TRKJ/EdgeCommon
2
0
Fork 0
mirror of https://github.com/TeaOSLab/EdgeCommon.git synced 2025-11-04 05:00:24 +08:00
Code Issues Packages Projects Releases Wiki Activity

OCSP支持过期时间

Browse Source
This commit is contained in:
刘祥超
2022-03-18 20:20:28 +08:00
parent 5fd12b809a
commit b6f4e5ce13
6 changed files with 247 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/nodeconfigs/node_config.go
View File

@@ -428,7 +428,7 @@ func (this *NodeConfig) SYNFloodConfig() *firewallconfigs.SYNFloodConfig {
}
// UpdateCertOCSP 修改证书OCSP
func (this *NodeConfig) UpdateCertOCSP(certId int64, ocsp []byte) {
func (this *NodeConfig) UpdateCertOCSP(certId int64, ocsp []byte, expiresAt int64) {
shared.Locker.Lock()
defer shared.Locker.Unlock()
@@ -438,14 +438,14 @@ func (this *NodeConfig) UpdateCertOCSP(certId int64, ocsp []byte) {
server.HTTPS.SSLPolicy != nil &&
server.HTTPS.SSLPolicy.OCSPIsOn &&
server.HTTPS.SSLPolicy.ContainsCert(certId) {
server.HTTPS.SSLPolicy.UpdateCertOCSP(certId, ocsp)
server.HTTPS.SSLPolicy.UpdateCertOCSP(certId, ocsp, expiresAt)
}
if server.TLS != nil &&
server.TLS.SSLPolicy != nil &&
server.TLS.SSLPolicy.OCSPIsOn &&
server.TLS.SSLPolicy.ContainsCert(certId) {
server.TLS.SSLPolicy.UpdateCertOCSP(certId, ocsp)
server.TLS.SSLPolicy.UpdateCertOCSP(certId, ocsp, expiresAt)
}
}
}

