证书在上传时检查有效期

2025-11-09 00:20:26 +08:00 · 2022-04-19 11:14:40 +08:00
parent 1cd7a8f4c8
commit 07bb63c765
2 changed files with 27 additions and 14 deletions
--- a/internal/web/actions/default/servers/certs/updatePopup.go
+++ b/internal/web/actions/default/servers/certs/updatePopup.go
@@ -70,13 +70,13 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		this.ErrorPage(err)
 		return
 	}
-	certConfigJSON := certConfigResp.SslCertJSON
+	var certConfigJSON = certConfigResp.SslCertJSON
 	if len(certConfigJSON) == 0 {
 		this.NotFound("cert", params.CertId)
 		return
 	}

-	certConfig := &sslconfigs.SSLCertConfig{}
+	var certConfig = &sslconfigs.SSLCertConfig{}
 	err = json.Unmarshal(certConfigJSON, certConfig)
 	if err != nil {
 		this.ErrorPage(err)
@@ -99,7 +99,6 @@ func (this *UpdatePopupAction) RunPost(params struct {
 			}
 		}
 	} else {
-
 		if params.CertFile != nil {
 			certConfig.CertData, err = params.CertFile.Read()
 			if err != nil {
@@ -132,6 +131,13 @@ func (this *UpdatePopupAction) RunPost(params struct {
 		this.Fail("证书格式错误：无法读取到证书有效期")
 	}

+	if certConfig.TimeBeginAt < 0 {
+		this.Fail("证书校验错误：有效期开始时间过小，不能小于1970年1月1日")
+	}
+	if certConfig.TimeEndAt < 0 {
+		this.Fail("证书校验错误：有效期结束时间过小，不能小于1970年1月1日")
+	}
+
 	// 保存
 	_, err = this.RPC().SSLCertRPC().UpdateSSLCert(this.AdminContext(), &pb.UpdateSSLCertRequest{
 		SslCertId:   params.CertId,
--- a/internal/web/actions/default/servers/certs/uploadPopup.go
+++ b/internal/web/actions/default/servers/certs/uploadPopup.go
@@ -41,8 +41,8 @@ func (this *UploadPopupAction) RunPost(params struct {
 		Field("name", params.Name).
 		Require("请输入证书说明")

-	certData := []byte{}
-	keyData := []byte{}
+	var certData = []byte{}
+	var keyData = []byte{}

 	if params.TextMode {
 		if len(params.CertText) == 0 {
@@ -80,12 +80,12 @@ func (this *UploadPopupAction) RunPost(params struct {
 	}

 	// 校验
-	sslConfig := &sslconfigs.SSLCertConfig{
+	var certConfig = &sslconfigs.SSLCertConfig{
 		IsCA:     params.IsCA,
 		CertData: certData,
 		KeyData:  keyData,
 	}
-	err := sslConfig.Init()
+	err := certConfig.Init()
 	if err != nil {
 		if params.IsCA {
 			this.Fail("证书校验错误：" + err.Error())
@@ -93,10 +93,17 @@ func (this *UploadPopupAction) RunPost(params struct {
 			this.Fail("证书或密钥校验错误：" + err.Error())
 		}
 	}
-	if len(timeutil.Format("Y", sslConfig.TimeEnd())) != 4 {
+	if len(timeutil.Format("Y", certConfig.TimeEnd())) != 4 {
 		this.Fail("证书格式错误：无法读取到证书有效期")
 	}

+	if certConfig.TimeBeginAt < 0 {
+		this.Fail("证书校验错误：有效期开始时间过小，不能小于1970年1月1日")
+	}
+	if certConfig.TimeEndAt < 0 {
+		this.Fail("证书校验错误：有效期结束时间过小，不能小于1970年1月1日")
+	}
+
 	// 保存
 	createResp, err := this.RPC().SSLCertRPC().CreateSSLCert(this.AdminContext(), &pb.CreateSSLCertRequest{
 		IsOn:        params.IsOn,
@@ -106,10 +113,10 @@ func (this *UploadPopupAction) RunPost(params struct {
 		IsCA:        params.IsCA,
 		CertData:    certData,
 		KeyData:     keyData,
-		TimeBeginAt: sslConfig.TimeBeginAt,
-		TimeEndAt:   sslConfig.TimeEndAt,
-		DnsNames:    sslConfig.DNSNames,
-		CommonNames: sslConfig.CommonNames,
+		TimeBeginAt: certConfig.TimeBeginAt,
+		TimeEndAt:   certConfig.TimeEndAt,
+		DnsNames:    certConfig.DNSNames,
+		CommonNames: certConfig.CommonNames,
 	})
 	if err != nil {
 		this.ErrorPage(err)
@@ -117,13 +124,13 @@ func (this *UploadPopupAction) RunPost(params struct {
 	}

 	// 查询已创建的证书并返回，方便调用者进行后续处理
-	certId := createResp.SslCertId
+	var certId = createResp.SslCertId
 	configResp, err := this.RPC().SSLCertRPC().FindEnabledSSLCertConfig(this.AdminContext(), &pb.FindEnabledSSLCertConfigRequest{SslCertId: certId})
 	if err != nil {
 		this.ErrorPage(err)
 		return
 	}
-	certConfig := &sslconfigs.SSLCertConfig{}
+	certConfig = &sslconfigs.SSLCertConfig{}
 	err = json.Unmarshal(configResp.SslCertJSON, certConfig)
 	if err != nil {
 		this.ErrorPage(err)