TRKJ/EdgeAPI
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeAPI.git synced 2025-12-24 14:06:36 +08:00
Code Issues Packages Projects Releases Wiki Activity

增加OCSP Stapling功能

Browse Source
This commit is contained in:
GoEdgeLab
2022-03-10 11:54:35 +08:00
parent 0cfc8c341a
commit a38369733e
7 changed files with 310 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
internal/db/models/ssl_cert_dao.go
View File

@@ -113,6 +113,8 @@ func (this *SSLCertDAO) CreateCert(tx *dbs.Tx, adminId int64, userId int64, isOn
}
op.CommonNames = commonNamesJSON
op.OcspIsUpdated = false
err = this.Save(tx, op)
if err != nil {
return 0, err
@@ -121,7 +123,18 @@ func (this *SSLCertDAO) CreateCert(tx *dbs.Tx, adminId int64, userId int64, isOn
}
// UpdateCert 修改证书
func (this *SSLCertDAO) UpdateCert(tx *dbs.Tx, certId int64, isOn bool, name string, description string, serverName string, isCA bool, certData []byte, keyData []byte, timeBeginAt int64, timeEndAt int64, dnsNames []string, commonNames []string) error {
func (this *SSLCertDAO) UpdateCert(tx *dbs.Tx,
certId int64,
isOn bool,
name string,
description string,
serverName string,
isCA bool,
certData []byte,
keyData []byte,
timeBeginAt int64,
timeEndAt int64,
dnsNames []string, commonNames []string) error {
if certId <= 0 {
return errors.New("invalid certId")
}
@@ -156,6 +169,8 @@ func (this *SSLCertDAO) UpdateCert(tx *dbs.Tx, certId int64, isOn bool, name str
}
op.CommonNames = commonNamesJSON
op.OcspIsUpdated = false
err = this.Save(tx, op)
if err != nil {
return err
@@ -194,6 +209,7 @@ func (this *SSLCertDAO) ComposeCertConfig(tx *dbs.Tx, certId int64, cacheMap *ut
config.ServerName = cert.ServerName
config.TimeBeginAt = int64(cert.TimeBeginAt)
config.TimeEndAt = int64(cert.TimeEndAt)
config.OCSP = []byte(cert.Ocsp)
if IsNotNull(cert.DnsNames) {
dnsNames := []string{}
@@ -356,6 +372,41 @@ func (this *SSLCertDAO) CheckUserCert(tx *dbs.Tx, certId int64, userId int64) er
return nil
}
// ListCertsToUpdateOCSP 查找需要更新OCSP的证书
func (this *SSLCertDAO) ListCertsToUpdateOCSP(tx *dbs.Tx, size int64) (result []*SSLCert, err error) {
_, err = this.Query(tx).
State(SSLCertStateEnabled).
Attr("ocspIsUpdated", false).
Limit(size).
Slice(&result).
FindAll()
return
}
// UpdateCertOSCP 修改OCSP
func (this *SSLCertDAO) UpdateCertOSCP(tx *dbs.Tx, certId int64, ocsp []byte, errString string) error {
if ocsp == nil {
ocsp = []byte{}
}
// 限制长度
if len(errString) > 300 {
errString = errString[:300]
}
err := this.Query(tx).
Pk(certId).
Set("ocsp", ocsp).
Set("ocspError", errString).
Set("ocspIsUpdated", true).
UpdateQuickly()
if err != nil {
return err
}
return this.NotifyUpdate(tx, certId)
}
// NotifyUpdate 通知更新
func (this *SSLCertDAO) NotifyUpdate(tx *dbs.Tx, certId int64) error {
policyIds, err := SharedSSLPolicyDAO.FindAllEnabledPolicyIdsWithCertId(tx, certId)