148
pkg/rpc/pb/service_ssl_cert.pb.go
View File

@@ -1125,8 +1125,9 @@ type ListUpdatedSSLCertOCSPResponse_SSLCertOCSP struct {
unknownFields protoimpl.UnknownFields
SslCertId int64 `protobuf:"varint,1,opt,name=sslCertId,proto3" json:"sslCertId,omitempty"`
Ocsp []byte `protobuf:"bytes,2,opt,name=ocsp,proto3" json:"ocsp,omitempty"`
Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
Version int64 `protobuf:"varint,3,opt,name=version,proto3" json:"version,omitempty"`
ExpiresAt int64 `protobuf:"varint,4,opt,name=expiresAt,proto3" json:"expiresAt,omitempty"`
}
func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) Reset() {
@@ -1168,9 +1169,9 @@ func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) GetSslCertId() int64 {
return 0
}
func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) GetOcsp() []byte {
func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) GetData() []byte {
if x != nil {
return x.Ocsp
return x.Data
}
return nil
}
@@ -1182,6 +1183,13 @@ func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) GetVersion() int64 {
return 0
}
func (x *ListUpdatedSSLCertOCSPResponse_SSLCertOCSP) GetExpiresAt() int64 {
if x != nil {
return x.ExpiresAt
}
return 0
}
var File_service_ssl_cert_proto protoreflect.FileDescriptor
var file_service_ssl_cert_proto_rawDesc = []byte{
@@ -1311,83 +1319,85 @@ var file_service_ssl_cert_proto_rawDesc = []byte{
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f,
0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e,
0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04,
0x73, 0x69, 0x7a, 0x65, 0x22, 0xcd, 0x01, 0x0a, 0x1e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64,
0x73, 0x69, 0x7a, 0x65, 0x22, 0xeb, 0x01, 0x0a, 0x1e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64,
0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52,
0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x50, 0x0a, 0x0b, 0x73, 0x73, 0x6c, 0x43, 0x65,
0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x70,
0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c,
0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
0x2e, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x0b, 0x73, 0x73,
0x6c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x1a, 0x59, 0x0a, 0x0b, 0x53, 0x53, 0x4c,
0x6c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x1a, 0x77, 0x0a, 0x0b, 0x53, 0x53, 0x4c,
0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x73, 0x6c, 0x43,
0x65, 0x72, 0x74, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x73, 0x73, 0x6c,
0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x18, 0x02,
0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x6f, 0x63, 0x73, 0x70, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65,
0x43, 0x65, 0x72, 0x74, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02,
0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65,
0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x76, 0x65, 0x72,
0x73, 0x69, 0x6f, 0x6e, 0x32, 0xe9, 0x07, 0x0a, 0x0e, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74,
0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x44, 0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61, 0x74,
0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72,
0x65, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
0x73, 0x74, 0x1a, 0x19, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x53,
0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x39, 0x0a,
0x0d, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18,
0x2e, 0x70, 0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72,
0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50,
0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x39, 0x0a, 0x0d, 0x64, 0x65, 0x6c, 0x65,
0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x44,
0x65, 0x6c, 0x65, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63,
0x65, 0x73, 0x73, 0x12, 0x65, 0x0a, 0x18, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c,
0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
0x23, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71,
0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e,
0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66,
0x69, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3e, 0x0a, 0x0d, 0x63, 0x6f,
0x75, 0x6e, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x17, 0x2e, 0x70, 0x62,
0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71,
0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x43, 0x6f, 0x75,
0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x41, 0x0a, 0x0c, 0x6c, 0x69,
0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x17, 0x2e, 0x70, 0x62, 0x2e,
0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c,
0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a,
0x1d, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74,
0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x28,
0x2e, 0x70, 0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43,
0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f,
0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50,
0x43, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x68,
0x0a, 0x19, 0x6c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69,
0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x24, 0x2e, 0x70, 0x62,
0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74,
0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x1a, 0x25, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65,
0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x55, 0x0a, 0x1b, 0x69, 0x67, 0x6e, 0x6f,
0x72, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43,
0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x26, 0x2e, 0x70, 0x62, 0x2e, 0x49, 0x67, 0x6e,
0x6f, 0x72, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f,
0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41,
0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73,
0x41, 0x74, 0x32, 0xe9, 0x07, 0x0a, 0x0e, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x53, 0x65,
