSLCertsWithOCSPErrorResponse{
		SslCerts: pbCerts,
	}, nil
}

// IgnoreSSLCertsWithOCSPError 忽略一组OCSP证书错误
func (this *SSLCertService) IgnoreSSLCertsWithOCSPError(ctx context.Context, req *pb.IgnoreSSLCertsWithOCSPErrorRequest) (*pb.RPCSuccess, error) {
	_, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()
	err = models.SharedSSLCertDAO.IgnoreSSLCertsWithOCSPError(tx, req.SslCertIds)
	if err != nil {
		return nil, err
	}
	return this.Success()
}

// ResetSSLCertsWithOCSPError 重置一组证书OCSP错误状态
func (this *SSLCertService) ResetSSLCertsWithOCSPError(ctx context.Context, req *pb.ResetSSLCertsWithOCSPErrorRequest) (*pb.RPCSuccess, error) {
	_, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()
	err = models.SharedSSLCertDAO.ResetSSLCertsWithOCSPError(tx, req.SslCertIds)
	if err != nil {
		return nil, err
	}
	return this.Success()
}

// ResetAllSSLCertsWithOCSPError 重置所有证书OCSP错误状态
func (this *SSLCertService) ResetAllSSLCertsWithOCSPError(ctx context.Context, req *pb.ResetAllSSLCertsWithOCSPErrorRequest) (*pb.RPCSuccess, error) {
	_, err := this.ValidateAdmin(ctx)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()
	err = models.SharedSSLCertDAO.ResetAllSSLCertsWithOCSPError(tx)
	if err != nil {
		return nil, err
	}
	return this.Success()
}

// ListUpdatedSSLCertOCSP 读取证书的OCSP
func (this *SSLCertService) ListUpdatedSSLCertOCSP(ctx context.Context, req *pb.ListUpdatedSSLCertOCSPRequest) (*pb.ListUpdatedSSLCertOCSPResponse, error) {
	_, err := this.ValidateNode(ctx)
	if err != nil {
		return nil, err
	}

	var tx = this.NullTx()
	certs, err := models.SharedSSLCertDAO.ListCertOCSPAfterVersion(tx, req.Version, int64(req.Size))
	if err != nil {
		return nil, err
	}

	var result = []*pb.ListUpdatedSSLCertOCSPResponse_SSLCertOCSP{}
	for _, cert := range certs {
		result = append(result, &pb.ListUpdatedSSLCertOCSPResponse_SSLCertOCSP{
			SslCertId: int64(cert.Id),
			Data:      cert.Ocsp,
			ExpiresAt: int64(cert.OcspExpiresAt),
			Version:   int64(cert.OcspUpdatedVersion),
		})
	}

	return &pb.ListUpdatedSSLCertOCSPResponse{
		SslCertOCSP: result,
	}, nil
}
实现证书管理 2020-09-30 17:46:43 +08:00			`package services`

			`import (`
			`"context"`
			`"encoding/json"`
			`"github.com/TeaOSLab/EdgeAPI/internal/db/models"`
对服务增加基础的数据统计/部分代码分Package 2021-01-25 16:40:03 +08:00			`"github.com/TeaOSLab/EdgeAPI/internal/db/models/acme"`
创建和修改证书的时候检查时间 2022-04-19 11:09:42 +08:00			`"github.com/TeaOSLab/EdgeAPI/internal/errors"`
实现证书管理 2020-09-30 17:46:43 +08:00			`"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"`
			`"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"`
增加批量上传证书接口、使用域名查询证书接口 2023-03-24 19:07:43 +08:00			`"github.com/iwind/TeaGo/dbs"`
增加证书OCSP错误日志管理 2022-03-11 20:27:53 +08:00			`"github.com/iwind/TeaGo/types"`
实现证书管理 2020-09-30 17:46:43 +08:00			`)`

修复用户查询证书时返回其他证书的Bug 2021-11-18 16:44:41 +08:00			`// SSLCertService SSL证书相关服务`
实现证书管理 2020-09-30 17:46:43 +08:00			`type SSLCertService struct {`
调整SSL证书目录结构 2020-11-24 15:02:44 +08:00			`BaseService`
实现证书管理 2020-09-30 17:46:43 +08:00			`}`

