Fix: SSL dashboard/api validity problem (apache#2947)

fatihusta · web-flow · commit 73f7ea52db20 · 2024-09-04T17:42:04.000+08:00
Signed-off-by: Fatih USTA &lt;fatihusta86@gmail.com&gt;
diff --git a/api/internal/handler/ssl/ssl.go b/api/internal/handler/ssl/ssl.go
@@ -198,6 +198,11 @@ func (h *Handler) List(c droplet.Context) (interface{}, error) {
 	for _, item := range ret.Rows {
 		ssl := &entity.SSL{}
 		_ = utils.ObjectClone(item, ssl)
+		x509_validity, _ := x509CertValidity(ssl.Cert)
+		if x509_validity != nil {
+			ssl.ValidityStart = x509_validity.NotBefore
+			ssl.ValidityEnd = x509_validity.NotAfter
+		}
 		ssl.Key = ""
 		ssl.Keys = nil
 		list = append(list, ssl)
@@ -327,6 +332,35 @@ func (h *Handler) BatchDelete(c droplet.Context) (interface{}, error) {
 	return nil, nil
 }
 
+// validity allows unmarshaling the certificate validity date range
+type validity struct {
+	NotBefore, NotAfter int64
+}
+
+func x509CertValidity(crt string) (*validity, error) {
+	if crt == "" {
+		return nil, consts.ErrSSLCertificate
+	}
+
+	certDERBlock, _ := pem.Decode([]byte(crt))
+	if certDERBlock == nil {
+		return nil, consts.ErrSSLCertificateResolution
+	}
+
+	x509Cert, err := x509.ParseCertificate(certDERBlock.Bytes)
+
+	if err != nil {
+		return nil, consts.ErrSSLCertificateResolution
+	}
+
+	val := validity{}
+
+	val.NotBefore = x509Cert.NotBefore.Unix()
+	val.NotAfter = x509Cert.NotAfter.Unix()
+
+	return &val, nil
+}
+
 func ParseCert(crt, key string) (*entity.SSL, error) {
 	if crt == "" || key == "" {
 		return nil, consts.ErrSSLCertificate
@@ -383,8 +417,6 @@ func ParseCert(crt, key string) (*entity.SSL, error) {
 
 	ssl.Snis = snis
 	ssl.Key = key
-	ssl.ValidityStart = x509Cert.NotBefore.Unix()
-	ssl.ValidityEnd = x509Cert.NotAfter.Unix()
 	ssl.Cert = crt
 
 	return &ssl, nil
@@ -424,6 +456,12 @@ func (h *Handler) Validate(c droplet.Context) (interface{}, error) {
 		return nil, err
 	}
 
+	x509_validity, _ := x509CertValidity(input.Cert)
+	if x509_validity != nil {
+		ssl.ValidityStart = x509_validity.NotBefore
+		ssl.ValidityEnd = x509_validity.NotAfter
+	}
+
 	return ssl, nil
 }
 
