diff --git a/internal/deployer/volcengine_cdn.go b/internal/deployer/volcengine_cdn.go index 6955716f..a154d3fa 100644 --- a/internal/deployer/volcengine_cdn.go +++ b/internal/deployer/volcengine_cdn.go @@ -29,7 +29,7 @@ func NewVolcengineCDNDeployer(option *DeployerOption) (Deployer, error) { client := cdn.NewInstance() client.Client.SetAccessKey(access.AccessKeyID) client.Client.SetSecretKey(access.SecretAccessKey) - uploader, err := volcenginecdn.New(&volcenginecdn.VolcengineCDNUploaderConfig{ + uploader, err := volcenginecdn.New(&volcenginecdn.VolcEngineCDNUploaderConfig{ AccessKeyId: access.AccessKeyID, AccessKeySecret: access.SecretAccessKey, }) diff --git a/internal/deployer/volcengine_live.go b/internal/deployer/volcengine_live.go index f456bb83..2d037742 100644 --- a/internal/deployer/volcengine_live.go +++ b/internal/deployer/volcengine_live.go @@ -33,7 +33,7 @@ func NewVolcengineLiveDeployer(option *DeployerOption) (Deployer, error) { AccessKeyID: access.AccessKeyID, SecretAccessKey: access.SecretAccessKey, }) - uploader, err := volcenginelive.New(&volcenginelive.VolcengineLiveUploaderConfig{ + uploader, err := volcenginelive.New(&volcenginelive.VolcEngineLiveUploaderConfig{ AccessKeyId: access.AccessKeyID, AccessKeySecret: access.SecretAccessKey, }) diff --git a/internal/pkg/core/deployer/providers/local/local.go b/internal/pkg/core/deployer/providers/local/local.go index 073014db..9770025d 100644 --- a/internal/pkg/core/deployer/providers/local/local.go +++ b/internal/pkg/core/deployer/providers/local/local.go @@ -83,13 +83,13 @@ func (d *LocalDeployer) Deploy(ctx context.Context, certPem string, privkeyPem s switch d.config.OutputFormat { case "", OUTPUT_FORMAT_PEM: if err := fs.WriteFileString(d.config.OutputCertPath, certPem); err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to save certificate file") } d.logger.Appendt("certificate file saved") if err := fs.WriteFileString(d.config.OutputKeyPath, privkeyPem); err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to save private key file") } d.logger.Appendt("private key file saved") @@ -97,13 +97,13 @@ func (d *LocalDeployer) Deploy(ctx context.Context, certPem string, privkeyPem s case OUTPUT_FORMAT_PFX: pfxData, err := x509.TransformCertificateFromPEMToPFX(certPem, privkeyPem, d.config.PfxPassword) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to transform certificate to PFX") } d.logger.Appendt("certificate transformed to PFX") if err := fs.WriteFile(d.config.OutputCertPath, pfxData); err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to save certificate file") } d.logger.Appendt("certificate file saved") @@ -111,13 +111,13 @@ func (d *LocalDeployer) Deploy(ctx context.Context, certPem string, privkeyPem s case OUTPUT_FORMAT_JKS: jksData, err := x509.TransformCertificateFromPEMToJKS(certPem, privkeyPem, d.config.JksAlias, d.config.JksKeypass, d.config.JksStorepass) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to transform certificate to JKS") } d.logger.Appendt("certificate transformed to JKS") if err := fs.WriteFile(d.config.OutputCertPath, jksData); err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to save certificate file") } d.logger.Appendt("certificate file uploaded") diff --git a/internal/pkg/core/deployer/providers/ssh/ssh.go b/internal/pkg/core/deployer/providers/ssh/ssh.go index 54ecfd58..982e1ff4 100644 --- a/internal/pkg/core/deployer/providers/ssh/ssh.go +++ b/internal/pkg/core/deployer/providers/ssh/ssh.go @@ -91,7 +91,7 @@ func (d *SshDeployer) Deploy(ctx context.Context, certPem string, privkeyPem str