增加批量上传证书接口、使用域名查询证书接口 2023-03-24 19:07:43 +08:00			`// CreateSSLCert 创建证书`
实现证书管理 2020-09-30 17:46:43 +08:00			`func (this SSLCertService) CreateSSLCert(ctx context.Context, req pb.CreateSSLCertRequest) (*pb.CreateSSLCertResponse, error) {`
			`// 校验请求`
优化接口权限 2022-09-17 16:07:37 +08:00			`adminId, userId, err := this.ValidateAdminAndUser(ctx, true)`
实现证书管理 2020-09-30 17:46:43 +08:00			`if err != nil {`
			`return nil, err`
			`}`

上传单个证书时也可以选择所属用户 2023-03-26 12:24:31 +08:00			`// 用户ID`
			`if adminId > 0 && req.UserId > 0 {`
			`userId = req.UserId`
			`}`

创建和修改证书的时候检查时间 2022-04-19 11:09:42 +08:00			`var tx = this.NullTx()`

			`if req.TimeBeginAt < 0 {`
			`return nil, errors.New("invalid TimeBeginAt")`
			`}`
			`if req.TimeEndAt < 0 {`
			`return nil, errors.New("invalid TimeEndAt")`
			`}`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
			`certId, err := models.SharedSSLCertDAO.CreateCert(tx, adminId, userId, req.IsOn, req.Name, req.Description, req.ServerName, req.IsCA, req.CertData, req.KeyData, req.TimeBeginAt, req.TimeEndAt, req.DnsNames, req.CommonNames)`
实现证书管理 2020-09-30 17:46:43 +08:00			`if err != nil {`
			`return nil, err`
			`}`

兼容用户节点 2020-12-18 21:18:53 +08:00			`return &pb.CreateSSLCertResponse{SslCertId: certId}, nil`
实现证书管理 2020-09-30 17:46:43 +08:00			`}`

增加批量上传证书接口、使用域名查询证书接口 2023-03-24 19:07:43 +08:00			`// CreateSSLCerts 创建一组证书`
			`func (this SSLCertService) CreateSSLCerts(ctx context.Context, req pb.CreateSSLCertsRequest) (*pb.CreateSSLCertsResponse, error) {`
			`// 校验请求`
			`adminId, userId, err := this.ValidateAdminAndUser(ctx, true)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if adminId > 0 {`
			`if req.UserId > 0 {`
			`userId = req.UserId`
			`} else {`
			`userId = 0`
			`}`
			`}`

			`var certIds = []int64{}`
			`err = this.RunTx(func(tx *dbs.Tx) error {`
			`for _, cert := range req.SSLCerts {`
			`certId, err := models.SharedSSLCertDAO.CreateCert(tx, adminId, userId, cert.IsOn, cert.Name, cert.Description, cert.ServerName, cert.IsCA, cert.CertData, cert.KeyData, cert.TimeBeginAt, cert.TimeEndAt, cert.DnsNames, cert.CommonNames)`
			`if err != nil {`
			`return err`
			`}`
			`certIds = append(certIds, certId)`
			`}`
			`return nil`
			`})`
			`if err != nil {`
			`return nil, err`
			`}`
			`return &pb.CreateSSLCertsResponse{SslCertIds: certIds}, nil`
			`}`

修复用户查询证书时返回其他证书的Bug 2021-11-18 16:44:41 +08:00			`// UpdateSSLCert 修改Cert`
实现基本的集群DNS列表、设置、简单数据同步 2020-11-13 18:22:22 +08:00			`func (this SSLCertService) UpdateSSLCert(ctx context.Context, req pb.UpdateSSLCertRequest) (*pb.RPCSuccess, error) {`
实现证书管理 2020-09-30 17:46:43 +08:00			`// 校验请求`
优化接口权限 2022-09-17 16:07:37 +08:00			`_, userId, err := this.ValidateAdminAndUser(ctx, true)`
实现证书管理 2020-09-30 17:46:43 +08:00			`if err != nil {`
			`return nil, err`
			`}`

