diff --git a/internal/web/actions/default/servers/certs/updatePopup.go b/internal/web/actions/default/servers/certs/updatePopup.go index 3a5f1860..4d7969a2 100644 --- a/internal/web/actions/default/servers/certs/updatePopup.go +++ b/internal/web/actions/default/servers/certs/updatePopup.go @@ -70,13 +70,13 @@ func (this *UpdatePopupAction) RunPost(params struct { this.ErrorPage(err) return } - certConfigJSON := certConfigResp.SslCertJSON + var certConfigJSON = certConfigResp.SslCertJSON if len(certConfigJSON) == 0 { this.NotFound("cert", params.CertId) return } - certConfig := &sslconfigs.SSLCertConfig{} + var certConfig = &sslconfigs.SSLCertConfig{} err = json.Unmarshal(certConfigJSON, certConfig) if err != nil { this.ErrorPage(err) @@ -99,7 +99,6 @@ func (this *UpdatePopupAction) RunPost(params struct { } } } else { - if params.CertFile != nil { certConfig.CertData, err = params.CertFile.Read() if err != nil { @@ -132,6 +131,13 @@ func (this *UpdatePopupAction) RunPost(params struct { this.Fail("证书格式错误:无法读取到证书有效期") } + if certConfig.TimeBeginAt < 0 { + this.Fail("证书校验错误:有效期开始时间过小,不能小于1970年1月1日") + } + if certConfig.TimeEndAt < 0 { + this.Fail("证书校验错误:有效期结束时间过小,不能小于1970年1月1日") + } + // 保存 _, err = this.RPC().SSLCertRPC().UpdateSSLCert(this.AdminContext(), &pb.UpdateSSLCertRequest{ SslCertId: params.CertId, diff --git a/internal/web/actions/default/servers/certs/uploadPopup.go b/internal/web/actions/default/servers/certs/uploadPopup.go index 08221907..77c24fec 100644 --- a/internal/web/actions/default/servers/certs/uploadPopup.go +++ b/internal/web/actions/default/servers/certs/uploadPopup.go @@ -41,8 +41,8 @@ func (this *UploadPopupAction) RunPost(params struct { Field("name", params.Name). Require("请输入证书说明") - certData := []byte{} - keyData := []byte{} + var certData = []byte{} + var keyData = []byte{} if params.TextMode { if len(params.CertText) == 0 { @@ -80,12 +80,12 @@ func (this *UploadPopupAction) RunPost(params struct { } // 校验 - sslConfig := &sslconfigs.SSLCertConfig{ + var certConfig = &sslconfigs.SSLCertConfig{ IsCA: params.IsCA, CertData: certData, KeyData: keyData, } - err := sslConfig.Init() + err := certConfig.Init() if err != nil { if params.IsCA { this.Fail("证书校验错误:" + err.Error()) @@ -93,10 +93,17 @@ func (this *UploadPopupAction) RunPost(params struct { this.Fail("证书或密钥校验错误:" + err.Error()) } } - if len(timeutil.Format("Y", sslConfig.TimeEnd())) != 4 { + if len(timeutil.Format("Y", certConfig.TimeEnd())) != 4 { this.Fail("证书格式错误:无法读取到证书有效期") } + if certConfig.TimeBeginAt < 0 { + this.Fail("证书校验错误:有效期开始时间过小,不能小于1970年1月1日") + } + if certConfig.TimeEndAt < 0 { + this.Fail("证书校验错误:有效期结束时间过小,不能小于1970年1月1日") + } + // 保存 createResp, err := this.RPC().SSLCertRPC().CreateSSLCert(this.AdminContext(), &pb.CreateSSLCertRequest{ IsOn: params.IsOn, @@ -106,10 +113,10 @@ func (this *UploadPopupAction) RunPost(params struct { IsCA: params.IsCA, CertData: certData, KeyData: keyData, - TimeBeginAt: sslConfig.TimeBeginAt, - TimeEndAt: sslConfig.TimeEndAt, - DnsNames: sslConfig.DNSNames, - CommonNames: sslConfig.CommonNames, + TimeBeginAt: certConfig.TimeBeginAt, + TimeEndAt: certConfig.TimeEndAt, + DnsNames: certConfig.DNSNames, + CommonNames: certConfig.CommonNames, }) if err != nil { this.ErrorPage(err) @@ -117,13 +124,13 @@ func (this *UploadPopupAction) RunPost(params struct { } // 查询已创建的证书并返回,方便调用者进行后续处理 - certId := createResp.SslCertId + var certId = createResp.SslCertId configResp, err := this.RPC().SSLCertRPC().FindEnabledSSLCertConfig(this.AdminContext(), &pb.FindEnabledSSLCertConfigRequest{SslCertId: certId}) if err != nil { this.ErrorPage(err) return } - certConfig := &sslconfigs.SSLCertConfig{} + certConfig = &sslconfigs.SSLCertConfig{} err = json.Unmarshal(configResp.SslCertJSON, certConfig) if err != nil { this.ErrorPage(err)