d.config.SshKeyPassphrase, ) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to create ssh client") } defer client.Close() @@ -111,13 +111,13 @@ func (d *SshDeployer) Deploy(ctx context.Context, certPem string, privkeyPem str switch d.config.OutputFormat { case "", OUTPUT_FORMAT_PEM: if err := writeSftpFileString(client, d.config.OutputCertPath, certPem); err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to upload certificate file") } d.logger.Appendt("certificate file uploaded") if err := writeSftpFileString(client, d.config.OutputKeyPath, privkeyPem); err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to upload private key file") } d.logger.Appendt("private key file uploaded") @@ -125,13 +125,13 @@ func (d *SshDeployer) Deploy(ctx context.Context, certPem string, privkeyPem str case OUTPUT_FORMAT_PFX: pfxData, err := x509.TransformCertificateFromPEMToPFX(certPem, privkeyPem, d.config.PfxPassword) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to transform certificate to PFX") } d.logger.Appendt("certificate transformed to PFX") if err := writeSftpFile(client, d.config.OutputCertPath, pfxData); err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to upload certificate file") } d.logger.Appendt("certificate file uploaded") @@ -139,13 +139,13 @@ func (d *SshDeployer) Deploy(ctx context.Context, certPem string, privkeyPem str case OUTPUT_FORMAT_JKS: jksData, err := x509.TransformCertificateFromPEMToJKS(certPem, privkeyPem, d.config.JksAlias, d.config.JksKeypass, d.config.JksStorepass) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to transform certificate to JKS") } d.logger.Appendt("certificate transformed to JKS") if err := writeSftpFile(client, d.config.OutputCertPath, jksData); err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to upload certificate file") } d.logger.Appendt("certificate file uploaded") @@ -205,7 +205,7 @@ func createSshClient(host string, port int32, username string, password string, func execSshCommand(sshCli *ssh.Client, command string) (string, string, error) { session, err := sshCli.NewSession() if err != nil { - return "", "", xerrors.Wrap(err, "failed to create ssh session") + return "", "", err } defer session.Close() @@ -215,7 +215,7 @@ func execSshCommand(sshCli *ssh.Client, command string) (string, string, error) session.Stderr = &stderrBuf err = session.Run(command) if err != nil { - return "", "", xerrors.Wrap(err, "failed to execute ssh command") + return "", "", err } return stdoutBuf.String(), stderrBuf.String(), nil diff --git a/internal/pkg/core/deployer/providers/webhook/webhook.go b/internal/pkg/core/deployer/providers/webhook/webhook.go index 2e736fa2..d669a9e4 100644 --- a/internal/pkg/core/deployer/providers/webhook/webhook.go +++ b/internal/pkg/core/deployer/providers/webhook/webhook.go @@ -58,7 +58,7 @@ type webhookData struct { func (d *WebhookDeployer) Deploy(ctx context.Context, certPem string, privkeyPem string) (*deployer.DeployResult, error) { certX509, err := x509.ParseCertificateFromPEM(certPem) if err != nil { - return nil, err + return nil, xerrors.Wrap(err, "failed to parse x509") } data := &webhookData{ diff --git a/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go b/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go index 463d10bd..f13d2b33 100644 --- a/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go +++ b/internal/pkg/core/uploader/providers/aliyun-cas/aliyun_cas.go @@ -144,11 +144,6 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunCas.Cl region = "cn-hangzhou" // CAS 服务默认区域:华东一杭州 } - aConfig := &aliyunOpen.Config{ - AccessKeyId: tea.String(accessKeyId), - AccessKeySecret: tea.String(accessKeySecret), - } - var endpoint string switch region { case "cn-hangzhou": @@ -156,9 +151,14 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunCas.Cl default: endpoint = fmt.Sprintf("cas.