2021-12-03 04:15:48 +01:00
|
|
|
package database
|
|
|
|
|
|
2021-12-05 19:00:57 +01:00
|
|
|
import (
|
2023-02-09 17:52:30 +01:00
|
|
|
"fmt"
|
|
|
|
|
|
|
|
|
|
"github.com/go-acme/lego/v4/certcrypto"
|
2021-12-05 19:00:57 +01:00
|
|
|
"github.com/go-acme/lego/v4/certificate"
|
2023-02-09 17:52:30 +01:00
|
|
|
"github.com/rs/zerolog/log"
|
2021-12-05 19:00:57 +01:00
|
|
|
)
|
2021-12-03 04:15:48 +01:00
|
|
|
|
2021-12-05 17:42:53 +01:00
|
|
|
type CertDB interface {
|
|
|
|
|
Close() error
|
2021-12-05 19:00:57 +01:00
|
|
|
Put(name string, cert *certificate.Resource) error
|
2022-06-11 23:02:06 +02:00
|
|
|
Get(name string) (*certificate.Resource, error)
|
|
|
|
|
Delete(key string) error
|
2023-02-09 17:52:30 +01:00
|
|
|
Items(page, pageSize int) ([]*Cert, error)
|
|
|
|
|
// Compact deprecated // TODO: remove in next version
|
2022-06-11 23:02:06 +02:00
|
|
|
Compact() (string, error)
|
2021-12-03 04:15:48 +01:00
|
|
|
}
|
2023-02-09 15:19:16 +01:00
|
|
|
|
|
|
|
|
type Cert struct {
|
2023-02-09 19:14:53 +01:00
|
|
|
Domain string `xorm:"pk NOT NULL UNIQUE 'domain'"`
|
2023-02-09 17:52:30 +01:00
|
|
|
Created int64 `xorm:"created NOT NULL DEFAULT 0 'created'"`
|
|
|
|
|
Updated int64 `xorm:"updated NOT NULL DEFAULT 0 'updated'"`
|
|
|
|
|
ValidTill int64 `xorm:" NOT NULL DEFAULT 0 'valid_till'"`
|
|
|
|
|
// certificate.Resource
|
2023-02-09 19:14:53 +01:00
|
|
|
CertURL string `xorm:"'cert_url'"`
|
|
|
|
|
CertStableURL string `xorm:"'cert_stable_url'"`
|
|
|
|
|
PrivateKey []byte `xorm:"'private_key'"`
|
|
|
|
|
Certificate []byte `xorm:"'certificate'"`
|
|
|
|
|
IssuerCertificate []byte `xorm:"'issuer_certificate'"`
|
|
|
|
|
CSR []byte `xorm:"'csr'"`
|
2023-02-09 17:52:30 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Cert) Raw() *certificate.Resource {
|
|
|
|
|
return &certificate.Resource{
|
|
|
|
|
Domain: c.Domain,
|
2023-02-09 19:14:53 +01:00
|
|
|
CertURL: c.CertURL,
|
|
|
|
|
CertStableURL: c.CertStableURL,
|
|
|
|
|
PrivateKey: c.PrivateKey,
|
|
|
|
|
Certificate: c.Certificate,
|
|
|
|
|
IssuerCertificate: c.IssuerCertificate,
|
|
|
|
|
CSR: c.CSR,
|
2023-02-09 17:52:30 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func toCert(name string, c *certificate.Resource) (*Cert, error) {
|
|
|
|
|
tlsCertificates, err := certcrypto.ParsePEMBundle(c.Certificate)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2023-02-09 19:14:53 +01:00
|
|
|
if len(tlsCertificates) == 0 || tlsCertificates[0] == nil {
|
|
|
|
|
err := fmt.Errorf("parsed cert resource has no cert")
|
|
|
|
|
log.Error().Err(err).Str("domain", c.Domain).Msgf("cert: %v", c)
|
2023-02-09 17:52:30 +01:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
validTill := tlsCertificates[0].NotAfter.Unix()
|
|
|
|
|
|
2023-02-09 19:14:53 +01:00
|
|
|
// TODO: do we need this or can we just go with domain name for wildcard cert
|
|
|
|
|
// default *.mock cert is prefixed with '.'
|
|
|
|
|
if name != c.Domain && name[1:] != c.Domain && name[0] != '.' {
|
|
|
|
|
return nil, fmt.Errorf("domain key and cert domain not equal")
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-09 17:52:30 +01:00
|
|
|
return &Cert{
|
|
|
|
|
Domain: c.Domain,
|
|
|
|
|
ValidTill: validTill,
|
|
|
|
|
|
2023-02-09 19:14:53 +01:00
|
|
|
CertURL: c.CertURL,
|
|
|
|
|
CertStableURL: c.CertStableURL,
|
|
|
|
|
PrivateKey: c.PrivateKey,
|
|
|
|
|
Certificate: c.Certificate,
|
|
|
|
|
IssuerCertificate: c.IssuerCertificate,
|
|
|
|
|
CSR: c.CSR,
|
2023-02-09 17:52:30 +01:00
|
|
|
}, nil
|
2023-02-09 15:19:16 +01:00
|
|
|
}
|
