feat: add tencentcloud ssl uploader

2024-10-20 23:53:10 +08:00 · 2024-10-20 23:53:10 +08:00 · a4fc8dfc56
parent f168bd903d
commit a4fc8dfc56
4 changed files with 139 additions and 26 deletions
--- a/internal/pkg/core/uploader/impl/huaweicloud_elb.go
+++ b/internal/pkg/core/uploader/impl/huaweicloud_elb.go
@ -6,9 +6,9 @@ import (
 	"time"

 	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
-	elb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3"
-	elbModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model"
-	elbRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region"
+	hcElb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3"
+	hcElbModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/model"
+	hcElbRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/elb/v3/region"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	"github.com/usual2970/certimate/internal/pkg/utils/cast"
@ -24,7 +24,7 @@ type HuaweiCloudELBUploaderConfig struct {

 type HuaweiCloudELBUploader struct {
 	config    *HuaweiCloudELBUploaderConfig
-	sdkClient *elb.ElbClient
+	sdkClient *hcElb.ElbClient
 }

 func NewHuaweiCloudELBUploader(config *HuaweiCloudELBUploaderConfig) (*HuaweiCloudELBUploader, error) {
@ -52,7 +52,7 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
 	listCertificatesLimit := int32(2000)
 	var listCertificatesMarker *string = nil
 	for {
-		listCertificatesReq := &elbModel.ListCertificatesRequest{
+		listCertificatesReq := &hcElbModel.ListCertificatesRequest{
 			Limit:  cast.Int32Ptr(listCertificatesLimit),
 			Marker: listCertificatesMarker,
 			Type:   &[]string{"server"},
@ -97,15 +97,15 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
 		}
 	}

-	// 生成证书名（需符合华为云命名规则）
+	// 生成新证书名（需符合华为云命名规则）
 	var certId, certName string
 	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())

 	// 创建新证书
 	// REF: https://support.huaweicloud.com/api-elb/CreateCertificate.html
-	createCertificateReq := &elbModel.CreateCertificateRequest{
-		Body: &elbModel.CreateCertificateRequestBody{
-			Certificate: &elbModel.CreateCertificateOption{
+	createCertificateReq := &hcElbModel.CreateCertificateRequest{
+		Body: &hcElbModel.CreateCertificateRequestBody{
+			Certificate: &hcElbModel.CreateCertificateOption{
 				ProjectId:   cast.StringPtr(u.config.ProjectId),
 				Name:        cast.StringPtr(certName),
 				Certificate: cast.StringPtr(certPem),
@ -126,7 +126,7 @@ func (u *HuaweiCloudELBUploader) Upload(ctx context.Context, certPem string, pri
 	}, nil
 }

-func (u *HuaweiCloudELBUploader) createSdkClient() (*elb.ElbClient, error) {
+func (u *HuaweiCloudELBUploader) createSdkClient() (*hcElb.ElbClient, error) {
 	region := u.config.Region
 	accessKeyId := u.config.AccessKeyId
 	secretAccessKey := u.config.SecretAccessKey
@ -142,12 +142,12 @@ func (u *HuaweiCloudELBUploader) createSdkClient() (*elb.ElbClient, error) {
 		return nil, err
 	}

-	hcRegion, err := elbRegion.SafeValueOf(region)
+	hcRegion, err := hcElbRegion.SafeValueOf(region)
 	if err != nil {
 		return nil, err
 	}

-	hcClient, err := elb.ElbClientBuilder().
+	hcClient, err := hcElb.ElbClientBuilder().
 		WithRegion(hcRegion).
 		WithCredential(auth).
 		SafeBuild()
@ -155,6 +155,6 @@ func (u *HuaweiCloudELBUploader) createSdkClient() (*elb.ElbClient, error) {
 		return nil, err
 	}

-	client := elb.NewElbClient(hcClient)
+	client := hcElb.NewElbClient(hcClient)
 	return client, nil
 }
--- a/internal/pkg/core/uploader/impl/huaweicloud_scm.go
+++ b/internal/pkg/core/uploader/impl/huaweicloud_scm.go
@ -6,9 +6,9 @@ import (
 	"time"