diff --git a/api/internal/handler/ssl/ssl_test.go b/api/internal/handler/ssl/ssl_test.go
@@ -288,10 +288,8 @@ func TestSSL_Create(t *testing.T) {
 					"env":     "production",
 					"version": "v2",
 				},
-				Snis:          []string{"test2.com", "*.test2.com"},
-				ValidityStart: 1586038672,
-				ValidityEnd:   4739638672,
-				Status:        1,
+				Snis:   []string{"test2.com", "*.test2.com"},
+				Status: 1,
 			},
 			wantInput: &entity.SSL{
 				BaseInfo: entity.BaseInfo{
@@ -304,10 +302,8 @@ func TestSSL_Create(t *testing.T) {
 					"env":     "production",
 					"version": "v2",
 				},
-				Snis:          []string{"test2.com", "*.test2.com"},
-				ValidityStart: 1586038672,
-				ValidityEnd:   4739638672,
-				Status:        1,
+				Snis:   []string{"test2.com", "*.test2.com"},
+				Status: 1,
 			},
 			wantRet: &entity.SSL{
 				BaseInfo: entity.BaseInfo{
@@ -320,10 +316,8 @@ func TestSSL_Create(t *testing.T) {
 					"env":     "production",
 					"version": "v2",
 				},
-				Snis:          []string{"test2.com", "*.test2.com"},
-				ValidityStart: 1586038672,
-				ValidityEnd:   4739638672,
-				Status:        1,
+				Snis:   []string{"test2.com", "*.test2.com"},
+				Status: 1,
 			},
 			wantErr: nil,
 		},
@@ -348,10 +342,8 @@ func TestSSL_Create(t *testing.T) {
 					"env":     "production",
 					"version": "v2",
 				},
-				Snis:          []string{"test2.com", "*.test2.com"},
-				ValidityStart: 1586038672,
-				ValidityEnd:   4739638672,
-				Status:        1,
+				Snis:   []string{"test2.com", "*.test2.com"},
+				Status: 1,
 			},
 			wantErr: fmt.Errorf("create failed"),
 			wantRet: handler.SpecCodeResponse(fmt.Errorf("create failed")),
@@ -419,10 +411,8 @@ func TestSSL_Update(t *testing.T) {
 					"env":     "production",
 					"version": "v2",
 				},
-				Snis:          []string{"test2.com", "*.test2.com"},
-				ValidityStart: 1586038672,
-				ValidityEnd:   4739638672,
-				Status:        1,
+				Snis:   []string{"test2.com", "*.test2.com"},
+				Status: 1,
 			},
 			wantInput: &entity.SSL{
 				BaseInfo: entity.BaseInfo{
@@ -435,10 +425,8 @@ func TestSSL_Update(t *testing.T) {
 					"env":     "production",
 					"version": "v2",
 				},
-				Snis:          []string{"test2.com", "*.test2.com"},
-				ValidityStart: 1586038672,
-				ValidityEnd:   4739638672,
-				Status:        1,
+				Snis:   []string{"test2.com", "*.test2.com"},
+				Status: 1,
 			},
 			wantRet: &entity.SSL{
 				BaseInfo: entity.BaseInfo{
@@ -451,10 +439,8 @@ func TestSSL_Update(t *testing.T) {
 					"env":     "production",
 					"version": "v2",
 				},
-				Snis:          []string{"test2.com", "*.test2.com"},
-				ValidityStart: 1586038672,
-				ValidityEnd:   4739638672,
-				Status:        1,
+				Snis:   []string{"test2.com", "*.test2.com"},
+				Status: 1,
 			},
 		},
 		{
@@ -561,10 +547,8 @@ func TestSSL_Patch(t *testing.T) {
 					"env":     "production",
 					"version": "v2",
 				},
-				Snis:          []string{"test2.com", "*.test2.com"},
-				ValidityStart: 1586038672,
-				ValidityEnd:   4739638672,
-				Status:        1,
+				Snis:   []string{"test2.com", "*.test2.com"},
+				Status: 1,
 			},
 			giveInput: &PatchInput{
 				ID:      "ssl1",
@@ -597,10 +581,8 @@ func TestSSL_Patch(t *testing.T) {
 					"env":     "production",
 					"version": "v2",
 				},
-				Snis:          []string{"test2.com", "*.test2.com"},
-				ValidityStart: 1586038672,
-				ValidityEnd:   4739638672,
-				Status:        1,
+				Snis:   []string{"test2.com", "*.test2.com"},
+				Status: 1,
 			},
 			getCalled: true,
 		},
@@ -622,10 +604,8 @@ func TestSSL_Patch(t *testing.T) {
 					"env":     "production",
 					"version": "v2",
 				},
-				Snis:          []string{"test2.com", "*.test2.com"},
-				ValidityStart: 1586038672,
-				ValidityEnd:   4739638672,
-				Status:        1,
+				Snis:   []string{"test2.com", "*.test2.com"},
+				Status: 1,
 			},
 			wantInput: &entity.SSL{
 				BaseInfo: entity.BaseInfo{
@@ -653,10 +633,8 @@ func TestSSL_Patch(t *testing.T) {
 					"env":     "production",
 					"version": "v2",
 				},
-				Snis:          []string{"test2.com", "*.test2.com"},
-				ValidityStart: 1586038672,
-				ValidityEnd:   4739638672,
-				Status:        1,
+				Snis:   []string{"test2.com", "*.test2.com"},
+				Status: 1,
 			},
 			getCalled: true,
 		},
