增加证书OCSP错误日志管理

2025-11-07 18:50:26 +08:00 · 2022-03-11 20:27:53 +08:00
parent 91a4666f60
commit 76d12ea65a
3 changed files with 210 additions and 0 deletions
--- a/internal/db/models/ssl_cert_dao.go
+++ b/internal/db/models/ssl_cert_dao.go
@@ -210,6 +210,7 @@ func (this *SSLCertDAO) ComposeCertConfig(tx *dbs.Tx, certId int64, cacheMap *ut
 	config.TimeBeginAt = int64(cert.TimeBeginAt)
 	config.TimeEndAt = int64(cert.TimeEndAt)
 	config.OCSP = []byte(cert.Ocsp)
+	config.OCSPError = cert.OcspError

 	if IsNotNull(cert.DnsNames) {
 		dnsNames := []string{}
@@ -407,6 +408,83 @@ func (this *SSLCertDAO) UpdateCertOSCP(tx *dbs.Tx, certId int64, ocsp []byte, er
 	return this.NotifyUpdate(tx, certId)
 }

+// CountAllSSLCertsWithOCSPError 计算有OCSP错误的证书数量
+func (this *SSLCertDAO) CountAllSSLCertsWithOCSPError(tx *dbs.Tx, keyword string) (int64, error) {
+	var query = this.Query(tx)
+
+	if len(keyword) > 0 {
+		query.Where("(name LIKE :keyword OR description LIKE :keyword OR dnsNames LIKE :keyword OR commonNames LIKE :keyword OR ocspError LIKE :keyword)").
+			Param("keyword", "%"+keyword+"%")
+	}
+
+	return query.
+		State(SSLCertStateEnabled).
+		Attr("ocspIsUpdated", true).
+		Where("LENGTH(ocspError) > 0").
+		Count()
+}
+
+// ListSSLCertsWithOCSPError 列出有OCSP错误的证书
+func (this *SSLCertDAO) ListSSLCertsWithOCSPError(tx *dbs.Tx, keyword string, offset int64, size int64) (result []*SSLCert, err error) {
+	var query = this.Query(tx)
+
+	if len(keyword) > 0 {
+		query.Where("(name LIKE :keyword OR description LIKE :keyword OR dnsNames LIKE :keyword OR commonNames LIKE :keyword OR ocspError LIKE :keyword)").
+			Param("keyword", "%"+keyword+"%")
+	}
+
+	_, err = query.
+		State(SSLCertStateEnabled).
+		Attr("ocspIsUpdated", true).
+		Where("LENGTH(ocspError) > 0").
+		Offset(offset).
+		Limit(size).
+		DescPk().
+		Slice(&result).
+		FindAll()
+	return
+}
+
+// IgnoreSSLCertsWithOCSPError 忽略一组OCSP证书错误
+func (this *SSLCertDAO) IgnoreSSLCertsWithOCSPError(tx *dbs.Tx, certIds []int64) error {
+	for _, certId := range certIds {
+		err := this.Query(tx).
+			Pk(certId).
+			Set("ocspError", "").
+			UpdateQuickly()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// ResetSSLCertsWithOCSPError 重置一组证书OCSP错误状态
+func (this *SSLCertDAO) ResetSSLCertsWithOCSPError(tx *dbs.Tx, certIds []int64) error {
+	for _, certId := range certIds {
+		err := this.Query(tx).
+			Pk(certId).
+			Set("ocspIsUpdated", 0).
+			Set("ocspError", "").
+			UpdateQuickly()
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// ResetAllSSLCertsWithOCSPError 重置所有证书OCSP错误状态
+func (this *SSLCertDAO) ResetAllSSLCertsWithOCSPError(tx *dbs.Tx) error {
+	return this.Query(tx).
+		State(SSLCertStateEnabled).
+		Attr("ocspIsUpdated", 1).
+		Where("LENGTH(ocspError)>0").
+		Set("ocspIsUpdated", 0).
+		Set("ocspError", "").
+		UpdateQuickly()
+}
+
 // NotifyUpdate 通知更新
 func (this *SSLCertDAO) NotifyUpdate(tx *dbs.Tx, certId int64) error {
 	policyIds, err := SharedSSLPolicyDAO.FindAllEnabledPolicyIdsWithCertId(tx, certId)
--- a/internal/db/models/ssl_cert_model_ext.go
+++ b/internal/db/models/ssl_cert_model_ext.go
@@ -1 +1,31 @@
 package models
+
+import "encoding/json"
+
+func (this *SSLCert) DecodeDNSNames() []string {
+	if len(this.DnsNames) == 0 {
+		return nil
+	}
+
+	var result = []string{}
+	var err = json.Unmarshal([]byte(this.DnsNames), &result)
+	if err != nil {
+		return nil
+	}
+
+	return result
+}
+
+func (this *SSLCert) DecodeCommonNames() []string {
+	if len(this.CommonNames) == 0 {
+		return nil
+	}
+
+	var result = []string{}
+	var err = json.Unmarshal([]byte(this.CommonNames), &result)
+	if err != nil {
+		return nil
+	}
+
+	return result
+}
--- a/internal/rpc/services/service_ssl_cert.go
+++ b/internal/rpc/services/service_ssl_cert.go
@@ -7,6 +7,7 @@ import (
 	"github.com/TeaOSLab/EdgeAPI/internal/db/models/acme"
 	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
 	"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
+	"github.com/iwind/TeaGo/types"
 )

