archive-gh-me/apisix-dashboard
1
0
Fork 0
mirror of https://github.com/apache/apisix-dashboard.git synced 2025-12-08 20:12:51 +00:00
Code Issues Projects Releases Wiki Activity

Fix: SSL dashboard/api validity problem (#2947)

Browse Source 
Signed-off-by: Fatih USTA <fatihusta86@gmail.com>
This commit is contained in:
Fatih USTA 2024-09-04 12:42:04 +03:00 committed by GitHub
parent ad697c6439
commit 73f7ea52db
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 62 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
api/internal/handler/ssl/ssl.go
View File

@ -198,6 +198,11 @@ func (h *Handler) List(c droplet.Context) (interface{}, error) {
for _, item := range ret.Rows {
ssl := &entity.SSL{}
_ = utils.ObjectClone(item, ssl)
x509_validity, _ := x509CertValidity(ssl.Cert)
if x509_validity != nil {
ssl.ValidityStart = x509_validity.NotBefore
ssl.ValidityEnd = x509_validity.NotAfter
}
ssl.Key = ""
ssl.Keys = nil
list = append(list, ssl)
@ -327,6 +332,35 @@ func (h *Handler) BatchDelete(c droplet.Context) (interface{}, error) {
return nil, nil
}
// validity allows unmarshaling the certificate validity date range
type validity struct {
NotBefore, NotAfter int64
}
func x509CertValidity(crt string) (*validity, error) {
if crt == "" {
return nil, consts.ErrSSLCertificate
}
certDERBlock, _ := pem.Decode([]byte(crt))
if certDERBlock == nil {
return nil, consts.ErrSSLCertificateResolution
}
x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes)
if err != nil {
return nil, consts.ErrSSLCertificateResolution
}
val := validity{}
val.NotBefore = x509Cert.NotBefore.Unix()
val.NotAfter = x509Cert.NotAfter.Unix()
return &val, nil
}
func ParseCert(crt, key string) (*entity.SSL, error) {
if crt == "" || key == "" {
return nil, consts.ErrSSLCertificate
@ -383,8 +417,6 @@ func ParseCert(crt, key string) (*entity.SSL, error) {
ssl.Snis = snis
ssl.Key = key
ssl.ValidityStart = x509Cert.NotBefore.Unix()
ssl.ValidityEnd = x509Cert.NotAfter.Unix()
ssl.Cert = crt
return &ssl, nil
@ -424,6 +456,12 @@ func (h *Handler) Validate(c droplet.Context) (interface{}, error) {
return nil, err
}
x509_validity, _ := x509CertValidity(input.Cert)
if x509_validity != nil {
ssl.ValidityStart = x509_validity.NotBefore
ssl.ValidityEnd = x509_validity.NotAfter
}
return ssl, nil
}

66
api/internal/handler/ssl/ssl_test.go
View File

@ -288,10 +288,8 @@ func TestSSL_Create(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantInput: &entity.SSL{
BaseInfo: entity.BaseInfo{
@ -304,10 +302,8 @@ func TestSSL_Create(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantRet: &entity.SSL{
BaseInfo: entity.BaseInfo{
@ -320,10 +316,8 @@ func TestSSL_Create(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantErr: nil,
},
@ -348,10 +342,8 @@ func TestSSL_Create(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantErr: fmt.Errorf("create failed"),
wantRet: handler.SpecCodeResponse(fmt.Errorf("create failed")),
@ -419,10 +411,8 @@ func TestSSL_Update(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantInput: &entity.SSL{
BaseInfo: entity.BaseInfo{
@ -435,10 +425,8 @@ func TestSSL_Update(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantRet: &entity.SSL{
BaseInfo: entity.BaseInfo{
@ -451,10 +439,8 @@ func TestSSL_Update(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
},
{
@ -561,10 +547,8 @@ func TestSSL_Patch(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
giveInput: &PatchInput{
ID: "ssl1",
@ -597,10 +581,8 @@ func TestSSL_Patch(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
getCalled: true,
},
@ -622,10 +604,8 @@ func TestSSL_Patch(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
wantInput: &entity.SSL{
BaseInfo: entity.BaseInfo{
@ -653,10 +633,8 @@ func TestSSL_Patch(t *testing.T) {
"env": "production",
"version": "v2",
},
Snis: []string{"test2.com", "*.test2.com"},
ValidityStart: 1586038672,
ValidityEnd: 4739638672,
Status: 1,
Snis: []string{"test2.com", "*.test2.com"},
Status: 1,
},
getCalled: true,
},