动态更新OCSP，防止过期

internal/nodes/http_client_pool_test.go

@@ -21,14 +21,14 @@ func TestHTTPClientPool_Client(t *testing.T) {
 			t.Fatal(err)
 		}
 		{
-			client, err := pool.Client(nil, origin, origin.Addr.PickAddress(), nil)
+			client, err := pool.Client(nil, origin, origin.Addr.PickAddress(), nil, false)
 			if err != nil {
 				t.Fatal(err)
 			}
 			t.Log("client:", client)
 		}
 		for i := 0; i < 10; i++ {
-			client, err := pool.Client(nil, origin, origin.Addr.PickAddress(), nil)
+			client, err := pool.Client(nil, origin, origin.Addr.PickAddress(), nil, false)
 			if err != nil {
 				t.Fatal(err)
 			}
@@ -53,7 +53,7 @@ func TestHTTPClientPool_cleanClients(t *testing.T) {
 
 	for i := 0; i < 10; i++ {
 		t.Log("get", i)
-		_, _ = pool.Client(nil, origin, origin.Addr.PickAddress(), nil)
+		_, _ = pool.Client(nil, origin, origin.Addr.PickAddress(), nil, false)
 		time.Sleep(1 * time.Second)
 	}
 }
@@ -73,6 +73,6 @@ func BenchmarkHTTPClientPool_Client(b *testing.B) {
 
 	pool := NewHTTPClientPool()
 	for i := 0; i < b.N; i++ {
-		_, _ = pool.Client(nil, origin, origin.Addr.PickAddress(), nil)
+		_, _ = pool.Client(nil, origin, origin.Addr.PickAddress(), nil, false)
 	}
 }

internal/nodes/task_ocsp_update.go

@@ -0,0 +1,92 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package nodes
+
+import (
+	"github.com/TeaOSLab/EdgeCommon/pkg/rpc/pb"
+	"github.com/TeaOSLab/EdgeNode/internal/events"
+	"github.com/TeaOSLab/EdgeNode/internal/goman"
+	"github.com/TeaOSLab/EdgeNode/internal/remotelogs"
+	"github.com/TeaOSLab/EdgeNode/internal/rpc"
+	"github.com/iwind/TeaGo/Tea"
+	"time"
+)
+
+var sharedOCSPTask = NewOCSPUpdateTask()
+
+func init() {
+	events.On(events.EventLoaded, func() {
+		sharedOCSPTask.version = sharedNodeConfig.OCSPVersion
+
+		goman.New(func() {
+			sharedOCSPTask.Start()
+		})
+	})
+	events.On(events.EventQuit, func() {
+		sharedOCSPTask.Stop()
+	})
+
+}
+
+// OCSPUpdateTask 更新OCSP任务
+type OCSPUpdateTask struct {
+	version int64
+
+	ticker *time.Ticker
+}
+
+func NewOCSPUpdateTask() *OCSPUpdateTask {
+	var ticker = time.NewTicker(1 * time.Minute)
+	if Tea.IsTesting() {
+		ticker = time.NewTicker(10 * time.Second)
+	}
+	return &OCSPUpdateTask{
+		ticker: ticker,
+	}
+}
+
+func (this *OCSPUpdateTask) Start() {
+	for range this.ticker.C {
+		err := this.Loop()
+		if err != nil {
+			remotelogs.Warn("OCSPUpdateTask", "update ocsp failed: "+err.Error())
+		}
+	}
+}
+
+func (this *OCSPUpdateTask) Loop() error {
+	rpcClient, err := rpc.SharedRPC()
+	if err != nil {
+		return err
+	}
+
+	resp, err := rpcClient.SSLCertService().ListUpdatedSSLCertOCSP(rpcClient.Context(), &pb.ListUpdatedSSLCertOCSPRequest{
+		Version: this.version,
+		Size:    100,
+	})
+	if err != nil {
+		return err
+	}
+
+	for _, ocsp := range resp.SslCertOCSP {
+		// 更新OCSP
+		sharedNodeConfig.UpdateCertOCSP(ocsp.SslCertId, ocsp.Ocsp)
+
+		// 修改版本
+		this.version = ocsp.Version
+	}
+
+	return nil
+}
+
+func (this *OCSPUpdateTask) Stop() {
+	this.ticker.Stop()
+}
+
+func (this *OCSPUpdateTask) updateOCSP(certId int64, ocsp []byte) {
+	var config = sharedNodeConfig
+	if config == nil {
+		return
+	}
+
+}

internal/nodes/task_ocsp_update_test.go

@@ -0,0 +1,16 @@
+// Copyright 2022 Liuxiangchao iwind.liu@gmail.com. All rights reserved.
+
+package nodes_test
+
+import (
+	"github.com/TeaOSLab/EdgeNode/internal/nodes"
+	"testing"
+)
+
+func TestOCSPUpdateTask_Loop(t *testing.T) {
+	var task = &nodes.OCSPUpdateTask{}
+	err := task.Loop()
+	if err != nil {
+		t.Fatal(err)
+	}
+}

internal/rpc/rpc_client.go

@@ -137,6 +137,10 @@ func (this *RPCClient) FirewallService() pb.FirewallServiceClient {
 	return pb.NewFirewallServiceClient(this.pickConn())
 }
 
+func (this *RPCClient) SSLCertService() pb.SSLCertServiceClient {
+	return pb.NewSSLCertServiceClient(this.pickConn())
+}
+
 // Context 节点上下文信息
 func (this *RPCClient) Context() context.Context {
 	ctx := context.Background()