mirror of
https://github.com/ctripcorp/zeus.git
synced 2024-09-21 16:16:09 +08:00
add ssl validator
This commit is contained in:
parent
415ff2a699
commit
5bba79d06b
|
@ -13,5 +13,7 @@ public interface VirtualServerValidator {
|
|||
|
||||
void validateVirtualServers(List<VirtualServer> virtualServers) throws Exception;
|
||||
|
||||
void validateSslVirtualServer(VirtualServer virtualServer) throws Exception;
|
||||
|
||||
void removable(VirtualServer virtualServer) throws Exception;
|
||||
}
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
package com.ctrip.zeus.service.model.handler.impl;
|
||||
|
||||
import com.ctrip.zeus.dal.core.SlbVirtualServerDao;
|
||||
import com.ctrip.zeus.dal.core.SlbVirtualServerEntity;
|
||||
import com.ctrip.zeus.dal.core.*;
|
||||
import com.ctrip.zeus.exceptions.ValidationException;
|
||||
import com.ctrip.zeus.model.entity.Domain;
|
||||
import com.ctrip.zeus.model.entity.VirtualServer;
|
||||
|
@ -27,6 +26,8 @@ public class DefaultVirtualServerValidator implements VirtualServerValidator {
|
|||
private GroupCriteriaQuery groupCriteriaQuery;
|
||||
@Resource
|
||||
private SlbVirtualServerDao slbVirtualServerDao;
|
||||
@Resource
|
||||
private RCertificateSlbServerDao rCertificateSlbServerDao;
|
||||
|
||||
@Override
|
||||
public boolean exists(Long vsId) throws Exception {
|
||||
|
@ -37,6 +38,9 @@ public class DefaultVirtualServerValidator implements VirtualServerValidator {
|
|||
public void validateVirtualServers(List<VirtualServer> virtualServers) throws Exception {
|
||||
Set<String> existingHost = new HashSet<>();
|
||||
for (VirtualServer virtualServer : virtualServers) {
|
||||
if (virtualServer.getSsl().booleanValue()) {
|
||||
validateSslVirtualServer(virtualServer);
|
||||
}
|
||||
for (Domain domain : virtualServer.getDomains()) {
|
||||
if (!getPortWhiteList().contains(virtualServer.getPort())) {
|
||||
throw new ValidationException("Port " + virtualServer.getPort() + " is not allowed.");
|
||||
|
@ -50,6 +54,13 @@ public class DefaultVirtualServerValidator implements VirtualServerValidator {
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void validateSslVirtualServer(VirtualServer virtualServer) throws Exception {
|
||||
List<RelCertSlbServerDo> dos = rCertificateSlbServerDao.findByVs(virtualServer.getId(), RCertificateSlbServerEntity.READSET_FULL);
|
||||
if (dos.size() == 0)
|
||||
throw new ValidationException("No certificate is found by ssl virtual server " + virtualServer.getId() + ".");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void removable(VirtualServer virtualServer) throws Exception {
|
||||
if (groupCriteriaQuery.queryByVsId(virtualServer.getId()).size() > 0)
|
||||
|
|
|
@ -49,7 +49,8 @@ public class CertificateServiceImpl implements CertificateService {
|
|||
if (cert == null)
|
||||
throw new ValidationException("Some error occurred when searching the certificate.");
|
||||
for (String ip : ips) {
|
||||
rCertificateSlbServerDao.insert(new RelCertSlbServerDo().setIp(ip).setCommand(cert.getId()).setVsId(vsId));
|
||||
rCertificateSlbServerDao.insertOrUpdateCommand(
|
||||
new RelCertSlbServerDo().setIp(ip).setCommand(cert.getId()).setVsId(vsId));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -59,7 +60,8 @@ public class CertificateServiceImpl implements CertificateService {
|
|||
if (cert == null)
|
||||
throw new ValidationException("Certificate cannot be found.");