 	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
-	scm "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3"
-	scmModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/model"
-	scmRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/region"
+	hcScm "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3"
+	hcScmModel "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/model"
+	hcScmRegion "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/scm/v3/region"

 	"github.com/usual2970/certimate/internal/pkg/core/uploader"
 	"github.com/usual2970/certimate/internal/pkg/utils/cast"
@ -23,7 +23,7 @@ type HuaweiCloudSCMUploaderConfig struct {

 type HuaweiCloudSCMUploader struct {
 	config    *HuaweiCloudSCMUploaderConfig
-	sdkClient *scm.ScmClient
+	sdkClient *hcScm.ScmClient
 }

 func NewHuaweiCloudSCMUploader(config *HuaweiCloudSCMUploaderConfig) (*HuaweiCloudSCMUploader, error) {
@ -52,7 +52,7 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
 	listCertificatesLimit := int32(50)
 	listCertificatesOffset := int32(0)
 	for {
-		listCertificatesReq := &scmModel.ListCertificatesRequest{
+		listCertificatesReq := &hcScmModel.ListCertificatesRequest{
 			Limit:   cast.Int32Ptr(listCertificatesLimit),
 			Offset:  cast.Int32Ptr(listCertificatesOffset),
 			SortDir: cast.StringPtr("DESC"),
@ -65,7 +65,7 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri

 		if listCertificatesResp.Certificates != nil {
 			for _, certDetail := range *listCertificatesResp.Certificates {
-				exportCertificateReq := &scmModel.ExportCertificateRequest{
+				exportCertificateReq := &hcScmModel.ExportCertificateRequest{
 					CertificateId: certDetail.Id,
 				}
 				exportCertificateResp, err := u.sdkClient.ExportCertificate(exportCertificateReq)
@ -109,14 +109,14 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
 		}
 	}

-	// 生成证书名（需符合华为云命名规则）
+	// 生成新证书名（需符合华为云命名规则）
 	var certId, certName string
 	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())

 	// 上传新证书
 	// REF: https://support.huaweicloud.com/api-ccm/ImportCertificate.html
-	importCertificateReq := &scmModel.ImportCertificateRequest{
-		Body: &scmModel.ImportCertificateRequestBody{
+	importCertificateReq := &hcScmModel.ImportCertificateRequest{
+		Body: &hcScmModel.ImportCertificateRequestBody{
 			Name:        certName,
 			Certificate: certPem,
 			PrivateKey:  privkeyPem,
@ -134,7 +134,7 @@ func (u *HuaweiCloudSCMUploader) Upload(ctx context.Context, certPem string, pri
 	}, nil
 }

-func (u *HuaweiCloudSCMUploader) createSdkClient() (*scm.ScmClient, error) {
+func (u *HuaweiCloudSCMUploader) createSdkClient() (*hcScm.ScmClient, error) {
 	region := u.config.Region
 	accessKeyId := u.config.AccessKeyId
 	secretAccessKey := u.config.SecretAccessKey
@ -150,12 +150,12 @@ func (u *HuaweiCloudSCMUploader) createSdkClient() (*scm.ScmClient, error) {
 		return nil, err
 	}

-	hcRegion, err := scmRegion.SafeValueOf(region)
+	hcRegion, err := hcScmRegion.SafeValueOf(region)
 	if err != nil {
 		return nil, err
 	}

-	hcClient, err := scm.ScmClientBuilder().
+	hcClient, err := hcScm.ScmClientBuilder().
 		WithRegion(hcRegion).
 		WithCredential(auth).
 		SafeBuild()
@ -163,6 +163,6 @@ func (u *HuaweiCloudSCMUploader) createSdkClient() (*scm.ScmClient, error) {
 		return nil, err
 	}

