TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-11-06 18:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

增加证书OCSP错误日志管理

Browse Source
This commit is contained in:
GoEdgeLab
2022-03-11 20:27:53 +08:00
parent 91a4666f60
commit 76d12ea65a
3 changed files with 210 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

78
internal/db/models/ssl_cert_dao.go
View File

@@ -210,6 +210,7 @@ func (this *SSLCertDAO) ComposeCertConfig(tx *dbs.Tx, certId int64, cacheMap *ut
config.TimeBeginAt = int64(cert.TimeBeginAt) config.TimeBeginAt = int64(cert.TimeBeginAt)
config.TimeEndAt = int64(cert.TimeEndAt) config.TimeEndAt = int64(cert.TimeEndAt)
config.OCSP = []byte(cert.Ocsp) config.OCSP = []byte(cert.Ocsp)
config.OCSPError = cert.OcspError
if IsNotNull(cert.DnsNames) { if IsNotNull(cert.DnsNames) {
dnsNames := []string{} dnsNames := []string{}
@@ -407,6 +408,83 @@ func (this *SSLCertDAO) UpdateCertOSCP(tx *dbs.Tx, certId int64, ocsp []byte, er
return this.NotifyUpdate(tx, certId) return this.NotifyUpdate(tx, certId)
} }
// CountAllSSLCertsWithOCSPError 计算有OCSP错误的证书数量
func (this *SSLCertDAO) CountAllSSLCertsWithOCSPError(tx *dbs.Tx, keyword string) (int64, error) {
var query = this.Query(tx)
if len(keyword) > 0 {
query.Where("(name LIKE :keyword OR description LIKE :keyword OR dnsNames LIKE :keyword OR commonNames LIKE :keyword OR ocspError LIKE :keyword)").
Param("keyword", "%"+keyword+"%")
}
return query.
State(SSLCertStateEnabled).
Attr("ocspIsUpdated", true).
Where("LENGTH(ocspError) > 0").
Count()
}
// ListSSLCertsWithOCSPError 列出有OCSP错误的证书
func (this *SSLCertDAO) ListSSLCertsWithOCSPError(tx *dbs.Tx, keyword string, offset int64, size int64) (result []*SSLCert, err error) {
var query = this.Query(tx)
if len(keyword) > 0 {
query.Where("(name LIKE :keyword OR description LIKE :keyword OR dnsNames LIKE :keyword OR commonNames LIKE :keyword OR ocspError LIKE :keyword)").
Param("keyword", "%"+keyword+"%")
}
_, err = query.
State(SSLCertStateEnabled).
Attr("ocspIsUpdated", true).
Where("LENGTH(ocspError) > 0").
Offset(offset).
Limit(size).
DescPk().
Slice(&result).
FindAll()
return
}
// IgnoreSSLCertsWithOCSPError 忽略一组OCSP证书错误
func (this *SSLCertDAO) IgnoreSSLCertsWithOCSPError(tx *dbs.Tx, certIds []int64) error {
for _, certId := range certIds {
err := this.Query(tx).
Pk(certId).
Set("ocspError", "").
UpdateQuickly()
if err != nil {
return err
}
}
return nil
}
// ResetSSLCertsWithOCSPError 重置一组证书OCSP错误状态
func (this *SSLCertDAO) ResetSSLCertsWithOCSPError(tx *dbs.Tx, certIds []int64) error {
for _, certId := range certIds {
err := this.Query(tx).
Pk(certId).
Set("ocspIsUpdated", 0).
Set("ocspError", "").
UpdateQuickly()
if err != nil {
return err
}
}
return nil
}
// ResetAllSSLCertsWithOCSPError 重置所有证书OCSP错误状态
func (this *SSLCertDAO) ResetAllSSLCertsWithOCSPError(tx *dbs.Tx) error {
return this.Query(tx).
State(SSLCertStateEnabled).
Attr("ocspIsUpdated", 1).
Where("LENGTH(ocspError)>0").
Set("ocspIsUpdated", 0).
Set("ocspError", "").
UpdateQuickly()
}
// NotifyUpdate 通知更新 // NotifyUpdate 通知更新
func (this *SSLCertDAO) NotifyUpdate(tx *dbs.Tx, certId int64) error { func (this *SSLCertDAO) NotifyUpdate(tx *dbs.Tx, certId int64) error {
policyIds, err := SharedSSLPolicyDAO.FindAllEnabledPolicyIdsWithCertId(tx, certId) policyIds, err := SharedSSLPolicyDAO.FindAllEnabledPolicyIdsWithCertId(tx, certId)