创建和修改证书的时候检查时间 2022-04-19 11:09:42 +08:00			`var tx = this.NullTx()`

			`if req.TimeBeginAt < 0 {`
			`return nil, errors.New("invalid TimeBeginAt")`
			`}`
			`if req.TimeEndAt < 0 {`
			`return nil, errors.New("invalid TimeEndAt")`
			`}`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
兼容用户节点 2020-12-18 21:18:53 +08:00			`// 检查权限`
			`if userId > 0 {`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`err := models.SharedSSLCertDAO.CheckUserCert(tx, req.SslCertId, userId)`
兼容用户节点 2020-12-18 21:18:53 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`}`

所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`err = models.SharedSSLCertDAO.UpdateCert(tx, req.SslCertId, req.IsOn, req.Name, req.Description, req.ServerName, req.IsCA, req.CertData, req.KeyData, req.TimeBeginAt, req.TimeEndAt, req.DnsNames, req.CommonNames)`
实现证书管理 2020-09-30 17:46:43 +08:00			`if err != nil {`
			`return nil, err`
			`}`

调整SSL证书目录结构 2020-11-24 15:02:44 +08:00			`return this.Success()`
实现证书管理 2020-09-30 17:46:43 +08:00			`}`

修复用户查询证书时返回其他证书的Bug 2021-11-18 16:44:41 +08:00			`// FindEnabledSSLCertConfig 查找证书配置`
实现证书管理 2020-09-30 17:46:43 +08:00			`func (this SSLCertService) FindEnabledSSLCertConfig(ctx context.Context, req pb.FindEnabledSSLCertConfigRequest) (*pb.FindEnabledSSLCertConfigResponse, error) {`
			`// 校验请求`
优化接口权限 2022-09-17 16:07:37 +08:00			`_, userId, err := this.ValidateAdminAndUser(ctx, true)`
实现证书管理 2020-09-30 17:46:43 +08:00			`if err != nil {`
			`return nil, err`
			`}`

优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
兼容用户节点 2020-12-18 21:18:53 +08:00			`// 检查权限`
			`if userId > 0 {`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`err := models.SharedSSLCertDAO.CheckUserCert(tx, req.SslCertId, userId)`
兼容用户节点 2020-12-18 21:18:53 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`}`

节点组合配置时服务间可以共用证书数据 2023-03-18 22:18:13 +08:00			`config, err := models.SharedSSLCertDAO.ComposeCertConfig(tx, req.SslCertId, false, nil, nil)`
实现证书管理 2020-09-30 17:46:43 +08:00			`if err != nil {`
			`return nil, err`
			`}`

			`configJSON, err := json.Marshal(config)`
			`if err != nil {`
			`return nil, err`
			`}`
兼容用户节点 2020-12-18 21:18:53 +08:00			`return &pb.FindEnabledSSLCertConfigResponse{SslCertJSON: configJSON}, nil`
实现证书管理 2020-09-30 17:46:43 +08:00			`}`

修复用户查询证书时返回其他证书的Bug 2021-11-18 16:44:41 +08:00			`// DeleteSSLCert 删除证书`
实现基本的集群DNS列表、设置、简单数据同步 2020-11-13 18:22:22 +08:00			`func (this SSLCertService) DeleteSSLCert(ctx context.Context, req pb.DeleteSSLCertRequest) (*pb.RPCSuccess, error) {`
实现证书管理 2020-09-30 17:46:43 +08:00			`// 校验请求`
优化接口权限 2022-09-17 16:07:37 +08:00			`_, userId, err := this.ValidateAdminAndUser(ctx, true)`
实现证书管理 2020-09-30 17:46:43 +08:00			`if err != nil {`
			`return nil, err`
			`}`

优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
兼容用户节点 2020-12-18 21:18:53 +08:00			`// 检查权限`
			`if userId > 0 {`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`err := models.SharedSSLCertDAO.CheckUserCert(tx, req.SslCertId, userId)`
兼容用户节点 2020-12-18 21:18:53 +08:00			`if err != nil {`
			`return nil, err`
			`}`
			`}`

所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00			`err = models.SharedSSLCertDAO.DisableSSLCert(tx, req.SslCertId)`
实现证书管理 2020-09-30 17:46:43 +08:00			`if err != nil {`
			`return nil, err`
			`}`