%s.aliyuncs.com", region) } - aConfig.Endpoint = tea.String(endpoint) - client, err := aliyunCas.NewClient(aConfig) + config := &aliyunOpen.Config{ + Endpoint: tea.String(endpoint), + AccessKeyId: tea.String(accessKeyId), + AccessKeySecret: tea.String(accessKeySecret), + } + + client, err := aliyunCas.NewClient(config) if err != nil { return nil, err } diff --git a/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go b/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go index 9b62361c..df14aea9 100644 --- a/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go +++ b/internal/pkg/core/uploader/providers/aliyun-slb/aliyun_slb.go @@ -121,11 +121,6 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Cl region = "cn-hangzhou" // SLB 服务默认区域:华东一杭州 } - aConfig := &aliyunOpen.Config{ - AccessKeyId: tea.String(accessKeyId), - AccessKeySecret: tea.String(accessKeySecret), - } - var endpoint string switch region { case @@ -137,9 +132,14 @@ func createSdkClient(accessKeyId, accessKeySecret, region string) (*aliyunSlb.Cl default: endpoint = fmt.Sprintf("slb.%s.aliyuncs.com", region) } - aConfig.Endpoint = tea.String(endpoint) - client, err := aliyunSlb.NewClient(aConfig) + config := &aliyunOpen.Config{ + Endpoint: tea.String(endpoint), + AccessKeyId: tea.String(accessKeyId), + AccessKeySecret: tea.String(accessKeySecret), + } + + client, err := aliyunSlb.NewClient(config) if err != nil { return nil, err } diff --git a/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go b/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go index f27aebbc..a5364a02 100644 --- a/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go +++ b/internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go @@ -2,6 +2,7 @@ package bytepluscdn import ( "context" + "crypto/sha1" "crypto/sha256" "encoding/hex" "errors" @@ -9,9 +10,11 @@ import ( "strings" "time" - "github.com/byteplus-sdk/byteplus-sdk-golang/service/cdn" + bpCdn "github.com/byteplus-sdk/byteplus-sdk-golang/service/cdn" xerrors "github.com/pkg/errors" + "github.com/usual2970/certimate/internal/pkg/core/uploader" + "github.com/usual2970/certimate/internal/pkg/utils/cast" "github.com/usual2970/certimate/internal/pkg/utils/x509" ) @@ -22,7 +25,7 @@ type ByteplusCDNUploaderConfig struct { type ByteplusCDNUploader struct { config *ByteplusCDNUploaderConfig - sdkClient *cdn.CDN + sdkClient *bpCdn.CDN } var _ uploader.Uploader = (*ByteplusCDNUploader)(nil) @@ -32,14 +35,13 @@ func New(config *ByteplusCDNUploaderConfig) (*ByteplusCDNUploader, error) { return nil, errors.New("config is nil") } - instance := cdn.NewInstance() - client := instance.Client - client.SetAccessKey(config.AccessKey) - client.SetSecretKey(config.SecretKey) + client := bpCdn.NewInstance() + client.Client.SetAccessKey(config.AccessKey) + client.Client.SetSecretKey(config.SecretKey) return &ByteplusCDNUploader{ config: config, - sdkClient: instance, + sdkClient: client, }, nil } @@ -49,17 +51,17 @@ func (u *ByteplusCDNUploader) Upload(ctx context.Context, certPem string, privke if err != nil { return nil, err } + // 查询证书列表,避免重复上传 // REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-listcertinfo - pageNum := int64(1) - pageSize := int64(100) - certSource := "cert_center" - listCertInfoReq := &cdn.ListCertInfoRequest{ - PageNum: &pageNum, - PageSize: &pageSize, - Source: &certSource, + listCertInfoPageNum := int64(1) + listCertInfoPageSize := int64(100) + listCertInfoTotal := 0 + listCertInfoReq := &bpCdn.ListCertInfoRequest{ + PageNum: cast.Int64Ptr(listCertInfoPageNum), + PageSize: cast.Int64Ptr(listCertInfoPageSize), + Source: cast.StringPtr("cert_center"), } - searchTotal := 0 for { listCertInfoResp, err := u.sdkClient.ListCertInfo(listCertInfoReq) if err != nil { @@ -68,8 +70,10 @@ func (u *ByteplusCDNUploader) Upload(ctx context.Context, certPem string, privke if listCertInfoResp.Result.CertInfo != nil { for _, certDetail := range listCertInfoResp.Result.CertInfo { - hash := sha256.Sum256(certX509.Raw) - isSameCert := strings.EqualFold(hex.EncodeToString(hash[:]), certDetail.CertFingerprint.Sha256) + fingerprintSha1 := sha1.Sum(certX509.Raw) + fingerprintSha256 := sha256.Sum256(certX509.Raw) + isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certDetail.CertFingerprint.Sha1) && + strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certDetail.CertFingerprint.Sha256) // 如果已存在相同证书,直接返回已有的证书信息 if isSameCert { return &uploader.UploadResult{ @@ -80,23 +84,26 @@ func (u *ByteplusCDNUploader) Upload(ctx context.Context, certPem string, privke } } - searchTotal += len(listCertInfoResp.Result.CertInfo) - if int(listCertInfoResp.Result.Total) > searchTotal { - pageNum++ - } else { + listCertInfoLen := len(listCertInfoResp.Result.CertInfo) + if listCertInfoLen < int(listCertInfoPageSize) || int(listCertInfoResp.Result.Total) <= listCertInfoTotal+listCertInfoLen { break + } else { + listCertInfoPageNum++ + listCertInfoTotal += listCertInfoLen } - } + + // 生成新证书名(需符合 BytePlus 命名规则) var certId, certName string certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli()) + // 上传新证书 // REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-addcertificate - addCertificateReq := &cdn.AddCertificateRequest{ + addCertificateReq := &bpCdn.AddCertificateRequest{ Certificate: certPem, PrivateKey: privkeyPem, - Source: &certSource, - Desc: &certName, + Source: cast.StringPtr("cert_center"), + Desc: cast.StringPtr(certName), } addCertificateResp, err := u.sdkClient.AddCertificate(addCertificateReq) if err != nil { diff --git a/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go b/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go index b53ef4c5..7822a02d 100644 --- a/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go +++ b/internal/pkg/core/uploader/providers/volcengine-cdn/volcengine_cdn.go @@ -2,6 +2,7 @@ package volcenginecdn import ( "context" + "crypto/sha1" "crypto/sha256" "encoding/hex" "errors" @@ -10,56 +11,57 @@ import ( "time" xerrors "github.com/pkg/errors" + veCdn "github.com/volcengine/volc-sdk-golang/service/cdn" + "github.com/usual2970/certimate/internal/pkg/core/uploader" + "github.com/usual2970/certimate/internal/pkg/utils/cast" "github.com/usual2970/certimate/internal/pkg/utils/x509" - "github.com/volcengine/volc-sdk-golang/service/cdn" ) -type VolcengineCDNUploaderConfig struct { +type VolcEngineCDNUploaderConfig struct { AccessKeyId string `json:"accessKeyId"` AccessKeySecret string `json:"accessKeySecret"` } -type VolcengineCDNUploader struct { - config *VolcengineCDNUploaderConfig - sdkClient *cdn.CDN +type VolcEngineCDNUploader struct { + config *VolcEngineCDNUploaderConfig + sdkClient *veCdn.CDN } -var _ uploader.Uploader = (*VolcengineCDNUploader)(nil) +var _ uploader.Uploader = (*VolcEngineCDNUploader)(nil) -func New(config *VolcengineCDNUploaderConfig) (*VolcengineCDNUploader, error) { +func New(config *VolcEngineCDNUploaderConfig) (*VolcEngineCDNUploader, error) { if config == nil { return nil, errors.New("config is nil") } - instance := cdn.NewInstance() - client := instance.Client - client.SetAccessKey(config.AccessKeyId) - client.SetSecretKey(config.AccessKeySecret) + client := veCdn.NewInstance() + client.Client.SetAccessKey(config.AccessKeyId) + client.Client.SetSecretKey(config.AccessKeySecret) - return &VolcengineCDNUploader{ + return &VolcEngineCDNUploader{ config: config, - sdkClient: instance, + sdkClient: client, }, nil } -func (u *VolcengineCDNUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) { +func (u *VolcEngineCDNUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) { // 解析证书内容 certX509, err := x509.ParseCertificateFromPEM(certPem) if err != nil { return nil, err } + // 查询证书列表,避免重复上传 // REF: https://www.volcengine.com/docs/6454/125709 - pageNum := int64(1) - pageSize := int64(100) - certSource := "volc_cert_center" - listCertInfoReq := &cdn.ListCertInfoRequest{ - PageNum: &pageNum, - PageSize: &pageSize, - Source: certSource, + listCertInfoPageNum := int64(1) + listCertInfoPageSize := int64(100) + listCertInfoTotal := 0 + listCertInfoReq := &veCdn.ListCertInfoRequest{ + PageNum: cast.Int64Ptr(listCertInfoPageNum), + PageSize: cast.Int64Ptr(listCertInfoPageSize), + Source: "volc_cert_center", } - searchTotal := 0 for { listCertInfoResp, err := u.sdkClient.ListCertInfo(listCertInfoReq) if err != nil { @@ -68,8 +70,10 @@ func (u *VolcengineCDNUploader) Upload(ctx context.Context, certPem string, priv if listCertInfoResp.Result.CertInfo != nil { for _, certDetail := range listCertInfoResp.Result.CertInfo { - hash := sha256.Sum256(certX509.Raw) - isSameCert := strings.EqualFold(hex.EncodeToString(hash[:]), certDetail.CertFingerprint.Sha256) + fingerprintSha1 := sha1.Sum(certX509.Raw) + fingerprintSha256 := sha256.Sum256(certX509.Raw) + isSameCert := strings.EqualFold(hex.EncodeToString(fingerprintSha1[:]), certDetail.CertFingerprint.Sha1) && + strings.EqualFold(hex.EncodeToString(fingerprintSha256[:]), certDetail.CertFingerprint.Sha256) // 如果已存在相同证书,直接返回已有的证书信息 if isSameCert { return &uploader.UploadResult{ @@ -80,24 +84,26 @@ func (u *VolcengineCDNUploader) Upload(ctx context.Context, certPem string, priv } } - searchTotal += len(listCertInfoResp.Result.CertInfo) - if int(listCertInfoResp.Result.Total) > searchTotal { - pageNum++ - } else { + listCertInfoLen := len(listCertInfoResp.Result.CertInfo) + if listCertInfoLen < int(listCertInfoPageSize) || int(listCertInfoResp.Result.Total) <= listCertInfoTotal+listCertInfoLen { break + } else { + listCertInfoPageNum++ + listCertInfoTotal += listCertInfoLen } - } + // 生成新证书名(需符合火山引擎命名规则) var certId, certName string certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli()) + // 上传新证书 // REF: https://www.volcengine.com/docs/6454/1245763 - addCertificateReq := &cdn.AddCertificateRequest{ + addCertificateReq := &veCdn.AddCertificateRequest{ Certificate: certPem, PrivateKey: privkeyPem, - Source: &certSource, - Desc: &certName, + Source: cast.StringPtr("volc_cert_center"), + Desc: cast.StringPtr(certName), } addCertificateResp, err := u.sdkClient.AddCertificate(addCertificateReq) if err != nil { diff --git a/internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go b/internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go index abc24d8c..a9ee7008 100644 --- a/internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go +++ b/internal/pkg/core/uploader/providers/volcengine-live/volcengine_live.go @@ -8,77 +8,79 @@ import ( "time" xerrors "github.com/pkg/errors" + veLive "github.com/volcengine/volc-sdk-golang/service/live/v20230101" + "github.com/usual2970/certimate/internal/pkg/core/uploader" "github.com/usual2970/certimate/internal/pkg/utils/cast" "github.com/usual2970/certimate/internal/pkg/utils/x509" - live "github.com/volcengine/volc-sdk-golang/service/live/v20230101" ) -type VolcengineLiveUploaderConfig struct { +type VolcEngineLiveUploaderConfig struct { AccessKeyId string `json:"accessKeyId"` AccessKeySecret string `json:"accessKeySecret"` } -type VolcengineLiveUploader struct { - config *VolcengineLiveUploaderConfig - sdkClient *live.Live +type VolcEngineLiveUploader struct { + config *VolcEngineLiveUploaderConfig + sdkClient *veLive.Live } -var _ uploader.Uploader = (*VolcengineLiveUploader)(nil) +var _ uploader.Uploader = (*VolcEngineLiveUploader)(nil) -func New(config *VolcengineLiveUploaderConfig) (*VolcengineLiveUploader, error) { +func New(config *VolcEngineLiveUploaderConfig) (*VolcEngineLiveUploader, error) { if config == nil { return nil, errors.New("config is nil") } - client := live.NewInstance() + client := veLive.NewInstance() client.SetAccessKey(config.AccessKeyId) client.SetSecretKey(config.AccessKeySecret) - return &VolcengineLiveUploader{ + return &VolcEngineLiveUploader{ config: config, sdkClient: client, }, nil } -func (u *VolcengineLiveUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) { +func (u *VolcEngineLiveUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) { // 解析证书内容 certX509, err := x509.ParseCertificateFromPEM(certPem) if err != nil { return nil, err } + // 查询证书列表,避免重复上传 // REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E8%AF%A2%E8%AF%81%E4%B9%A6%E5%88%97%E8%A1%A8 - listCertReq := &live.ListCertV2Body{} + listCertReq := &veLive.ListCertV2Body{} listCertResp, err := u.sdkClient.ListCertV2(ctx, listCertReq) if err != nil { return nil, xerrors.Wrap(err, "failed to execute sdk request 'live.ListCertV2'") } - if listCertResp.Result.CertList != nil { for _, certDetail := range listCertResp.Result.CertList { - - describeCertDetailSecretReq := &live.DescribeCertDetailSecretV2Body{ - ChainID: cast.StringPtr(certDetail.ChainID), - } // 查询证书详细信息 // REF: https://www.volcengine.com/docs/6469/1186278#%E6%9F%A5%E7%9C%8B%E8%AF%81%E4%B9%A6%E8%AF%A6%E6%83%85 - describeCertDetailSecretResp, detailErr := u.sdkClient.DescribeCertDetailSecretV2(ctx, describeCertDetailSecretReq) - if detailErr != nil { + describeCertDetailSecretReq := &veLive.DescribeCertDetailSecretV2Body{ + ChainID: cast.StringPtr(certDetail.ChainID), + } + describeCertDetailSecretResp, err := u.sdkClient.DescribeCertDetailSecretV2(ctx, describeCertDetailSecretReq) + if err != nil { continue } + var isSameCert bool certificate := strings.Join(describeCertDetailSecretResp.Result.SSL.Chain, "\n\n") if certificate == certPem { isSameCert = true } else { - cert, err := x509.ParseCertificateFromPEM(certificate) + oldCertX509, err := x509.ParseCertificateFromPEM(certificate) if err != nil { continue } - isSameCert = x509.EqualCertificate(cert, certX509) + isSameCert = x509.EqualCertificate(certX509, oldCertX509) } + // 如果已存在相同证书,直接返回已有的证书信息 if isSameCert { return &uploader.UploadResult{ @@ -92,13 +94,14 @@ func (u *VolcengineLiveUploader) Upload(ctx context.Context, certPem string, pri // 生成新证书名(需符合火山引擎命名规则) var certId, certName string certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli()) + // 上传新证书 // REF: https://www.volcengine.com/docs/6469/1186278#%E6%B7%BB%E5%8A%A0%E8%AF%81%E4%B9%A6 - createCertReq := &live.CreateCertBody{ + createCertReq := &veLive.CreateCertBody{ CertName: &certName, UseWay: "https", ProjectName: cast.StringPtr("default"), - Rsa: live.CreateCertBodyRsa{ + Rsa: veLive.CreateCertBodyRsa{ Prikey: privkeyPem, Pubkey: certPem, },