增加证书OCSP错误日志管理

2025-12-14 21:06:34 +08:00 · 2022-03-11 20:27:57 +08:00
parent 25061495d0
commit 9d859f3c27
5 changed files with 964 additions and 154 deletions
--- a/pkg/rpc/pb/model_ssl_cert.pb.go
+++ b/pkg/rpc/pb/model_ssl_cert.pb.go
@@ -30,11 +30,23 @@ type SSLCert struct {
 	sizeCache     protoimpl.SizeCache
 	unknownFields protoimpl.UnknownFields

-	Id          int64  `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
-	IsOn        bool   `protobuf:"varint,2,opt,name=isOn,proto3" json:"isOn,omitempty"`
-	Name        string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
-	TimeBeginAt int64  `protobuf:"varint,4,opt,name=timeBeginAt,proto3" json:"timeBeginAt,omitempty"`
-	TimeEndAt   int64  `protobuf:"varint,5,opt,name=timeEndAt,proto3" json:"timeEndAt,omitempty"`
+	Id            int64    `protobuf:"varint,1,opt,name=id,proto3" json:"id,omitempty"`
+	IsOn          bool     `protobuf:"varint,2,opt,name=isOn,proto3" json:"isOn,omitempty"`
+	Name          string   `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
+	TimeBeginAt   int64    `protobuf:"varint,4,opt,name=timeBeginAt,proto3" json:"timeBeginAt,omitempty"`
+	TimeEndAt     int64    `protobuf:"varint,5,opt,name=timeEndAt,proto3" json:"timeEndAt,omitempty"`
+	DnsNames      []string `protobuf:"bytes,6,rep,name=dnsNames,proto3" json:"dnsNames,omitempty"`
+	CommonNames   []string `protobuf:"bytes,7,rep,name=commonNames,proto3" json:"commonNames,omitempty"`
+	IsACME        bool     `protobuf:"varint,8,opt,name=isACME,proto3" json:"isACME,omitempty"`
+	AcmeTaskId    int64    `protobuf:"varint,17,opt,name=acmeTaskId,proto3" json:"acmeTaskId,omitempty"`
+	Ocsp          []byte   `protobuf:"bytes,9,opt,name=ocsp,proto3" json:"ocsp,omitempty"`
+	OcspIsUpdated bool     `protobuf:"varint,10,opt,name=ocspIsUpdated,proto3" json:"ocspIsUpdated,omitempty"`
+	OcspError     string   `protobuf:"bytes,11,opt,name=ocspError,proto3" json:"ocspError,omitempty"`
+	Description   string   `protobuf:"bytes,12,opt,name=description,proto3" json:"description,omitempty"`
+	IsCA          bool     `protobuf:"varint,13,opt,name=isCA,proto3" json:"isCA,omitempty"`
+	ServerName    string   `protobuf:"bytes,14,opt,name=serverName,proto3" json:"serverName,omitempty"`
+	CreatedAt     int64    `protobuf:"varint,15,opt,name=createdAt,proto3" json:"createdAt,omitempty"`
+	UpdatedAt     int64    `protobuf:"varint,16,opt,name=updatedAt,proto3" json:"updatedAt,omitempty"`
 }

 func (x *SSLCert) Reset() {
@@ -104,12 +116,96 @@ func (x *SSLCert) GetTimeEndAt() int64 {
 	return 0
 }

