This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-dashboard.git
The following commit(s) were added to refs/heads/master by this push:
new 73f7ea52d Fix: SSL dashboard/api validity problem (#2947)
73f7ea52d is described below
commit 73f7ea52db20b6fdb07ff8691e9bc24d7b92bce7
Author: Fatih USTA <[email protected]>
AuthorDate: Wed Sep 4 12:42:04 2024 +0300
Fix: SSL dashboard/api validity problem (#2947)
Signed-off-by: Fatih USTA <[email protected]>
---
api/internal/handler/ssl/ssl.go | 42 +++++++++++++++++++++--
api/internal/handler/ssl/ssl_test.go | 66 ++++++++++++------------------------
2 files changed, 62 insertions(+), 46 deletions(-)
diff --git a/api/internal/handler/ssl/ssl.go b/api/internal/handler/ssl/ssl.go
index 154a0a998..3d512bf8a 100644
--- a/api/internal/handler/ssl/ssl.go
+++ b/api/internal/handler/ssl/ssl.go
@@ -198,6 +198,11 @@ func (h *Handler) List(c droplet.Context) (interface{},
error) {
for _, item := range ret.Rows {
ssl := &entity.SSL{}
_ = utils.ObjectClone(item, ssl)
+ x509_validity, _ := x509CertValidity(ssl.Cert)
+ if x509_validity != nil {
+ ssl.ValidityStart = x509_validity.NotBefore
+ ssl.ValidityEnd = x509_validity.NotAfter
+ }
ssl.Key = ""
ssl.Keys = nil
list = append(list, ssl)
@@ -327,6 +332,35 @@ func (h *Handler) BatchDelete(c droplet.Context)
(interface{}, error) {
return nil, nil
}
+// validity allows unmarshaling the certificate validity date range
+type validity struct {
+ NotBefore, NotAfter int64
+}
+
+func x509CertValidity(crt string) (*validity, error) {
+ if crt == "" {
+ return nil, consts.ErrSSLCertificate
+ }
+
+ certDERBlock, _ := pem.Decode([]byte(crt))
+ if certDERBlock == nil {
+ return nil, consts.ErrSSLCertificateResolution
+ }
+
+ x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes)
+
+ if err != nil {
+ return nil, consts.ErrSSLCertificateResolution
+ }
+
+ val := validity{}
+
+ val.NotBefore = x509Cert.NotBefore.Unix()
+ val.NotAfter = x509Cert.NotAfter.Unix()
+
+ return &val, nil
+}
+
func ParseCert(crt, key string) (*entity.SSL, error) {
if crt == "" || key == "" {
return nil, consts.ErrSSLCertificate
@@ -383,8 +417,6 @@ func ParseCert(crt, key string) (*entity.SSL, error) {
ssl.Snis = snis
ssl.Key = key
- ssl.ValidityStart = x509Cert.NotBefore.Unix()
- ssl.ValidityEnd = x509Cert.NotAfter.Unix()
ssl.Cert = crt
return &ssl, nil
@@ -424,6 +456,12 @@ func (h *Handler) Validate(c droplet.Context)
(interface{}, error) {
return nil, err
}
+ x509_validity, _ := x509CertValidity(input.Cert)
+ if x509_validity != nil {
+ ssl.ValidityStart = x509_validity.NotBefore
+ ssl.ValidityEnd = x509_validity.NotAfter
+ }
+
return ssl, nil
}
diff --git a/api/internal/handler/ssl/ssl_test.go
b/api/internal/handler/ssl/ssl_test.go
index 3d1404c46..28dab2c12 100644
--- a/api/internal/handler/ssl/ssl_test.go
+++ b/api/internal/handler/ssl/ssl_test.go
@@ -288,10 +288,8 @@ func TestSSL_Create(t *testing.T) {
"env": "production",
"version": "v2",
},
- Snis: []string{"test2.com",
"*.test2.com"},
- ValidityStart: 1586038672,
- ValidityEnd: 4739638672,
- Status: 1,
+ Snis: []string{"test2.com", "*.test2.com"},
+ Status: 1,
},
wantInput: &entity.SSL{
BaseInfo: entity.BaseInfo{
