zhouyuhuan
/
Cloudpods


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247
							// Copyright 2019 Yunion
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package aws

import (
	"crypto/sha1"
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"strings"
	"time"

	"yunion.io/x/jsonutils"
	"yunion.io/x/log"
	"yunion.io/x/pkg/errors"

	"yunion.io/x/cloudmux/pkg/apis"
	"yunion.io/x/cloudmux/pkg/cloudprovider"
	"yunion.io/x/cloudmux/pkg/multicloud"
)

type SElbCertificate struct {
	multicloud.SResourceBase
	AwsTags
	region *SRegion
	cert   *x509.Certificate

	Path                  string    `json:"Path"`
	ServerCertificateName string    `xml:"ServerCertificateName"`
	ServerCertificateID   string    `xml:"ServerCertificateId"`
	Arn                   string    `xml:"Arn"`
	UploadDate            time.Time `xml:"UploadDate"`
	Expiration            time.Time `xml:"Expiration"`
	PublicKey             string
}

func (self *SElbCertificate) GetId() string {
	return self.Arn
}

func (self *SElbCertificate) GetName() string {
	return self.ServerCertificateName
}

func (self *SElbCertificate) GetGlobalId() string {
	return self.GetId()
}

func (self *SElbCertificate) GetStatus() string {
	return apis.STATUS_AVAILABLE
}

func (self *SElbCertificate) Refresh() error {
	icert, err := self.region.GetILoadBalancerCertificateById(self.GetId())
	if err != nil {
		return err
	}

	err = jsonutils.Update(self, icert)
	if err != nil {
		return err
	}

	return nil
}

func (self *SElbCertificate) GetProjectId() string {
	return ""
}

func (self *SElbCertificate) Delete() error {
	return self.region.deleteElbCertificate(self.GetName())
}

func (self *SElbCertificate) GetCommonName() string {
	cert, err := self.ParsePublicKey()
	if err != nil {
		return ""
	}

	return cert.Issuer.CommonName
}

func (self *SElbCertificate) GetSubjectAlternativeNames() string {
	// todo: fix me
	_, err := self.ParsePublicKey()
	if err != nil {
		return ""
	}

	return ""
}

func (self *SElbCertificate) GetFingerprint() string {
	publicKey := self.GetPublickKey()
	if len(publicKey) == 0 {
		return ""
	}

	_fp := sha1.Sum([]byte(publicKey))
	fp := fmt.Sprintf("sha1:% x", _fp)
	return strings.Replace(fp, " ", ":", -1)
}

func (self *SElbCertificate) GetExpireTime() time.Time {
	return self.Expiration
}

func (self *SElbCertificate) GetPublickKey() string {
	if self.PublicKey == "" {
		ret, err := self.region.getPublicKey(self.GetName())
		if err != nil {
			log.Errorf("GetPublickKey %s", err)
			return ""
		}

		self.PublicKey = ret
	}

	return self.PublicKey
}

func (self *SElbCertificate) GetPrivateKey() string {
	return ""
}

func (self *SElbCertificate) ParsePublicKey() (*x509.Certificate, error) {
	if self.cert != nil {
		return self.cert, nil
	}

	publicKey := self.GetPublickKey()
	if len(publicKey) == 0 {
		return nil, fmt.Errorf("SElbCertificate ParsePublicKey public key is empty")
	}

	block, _ := pem.Decode([]byte(publicKey))
	cert, err := x509.ParseCertificate(block.Bytes)
	if err != nil {
		return nil, errors.Wrap(err, "ParseCertificate")
	}

	self.cert = cert
	return cert, nil
}

func (self *SRegion) getPublicKey(certName string) (string, error) {
	params := map[string]string{
		"ServerCertificateName": certName,
	}
	ret := struct {
		ServerCertificate struct {
			CertificateBody string `xml:"CertificateBody"`
		} `xml:"ServerCertificate"`
	}{}
	return ret.ServerCertificate.CertificateBody, self.client.iamRequest("GetServerCertificate", params, &ret)
}

func (self *SRegion) deleteElbCertificate(certName string) error {
	params := map[string]string{
		"ServerCertificateName": certName,
	}
	ret := struct{}{}
	return self.client.iamRequest("DeleteServerCertificate", params, &ret)
}

func (self *SRegion) CreateLoadbalancerCertifacate(opts *cloudprovider.SLoadbalancerCertificate) (string, error) {
	params := map[string]string{
		"ServerCertificateName": opts.Name,
		"PrivateKey":            opts.PrivateKey,
		"CertificateBody":       opts.Certificate,
	}
	ret := struct {
		ServerCertificateMetadata struct {
			Arn string `xml:"Arn"`
		} `xml:"ServerCertificateMetadata"`
	}{}

	err := self.client.iamRequest("UploadServerCertificate", params, &ret)
	if err != nil {
		return "", errors.Wrapf(err, "UploadServerCertificate")
	}
	return ret.ServerCertificateMetadata.Arn, nil
}

func (self *SRegion) CreateILoadBalancerCertificate(opts *cloudprovider.SLoadbalancerCertificate) (cloudprovider.ICloudLoadbalancerCertificate, error) {
	arn, err := self.CreateLoadbalancerCertifacate(opts)
	if err != nil {
		return nil, errors.Wrapf(err, "CreateLoadbalancerCertifacate")
	}

	// wait upload cert success
	err = cloudprovider.Wait(5*time.Second, 30*time.Second, func() (bool, error) {
		_, err := self.GetILoadBalancerCertificateById(arn)
		if err == nil {
			return true, nil
		}

		if errors.Cause(err) == cloudprovider.ErrNotFound {
			return false, nil
		} else {
			return false, err
		}
	})
	if err != nil {
		return nil, errors.Wrap(err, "region.CreateILoadBalancerCertificate.Wait")
	}
	return self.GetILoadBalancerCertificateById(arn)
}

func (self *SRegion) ListServerCertificates() ([]SElbCertificate, error) {
	params := map[string]string{}
	ret := []SElbCertificate{}
	for {
		part := struct {
			IsTruncated                   bool              `xml:"IsTruncated"`
			ServerCertificateMetadataList []SElbCertificate `xml:"ServerCertificateMetadataList>member"`
			Marker                        string            `xml:"Marker"`
		}{}
		err := self.client.iamRequest("ListServerCertificates", params, &part)
		if err != nil {
			return nil, errors.Wrapf(err, "ListServerCertificates")
		}
		ret = append(ret, part.ServerCertificateMetadataList...)
		if len(part.Marker) == 0 || len(part.ServerCertificateMetadataList) == 0 {
			break
		}
		params["Marker"] = part.Marker
	}
	return ret, nil
}

func (self *SElbCertificate) GetDescription() string {
	return self.AwsTags.GetDescription()
}