Skip to content

Commit

Permalink
Fix: SSL dashboard/api validity problem (#2947)
Browse files Browse the repository at this point in the history 
Signed-off-by: Fatih USTA <[email protected]>
  • Loading branch information
@fatihusta
fatihusta committed Sep 4, 2024
1 parent ad697c6 commit 73f7ea5
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 46 deletions.
42 changes: 40 additions & 2 deletions api/internal/handler/ssl/ssl.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,11 @@ func (h *Handler) List(c droplet.Context) (interface{}, error) {
for _, item := range ret.Rows {
ssl := &entity.SSL{}
_ = utils.ObjectClone(item, ssl)
x509_validity, _ := x509CertValidity(ssl.Cert)
if x509_validity != nil {
ssl.ValidityStart = x509_validity.NotBefore
ssl.ValidityEnd = x509_validity.NotAfter
}
ssl.Key = ""
ssl.Keys = nil
list = append(list, ssl)
Expand Down Expand Up @@ -327,6 +332,35 @@ func (h *Handler) BatchDelete(c droplet.Context) (interface{}, error) {
return nil, nil
}

// validity allows unmarshaling the certificate validity date range
type validity struct {
NotBefore, NotAfter int64
}

func x509CertValidity(crt string) (*validity, error) {
if crt == "" {
return nil, consts.ErrSSLCertificate
}

certDERBlock, _ := pem.Decode([]byte(crt))
if certDERBlock == nil {
return nil, consts.ErrSSLCertificateResolution
}

x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes)

if err != nil {
return nil, consts.ErrSSLCertificateResolution
}

val := validity{}

val.NotBefore = x509Cert.NotBefore.Unix()
val.NotAfter = x509Cert.NotAfter.Unix()

return &val, nil
}

func ParseCert(crt, key string) (*entity.SSL, error) {
if crt == "" || key == "" {
return nil, consts.ErrSSLCertificate
Expand Down Expand Up @@ -383,8 +417,6 @@ func ParseCert(crt, key string) (*entity.SSL, error) {

ssl.Snis = snis
ssl.Key = key
ssl.ValidityStart = x509Cert.NotBefore.Unix()
ssl.ValidityEnd = x509Cert.NotAfter.Unix()
ssl.Cert = crt

return &ssl, nil
Expand Down Expand Up @@ -424,6 +456,12 @@ func (h *Handler) Validate(c droplet.Context) (interface{}, error) {
return nil, err
}

x509_validity, _ := x509CertValidity(input.Cert)
if x509_validity != nil {
ssl.ValidityStart = x509_validity.NotBefore
ssl.ValidityEnd = x509_validity.NotAfter
}

return ssl, nil
}

Expand Down
66 changes: 22 additions & 44 deletions api/internal/handler/ssl/ssl_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -288,10 +288,8 @@ func TestSSL_Create(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantInput: &entity.SSL{
BaseInfo: entity.BaseInfo{
Expand All @@ -304,10 +302,8 @@ func TestSSL_Create(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantRet: &entity.SSL{
BaseInfo: entity.BaseInfo{
Expand All @@ -320,10 +316,8 @@ func TestSSL_Create(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantErr: nil,
},
Expand All @@ -348,10 +342,8 @@ func TestSSL_Create(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantErr: fmt.Errorf("create failed"),
wantRet: handler.SpecCodeResponse(fmt.Errorf("create failed")),
Expand Down Expand Up @@ -419,10 +411,8 @@ func TestSSL_Update(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantInput: &entity.SSL{
BaseInfo: entity.BaseInfo{
Expand All @@ -435,10 +425,8 @@ func TestSSL_Update(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantRet: &entity.SSL{
BaseInfo: entity.BaseInfo{
Expand All @@ -451,10 +439,8 @@ func TestSSL_Update(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
},
{
Expand Down Expand Up @@ -561,10 +547,8 @@ func TestSSL_Patch(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
giveInput: &PatchInput{
ID: "ssl1",
Expand Down Expand Up @@ -597,10 +581,8 @@ func TestSSL_Patch(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
getCalled: true,
},
Expand All @@ -622,10 +604,8 @@ func TestSSL_Patch(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantInput: &entity.SSL{
BaseInfo: entity.BaseInfo{
Expand Down Expand Up @@ -653,10 +633,8 @@ func TestSSL_Patch(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
getCalled: true,
},
Expand Down

0 comments on commit 73f7ea5

Please sign in to comment.