-	client := scm.NewScmClient(hcClient)
+	client := hcScm.NewScmClient(hcClient)
 	return client, nil
 }
--- a/internal/pkg/core/uploader/impl/tencentcloud_ssl.go
+++ b/internal/pkg/core/uploader/impl/tencentcloud_ssl.go
@ -0,0 +1,97 @@
+package impl
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
+	"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
+	tcSsl "github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/ssl/v20191205"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/cast"
+)
+
+type TencentCloudSSLUploaderConfig struct {
+	Region    string `json:"region"`
+	SecretId  string `json:"secretId"`
+	SecretKey string `json:"secretKey"`
+}
+
+type TencentCloudSSLUploader struct {
+	config    *TencentCloudSSLUploaderConfig
+	sdkClient *tcSsl.Client
+}
+
+func NewTencentCloudSSLUploader(config *TencentCloudSSLUploaderConfig) (*TencentCloudSSLUploader, error) {
+	client, err := (&TencentCloudSSLUploader{config: config}).createSdkClient()
+	if err != nil {
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
+	}
+
+	return &TencentCloudSSLUploader{
+		config:    config,
+		sdkClient: client,
+	}, nil
+}
+
+func (u *TencentCloudSSLUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 生成新证书名（需符合腾讯云命名规则）
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+
+	// 上传新证书
+	// REF: https://cloud.tencent.com/document/product/400/41665
+	uploadCertificateReq := &tcSsl.UploadCertificateRequest{
+		Alias:                 cast.StringPtr(certName),
+		CertificatePublicKey:  cast.StringPtr(certPem),
+		CertificatePrivateKey: cast.StringPtr(privkeyPem),
+		Repeatable:            cast.BoolPtr(false),
+	}
+	uploadCertificateResp, err := u.sdkClient.UploadCertificate(uploadCertificateReq)
+	if uploadCertificateResp != nil && uploadCertificateResp.Response != nil && uploadCertificateResp.Response.RepeatCertId != nil {
+		// 获取重复证书
+		// REF: https://cloud.tencent.com/document/api/400/41673
+		describeCertificateDetailReq := &tcSsl.DescribeCertificateDetailRequest{
+			CertificateId: uploadCertificateResp.Response.RepeatCertId,
+		}
+		describeCertificateDetailResp, err := u.sdkClient.DescribeCertificateDetail(describeCertificateDetailReq)
+		if err != nil {
+			return nil, fmt.Errorf("failed to execute sdk request 'ssl.DescribeCertificateDetail': %w", err)
+		}
+
+		certId = *uploadCertificateResp.Response.RepeatCertId
+		certName = *describeCertificateDetailResp.Response.Alias
+		return &uploader.UploadResult{
+			CertId:   certId,
+			CertName: certName,
+		}, nil
+	}
+	if err != nil {
+		return nil, fmt.Errorf("failed to execute sdk request 'ssl.UploadCertificate': %w", err)
+	}
+
+	certId = *uploadCertificateResp.Response.CertificateId
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func (u *TencentCloudSSLUploader) createSdkClient() (*tcSsl.Client, error) {
+	region := u.config.Region
+	secretId := u.config.SecretId
+	secretKey := u.config.SecretKey
+	if region == "" {
+		region = "ap-guangzhou" // SSL 服务默认区域：广州
+	}
+
+	credential := common.NewCredential(secretId, secretKey)
+	client, err := tcSsl.NewClient(credential, region, profile.NewClientProfile())
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
--- a/internal/pkg/utils/cast/cast.go
+++ b/internal/pkg/utils/cast/cast.go
@ -4,6 +4,22 @@ func Int32Ptr(i int32) *int32 {
 	return &i
 }

+func Int64Ptr(i int64) *int64 {
+	return &i
+}
+
+func UInt32Ptr(i uint32) *uint32 {
+	return &i
+}
+
+func UInt64Ptr(i uint64) *uint64 {
+	return &i
+}
+
 func StringPtr(s string) *string {
 	return &s
 }
+
+func BoolPtr(b bool) *bool {
+	return &b
+}