wip

2025-04-25 06:16:58 +00:00 · 2023-02-09 19:14:53 +01:00 · 2023-02-09 19:14:53 +01:00 · 3c0ee7e8a3
commit 3c0ee7e8a3
parent 75942990ac
9 changed files with 192 additions and 70 deletions
--- a/server/database/interface.go
+++ b/server/database/interface.go
@ -19,29 +19,28 @@ type CertDB interface {
 }

 type Cert struct {
-	Name      string `xorm:"pk      NOT NULL           'name'"`
-	Domain    string `xorm:"        NOT NULL UNIQUE    'domain'"` // TODO: check: is name always same as domain?
+	Domain    string `xorm:"pk      NOT NULL UNIQUE    'domain'"`
 	Created   int64  `xorm:"created NOT NULL DEFAULT 0 'created'"`
 	Updated   int64  `xorm:"updated NOT NULL DEFAULT 0 'updated'"`
 	ValidTill int64  `xorm:"        NOT NULL DEFAULT 0 'valid_till'"`
 	// certificate.Resource
-	certURL           string `xorm:"'cert_url'"`
-	certStableURL     string `xorm:"'cert_stable_url''"`
-	privateKey        []byte `xorm:"'private_key'"`
-	certificate       []byte `xorm:"'certificate'"`
-	issuerCertificate []byte `xorm:"'issuer_certificate'"` // TODO: dedup ?
-	csr               []byte `xorm:"'csr'"`
+	CertURL           string `xorm:"'cert_url'"`
+	CertStableURL     string `xorm:"'cert_stable_url'"`
+	PrivateKey        []byte `xorm:"'private_key'"`
+	Certificate       []byte `xorm:"'certificate'"`
+	IssuerCertificate []byte `xorm:"'issuer_certificate'"`
+	CSR               []byte `xorm:"'csr'"`
 }

 func (c Cert) Raw() *certificate.Resource {
 	return &certificate.Resource{
 		Domain:            c.Domain,
-		CertURL:           c.certURL,
-		CertStableURL:     c.certStableURL,
-		PrivateKey:        c.privateKey,
-		Certificate:       c.certificate,
-		IssuerCertificate: c.issuerCertificate,
-		CSR:               c.csr,
+		CertURL:           c.CertURL,
+		CertStableURL:     c.CertStableURL,
+		PrivateKey:        c.PrivateKey,
+		Certificate:       c.Certificate,
+		IssuerCertificate: c.IssuerCertificate,
+		CSR:               c.CSR,
 	}
 }

@ -50,23 +49,28 @@ func toCert(name string, c *certificate.Resource) (*Cert, error) {
 	if err != nil {
 		return nil, err
 	}
-	if len(tlsCertificates) != 1 || tlsCertificates[0] == nil {
-		err := fmt.Errorf("parsed cert resource has no or more than one cert")
-		log.Error().Err(err).Str("name", name).Msgf("cert: %v", c)
+	if len(tlsCertificates) == 0 || tlsCertificates[0] == nil {
+		err := fmt.Errorf("parsed cert resource has no cert")
+		log.Error().Err(err).Str("domain", c.Domain).Msgf("cert: %v", c)
 		return nil, err
 	}
 	validTill := tlsCertificates[0].NotAfter.Unix()

+	// TODO: do we need this or can we just go with domain name for wildcard cert
+	// default *.mock cert is prefixed with '.'
+	if name != c.Domain && name[1:] != c.Domain && name[0] != '.' {
+		return nil, fmt.Errorf("domain key and cert domain not equal")
+	}
+
 	return &Cert{
-		Name:      name,
 		Domain:    c.Domain,
 		ValidTill: validTill,

-		certURL:           c.CertURL,
-		certStableURL:     c.CertStableURL,
-		privateKey:        c.PrivateKey,
-		certificate:       c.Certificate,
-		issuerCertificate: c.IssuerCertificate,
-		csr:               c.CSR,
+		CertURL:           c.CertURL,
+		CertStableURL:     c.CertStableURL,
+		PrivateKey:        c.PrivateKey,
+		Certificate:       c.Certificate,
+		IssuerCertificate: c.IssuerCertificate,
+		CSR:               c.CSR,
 	}, nil
 }