0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x44, 0x0a, 0x0d, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53,
0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61,
0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x1a, 0x19, 0x2e, 0x70, 0x62, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43,
0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x39, 0x0a, 0x0d, 0x75,
0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, 0x2e, 0x70,
0x62, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53,
0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x39, 0x0a, 0x0d, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65,
0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x12, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x44, 0x65, 0x6c,
0x65, 0x74, 0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73,
0x73, 0x12, 0x65, 0x0a, 0x18, 0x66, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64,
0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x23, 0x2e,
0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x53, 0x53,
0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65,
0x73, 0x74, 0x1a, 0x24, 0x2e, 0x70, 0x62, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x45, 0x6e, 0x61, 0x62,
0x6c, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3e, 0x0a, 0x0d, 0x63, 0x6f, 0x75, 0x6e,
0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x17, 0x2e, 0x70, 0x62, 0x2e, 0x43,
0x6f, 0x75, 0x6e, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65,
0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x43, 0x6f, 0x75, 0x6e, 0x74,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x41, 0x0a, 0x0c, 0x6c, 0x69, 0x73, 0x74,
0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x12, 0x17, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69,
0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x1a, 0x18, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65,
0x72, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, 0x1d, 0x63,
0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57,
0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x28, 0x2e, 0x70,
0x62, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72,
0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52,
0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x43,
0x6f, 0x75, 0x6e, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x68, 0x0a, 0x19,
0x6c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68,
0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x24, 0x2e, 0x70, 0x62, 0x2e, 0x4c,
0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f,
0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12,
0x53, 0x0a, 0x1a, 0x72, 0x65, 0x73, 0x65, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73,
0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x25, 0x2e,
0x70, 0x62, 0x2e, 0x52, 0x65, 0x73, 0x65, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73,
0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71,
0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63,
0x63, 0x65, 0x73, 0x73, 0x12, 0x59, 0x0a, 0x1d, 0x72, 0x65, 0x73, 0x65, 0x74, 0x41, 0x6c, 0x6c,
0x25, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74,
0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65,
0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x55, 0x0a, 0x1b, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65,
0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50,
0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x28, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x65, 0x73, 0x65, 0x74,
0x41, 0x6c, 0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f,
0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12,
0x5f, 0x0a, 0x16, 0x6c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53,
0x4c, 0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x21, 0x2e, 0x70, 0x62, 0x2e, 0x4c,
0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72,
0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x70,
0x62, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c,
0x43, 0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
0x42, 0x06, 0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x26, 0x2e, 0x70, 0x62, 0x2e, 0x49, 0x67, 0x6e, 0x6f, 0x72,
0x65, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53,
0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e,
0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x53, 0x0a,
0x1a, 0x72, 0x65, 0x73, 0x65, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69,
0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x25, 0x2e, 0x70, 0x62,
0x2e, 0x52, 0x65, 0x73, 0x65, 0x74, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69,
0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65,
0x73, 0x74, 0x1a, 0x0e, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65,
0x73, 0x73, 0x12, 0x59, 0x0a, 0x1d, 0x72, 0x65, 0x73, 0x65, 0x74, 0x41, 0x6c, 0x6c, 0x53, 0x53,
0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53, 0x50, 0x45, 0x72,
0x72, 0x6f, 0x72, 0x12, 0x28, 0x2e, 0x70, 0x62, 0x2e, 0x52, 0x65, 0x73, 0x65, 0x74, 0x41, 0x6c,
0x6c, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x73, 0x57, 0x69, 0x74, 0x68, 0x4f, 0x43, 0x53,
0x50, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x0e, 0x2e,
0x70, 0x62, 0x2e, 0x52, 0x50, 0x43, 0x53, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x12, 0x5f, 0x0a,
0x16, 0x6c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43,
0x65, 0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x12, 0x21, 0x2e, 0x70, 0x62, 0x2e, 0x4c, 0x69, 0x73,
0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65, 0x72, 0x74, 0x4f,
0x43, 0x53, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x70, 0x62, 0x2e,
0x4c, 0x69, 0x73, 0x74, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x53, 0x53, 0x4c, 0x43, 0x65,
0x72, 0x74, 0x4f, 0x43, 0x53, 0x50, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x06,
0x5a, 0x04, 0x2e, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (

3
pkg/rpc/protos/service_ssl_cert.proto
View File

@@ -161,7 +161,8 @@ message ListUpdatedSSLCertOCSPResponse {
message SSLCertOCSP {
int64 sslCertId = 1;
bytes ocsp = 2;
bytes data = 2;
int64 version = 3;
int64 expiresAt = 4;
}
}

5
pkg/serverconfigs/sslconfigs/ssl_cert_config.go
View File

@@ -30,8 +30,9 @@ type SSLCertConfig struct {
CommonNames []string `yaml:"commonNames" json:"commonNames"`
// OCSP
OCSP []byte `yaml:"ocsp" json:"ocsp"`
OCSPError string `yaml:"ocspError" json:"ocspError"`
OCSP []byte `yaml:"ocsp" json:"ocsp"`
OCSPExpiresAt int64 `yaml:"ocspExpiresAt" json:"ocspExpiresAt"`
OCSPError string `yaml:"ocspError" json:"ocspError"`
cert *tls.Certificate
timeBegin time.Time

62
pkg/serverconfigs/sslconfigs/ssl_policy.go
View File

@@ -6,6 +6,7 @@ import (
"crypto/x509"
"github.com/TeaOSLab/EdgeCommon/pkg/configutils"
"golang.org/x/net/http2"
"time"
)
// TLSVersion TLS Version
@@ -42,6 +43,8 @@ type SSLPolicy struct {
clientCAPool *x509.CertPool
tlsConfig *tls.Config
ocspExpiresAt int64 // OCSP最早过期时间
}
// Init 校验配置
@@ -55,7 +58,10 @@ func (this *SSLPolicy) Init() error {
if err != nil {
return err
}
if this.OCSPIsOn && len(cert.OCSP) > 0 {
if this.OCSPIsOn && len(cert.OCSP) > 0 && cert.OCSPExpiresAt > time.Now().Unix() {
if this.ocspExpiresAt == 0 || cert.OCSPExpiresAt < this.ocspExpiresAt {
this.ocspExpiresAt = cert.OCSPExpiresAt
}
cert.CertObject().OCSPStaple = cert.OCSP
}
certs = append(certs, *cert.CertObject())
@@ -167,16 +173,28 @@ func (this *SSLPolicy) ContainsCert(certId int64) bool {
}
// UpdateCertOCSP 修改某个证书的OCSP
func (this *SSLPolicy) UpdateCertOCSP(certId int64, ocsp []byte) {
func (this *SSLPolicy) UpdateCertOCSP(certId int64, ocsp []byte, expiresAt int64) {
var nowTime = time.Now().Unix()
for _, cert := range this.Certs {
if cert.Id == certId {
cert.OCSP = ocsp
cert.OCSPExpiresAt = expiresAt
cert.CertObject().OCSPStaple = cert.OCSP
// 修改tlsConfig中的cert
for index, cert2 := range this.tlsConfig.Certificates {
if this.certIsEqual(*cert.CertObject(), cert2) {
this.tlsConfig.Certificates[index].OCSPStaple = ocsp
for index, certObj := range this.tlsConfig.Certificates {
if this.certIsEqual(*cert.CertObject(), certObj) {
if len(cert.OCSP) > 0 && cert.OCSPExpiresAt > nowTime {
this.tlsConfig.Certificates[index].OCSPStaple = ocsp
// 重置过期时间
if this.ocspExpiresAt == 0 || cert.OCSPExpiresAt < this.ocspExpiresAt {
this.ocspExpiresAt = cert.OCSPExpiresAt
}
} else {
this.tlsConfig.Certificates[index].OCSPStaple = nil
}
}
}
break
@@ -184,6 +202,40 @@ func (this *SSLPolicy) UpdateCertOCSP(certId int64, ocsp []byte) {
}
}
// CheckOCSP 检查OCSP过期时间
func (this *SSLPolicy) CheckOCSP() {
if !this.OCSPIsOn || this.ocspExpiresAt == 0 {
return
}
var nowTime = time.Now().Unix()
if this.ocspExpiresAt > nowTime {
return
}
this.ocspExpiresAt = 0
for _, cert := range this.Certs {
if cert.OCSPExpiresAt > 0 && cert.OCSPExpiresAt < nowTime+1 {
// 重置OCSP
cert.OCSP = nil
cert.OCSPExpiresAt = 0
for index, certObj := range this.tlsConfig.Certificates {
if this.certIsEqual(*cert.CertObject(), certObj) {
this.tlsConfig.Certificates[index].OCSPStaple = nil
}
}
} else if len(cert.OCSP) > 0 && cert.OCSPExpiresAt > nowTime && (this.ocspExpiresAt == 0 || cert.OCSPExpiresAt < this.ocspExpiresAt) {
// 重置过期时间
this.ocspExpiresAt = cert.OCSPExpiresAt
}
}
}
// OcspExpiresAt OCSP最近过期时间
func (this *SSLPolicy) OcspExpiresAt() int64 {
return this.ocspExpiresAt
}
func (this *SSLPolicy) certIsEqual(cert1 tls.Certificate, cert2 tls.Certificate) bool {
var b1 = cert1.Certificate
var b2 = cert2.Certificate

