增加证书OCSP错误日志管理

2025-12-28 21:46:37 +08:00 · 2022-03-11 20:27:57 +08:00
parent 25061495d0
commit 9d859f3c27
5 changed files with 964 additions and 154 deletions
--- a/pkg/rpc/protos/models/model_ssl_cert.proto
+++ b/pkg/rpc/protos/models/model_ssl_cert.proto
@@ -9,4 +9,16 @@ message SSLCert {
 	string name = 3;
 	int64 timeBeginAt = 4;
 	int64 timeEndAt = 5;
+	repeated string dnsNames = 6;
+	repeated string commonNames = 7;
+	bool isACME = 8;
+	int64 acmeTaskId = 17;
+	bytes ocsp = 9;
+	bool ocspIsUpdated = 10;
+	string ocspError = 11;
+	string description = 12;
+	bool isCA = 13;
+	string serverName = 14;
+	int64 createdAt = 15;
+	int64 updatedAt = 16;
 }
--- a/pkg/rpc/protos/service_ssl_cert.proto
+++ b/pkg/rpc/protos/service_ssl_cert.proto
@@ -4,6 +4,7 @@ option go_package = "./pb";
 package pb;

 import "models/rpc_messages.proto";
+import "models/model_ssl_cert.proto";

 service SSLCertService {
 	// 创建Cert
@@ -23,6 +24,21 @@ service SSLCertService {

 	// 列出单页匹配的Cert
 	rpc listSSLCerts (ListSSLCertsRequest) returns (ListSSLCertsResponse);
+
+	// 计算有OCSP错误的证书数量
+	rpc countAllSSLCertsWithOCSPError (CountAllSSLCertsWithOCSPErrorRequest) returns (RPCCountResponse);
+
+	// 列出有OCSP错误的证书
+	rpc listSSLCertsWithOCSPError (ListSSLCertsWithOCSPErrorRequest) returns (ListSSLCertsWithOCSPErrorResponse);
+
+	// 忽略一组OCSP证书错误
+	rpc ignoreSSLCertsWithOCSPError (IgnoreSSLCertsWithOCSPErrorRequest) returns (RPCSuccess);
+
+	// 重置一组证书OCSP错误状态
+	rpc resetSSLCertsWithOCSPError (ResetSSLCertsWithOCSPErrorRequest) returns (RPCSuccess);
+
+	// 重置所有证书OCSP错误状态
+	rpc resetAllSSLCertsWithOCSPError (ResetAllSSLCertsWithOCSPErrorRequest) returns (RPCSuccess);
 }

 // 创建Cert
@@ -99,3 +115,34 @@ message ListSSLCertsRequest {
 message ListSSLCertsResponse {
 	bytes sslCertsJSON = 1;
 }
+
+// 计算有OCSP错误的证书数量
+message CountAllSSLCertsWithOCSPErrorRequest {
+	string keyword = 1;
+}
+
+// 列出有OCSP错误的证书
+message ListSSLCertsWithOCSPErrorRequest {
+	string keyword = 1;
+	int64 offset = 2;
+	int64 size = 3;
+}
+
+message ListSSLCertsWithOCSPErrorResponse {
+	repeated SSLCert sslCerts = 1;
+}
+
+// 忽略一组OCSP证书错误
+message IgnoreSSLCertsWithOCSPErrorRequest {
+	repeated int64 sslCertIds = 1;
+}
+
+// 重置一组证书OCSP错误状态
+message ResetSSLCertsWithOCSPErrorRequest {
+	repeated int64 sslCertIds = 1;
+}
+
+// 重置所有证书OCSP错误状态
+message ResetAllSSLCertsWithOCSPErrorRequest {
+
+}