diff --git a/api/internal/handler/ssl/ssl.go b/api/internal/handler/ssl/ssl.go index 154a0a9987..3d512bf8a1 100644 --- a/api/internal/handler/ssl/ssl.go +++ b/api/internal/handler/ssl/ssl.go @@ -198,6 +198,11 @@ func (h *Handler) List(c droplet.Context) (interface{}, error) { for _, item := range ret.Rows { ssl := &entity.SSL{} _ = utils.ObjectClone(item, ssl) + x509_validity, _ := x509CertValidity(ssl.Cert) + if x509_validity != nil { + ssl.ValidityStart = x509_validity.NotBefore + ssl.ValidityEnd = x509_validity.NotAfter + } ssl.Key = "" ssl.Keys = nil list = append(list, ssl) @@ -327,6 +332,35 @@ func (h *Handler) BatchDelete(c droplet.Context) (interface{}, error) { return nil, nil } +// validity allows unmarshaling the certificate validity date range +type validity struct { + NotBefore, NotAfter int64 +} + +func x509CertValidity(crt string) (*validity, error) { + if crt == "" { + return nil, consts.ErrSSLCertificate + } + + certDERBlock, _ := pem.Decode([]byte(crt)) + if certDERBlock == nil { + return nil, consts.ErrSSLCertificateResolution + } + + x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes) + + if err != nil { + return nil, consts.ErrSSLCertificateResolution + } + + val := validity{} + + val.NotBefore = x509Cert.NotBefore.Unix() + val.NotAfter = x509Cert.NotAfter.Unix() + + return &val, nil +} + func ParseCert(crt, key string) (*entity.SSL, error) { if crt == "" || key == "" { return nil, consts.ErrSSLCertificate @@ -383,8 +417,6 @@ func ParseCert(crt, key string) (*entity.SSL, error) { ssl.Snis = snis ssl.Key = key - ssl.ValidityStart = x509Cert.NotBefore.Unix() - ssl.ValidityEnd = x509Cert.NotAfter.Unix() ssl.Cert = crt return &ssl, nil @@ -424,6 +456,12 @@ func (h *Handler) Validate(c droplet.Context) (interface{}, error) { return nil, err } + x509_validity, _ := x509CertValidity(input.Cert) + if x509_validity != nil { + ssl.ValidityStart = x509_validity.NotBefore + ssl.ValidityEnd = x509_validity.NotAfter + } + return ssl, nil } diff --git a/api/internal/handler/ssl/ssl_test.go b/api/internal/handler/ssl/ssl_test.go index 3d1404c46f..28dab2c120 100644 --- a/api/internal/handler/ssl/ssl_test.go +++ b/api/internal/handler/ssl/ssl_test.go @@ -288,10 +288,8 @@ func TestSSL_Create(t *testing.T) { "env": "production", "version": "v2", }, - Snis: []string{"test2.com", "*.test2.com"}, - ValidityStart: 1586038672, - ValidityEnd: 4739638672, - Status: 1, + Snis: []string{"test2.com", "*.test2.com"}, + Status: 1, }, wantInput: &entity.SSL{ BaseInfo: entity.BaseInfo{ @@ -304,10 +302,8 @@ func TestSSL_Create(t *testing.T) { "env": "production", "version": "v2", }, - Snis: []string{"test2.com", "*.test2.com"}, - ValidityStart: 1586038672, - ValidityEnd: 4739638672, - Status: 1, + Snis: []string{"test2.com", "*.test2.com"}, + Status: 1, }, wantRet: &entity.SSL{ BaseInfo: entity.BaseInfo{ @@ -320,10 +316,8 @@ func TestSSL_Create(t *testing.T) { "env": "production", "version": "v2", }, - Snis: []string{"test2.com", "*.test2.com"}, - ValidityStart: 1586038672, - ValidityEnd: 4739638672, - Status: 1, + Snis: []string{"test2.com", "*.test2.com"}, + Status: 1, }, wantErr: nil, }, @@ -348,10 +342,8 @@ func TestSSL_Create(t *testing.T) { "env": "production", "version": "v2", }, - Snis: []string{"test2.com", "*.test2.com"}, - ValidityStart: 1586038672, - ValidityEnd: 4739638672, - Status: 1, + Snis: []string{"test2.com", "*.test2.com"}, + Status: 1, }, wantErr: fmt.Errorf("create failed"), wantRet: handler.SpecCodeResponse(fmt.Errorf("create failed")), @@ -419,10 +411,8 @@ func TestSSL_Update(t *testing.T) { "env": "production", "version": "v2", }, - Snis: []string{"test2.com", "*.test2.com"}, - ValidityStart: 1586038672, - ValidityEnd: 4739638672, - Status: 1, + Snis: []string{"test2.com", "*.test2.com"}, + Status: 1, }, wantInput: &entity.SSL{ BaseInfo: entity.BaseInfo{ @@ -435,10 +425,8 @@ func TestSSL_Update(t *testing.T) { "env": "production", "version": "v2", }, - Snis: []string{"test2.com", "*.test2.com"}, - ValidityStart: 1586038672, - ValidityEnd: 4739638672, - Status: 1, + Snis: []string{"test2.com", "*.test2.com"}, + Status: 1, }, wantRet: &entity.SSL{ BaseInfo: entity.BaseInfo{ @@ -451,10 +439,8 @@ func TestSSL_Update(t *testing.T) { "env": "production", "version": "v2", }, - Snis: []string{"test2.com", "*.test2.com"}, - ValidityStart: 1586038672, - ValidityEnd: 4739638672, - Status: 1, + Snis: []string{"test2.com", "*.test2.com"}, + Status: 1, }, }, { @@ -561,10 +547,8 @@ func TestSSL_Patch(t *testing.T) { "env": "production", "version": "v2", }, - Snis: []string{"test2.com", "*.test2.com"}, - ValidityStart: 1586038672, - ValidityEnd: 4739638672, - Status: 1, + Snis: []string{"test2.com", "*.test2.com"}, + Status: 1, }, giveInput: &PatchInput{ ID: "ssl1", @@ -597,10 +581,8 @@ func TestSSL_Patch(t *testing.T) { "env": "production", "version": "v2", }, - Snis: []string{"test2.com", "*.test2.com"}, - ValidityStart: 1586038672, - ValidityEnd: 4739638672, - Status: 1, + Snis: []string{"test2.com", "*.test2.com"}, + Status: 1, }, getCalled: true, }, @@ -622,10 +604,8 @@ func TestSSL_Patch(t *testing.T) { "env": "production", "version": "v2", }, - Snis: []string{"test2.com", "*.test2.com"}, - ValidityStart: 1586038672, - ValidityEnd: 4739638672, - Status: 1, + Snis: []string{"test2.com", "*.test2.com"}, + Status: 1, }, wantInput: &entity.SSL{ BaseInfo: entity.BaseInfo{ @@ -653,10 +633,8 @@ func TestSSL_Patch(t *testing.T) { "env": "production", "version": "v2", }, - Snis: []string{"test2.com", "*.test2.com"}, - ValidityStart: 1586038672, - ValidityEnd: 4739638672, - Status: 1, + Snis: []string{"test2.com", "*.test2.com"}, + Status: 1, }, getCalled: true, },