106
pkg/serverconfigs/sslconfigs/ssl_policy_test.go
View File

@@ -1,17 +1,19 @@
// Copyright 2021 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
package sslconfigs
package sslconfigs_test
import (
"github.com/TeaOSLab/EdgeCommon/pkg/serverconfigs/sslconfigs"
"github.com/iwind/TeaGo/assert"
"testing"
"time"
)
func TestSSLPolicy_MatchDomain(t *testing.T) {
var a = assert.NewAssertion(t)
var policy = &SSLPolicy{}
policy.Certs = []*SSLCertConfig{
var policy = &sslconfigs.SSLPolicy{}
policy.Certs = []*sslconfigs.SSLCertConfig{
{
Id: 1,
DNSNames: []string{"a.com", "b.com"},
@@ -31,3 +33,101 @@ func TestSSLPolicy_MatchDomain(t *testing.T) {
a.IsTrue(ok)
}
}
func TestSSLPolicy_CheckOCSP(t *testing.T) {
var certData = []byte(`-----BEGIN CERTIFICATE-----
MIIEcTCCA9qgAwIBAgIDbhMuMA0GCSqGSIb3DQEBBQUAMIGKMQswCQYDVQQGEwJD
TjESMBAGA1UECBMJR3Vhbmdkb25nMREwDwYDVQQHEwhTaGVuemhlbjEQMA4GA1UE
ChMHVGVuY2VudDEMMAoGA1UECxMDV1hHMRMwEQYDVQQDEwpNbXBheW1jaENBMR8w
HQYJKoZIhvcNAQkBFhBtbXBheW1jaEB0ZW5jZW50MB4XDTE2MTIxMjA5NDAwM1oX
DTI2MTIxMDA5NDAwM1owgaExCzAJBgNVBAYTAkNOMRIwEAYDVQQIEwlHdWFuZ2Rv
bmcxETAPBgNVBAcTCFNoZW56aGVuMRAwDgYDVQQKEwdUZW5jZW50MQ4wDAYDVQQL
EwVNTVBheTE2MDQGA1UEAxQt5YyX5Lqs5LiJ55m+5YWt5Y2B6KGM5LqS6IGU56eR
5oqA5pyJ6ZmQ5YWs5Y+4MREwDwYDVQQEEwgxNzIyNzc0NDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAN2/1axdFhLKgMAGpkM9kpBfz88IvVYLFLaRrsIO
aM4RLDup5ye0GrOvQtq8gvPFbn+GuekyBfoVRNHW1OSv/uQfDYd5tcmAy/0BDZSL
OfPHaYOS2fj2y9KvLZTFTMBszG9kwV/FFlHgK4SJKbikdqTPd9vnt6Yr7FyfTIws
K9RQ77vetOTduWZttON+RK/Tlz6AepiVfl9LZ/XOVveYI/6TfEbI6uUoeXrlSKCf
w8/yfo69tcZV0g9yjSnVYDvgp6BFXJ1QK1CnJB4Dnol8XoBgUIrUyJqO+LvPr2Qy
wsnyONc15AJK/23vebDGGvTvYtu47qRywISD4ioW15YBK1UCAwEAAaOCAUYwggFC
MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHSJDRVMtQ0EgR2VuZXJhdGUgQ2Vy
dGlmaWNhdGUiMB0GA1UdDgQWBBQVQCAalLY0TuS+z80biOcWb0QkzjCBvwYDVR0j
BIG3MIG0gBQ+BSb2ImK0FVuIzWR+sNRip+WGdKGBkKSBjTCBijELMAkGA1UEBhMC
Q04xEjAQBgNVBAgTCUd1YW5nZG9uZzERMA8GA1UEBxMIU2hlbnpoZW4xEDAOBgNV
BAoTB1RlbmNlbnQxDDAKBgNVBAsTA1dYRzETMBEGA1UEAxMKTW1wYXltY2hDQTEf
MB0GCSqGSIb3DQEJARYQbW1wYXltY2hAdGVuY2VudIIJALtUlyu8AOhXMA4GA1Ud
DwEB/wQEAwIGwDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAjANBgkqhkiG9w0BAQUF
AAOBgQA/Zr9PIRE8c3mAnb0lmx/DToFJrUB4Sr51szjiX5XiKymBoC2hnwJvI+7B
EkRdNv4S7rvu33GS7BcZvjEwyrZdA9ZRIQz1MiaBIXdayIkkUCxaStB1junI8Jfc
dG6S+JIMJU8y0tG53vEG2JRw8Mmm1qloAxs1Zl92UtlZoiHHCQ==
-----END CERTIFICATE-----
`)
var keyData = []byte(`-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDdv9WsXRYSyoDA
