allinssl/plugins/aliyun/action.go

package main

import (
	"ALLinSSL/plugins/aliyun/cas"
	"ALLinSSL/plugins/aliyun/esa"
	"fmt"
	"strconv"
	"strings"
)

func uploadToCAS(cfg map[string]any) (*Response, error) {
	if cfg == nil {
		return nil, fmt.Errorf("config cannot be nil")
	}
	certStr, ok := cfg["cert"].(string)
	if !ok || certStr == "" {
		return nil, fmt.Errorf("cert is required and must be a string")
	}
	keyStr, ok := cfg["key"].(string)
	if !ok || keyStr == "" {
		return nil, fmt.Errorf("key is required and must be a string")
	}
	accessKey, ok := cfg["access_key"].(string)
	if !ok || accessKey == "" {
		return nil, fmt.Errorf("access_key is required and must be a string")
	}
	secretKey, ok := cfg["secret_key"].(string)
	if !ok || secretKey == "" {
		return nil, fmt.Errorf("secret_key is required and must be a string")
	}
	endpoint, ok := cfg["endpoint"].(string)
	if !ok || endpoint == "" {
		endpoint = "cas.ap-southeast-1.aliyuncs.com" // 默认值
	}
	name, ok := cfg["name"].(string)
	if !ok || name == "" {
		name = "allinssl-certificate" // 默认名称
	}

	client, err := cas.CreateClient(accessKey, secretKey, endpoint)
	if err != nil {
		return nil, fmt.Errorf("failed to create CAS client: %w", err)
	}
	// 上传证书到 CAS
	err = cas.UploadToCas(client, certStr, keyStr, name)
	if err != nil {
		return nil, fmt.Errorf("failed to upload certificate to CAS: %w", err)
	}

	return &Response{
		Status:  "success",
		Message: "CAS upload successful",
		Result:  nil,
	}, nil
}

func deployToESA(cfg map[string]any) (*Response, error) {
	if cfg == nil {
		return nil, fmt.Errorf("config cannot be nil")
	}
	certPEM, ok := cfg["cert"].(string)
	if !ok || certPEM == "" {
		return nil, fmt.Errorf("cert is required and must be a string")
	}
	privkeyPEM, ok := cfg["key"].(string)
	if !ok || privkeyPEM == "" {
		return nil, fmt.Errorf("key is required and must be a string")
	}
	accessKey, ok := cfg["access_key"].(string)
	if !ok || accessKey == "" {
		return nil, fmt.Errorf("access_key is required and must be a string")
	}
	secretKey, ok := cfg["secret_key"].(string)
	if !ok || secretKey == "" {
		return nil, fmt.Errorf("secret_key is required and must be a string")
	}
	var siteID int64
	switch v := cfg["site_id"].(type) {
	case float64:
		siteID = int64(v)
	case string:
		var err error
		siteID, err = strconv.ParseInt(v, 10, 64)
		if err != nil {
			return nil, fmt.Errorf("site_id format error: %w", err)
		}
	case int:
		siteID = int64(v)
	default:
		return nil, fmt.Errorf("site_id format error")
	}
	var delRepeatDomainCert bool
	switch v := cfg["del_repeat_domain_cert"].(type) {
	case bool:
		delRepeatDomainCert = v
	case string:
		if v == "true" {
			delRepeatDomainCert = true
		}
	case nil:
		delRepeatDomainCert = false
	}

	client, err := esa.CreateEsaClient(accessKey, secretKey)
	if err != nil {
		return nil, fmt.Errorf("failed to create ESA client: %w", err)
	}

	// 检查是否需要删除重复的域名证书
	if delRepeatDomainCert {
		// 解析现有证书的域名
		certObj, err := ParseCertificate([]byte(certPEM))
		if err != nil {
			return nil, fmt.Errorf("failed to parse certificate: %w", err)
		}
		domainSet := make(map[string]bool)

		if certObj.Subject.CommonName != "" {
			domainSet[certObj.Subject.CommonName] = true
		}
		for _, dns := range certObj.DNSNames {
			domainSet[dns] = true
		}

		// 转成切片并拼接成逗号分隔的字符串
		var domains []string
		for domain := range domainSet {
			domains = append(domains, domain)
		}
		domainList := strings.Join(domains, ",")

		certList, err := esa.ListCertFromESA(client, siteID)
		if err != nil {
			return nil, fmt.Errorf("failed to list certificates from ESA: %w", err)
		}
		for _, cert := range certList {
			if *cert.SAN == domainList {
				err = esa.DeleteEsaCert(client, siteID, *cert.Id)
				if err != nil {
					return nil, fmt.Errorf("failed to delete existing certificate: %w", err)
				}
			}
		}
	}

	err = esa.UploadCertToESA(client, siteID, certPEM, privkeyPEM)
	if err != nil {
		return nil, fmt.Errorf("failed to upload certificate to ESA: %w", err)
	}

	return &Response{
		Status:  "success",
		Message: "ESA deployment successful",
		Result:  nil,
	}, nil
}