add ssl validator

2024-09-21 16:16:09 +08:00 · 2015-11-04 11:06:01 +08:00 · 2015-11-04 11:06:01 +08:00 · 5bba79d06b
parent 415ff2a699
commit 5bba79d06b
5 changed files with 52 additions and 9 deletions
--- a/src/main/java/com/ctrip/zeus/service/model/handler/VirtualServerValidator.java
+++ b/src/main/java/com/ctrip/zeus/service/model/handler/VirtualServerValidator.java
@ -13,5 +13,7 @@ public interface VirtualServerValidator {

    void validateVirtualServers(List<VirtualServer> virtualServers) throws Exception;

+    void validateSslVirtualServer(VirtualServer virtualServer) throws Exception;
+
    void removable(VirtualServer virtualServer) throws Exception;
 }
--- a/src/main/java/com/ctrip/zeus/service/model/handler/impl/DefaultVirtualServerValidator.java
+++ b/src/main/java/com/ctrip/zeus/service/model/handler/impl/DefaultVirtualServerValidator.java
@ -1,7 +1,6 @@
 package com.ctrip.zeus.service.model.handler.impl;

-import com.ctrip.zeus.dal.core.SlbVirtualServerDao;
-import com.ctrip.zeus.dal.core.SlbVirtualServerEntity;
+import com.ctrip.zeus.dal.core.*;
 import com.ctrip.zeus.exceptions.ValidationException;
 import com.ctrip.zeus.model.entity.Domain;
 import com.ctrip.zeus.model.entity.VirtualServer;
@ -27,6 +26,8 @@ public class DefaultVirtualServerValidator implements VirtualServerValidator {
    private GroupCriteriaQuery groupCriteriaQuery;
    @Resource
    private SlbVirtualServerDao slbVirtualServerDao;
+    @Resource
+    private RCertificateSlbServerDao rCertificateSlbServerDao;

    @Override
    public boolean exists(Long vsId) throws Exception {
@ -37,6 +38,9 @@ public class DefaultVirtualServerValidator implements VirtualServerValidator {
    public void validateVirtualServers(List<VirtualServer> virtualServers) throws Exception {
        Set<String> existingHost = new HashSet<>();
        for (VirtualServer virtualServer : virtualServers) {
+            if (virtualServer.getSsl().booleanValue()) {
+                validateSslVirtualServer(virtualServer);
+            }
            for (Domain domain : virtualServer.getDomains()) {
                if (!getPortWhiteList().contains(virtualServer.getPort())) {
                    throw new ValidationException("Port " + virtualServer.getPort() + " is not allowed.");
@ -50,6 +54,13 @@ public class DefaultVirtualServerValidator implements VirtualServerValidator {
        }
    }

+    @Override
+    public void validateSslVirtualServer(VirtualServer virtualServer) throws Exception {
+        List<RelCertSlbServerDo> dos = rCertificateSlbServerDao.findByVs(virtualServer.getId(), RCertificateSlbServerEntity.READSET_FULL);
+        if (dos.size() == 0)
+            throw new ValidationException("No certificate is found by ssl virtual server " + virtualServer.getId() + ".");
+    }
+
    @Override
    public void removable(VirtualServer virtualServer) throws Exception {
        if (groupCriteriaQuery.queryByVsId(virtualServer.getId()).size() > 0)
--- a/src/main/java/com/ctrip/zeus/service/nginx/impl/CertificateServiceImpl.java
+++ b/src/main/java/com/ctrip/zeus/service/nginx/impl/CertificateServiceImpl.java
@ -49,7 +49,8 @@ public class CertificateServiceImpl implements CertificateService {
        if (cert == null)
            throw new ValidationException("Some error occurred when searching the certificate.");
        for (String ip : ips) {
-            rCertificateSlbServerDao.insert(new RelCertSlbServerDo().setIp(ip).setCommand(cert.getId()).setVsId(vsId));
+            rCertificateSlbServerDao.insertOrUpdateCommand(
+                    new RelCertSlbServerDo().setIp(ip).setCommand(cert.getId()).setVsId(vsId));
        }
    }