[SSL证书]实现对ACME任务的增删改查 2020-11-25 21:19:22 +08:00			`// 停止相关ACME任务`
对服务增加基础的数据统计/部分代码分Package 2021-01-25 16:40:03 +08:00			`err = acme.SharedACMETaskDAO.DisableAllTasksWithCertId(tx, req.SslCertId)`
[SSL证书]实现对ACME任务的增删改查 2020-11-25 21:19:22 +08:00			`if err != nil {`
			`return nil, err`
			`}`

调整SSL证书目录结构 2020-11-24 15:02:44 +08:00			`return this.Success()`
实现证书管理 2020-09-30 17:46:43 +08:00			`}`

修复用户查询证书时返回其他证书的Bug 2021-11-18 16:44:41 +08:00			`// CountSSLCerts 计算匹配的Cert数量`
增加DNS域名管理 2020-11-12 14:41:28 +08:00			`func (this SSLCertService) CountSSLCerts(ctx context.Context, req pb.CountSSLCertRequest) (*pb.RPCCountResponse, error) {`
实现证书管理 2020-09-30 17:46:43 +08:00			`// 校验请求`
增加批量上传证书接口、使用域名查询证书接口 2023-03-24 19:07:43 +08:00			`adminId, userId, err := this.ValidateAdminAndUser(ctx, true)`
实现证书管理 2020-09-30 17:46:43 +08:00			`if err != nil {`
			`return nil, err`
			`}`

优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
实现自动匹配证书和批量选择证书功能 2023-03-25 20:51:08 +08:00			`if adminId > 0 {`
增加批量上传证书接口、使用域名查询证书接口 2023-03-24 19:07:43 +08:00			`userId = req.UserId`
实现自动匹配证书和批量选择证书功能 2023-03-25 20:51:08 +08:00			`} else if userId <= 0 {`
			`return nil, errors.New("invalid user")`
修复用户查询证书时返回其他证书的Bug 2021-11-18 16:44:41 +08:00			`}`

增加批量上传证书接口、使用域名查询证书接口 2023-03-24 19:07:43 +08:00			`count, err := models.SharedSSLCertDAO.CountCerts(tx, req.IsCA, req.IsAvailable, req.IsExpired, int64(req.ExpiringDays), req.Keyword, userId, req.Domains)`
实现证书管理 2020-09-30 17:46:43 +08:00			`if err != nil {`
			`return nil, err`
			`}`

实现对ACME用户的增删改 2020-11-24 17:36:47 +08:00			`return this.SuccessCount(count)`
实现证书管理 2020-09-30 17:46:43 +08:00			`}`

修复用户查询证书时返回其他证书的Bug 2021-11-18 16:44:41 +08:00			`// ListSSLCerts 列出单页匹配的Cert`
实现证书管理 2020-09-30 17:46:43 +08:00			`func (this SSLCertService) ListSSLCerts(ctx context.Context, req pb.ListSSLCertsRequest) (*pb.ListSSLCertsResponse, error) {`
			`// 校验请求`
增加批量上传证书接口、使用域名查询证书接口 2023-03-24 19:07:43 +08:00			`adminId, userId, err := this.ValidateAdminAndUser(ctx, true)`
实现证书管理 2020-09-30 17:46:43 +08:00			`if err != nil {`
			`return nil, err`
			`}`

实现自动匹配证书和批量选择证书功能 2023-03-25 20:51:08 +08:00			`if adminId > 0 {`
增加批量上传证书接口、使用域名查询证书接口 2023-03-24 19:07:43 +08:00			`userId = req.UserId`
实现自动匹配证书和批量选择证书功能 2023-03-25 20:51:08 +08:00			`} else if userId <= 0 {`
			`return nil, errors.New("invalid user")`
修复用户查询证书时返回其他证书的Bug 2021-11-18 16:44:41 +08:00			`}`

优化代码 2022-07-22 15:05:30 +08:00			`var tx = this.NullTx()`
所有数据库相关的操作支持事务 2021-01-01 23:31:30 +08:00
增加批量上传证书接口、使用域名查询证书接口 2023-03-24 19:07:43 +08:00			`certIds, err := models.SharedSSLCertDAO.ListCertIds(tx, req.IsCA, req.IsAvailable, req.IsExpired, int64(req.ExpiringDays), req.Keyword, userId, req.Domains, req.Offset, req.Size)`
实现证书管理 2020-09-30 17:46:43 +08:00			`if err != nil {`
			`return nil, err`
			`}`