30
internal/db/models/ssl_cert_model_ext.go
View File

@@ -1 +1,31 @@
package models package models
import "encoding/json"
func (this *SSLCert) DecodeDNSNames() []string {
if len(this.DnsNames) == 0 {
return nil
}
var result = []string{}
var err = json.Unmarshal([]byte(this.DnsNames), &result)
if err != nil {
return nil
}
return result
}
func (this *SSLCert) DecodeCommonNames() []string {
if len(this.CommonNames) == 0 {
return nil
}
var result = []string{}
var err = json.Unmarshal([]byte(this.CommonNames), &result)
if err != nil {
return nil
}
return result
}

102
internal/rpc/services/service_ssl_cert.go
View File

@@ -7,6 +7,7 @@ import (
"github.com/TeaOSLab/EdgeAPI/internal/db/models/acme" "github.com/TeaOSLab/EdgeAPI/internal/db/models/acme"
"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb" "github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs" "github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
"github.com/iwind/TeaGo/types"
) )
// SSLCertService SSL证书相关服务 // SSLCertService SSL证书相关服务
@@ -180,3 +181,104 @@ func (this *SSLCertService) ListSSLCerts(ctx context.Context, req *pb.ListSSLCer
} }
return &pb.ListSSLCertsResponse{SslCertsJSON: certConfigsJSON}, nil return &pb.ListSSLCertsResponse{SslCertsJSON: certConfigsJSON}, nil
} }
// CountAllSSLCertsWithOCSPError 计算有OCSP错误的证书数量
func (this *SSLCertService) CountAllSSLCertsWithOCSPError(ctx context.Context, req *pb.CountAllSSLCertsWithOCSPErrorRequest) (*pb.RPCCountResponse, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var tx = this.NullTx()
count, err := models.SharedSSLCertDAO.CountAllSSLCertsWithOCSPError(tx, req.Keyword)
if err != nil {
return nil, err
}
return this.SuccessCount(count)
}
// ListSSLCertsWithOCSPError 列出有OCSP错误的证书
func (this *SSLCertService) ListSSLCertsWithOCSPError(ctx context.Context, req *pb.ListSSLCertsWithOCSPErrorRequest) (*pb.ListSSLCertsWithOCSPErrorResponse, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var tx = this.NullTx()
certs, err := models.SharedSSLCertDAO.ListSSLCertsWithOCSPError(tx, req.Keyword, req.Offset, req.Size)
if err != nil {
return nil, err
}
var pbCerts = []*pb.SSLCert{}
for _, cert := range certs {
pbCerts = append(pbCerts, &pb.SSLCert{
Id: int64(cert.Id),
IsOn: cert.IsOn == 1,
Name: cert.Name,
TimeBeginAt: types.Int64(cert.TimeBeginAt),
TimeEndAt: types.Int64(cert.TimeEndAt),
DnsNames: cert.DecodeDNSNames(),
CommonNames: cert.DecodeCommonNames(),
IsACME: cert.IsACME == 1,
AcmeTaskId: int64(cert.AcmeTaskId),
Ocsp: []byte(cert.Ocsp),
OcspIsUpdated: cert.OcspIsUpdated == 1,
OcspError: cert.OcspError,
Description: cert.Description,
IsCA: cert.IsCA == 1,
ServerName: cert.ServerName,
CreatedAt: int64(cert.CreatedAt),
UpdatedAt: int64(cert.UpdatedAt),
})
}
return &pb.ListSSLCertsWithOCSPErrorResponse{
SslCerts: pbCerts,
}, nil
}
// IgnoreSSLCertsWithOCSPError 忽略一组OCSP证书错误
func (this *SSLCertService) IgnoreSSLCertsWithOCSPError(ctx context.Context, req *pb.IgnoreSSLCertsWithOCSPErrorRequest) (*pb.RPCSuccess, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var tx = this.NullTx()
err = models.SharedSSLCertDAO.IgnoreSSLCertsWithOCSPError(tx, req.SslCertIds)
if err != nil {
return nil, err
}
return this.Success()
}
// ResetSSLCertsWithOCSPError 重置一组证书OCSP错误状态
func (this *SSLCertService) ResetSSLCertsWithOCSPError(ctx context.Context, req *pb.ResetSSLCertsWithOCSPErrorRequest) (*pb.RPCSuccess, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var tx = this.NullTx()
err = models.SharedSSLCertDAO.ResetSSLCertsWithOCSPError(tx, req.SslCertIds)
if err != nil {
return nil, err
}
return this.Success()
}
// ResetAllSSLCertsWithOCSPError 重置所有证书OCSP错误状态
func (this *SSLCertService) ResetAllSSLCertsWithOCSPError(ctx context.Context, req *pb.ResetAllSSLCertsWithOCSPErrorRequest) (*pb.RPCSuccess, error) {
_, err := this.ValidateAdmin(ctx, 0)
if err != nil {
return nil, err
}
var tx = this.NullTx()
err = models.SharedSSLCertDAO.ResetAllSSLCertsWithOCSPError(tx)
if err != nil {
return nil, err
}
return this.Success()
}