@ -59,7 +60,8 @@ public class CertificateServiceImpl implements CertificateService {
        if (cert == null)
            throw new ValidationException("Certificate cannot be found.");
        for (String ip : ips) {
-            rCertificateSlbServerDao.insert(new RelCertSlbServerDo().setIp(ip).setCommand(cert.getId()).setVsId(vsId));
+            rCertificateSlbServerDao.insertOrUpdateCommand(
+                    new RelCertSlbServerDo().setIp(ip).setCommand(cert.getId()).setVsId(vsId));
        }
    }

@ -69,6 +71,8 @@ public class CertificateServiceImpl implements CertificateService {
        boolean success = true;
        String errMsg = "";
        for (RelCertSlbServerDo d : dos) {
+            if (d.getCertId() == d.getCommand())
+                continue;
            CertSyncClient c = new CertSyncClient("http://" + d.getIp() + ":8099/api/op/installcerts");
            Response res = c.requestInstall(vsId, d.getCommand());
            // retry
--- a/src/main/java/com/ctrip/zeus/service/nginx/impl/DefaultCertificateInstaller.java
+++ b/src/main/java/com/ctrip/zeus/service/nginx/impl/DefaultCertificateInstaller.java
@ -1,11 +1,10 @@
 package com.ctrip.zeus.service.nginx.impl;

-import com.ctrip.zeus.dal.core.CertificateDao;
-import com.ctrip.zeus.dal.core.CertificateDo;
-import com.ctrip.zeus.dal.core.CertificateEntity;
+import com.ctrip.zeus.dal.core.*;
 import com.ctrip.zeus.exceptions.ValidationException;
 import com.ctrip.zeus.service.nginx.CertificateConfig;
 import com.ctrip.zeus.service.nginx.CertificateInstaller;
+import com.ctrip.zeus.util.S;
 import org.springframework.stereotype.Service;

 import javax.annotation.Resource;
@ -22,6 +21,8 @@ public class DefaultCertificateInstaller implements CertificateInstaller {

    @Resource
    private CertificateDao certificateDao;
+    @Resource
+    private RCertificateSlbServerDao rCertificateSlbServerDao;

    @Override
    public CertificateConfig getConfig() {
@ -50,6 +51,8 @@ public class DefaultCertificateInstaller implements CertificateInstaller {
            certos.close();
            keyos.close();
        }
+        rCertificateSlbServerDao.insertOrUpdateCert(
+                new RelCertSlbServerDo().setVsId(vsId).setIp(S.getIp()).setCertId(certId));
        return cert.getDomain();
    }

--- a/src/main/resources/META-INF/dal/jdbc/rel-cert.xml
+++ b/src/main/resources/META-INF/dal/jdbc/rel-cert.xml
@ -2,11 +2,23 @@
 <entities do-package="com.ctrip.zeus.dal.core" gen="true" do-class-suffix="Do">
    <entity name="r-certificate-slb-server" table="r_certificate_slb_server" alias="rcss" do-class="RelCertSlbServerDo">
        <query-defs>
-            <query name="insert" type="INSERT">
+            <query name="insert-or-update-command" type="INSERT">
                <statement>
                    <![CDATA[
                    INSERT INTO <TABLE/>(<FIELDS/>)
                    VALUES(<VALUES/>)
+                    ON DUPLICATE KEY UPDATE
+                        command = values(command)
+                    ]]>
+                </statement>
+            </query>
+            <query name="insert-or-update-cert" type="INSERT">
+                <statement>
+                    <![CDATA[
+                    INSERT INTO <TABLE/>(<FIELDS/>)
+                    VALUES(<VALUES/>)
+                    ON DUPLICATE KEY UPDATE
+                        cert_id = values(cert_id)
                    ]]>
                </statement>
            </query>
@ -17,7 +29,18 @@
                    SELECT <FIELDS/>
                    FROM <TABLE/>
                    WHERE <FIELD name='vs-id'/> = ${vs-id}
-                        AND cert_id != command
+                    ]]>
+                </statement>
+            </query>
+            <query name="find-by-vs-and-ip" type="SELECT" multiple="true">
+                <param name="vs-id"/>
+                <param name="ip"/>
+                <statement>
+                    <![CDATA[
+                    SELECT <FIELDS/>
+                    FROM <TABLE/>
+                    WHERE <FIELD name='vs-id'/> = ${vs-id}
+                        AND <FIELD name='ip'/> = ${ip}
                    ]]>
                </statement>
            </query>