|
||||
for (String ip : ips) {
|
||||
rCertificateSlbServerDao.insert(new RelCertSlbServerDo().setIp(ip).setCommand(cert.getId()).setVsId(vsId));
|
||||
rCertificateSlbServerDao.insertOrUpdateCommand(
|
||||
new RelCertSlbServerDo().setIp(ip).setCommand(cert.getId()).setVsId(vsId));
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -69,6 +71,8 @@ public class CertificateServiceImpl implements CertificateService {
|
|||
boolean success = true;
|
||||
String errMsg = "";
|
||||
for (RelCertSlbServerDo d : dos) {
|
||||
if (d.getCertId() == d.getCommand())
|
||||
continue;
|
||||
CertSyncClient c = new CertSyncClient("http://" + d.getIp() + ":8099/api/op/installcerts");
|
||||
Response res = c.requestInstall(vsId, d.getCommand());
|
||||
// retry
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
package com.ctrip.zeus.service.nginx.impl;
|
||||
|
||||
import com.ctrip.zeus.dal.core.CertificateDao;
|
||||
import com.ctrip.zeus.dal.core.CertificateDo;
|
||||
import com.ctrip.zeus.dal.core.CertificateEntity;
|
||||
import com.ctrip.zeus.dal.core.*;
|
||||
import com.ctrip.zeus.exceptions.ValidationException;
|
||||
import com.ctrip.zeus.service.nginx.CertificateConfig;
|
||||
import com.ctrip.zeus.service.nginx.CertificateInstaller;
|
||||
import com.ctrip.zeus.util.S;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
|
@ -22,6 +21,8 @@ public class DefaultCertificateInstaller implements CertificateInstaller {
|
|||
|
||||
@Resource
|
||||
private CertificateDao certificateDao;
|
||||
@Resource
|
||||
private RCertificateSlbServerDao rCertificateSlbServerDao;
|
||||
|
||||
@Override
|
||||
public CertificateConfig getConfig() {
|
||||
|
@ -50,6 +51,8 @@ public class DefaultCertificateInstaller implements CertificateInstaller {
|
|||
certos.close();
|
||||
keyos.close();
|
||||
}
|
||||
rCertificateSlbServerDao.insertOrUpdateCert(
|
||||
new RelCertSlbServerDo().setVsId(vsId).setIp(S.getIp()).setCertId(certId));
|
||||
return cert.getDomain();
|
||||
}
|
||||
|
||||
|
|
|
@ -2,11 +2,23 @@
|
|||
<entities do-package="com.ctrip.zeus.dal.core" gen="true" do-class-suffix="Do">
|
||||
<entity name="r-certificate-slb-server" table="r_certificate_slb_server" alias="rcss" do-class="RelCertSlbServerDo">
|
||||
<query-defs>
|
||||
<query name="insert" type="INSERT">
|
||||
<query name="insert-or-update-command" type="INSERT">
|
||||
<statement>
|
||||
<![CDATA[
|
||||
INSERT INTO <TABLE/>(<FIELDS/>)
|
||||
VALUES(<VALUES/>)
|
||||
ON DUPLICATE KEY UPDATE
|
||||
command = values(command)
|
||||
]]>
|
||||
</statement>
|
||||
</query>
|
||||
<query name="insert-or-update-cert" type="INSERT">
|
||||
<statement>
|
||||
<![CDATA[
|
||||
INSERT INTO <TABLE/>(<FIELDS/>)
|
||||
VALUES(<VALUES/>)
|
||||
ON DUPLICATE KEY UPDATE
|
||||
cert_id = values(cert_id)
|
||||
]]>
|
||||
</statement>
|
||||
</query>
|
||||
|
@ -17,7 +29,18 @@
|
|||
SELECT <FIELDS/>
|
||||
FROM <TABLE/>
|
||||
WHERE <FIELD name='vs-id'/> = ${vs-id}
|
||||
AND cert_id != command
|
||||
]]>
|
||||
</statement>
|
||||
</query>
|
||||
<query name="find-by-vs-and-ip" type="SELECT" multiple="true">
|
||||
<param name="vs-id"/>
|
||||
<param name="ip"/>
|
||||
<statement>
|
||||
<![CDATA[
|
||||
SELECT <FIELDS/>
|
||||
FROM <TABLE/>
|
||||
WHERE <FIELD name='vs-id'/> = ${vs-id}
|
||||
AND <FIELD name='ip'/> = ${ip}
|
||||
]]>
|
||||
</statement>
|
||||
</query>
|
||||
|
|
Loading…
Reference in a new issue