+func (x *SSLCert) GetDnsNames() []string {
+	if x != nil {
+		return x.DnsNames
+	}
+	return nil
+}
+
+func (x *SSLCert) GetCommonNames() []string {
+	if x != nil {
+		return x.CommonNames
+	}
+	return nil
+}
+
+func (x *SSLCert) GetIsACME() bool {
+	if x != nil {
+		return x.IsACME
+	}
+	return false
+}
+
+func (x *SSLCert) GetAcmeTaskId() int64 {
+	if x != nil {
+		return x.AcmeTaskId
+	}
+	return 0
+}
+
+func (x *SSLCert) GetOcsp() []byte {
+	if x != nil {
+		return x.Ocsp
+	}
+	return nil
+}
+
+func (x *SSLCert) GetOcspIsUpdated() bool {
+	if x != nil {
+		return x.OcspIsUpdated
+	}
+	return false
+}
+
+func (x *SSLCert) GetOcspError() string {
+	if x != nil {
+		return x.OcspError
+	}
+	return ""
+}
+
+func (x *SSLCert) GetDescription() string {
+	if x != nil {
+		return x.Description
+	}
+	return ""
+}
+
+func (x *SSLCert) GetIsCA() bool {
+	if x != nil {
+		return x.IsCA
+	}
+	return false
+}
+
+func (x *SSLCert) GetServerName() string {
+	if x != nil {
+		return x.ServerName
+	}
+	return ""
+}
+
+func (x *SSLCert) GetCreatedAt() int64 {
+	if x != nil {
+		return x.CreatedAt
+	}
+	return 0
+}
+
+func (x *SSLCert) GetUpdatedAt() int64 {
+	if x != nil {
+		return x.UpdatedAt
+	}
+	return 0
+}
+
 var File_models_model_ssl_cert_proto protoreflect.FileDescriptor

 var file_models_model_ssl_cert_proto_rawDesc = []byte{
 	0x0a, 0x1b, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x73, 0x2f, 0x6d, 0x6f, 0x64, 0x65, 0x6c, 0x5f, 0x73,
 	0x73, 0x6c, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x02, 0x70,
-	0x62, 0x22, 0x81, 0x01, 0x0a, 0x07, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x0e, 0x0a,
+	0x62, 0x22, 0xe1, 0x03, 0x0a, 0x07, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x0e, 0x0a,
 	0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a,
 	0x04, 0x69, 0x73, 0x4f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x69, 0x73, 0x4f,
 	0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52,
@@ -117,7 +213,29 @@ var file_models_model_ssl_cert_proto_rawDesc = []byte{
 	0x69, 0x6e, 0x41, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x74, 0x69, 0x6d, 0x65,
 	0x42, 0x65, 0x67, 0x69, 0x6e, 0x41, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x45,
 	0x6e, 0x64, 0x41, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65,
-	0x45, 0x6e, 0x64, 0x41, 0x74, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70,
+	0x45, 0x6e, 0x64, 0x41, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65,
+	0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x64, 0x6e, 0x73, 0x4e, 0x61, 0x6d, 0x65,
+	0x73, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x73,
+	0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4e, 0x61,
+	0x6d, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x73, 0x41, 0x43, 0x4d, 0x45, 0x18, 0x08, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x06, 0x69, 0x73, 0x41, 0x43, 0x4d, 0x45, 0x12, 0x1e, 0x0a, 0x0a, 0x61,
+	0x63, 0x6d, 0x65, 0x54, 0x61, 0x73, 0x6b, 0x49, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x03, 0x52,
+	0x0a, 0x61, 0x63, 0x6d, 0x65, 0x54, 0x61, 0x73, 0x6b, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6f,
+	0x63, 0x73, 0x70, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x12,
+	0x24, 0x0a, 0x0d, 0x6f, 0x63, 0x73, 0x70, 0x49, 0x73, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64,
+	0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x6f, 0x63, 0x73, 0x70, 0x49, 0x73, 0x55, 0x70,
+	0x64, 0x61, 0x74, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x6f, 0x63, 0x73, 0x70, 0x45, 0x72, 0x72,
+	0x6f, 0x72, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6f, 0x63, 0x73, 0x70, 0x45, 0x72,
+	0x72, 0x6f, 0x72, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69,
+	0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69,
+	0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x73, 0x43, 0x41, 0x18, 0x0d, 0x20,
+	0x01, 0x28, 0x08, 0x52, 0x04, 0x69, 0x73, 0x43, 0x41, 0x12, 0x1e, 0x0a, 0x0a, 0x73, 0x65, 0x72,
+	0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73,
+	0x65, 0x72, 0x76, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x72, 0x65,
+	0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x63, 0x72,
+	0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x1c, 0x0a, 0x09, 0x75, 0x70, 0x64, 0x61, 0x74,
+	0x65, 0x64, 0x41, 0x74, 0x18, 0x10, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x75, 0x70, 0x64, 0x61,
+	0x74, 0x65, 0x64, 0x41, 0x74, 0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70,
 	0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