BqZDPZKQX8/PCL1WCxS2ka7CDmjOESw7qecntBqzr0LavILzxW5/hrnpMgX6FUTR
1tTkr/7kHw2HebXJgMv9AQ2Uiznzx2mDktn49svSry2UxUzAbMxvZMFfxRZR4CuE
iSm4pHakz3fb57emK+xcn0yMLCvUUO+73rTk3blmbbTjfkSv05c+gHqYlX5fS2f1
zlb3mCP+k3xGyOrlKHl65Uign8PP8n6OvbXGVdIPco0p1WA74KegRVydUCtQpyQe
A56JfF6AYFCK1Miajvi7z69kMsLJ8jjXNeQCSv9t73mwxhr072LbuO6kcsCEg+Iq
FteWAStVAgMBAAECggEAVkqTfMqQj2lsJs2vn5TzVulh9cAB5dzUB6OzbOKsmBwI
qYMZZ9LnXSsDihk3oGMg99FWwU9tEf9602mVWRS/zMfkvOZ4/lv3hZIGVdrEB4B/
J+talU58zJTM2QraLjtoZqS/t2P7porkhGPX73lYjhQKIXIPfkOza+u1nwqFV84Z
YowiRTowuBHAAduW7W5uv4MaGG6P9w/JzR4zHCUjc5rnh/3a3+TN6KRxkXDh+1yi
6wg0S54qtTyAEIeGMjIqhzUgN0fxlhyMgtROi8h3DN/tvBoOCT9jGFeTsBcfk6Ib
p4sMDo/OcC1NXsENsccVprH297jKmwV0vZFGUebPAQKBgQD9bfrWU0TvLlLILJmT
52HRy6HCddKV6SdCBF04Rz3a5L32epKREql6l8KewHo05wlty90UL4sltHwZo9h6
QuukNMMuLvaye2qOAkuFw1x5qD4R2VvbQsPDHoJt0zOzzF77/Faob+3NSHk9Yt3h
s7/LrU9vDfoPVROMatJR01XzFQKBgQDf/5kofDYQ/qcddosktkgxIyZBFuE4C/s+
nhiXl/Kd5Q+AP2o6kPsl5o4Jz2s3zBrmyRb733Zhb/rx/gbebTvqLjrTpyxXovmQ
8ecKeAS+IlrvAEDDT4c6ecAXR4zHZER00g0zbL4sX+fpKzON+jL6poA/el4MQySR
/DLJUx1nQQKBgQCLNQFG/2BrPXfNaupFWyDZW9CT/6JYJEUjN0B5bHCmr2VFYdjm
hWjA5WHLUBEQxCPiwsvCjccSRAyzDNQZfG7xuOXJlZR/P9ms/ce8Ry6hyO+nYEzb
qNXddQHSD+RjjAxUwCxdw3XNgFTQimE03EarO5zZdMT57RKa3AaBWePpbQKBgQCq
D4fcMNFrfaqqt8FUEgAlLiZw7En5Hz+Ufrr0/Kt6LNnj6EFiTYgfcjcMQ6mHJzKV
XL5SY4mg2D+RUectH4mJdae74QPNVTJcVQuv6wbOw45+PZbtsYddYenwwqWjDADd
IExdaoXHctjDMcVmWTozCg38I48biC5Pl0WHi86bAQKBgGBK6XUJPRYOsQFshunq
edxSbZBiYFDUj6SfOdaTSuU61KOWRTXJyuOBaB77usmZdwOrB4vy1XUT1uuPWKlx
SKmNoe/mk2xYiGdKvFDRRHh25zCxDWsQ2nMQfUFczTZ9wBwGs40wzm36fSgHZybq
Z3NIV2eNt6YBwkC69DzdazXT
-----END PRIVATE KEY-----
`)
var policy = &sslconfigs.SSLPolicy{
OCSPIsOn: true,
}
var nowTime = time.Now().Unix()
policy.Certs = append(policy.Certs, &sslconfigs.SSLCertConfig{
Id: 1,
CertData: certData,
KeyData: keyData,
OCSP: []byte("ocsp"),
OCSPExpiresAt: nowTime + 1,
})
policy.Certs = append(policy.Certs, &sslconfigs.SSLCertConfig{
Id: 1,
CertData: certData,
KeyData: keyData,
OCSP: []byte("ocsp"),
OCSPExpiresAt: nowTime + 3,
})
policy.Certs = append(policy.Certs, &sslconfigs.SSLCertConfig{
Id: 1,
CertData: certData,
KeyData: keyData,
OCSP: []byte("ocsp"),
OCSPExpiresAt: nowTime + 2,
})
err := policy.Init()
if err != nil {
t.Fatal(err)
}
t.Log(policy.OcspExpiresAt(), policy.OcspExpiresAt() == nowTime+1)
time.Sleep(1 * time.Second)
policy.CheckOCSP()
t.Log(policy.OcspExpiresAt(), policy.OcspExpiresAt() == nowTime+2)
}