Skip to content

Commit d6882cb

Browse files
fudiweifudiwei
committed
fix: uploading certificates duplicated to aliyun cas
1 parent f29cdae commit d6882cb

File tree

3 files changed

+94
-7
lines changed

3 files changed

+94
-7
lines changed

pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas.go

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,10 +94,20 @@ func (m *SSLManagerProvider) Upload(ctx context.Context, certPEM string, privkey
9494

9595
if listUserCertificateOrderResp.Body.CertificateOrderList != nil {
9696
for _, certOrder := range listUserCertificateOrderResp.Body.CertificateOrderList {
97-
if !strings.EqualFold(certX509.SerialNumber.Text(16), *certOrder.SerialNo) {
97+
// 先对比证书通用名称
98+
if !strings.EqualFold(certX509.Subject.CommonName, tea.StringValue(certOrder.CommonName)) {
9899
continue
99100
}
100101

102+
// 再对比证书序列号
103+
// 注意阿里云 CAS 会在序列号前补零,需去除后再比较
104+
oldCertSN := strings.TrimLeft(tea.StringValue(certOrder.SerialNo), "0")
105+
newCertSN := strings.TrimLeft(certX509.SerialNumber.Text(16), "0")
106+
if !strings.EqualFold(newCertSN, oldCertSN) {
107+
continue
108+
}
109+
110+
// 最后对比证书内容
101111
getUserCertificateDetailReq := &alicas.GetUserCertificateDetailRequest{
102112
CertId: certOrder.CertificateId,
103113
}

pkg/core/ssl-manager/providers/aliyun-cas/aliyun_cas_test.go

Lines changed: 77 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,77 @@
1+
package aliyuncas_test
2+
3+
import (
4+
"context"
5+
"encoding/json"
6+
"flag"
7+
"fmt"
8+
"os"
9+
"strings"
10+
"testing"
11+
12+
provider "github.com/certimate-go/certimate/pkg/core/ssl-manager/providers/aliyun-cas"
13+
)
14+
15+
var (
16+
fInputCertPath string
17+
fInputKeyPath string
18+
fAccessKeyId string
19+
fAccessKeySecret string
20+
fRegion string
21+
)
22+
23+
func init() {
24+
argsPrefix := "CERTIMATE_SSLMANAGER_ALIYUNCAS_"
25+
26+
flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
27+
flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
28+
flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
29+
flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
30+
flag.StringVar(&fRegion, argsPrefix+"REGION", "", "")
31+
}
32+
33+
/*
34+
Shell command to run this test:
35+
36+
go test -v ./aliyun_cas_test.go -args \
37+
--CERTIMATE_SSLMANAGER_ALIYUNCAS_INPUTCERTPATH="/path/to/your-input-cert.pem" \
38+
--CERTIMATE_SSLMANAGER_ALIYUNCAS_INPUTKEYPATH="/path/to/your-input-key.pem" \
39+
--CERTIMATE_SSLMANAGER_ALIYUNCAS_ACCESSKEYID="your-access-key-id" \
40+
--CERTIMATE_SSLMANAGER_ALIYUNCAS_ACCESSKEYSECRET="your-access-key-secret" \
41+
--CERTIMATE_SSLMANAGER_ALIYUNCAS_REGION="cn-hangzhou"
42+
*/
43+
func TestDeploy(t *testing.T) {
44+
flag.Parse()
45+
46+
t.Run("Deploy", func(t *testing.T) {
47+
t.Log(strings.Join([]string{
48+
"args:",
49+
fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
50+
fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
51+
fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
52+
fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
53+
fmt.Sprintf("REGION: %v", fRegion),
54+
}, "\n"))
55+
56+
sslmanager, err := provider.NewSSLManagerProvider(&provider.SSLManagerProviderConfig{
57+
AccessKeyId: fAccessKeyId,
58+
AccessKeySecret: fAccessKeySecret,
59+
Region: fRegion,
60+
})
61+
if err != nil {
62+
t.Errorf("err: %+v", err)
63+
return
64+
}
65+
66+
fInputCertData, _ := os.ReadFile(fInputCertPath)
67+
fInputKeyData, _ := os.ReadFile(fInputKeyPath)
68+
res, err := sslmanager.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))
69+
if err != nil {
70+
t.Errorf("err: %+v", err)
71+
return
72+
}
73+
74+
sres, _ := json.Marshal(res)
75+
t.Logf("ok: %s", string(sres))
76+
})
77+
}

pkg/core/ssl-manager/providers/baiducloud-cert/baiducloud_cert_test.go

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ var (
2020
)
2121

2222
func init() {
23-
argsPrefix := "CERTIMATE_SSLMANAGER_BAIDUCLOUDCAS_"
23+
argsPrefix := "CERTIMATE_SSLMANAGER_BAIDUCLOUDCERT_"
2424

2525
flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
2626
flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
@@ -31,11 +31,11 @@ func init() {
3131
/*
3232
Shell command to run this test:
3333
34-
go test -v ./baiducloud_cas_test.go -args \
35-
--CERTIMATE_SSLMANAGER_BAIDUCLOUDCAS_INPUTCERTPATH="/path/to/your-input-cert.pem" \
36-
--CERTIMATE_SSLMANAGER_BAIDUCLOUDCAS_INPUTKEYPATH="/path/to/your-input-key.pem" \
37-
--CERTIMATE_SSLMANAGER_BAIDUCLOUDCAS_ACCESSKEYID="your-access-key-id" \
38-
--CERTIMATE_SSLMANAGER_BAIDUCLOUDCAS_SECRETACCESSKEY="your-access-key-secret"
34+
go test -v ./baiducloud_cert_test.go -args \
35+
--CERTIMATE_SSLMANAGER_BAIDUCLOUDCERT_INPUTCERTPATH="/path/to/your-input-cert.pem" \
36+
--CERTIMATE_SSLMANAGER_BAIDUCLOUDCERT_INPUTKEYPATH="/path/to/your-input-key.pem" \
37+
--CERTIMATE_SSLMANAGER_BAIDUCLOUDCERT_ACCESSKEYID="your-access-key-id" \
38+
--CERTIMATE_SSLMANAGER_BAIDUCLOUDCERT_SECRETACCESSKEY="your-access-key-secret"
3939
*/
4040
func TestDeploy(t *testing.T) {
4141
flag.Parse()

0 commit comments

Comments
 (0)