feat: add deployer BytePlus CDN

internal/deployer/byteplus_cdn.go

@@ -0,0 +1,116 @@
+package deployer
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	bytepluscdn "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/byteplus-cdn"
+
+	"github.com/byteplus-sdk/byteplus-sdk-golang/service/cdn"
+	xerrors "github.com/pkg/errors"
+	"github.com/usual2970/certimate/internal/domain"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+)
+
+type ByteplusCDNDeployer struct {
+	option      *DeployerOption
+	infos       []string
+	sdkClient   *cdn.CDN
+	sslUploader uploader.Uploader
+}
+
+func NewByteplusCDNDeployer(option *DeployerOption) (Deployer, error) {
+	access := &domain.ByteplusAccess{}
+	if err := json.Unmarshal([]byte(option.Access), access); err != nil {
+		return nil, xerrors.Wrap(err, "failed to get access")
+	}
+	client := cdn.NewInstance()
+	client.Client.SetAccessKey(access.AccessKey)
+	client.Client.SetSecretKey(access.SecretKey)
+	uploader, err := bytepluscdn.New(&bytepluscdn.ByteplusCDNUploaderConfig{
+		AccessKey: access.AccessKey,
+		SecretKey: access.SecretKey,
+	})
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to create ssl uploader")
+	}
+	return &ByteplusCDNDeployer{
+		option:      option,
+		infos:       make([]string, 0),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *ByteplusCDNDeployer) GetID() string {
+	return fmt.Sprintf("%s-%s", d.option.AccessRecord.GetString("name"), d.option.AccessRecord.Id)
+}
+
+func (d *ByteplusCDNDeployer) GetInfos() []string {
+	return d.infos
+}
+
+func (d *ByteplusCDNDeployer) Deploy(ctx context.Context) error {
+	apiCtx := context.Background()
+	// 上传证书
+	upres, err := d.sslUploader.Upload(apiCtx, d.option.Certificate.Certificate, d.option.Certificate.PrivateKey)
+	if err != nil {
+		return err
+	}
+
+	d.infos = append(d.infos, toStr("已上传证书", upres))
+
+	domains := make([]string, 0)
+	configDomain := d.option.DeployConfig.GetConfigAsString("domain")
+	if strings.HasPrefix(configDomain, "*.") {
+		// 获取证书可以部署的域名
+		// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-describecertconfig-9ea17
+		describeCertConfigReq := &cdn.DescribeCertConfigRequest{
+			CertId: upres.CertId,
+		}
+		describeCertConfigResp, err := d.sdkClient.DescribeCertConfig(describeCertConfigReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.DescribeCertConfig'")
+		}
+		for i := range describeCertConfigResp.Result.CertNotConfig {
+			// 当前未启用 HTTPS 的加速域名列表。
+			domains = append(domains, describeCertConfigResp.Result.CertNotConfig[i].Domain)
+		}
+		for i := range describeCertConfigResp.Result.OtherCertConfig {
+			// 已启用了 HTTPS 的加速域名列表。这些加速域名关联的证书不是您指定的证书。
+			domains = append(domains, describeCertConfigResp.Result.OtherCertConfig[i].Domain)
+		}
+		for i := range describeCertConfigResp.Result.SpecifiedCertConfig {
+			// 已启用了 HTTPS 的加速域名列表。这些加速域名关联了您指定的证书。
+			d.infos = append(d.infos, fmt.Sprintf("%s域名已配置该证书", describeCertConfigResp.Result.SpecifiedCertConfig[i].Domain))
+		}
+		if len(domains) == 0 {
+			if len(describeCertConfigResp.Result.SpecifiedCertConfig) > 0 {
+				// 所有匹配的域名都配置了该证书，跳过部署
+				return nil
+			} else {
+				return xerrors.Errorf("未查询到匹配的域名: %s", configDomain)
+			}
+		}
+	} else {
+		domains = append(domains, configDomain)
+	}
+	// 部署证书
+	// REF: https://www.volcengine.com/docs/6454/125712
+	for i := range domains {
+		batchDeployCertReq := &cdn.BatchDeployCertRequest{
+			CertId: upres.CertId,
+			Domain: domains[i],
+		}
+		batchDeployCertResp, err := d.sdkClient.BatchDeployCert(batchDeployCertReq)
+		if err != nil {
+			return xerrors.Wrap(err, "failed to execute sdk request 'cdn.BatchDeployCert'")
+		} else {
+			d.infos = append(d.infos, toStr(fmt.Sprintf("%s域名的证书已修改", domains[i]), batchDeployCertResp))
+		}
+	}
+
+	return nil
+}