@@ -304,10 +302,8 @@ func TestSSL_Create(t *testing.T) {
"env": "production",
"version": "v2",
},
- Snis: []string{"test2.com",
"*.test2.com"},
- ValidityStart: 1586038672,
- ValidityEnd: 4739638672,
- Status: 1,
+ Snis: []string{"test2.com", "*.test2.com"},
+ Status: 1,
},
wantRet: &entity.SSL{
BaseInfo: entity.BaseInfo{
@@ -320,10 +316,8 @@ func TestSSL_Create(t *testing.T) {
"env": "production",
"version": "v2",
},
- Snis: []string{"test2.com",
"*.test2.com"},
- ValidityStart: 1586038672,
- ValidityEnd: 4739638672,
- Status: 1,
+ Snis: []string{"test2.com", "*.test2.com"},
+ Status: 1,
},
wantErr: nil,
},
@@ -348,10 +342,8 @@ func TestSSL_Create(t *testing.T) {
"env": "production",
"version": "v2",
},
- Snis: []string{"test2.com",
"*.test2.com"},
- ValidityStart: 1586038672,
- ValidityEnd: 4739638672,
- Status: 1,
+ Snis: []string{"test2.com", "*.test2.com"},
+ Status: 1,
},
wantErr: fmt.Errorf("create failed"),
wantRet: handler.SpecCodeResponse(fmt.Errorf("create
failed")),
@@ -419,10 +411,8 @@ func TestSSL_Update(t *testing.T) {
"env": "production",
"version": "v2",
},
- Snis: []string{"test2.com",
"*.test2.com"},
- ValidityStart: 1586038672,
- ValidityEnd: 4739638672,
- Status: 1,
+ Snis: []string{"test2.com", "*.test2.com"},
+ Status: 1,
},
wantInput: &entity.SSL{
BaseInfo: entity.BaseInfo{
@@ -435,10 +425,8 @@ func TestSSL_Update(t *testing.T) {
"env": "production",
"version": "v2",
},
- Snis: []string{"test2.com",
"*.test2.com"},
- ValidityStart: 1586038672,
- ValidityEnd: 4739638672,
- Status: 1,
+ Snis: []string{"test2.com", "*.test2.com"},
+ Status: 1,
},
wantRet: &entity.SSL{
BaseInfo: entity.BaseInfo{
@@ -451,10 +439,8 @@ func TestSSL_Update(t *testing.T) {
"env": "production",
"version": "v2",
},
- Snis: []string{"test2.com",
"*.test2.com"},
- ValidityStart: 1586038672,
- ValidityEnd: 4739638672,
- Status: 1,
+ Snis: []string{"test2.com", "*.test2.com"},
+ Status: 1,
},
},
{
@@ -561,10 +547,8 @@ func TestSSL_Patch(t *testing.T) {
"env": "production",
"version": "v2",
},
- Snis: []string{"test2.com",
"*.test2.com"},
- ValidityStart: 1586038672,
- ValidityEnd: 4739638672,
- Status: 1,
+ Snis: []string{"test2.com", "*.test2.com"},
+ Status: 1,
},
giveInput: &PatchInput{
ID: "ssl1",
@@ -597,10 +581,8 @@ func TestSSL_Patch(t *testing.T) {
"env": "production",
"version": "v2",
},
- Snis: []string{"test2.com",
"*.test2.com"},
- ValidityStart: 1586038672,
- ValidityEnd: 4739638672,
- Status: 1,
+ Snis: []string{"test2.com", "*.test2.com"},
+ Status: 1,
},
getCalled: true,
},
@@ -622,10 +604,8 @@ func TestSSL_Patch(t *testing.T) {
"env": "production",
"version": "v2",
},
- Snis: []string{"test2.com",
"*.test2.com"},
- ValidityStart: 1586038672,
- ValidityEnd: 4739638672,
- Status: 1,
+ Snis: []string{"test2.com", "*.test2.com"},
+ Status: 1,
},
wantInput: &entity.SSL{
BaseInfo: entity.BaseInfo{
@@ -653,10 +633,8 @@ func TestSSL_Patch(t *testing.T) {
"env": "production",
"version": "v2",
},
- Snis: []string{"test2.com",
"*.test2.com"},
- ValidityStart: 1586038672,
- ValidityEnd: 4739638672,
- Status: 1,
+ Snis: []string{"test2.com", "*.test2.com"},
+ Status: 1,
},
getCalled: true,
},
