yunion.io/x/cloudmux@v0.3.10-0-alpha.1/pkg/multicloud/aws/loadbalancercert.go (about) 1 // Copyright 2019 Yunion 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package aws 16 17 import ( 18 "crypto/sha1" 19 "crypto/x509" 20 "encoding/pem" 21 "fmt" 22 "strings" 23 "time" 24 25 "github.com/aws/aws-sdk-go/service/iam" 26 27 "yunion.io/x/jsonutils" 28 "yunion.io/x/log" 29 "yunion.io/x/pkg/errors" 30 31 api "yunion.io/x/cloudmux/pkg/apis/compute" 32 "yunion.io/x/cloudmux/pkg/cloudprovider" 33 "yunion.io/x/cloudmux/pkg/multicloud" 34 ) 35 36 type SElbCertificate struct { 37 multicloud.SResourceBase 38 AwsTags 39 region *SRegion 40 cert *x509.Certificate 41 42 Path string `json:"Path"` 43 ServerCertificateName string `json:"ServerCertificateName"` 44 ServerCertificateID string `json:"ServerCertificateId"` 45 Arn string `json:"Arn"` 46 UploadDate time.Time `json:"UploadDate"` 47 Expiration time.Time `json:"Expiration"` 48 PublicKey string 49 } 50 51 func (self *SElbCertificate) GetId() string { 52 return self.Arn 53 } 54 55 func (self *SElbCertificate) GetName() string { 56 return self.ServerCertificateName 57 } 58 59 func (self *SElbCertificate) GetGlobalId() string { 60 return self.GetId() 61 } 62 63 func (self *SElbCertificate) GetStatus() string { 64 return api.LB_STATUS_ENABLED 65 } 66 67 func (self *SElbCertificate) Refresh() error { 68 icert, err := self.region.GetILoadBalancerCertificateById(self.GetId()) 69 if err != nil { 70 return err 71 } 72 73 err = jsonutils.Update(self, icert) 74 if err != nil { 75 return err 76 } 77 78 return nil 79 } 80 81 func (self *SElbCertificate) IsEmulated() bool { 82 return false 83 } 84 85 func (self *SElbCertificate) GetProjectId() string { 86 return "" 87 } 88 89 func (self *SElbCertificate) Sync(name, privateKey, publickKey string) error { 90 return cloudprovider.ErrNotSupported 91 } 92 93 func (self *SElbCertificate) Delete() error { 94 return self.region.deleteElbCertificate(self.GetName()) 95 } 96 97 func (self *SElbCertificate) GetCommonName() string { 98 cert, err := self.ParsePublicKey() 99 if err != nil { 100 return "" 101 } 102 103 return cert.Issuer.CommonName 104 } 105 106 func (self *SElbCertificate) GetSubjectAlternativeNames() string { 107 // todo: fix me 108 _, err := self.ParsePublicKey() 109 if err != nil { 110 return "" 111 } 112 113 return "" 114 } 115 116 func (self *SElbCertificate) GetFingerprint() string { 117 publicKey := self.GetPublickKey() 118 if len(publicKey) == 0 { 119 return "" 120 } 121 122 _fp := sha1.Sum([]byte(publicKey)) 123 fp := fmt.Sprintf("sha1:% x", _fp) 124 return strings.Replace(fp, " ", ":", -1) 125 } 126 127 func (self *SElbCertificate) GetExpireTime() time.Time { 128 return self.Expiration 129 } 130 131 func (self *SElbCertificate) GetPublickKey() string { 132 if self.PublicKey == "" { 133 ret, err := self.region.getPublicKey(self.GetName()) 134 if err != nil { 135 log.Errorf("GetPublickKey %s", err) 136 return "" 137 } 138 139 self.PublicKey = ret 140 } 141 142 return self.PublicKey 143 } 144 145 func (self *SElbCertificate) GetPrivateKey() string { 146 return "" 147 } 148 149 func (self *SElbCertificate) ParsePublicKey() (*x509.Certificate, error) { 150 if self.cert != nil { 151 return self.cert, nil 152 } 153 154 publicKey := self.GetPublickKey() 155 if len(publicKey) == 0 { 156 return nil, fmt.Errorf("SElbCertificate ParsePublicKey public key is empty") 157 } 158 159 block, _ := pem.Decode([]byte(publicKey)) 160 cert, err := x509.ParseCertificate(block.Bytes) 161 if err != nil { 162 return nil, errors.Wrap(err, "ParseCertificate") 163 } 164 165 self.cert = cert 166 return cert, nil 167 } 168 169 func (self *SRegion) getPublicKey(certName string) (string, error) { 170 client, err := self.getIamClient() 171 if err != nil { 172 return "", err 173 } 174 175 params := &iam.GetServerCertificateInput{} 176 params.SetServerCertificateName(certName) 177 ret, err := client.GetServerCertificate(params) 178 if err != nil { 179 return "", err 180 } 181 182 return StrVal(ret.ServerCertificate.CertificateBody), nil 183 } 184 185 func (self *SRegion) deleteElbCertificate(certName string) error { 186 client, err := self.getIamClient() 187 if err != nil { 188 return err 189 } 190 191 params := &iam.DeleteServerCertificateInput{} 192 params.SetServerCertificateName(certName) 193 _, err = client.DeleteServerCertificate(params) 194 if err != nil { 195 return err 196 } 197 198 return nil 199 }