internal/deployer/deployer.go

@@ -42,6 +42,7 @@ const (
 	targetK8sSecret      = "k8s-secret"
 	targetVolcengineLive = "volcengine-live"
 	targetVolcengineCDN  = "volcengine-cdn"
+	targetByteplusCDN    = "byteplus-cdn"
 )
 
 type DeployerOption struct {
@@ -156,6 +157,8 @@ func getWithDeployConfig(record *models.Record, cert *applicant.Certificate, dep
 		return NewVolcengineLiveDeployer(option)
 	case targetVolcengineCDN:
 		return NewVolcengineCDNDeployer(option)
+	case targetByteplusCDN:
+		return NewByteplusCDNDeployer(option)
 	}
 	return nil, errors.New("unsupported deploy target")
 }

internal/domain/access.go

@@ -5,6 +5,11 @@ type AliyunAccess struct {
 	AccessKeySecret string `json:"accessKeySecret"`
 }
 
+type ByteplusAccess struct {
+	AccessKey string
+	SecretKey string
+}
+
 type TencentAccess struct {
 	SecretId  string `json:"secretId"`
 	SecretKey string `json:"secretKey"`

internal/pkg/core/uploader/providers/byteplus-cdn/byteplus_cdn.go

@@ -0,0 +1,111 @@
+package bytepluscdn
+
+import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/byteplus-sdk/byteplus-sdk-golang/service/cdn"
+	xerrors "github.com/pkg/errors"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	"github.com/usual2970/certimate/internal/pkg/utils/x509"
+)
+
+type ByteplusCDNUploaderConfig struct {
+	AccessKey string `json:"accessKey"`
+	SecretKey string `json:"secretKey"`
+}
+
+type ByteplusCDNUploader struct {
+	config    *ByteplusCDNUploaderConfig
+	sdkClient *cdn.CDN
+}
+
+var _ uploader.Uploader = (*ByteplusCDNUploader)(nil)
+
+func New(config *ByteplusCDNUploaderConfig) (*ByteplusCDNUploader, error) {
+	if config == nil {
+		return nil, errors.New("config is nil")
+	}
+
+	instance := cdn.NewInstance()
+	client := instance.Client
+	client.SetAccessKey(config.AccessKey)
+	client.SetSecretKey(config.SecretKey)
+
+	return &ByteplusCDNUploader{
+		config:    config,
+		sdkClient: instance,
+	}, nil
+}
+
+func (u *ByteplusCDNUploader) Upload(ctx context.Context, certPem string, privkeyPem string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := x509.ParseCertificateFromPEM(certPem)
+	if err != nil {
+		return nil, err
+	}
+	// 查询证书列表，避免重复上传
+	// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-listcertinfo
+	pageNum := int64(1)
+	pageSize := int64(100)
+	certSource := "cert_center"
+	listCertInfoReq := &cdn.ListCertInfoRequest{
+		PageNum:  &pageNum,
+		PageSize: &pageSize,
+		Source:   &certSource,
+	}
+	searchTotal := 0
+	for {
+		listCertInfoResp, err := u.sdkClient.ListCertInfo(listCertInfoReq)
+		if err != nil {
+			return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.ListCertInfo'")
+		}
+
+		if listCertInfoResp.Result.CertInfo != nil {
+			for _, certDetail := range listCertInfoResp.Result.CertInfo {
+				hash := sha256.Sum256(certX509.Raw)
+				isSameCert := strings.EqualFold(hex.EncodeToString(hash[:]), certDetail.CertFingerprint.Sha256)
+				// 如果已存在相同证书，直接返回已有的证书信息
+				if isSameCert {
+					return &uploader.UploadResult{
+						CertId:   certDetail.CertId,
+						CertName: certDetail.Desc,
+					}, nil
+				}
+			}
+		}
+
+		searchTotal += len(listCertInfoResp.Result.CertInfo)
+		if int(listCertInfoResp.Result.Total) > searchTotal {
+			pageNum++
+		} else {
+			break
+		}
+
+	}
+	var certId, certName string
+	certName = fmt.Sprintf("certimate-%d", time.Now().UnixMilli())
+	// 上传新证书
+	// REF: https://docs.byteplus.com/en/docs/byteplus-cdn/reference-addcertificate
+	addCertificateReq := &cdn.AddCertificateRequest{
+		Certificate: certPem,
+		PrivateKey:  privkeyPem,
+		Source:      &certSource,
+		Desc:        &certName,
+	}
+	addCertificateResp, err := u.sdkClient.AddCertificate(addCertificateReq)
+	if err != nil {
+		return nil, xerrors.Wrap(err, "failed to execute sdk request 'cdn.AddCertificate'")
+	}
+
+	certId = addCertificateResp.Result.CertId
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}