增加批量上传证书接口、使用域名查询证书接口 2023-03-24 19:07:43 +08:00			`var certConfigs = []*sslconfigs.SSLCertConfig{}`
实现证书管理 2020-09-30 17:46:43 +08:00			`for _, certId := range certIds {`
节点组合配置时服务间可以共用证书数据 2023-03-18 22:18:13 +08:00			`certConfig, err := models.SharedSSLCertDAO.ComposeCertConfig(tx, certId, false, nil, nil)`
实现证书管理 2020-09-30 17:46:43 +08:00			`if err != nil {`
			`return nil, err`
			`}`

			`// 这里不需要数据内容`
			`certConfig.CertData = nil`
			`certConfig.KeyData = nil`

			`certConfigs = append(certConfigs, certConfig)`
			`}`
			`certConfigsJSON, err := json.Marshal(certConfigs)`
			`if err != nil {`
			`return nil, err`
			`}`
兼容用户节点 2020-12-18 21:18:53 +08:00			`return &pb.ListSSLCertsResponse{SslCertsJSON: certConfigsJSON}, nil`
实现证书管理 2020-09-30 17:46:43 +08:00			`}`
增加证书OCSP错误日志管理 2022-03-11 20:27:53 +08:00
			`// CountAllSSLCertsWithOCSPError 计算有OCSP错误的证书数量`
			`func (this SSLCertService) CountAllSSLCertsWithOCSPError(ctx context.Context, req pb.CountAllSSLCertsWithOCSPErrorRequest) (*pb.RPCCountResponse, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`_, err := this.ValidateAdmin(ctx)`
增加证书OCSP错误日志管理 2022-03-11 20:27:53 +08:00			`if err != nil {`
			`return nil, err`
			`}`

			`var tx = this.NullTx()`
			`count, err := models.SharedSSLCertDAO.CountAllSSLCertsWithOCSPError(tx, req.Keyword)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return this.SuccessCount(count)`
			`}`

			`// ListSSLCertsWithOCSPError 列出有OCSP错误的证书`
			`func (this SSLCertService) ListSSLCertsWithOCSPError(ctx context.Context, req pb.ListSSLCertsWithOCSPErrorRequest) (*pb.ListSSLCertsWithOCSPErrorResponse, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`_, err := this.ValidateAdmin(ctx)`
增加证书OCSP错误日志管理 2022-03-11 20:27:53 +08:00			`if err != nil {`
			`return nil, err`
			`}`

			`var tx = this.NullTx()`
			`certs, err := models.SharedSSLCertDAO.ListSSLCertsWithOCSPError(tx, req.Keyword, req.Offset, req.Size)`
			`if err != nil {`
			`return nil, err`
			`}`

			`var pbCerts = []*pb.SSLCert{}`
			`for _, cert := range certs {`
			`pbCerts = append(pbCerts, &pb.SSLCert{`
			`Id: int64(cert.Id),`
优化代码 2022-03-22 21:45:07 +08:00			`IsOn: cert.IsOn,`
增加证书OCSP错误日志管理 2022-03-11 20:27:53 +08:00			`Name: cert.Name,`
			`TimeBeginAt: types.Int64(cert.TimeBeginAt),`
			`TimeEndAt: types.Int64(cert.TimeEndAt),`
			`DnsNames: cert.DecodeDNSNames(),`
			`CommonNames: cert.DecodeCommonNames(),`
优化代码 2022-03-22 22:11:32 +08:00			`IsACME: cert.IsACME,`
增加证书OCSP错误日志管理 2022-03-11 20:27:53 +08:00			`AcmeTaskId: int64(cert.AcmeTaskId),`
优化代码 2022-03-22 19:30:30 +08:00			`Ocsp: cert.Ocsp,`
增加证书OCSP错误日志管理 2022-03-11 20:27:53 +08:00			`OcspIsUpdated: cert.OcspIsUpdated == 1,`
			`OcspError: cert.OcspError,`
			`Description: cert.Description,`
优化代码 2022-03-22 22:11:32 +08:00			`IsCA: cert.IsCA,`
增加证书OCSP错误日志管理 2022-03-11 20:27:53 +08:00			`ServerName: cert.ServerName,`
			`CreatedAt: int64(cert.CreatedAt),`
			`UpdatedAt: int64(cert.UpdatedAt),`
			`})`
			`}`