--- a/pkg/rpc/pb/service_ssl_cert.pb.go
+++ b/pkg/rpc/pb/service_ssl_cert.pb.go
--- a/pkg/rpc/protos/models/model_ssl_cert.proto
+++ b/pkg/rpc/protos/models/model_ssl_cert.proto
@@ -9,4 +9,16 @@ message SSLCert {
 	string name = 3;
 	int64 timeBeginAt = 4;
 	int64 timeEndAt = 5;
+	repeated string dnsNames = 6;
+	repeated string commonNames = 7;
+	bool isACME = 8;
+	int64 acmeTaskId = 17;
+	bytes ocsp = 9;
+	bool ocspIsUpdated = 10;
+	string ocspError = 11;
+	string description = 12;
+	bool isCA = 13;
+	string serverName = 14;
+	int64 createdAt = 15;
+	int64 updatedAt = 16;
 }
--- a/pkg/rpc/protos/service_ssl_cert.proto
+++ b/pkg/rpc/protos/service_ssl_cert.proto
@@ -4,6 +4,7 @@ option go_package = "./pb";
 package pb;

 import "models/rpc_messages.proto";
+import "models/model_ssl_cert.proto";

 service SSLCertService {
 	// 创建Cert
@@ -23,6 +24,21 @@ service SSLCertService {

 	// 列出单页匹配的Cert
 	rpc listSSLCerts (ListSSLCertsRequest) returns (ListSSLCertsResponse);
+
+	// 计算有OCSP错误的证书数量
+	rpc countAllSSLCertsWithOCSPError (CountAllSSLCertsWithOCSPErrorRequest) returns (RPCCountResponse);
+
+	// 列出有OCSP错误的证书
+	rpc listSSLCertsWithOCSPError (ListSSLCertsWithOCSPErrorRequest) returns (ListSSLCertsWithOCSPErrorResponse);
+
+	// 忽略一组OCSP证书错误
+	rpc ignoreSSLCertsWithOCSPError (IgnoreSSLCertsWithOCSPErrorRequest) returns (RPCSuccess);
+
+	// 重置一组证书OCSP错误状态
+	rpc resetSSLCertsWithOCSPError (ResetSSLCertsWithOCSPErrorRequest) returns (RPCSuccess);
+
+	// 重置所有证书OCSP错误状态
+	rpc resetAllSSLCertsWithOCSPError (ResetAllSSLCertsWithOCSPErrorRequest) returns (RPCSuccess);
 }

 // 创建Cert
@@ -99,3 +115,34 @@ message ListSSLCertsRequest {
 message ListSSLCertsResponse {
 	bytes sslCertsJSON = 1;
 }
+
+// 计算有OCSP错误的证书数量
+message CountAllSSLCertsWithOCSPErrorRequest {
+	string keyword = 1;
+}
+
+// 列出有OCSP错误的证书
+message ListSSLCertsWithOCSPErrorRequest {
+	string keyword = 1;
+	int64 offset = 2;
+	int64 size = 3;
+}
+
+message ListSSLCertsWithOCSPErrorResponse {
+	repeated SSLCert sslCerts = 1;
+}
+
+// 忽略一组OCSP证书错误
+message IgnoreSSLCertsWithOCSPErrorRequest {
+	repeated int64 sslCertIds = 1;
+}
+
+// 重置一组证书OCSP错误状态
+message ResetSSLCertsWithOCSPErrorRequest {
+	repeated int64 sslCertIds = 1;
+}
+
+// 重置所有证书OCSP错误状态
+message ResetAllSSLCertsWithOCSPErrorRequest {
+
+}
--- a/pkg/serverconfigs/sslconfigs/ssl_cert_config.go
+++ b/pkg/serverconfigs/sslconfigs/ssl_cert_config.go
@@ -30,7 +30,8 @@ type SSLCertConfig struct {
 	CommonNames []string `yaml:"commonNames" json:"commonNames"`

 	// OCSP
-	OCSP []byte `yaml:"ocsp" json:"ocsp"`
+	OCSP      []byte `yaml:"ocsp" json:"ocsp"`
+	OCSPError string `yaml:"ocspError" json:"ocspError"`

 	cert      *tls.Certificate
 	timeBegin time.Time