 // SSLCertService SSL证书相关服务
@@ -180,3 +181,104 @@ func (this *SSLCertService) ListSSLCerts(ctx context.Context, req *pb.ListSSLCer
 	}
 	return &pb.ListSSLCertsResponse{SslCertsJSON: certConfigsJSON}, nil
 }
+
+// CountAllSSLCertsWithOCSPError 计算有OCSP错误的证书数量
+func (this *SSLCertService) CountAllSSLCertsWithOCSPError(ctx context.Context, req *pb.CountAllSSLCertsWithOCSPErrorRequest) (*pb.RPCCountResponse, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	count, err := models.SharedSSLCertDAO.CountAllSSLCertsWithOCSPError(tx, req.Keyword)
+	if err != nil {
+		return nil, err
+	}
+	return this.SuccessCount(count)
+}
+
+// ListSSLCertsWithOCSPError 列出有OCSP错误的证书
+func (this *SSLCertService) ListSSLCertsWithOCSPError(ctx context.Context, req *pb.ListSSLCertsWithOCSPErrorRequest) (*pb.ListSSLCertsWithOCSPErrorResponse, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	certs, err := models.SharedSSLCertDAO.ListSSLCertsWithOCSPError(tx, req.Keyword, req.Offset, req.Size)
+	if err != nil {
+		return nil, err
+	}
+
+	var pbCerts = []*pb.SSLCert{}
+	for _, cert := range certs {
+		pbCerts = append(pbCerts, &pb.SSLCert{
+			Id:            int64(cert.Id),
+			IsOn:          cert.IsOn == 1,
+			Name:          cert.Name,
+			TimeBeginAt:   types.Int64(cert.TimeBeginAt),
+			TimeEndAt:     types.Int64(cert.TimeEndAt),
+			DnsNames:      cert.DecodeDNSNames(),
+			CommonNames:   cert.DecodeCommonNames(),
+			IsACME:        cert.IsACME == 1,
+			AcmeTaskId:    int64(cert.AcmeTaskId),
+			Ocsp:          []byte(cert.Ocsp),
+			OcspIsUpdated: cert.OcspIsUpdated == 1,
+			OcspError:     cert.OcspError,
+			Description:   cert.Description,
+			IsCA:          cert.IsCA == 1,
+			ServerName:    cert.ServerName,
+			CreatedAt:     int64(cert.CreatedAt),
+			UpdatedAt:     int64(cert.UpdatedAt),
+		})
+	}
+
+	return &pb.ListSSLCertsWithOCSPErrorResponse{
+		SslCerts: pbCerts,
+	}, nil
+}
+
+// IgnoreSSLCertsWithOCSPError 忽略一组OCSP证书错误
+func (this *SSLCertService) IgnoreSSLCertsWithOCSPError(ctx context.Context, req *pb.IgnoreSSLCertsWithOCSPErrorRequest) (*pb.RPCSuccess, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	err = models.SharedSSLCertDAO.IgnoreSSLCertsWithOCSPError(tx, req.SslCertIds)
+	if err != nil {
+		return nil, err
+	}
+	return this.Success()
+}
+
+// ResetSSLCertsWithOCSPError 重置一组证书OCSP错误状态
+func (this *SSLCertService) ResetSSLCertsWithOCSPError(ctx context.Context, req *pb.ResetSSLCertsWithOCSPErrorRequest) (*pb.RPCSuccess, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	err = models.SharedSSLCertDAO.ResetSSLCertsWithOCSPError(tx, req.SslCertIds)
+	if err != nil {
+		return nil, err
+	}
+	return this.Success()
+}
+
+// ResetAllSSLCertsWithOCSPError 重置所有证书OCSP错误状态
+func (this *SSLCertService) ResetAllSSLCertsWithOCSPError(ctx context.Context, req *pb.ResetAllSSLCertsWithOCSPErrorRequest) (*pb.RPCSuccess, error) {
+	_, err := this.ValidateAdmin(ctx, 0)
+	if err != nil {
+		return nil, err
+	}
+
+	var tx = this.NullTx()
+	err = models.SharedSSLCertDAO.ResetAllSSLCertsWithOCSPError(tx)
+	if err != nil {
+		return nil, err
+	}
+	return this.Success()
+}