			`return &pb.ListSSLCertsWithOCSPErrorResponse{`
			`SslCerts: pbCerts,`
			`}, nil`
			`}`

			`// IgnoreSSLCertsWithOCSPError 忽略一组OCSP证书错误`
			`func (this SSLCertService) IgnoreSSLCertsWithOCSPError(ctx context.Context, req pb.IgnoreSSLCertsWithOCSPErrorRequest) (*pb.RPCSuccess, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`_, err := this.ValidateAdmin(ctx)`
增加证书OCSP错误日志管理 2022-03-11 20:27:53 +08:00			`if err != nil {`
			`return nil, err`
			`}`

			`var tx = this.NullTx()`
			`err = models.SharedSSLCertDAO.IgnoreSSLCertsWithOCSPError(tx, req.SslCertIds)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return this.Success()`
			`}`

			`// ResetSSLCertsWithOCSPError 重置一组证书OCSP错误状态`
			`func (this SSLCertService) ResetSSLCertsWithOCSPError(ctx context.Context, req pb.ResetSSLCertsWithOCSPErrorRequest) (*pb.RPCSuccess, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`_, err := this.ValidateAdmin(ctx)`
增加证书OCSP错误日志管理 2022-03-11 20:27:53 +08:00			`if err != nil {`
			`return nil, err`
			`}`

			`var tx = this.NullTx()`
			`err = models.SharedSSLCertDAO.ResetSSLCertsWithOCSPError(tx, req.SslCertIds)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return this.Success()`
			`}`

			`// ResetAllSSLCertsWithOCSPError 重置所有证书OCSP错误状态`
			`func (this SSLCertService) ResetAllSSLCertsWithOCSPError(ctx context.Context, req pb.ResetAllSSLCertsWithOCSPErrorRequest) (*pb.RPCSuccess, error) {`
优化代码 2022-07-22 14:35:17 +08:00			`_, err := this.ValidateAdmin(ctx)`
增加证书OCSP错误日志管理 2022-03-11 20:27:53 +08:00			`if err != nil {`
			`return nil, err`
			`}`

			`var tx = this.NullTx()`
			`err = models.SharedSSLCertDAO.ResetAllSSLCertsWithOCSPError(tx)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return this.Success()`
			`}`
动态更新OCSP，防止过期 2022-03-18 17:08:51 +08:00
			`// ListUpdatedSSLCertOCSP 读取证书的OCSP`
			`func (this SSLCertService) ListUpdatedSSLCertOCSP(ctx context.Context, req pb.ListUpdatedSSLCertOCSPRequest) (*pb.ListUpdatedSSLCertOCSPResponse, error) {`
			`_, err := this.ValidateNode(ctx)`
			`if err != nil {`
			`return nil, err`
			`}`

			`var tx = this.NullTx()`
			`certs, err := models.SharedSSLCertDAO.ListCertOCSPAfterVersion(tx, req.Version, int64(req.Size))`
			`if err != nil {`
			`return nil, err`
			`}`

			`var result = []*pb.ListUpdatedSSLCertOCSPResponse_SSLCertOCSP{}`
			`for _, cert := range certs {`
			`result = append(result, &pb.ListUpdatedSSLCertOCSPResponse_SSLCertOCSP{`
			`SslCertId: int64(cert.Id),`
优化代码 2022-03-22 19:30:30 +08:00			`Data: cert.Ocsp,`
OCSP支持过期时间 2022-03-18 20:21:24 +08:00			`ExpiresAt: int64(cert.OcspExpiresAt),`
动态更新OCSP，防止过期 2022-03-18 17:08:51 +08:00			`Version: int64(cert.OcspUpdatedVersion),`
			`})`
			`}`

			`return &pb.ListUpdatedSSLCertOCSPResponse{`
			`SslCertOCSP: result,`
			`}, nil`
			`}`