refactor: clean code

2025-10-04 21:44:54 +00:00 · 2025-01-05 00:08:12 +08:00
parent 3b9a7fe805
commit 61843a4997
69 changed files with 972 additions and 839 deletions
--- a/internal/applicant/acmehttpreq.go
+++ b/internal/applicant/acmehttpreq.go
@@ -1,43 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"net/url"
-	"time"
-
-	"github.com/go-acme/lego/v4/providers/dns/httpreq"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type acmeHttpReqApplicant struct {
-	option *ApplyOption
-}
-
-func NewACMEHttpReqApplicant(option *ApplyOption) Applicant {
-	return &acmeHttpReqApplicant{
-		option: option,
-	}
-}
-
-func (a *acmeHttpReqApplicant) Apply() (*Certificate, error) {
-	access := &domain.ACMEHttpReqAccessConfig{}
-	json.Unmarshal([]byte(a.option.AccessConfig), access)
-
-	config := httpreq.NewDefaultConfig()
-	endpoint, _ := url.Parse(access.Endpoint)
-	config.Endpoint = endpoint
-	config.Mode = access.Mode
-	config.Username = access.Username
-	config.Password = access.Password
-	if a.option.PropagationTimeout != 0 {
-		config.PropagationTimeout = time.Duration(a.option.PropagationTimeout) * time.Second
-	}
-
-	provider, err := httpreq.NewDNSProviderConfig(config)
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(a.option, provider)
-}
--- a/internal/applicant/aliyun.go
+++ b/internal/applicant/aliyun.go
@@ -1,39 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/go-acme/lego/v4/providers/dns/alidns"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type aliyunApplicant struct {
-	option *ApplyOption
-}
-
-func NewAliyunApplicant(option *ApplyOption) Applicant {
-	return &aliyunApplicant{
-		option: option,
-	}
-}
-
-func (a *aliyunApplicant) Apply() (*Certificate, error) {
-	access := &domain.AliyunAccessConfig{}
-	json.Unmarshal([]byte(a.option.AccessConfig), access)
-
-	config := alidns.NewDefaultConfig()
-	config.APIKey = access.AccessKeyId
-	config.SecretKey = access.AccessKeySecret
-	if a.option.PropagationTimeout != 0 {
-		config.PropagationTimeout = time.Duration(a.option.PropagationTimeout) * time.Second
-	}
-
-	provider, err := alidns.NewDNSProviderConfig(config)
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(a.option, provider)
-}
--- a/internal/applicant/applicant.go
+++ b/internal/applicant/applicant.go
@@ -50,10 +50,10 @@ type Certificate struct {
 	PrivateKey        string `json:"privateKey"`
 	Certificate       string `json:"certificate"`
 	IssuerCertificate string `json:"issuerCertificate"`
-	Csr               string `json:"csr"`
+	CSR               string `json:"csr"`
 }

-type ApplyOption struct {
+type applyConfig struct {
 	Domains            string `json:"domains"`
 	ContactEmail       string `json:"contactEmail"`
 	AccessConfig       string `json:"accessConfig"`
@@ -63,65 +63,79 @@ type ApplyOption struct {
 	DisableFollowCNAME bool   `json:"disableFollowCNAME"`
 }

-type ApplyUser struct {
-	Ca           string
+type applyUser struct {
+	CA           string
 	Email        string
 	Registration *registration.Resource
-	key          string
+
+	privkey string
 }

-func newApplyUser(ca, email string) (*ApplyUser, error) {
+func newApplyUser(ca, email string) (*applyUser, error) {
 	repo := getAcmeAccountRepository()
-	rs := &ApplyUser{
-		Ca:    ca,
+
+	applyUser := &applyUser{
+		CA:    ca,
 		Email: email,
 	}
-	resp, err := repo.GetByCAAndEmail(ca, email)
-	if err != nil {
-		privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
-		if err != nil {
-			return nil, err
-		}
-		keyStr, err := x509.ConvertECPrivateKeyToPEM(privateKey)
-		if err != nil {
-			return nil, err
-		}
-		rs.key = keyStr

-		return rs, nil
+	acmeAccount, err := repo.GetByCAAndEmail(ca, email)
+	if err != nil {
+		key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
+		if err != nil {
+			return nil, err
+		}
+
+		keyStr, err := x509.ConvertECPrivateKeyToPEM(key)
+		if err != nil {
+			return nil, err
+		}
+
+		applyUser.privkey = keyStr
+		return applyUser, nil
 	}

-	rs.Registration = resp.Resource
-	rs.key = resp.Key
+	applyUser.Registration = acmeAccount.Resource
+	applyUser.privkey = acmeAccount.Key

-	return rs, nil
+	return applyUser, nil
 }

-func (u *ApplyUser) GetEmail() string {
+func (u *applyUser) GetEmail() string {
 	return u.Email
 }

-func (u ApplyUser) GetRegistration() *registration.Resource {
+func (u applyUser) GetRegistration() *registration.Resource {
 	return u.Registration
 }

-func (u *ApplyUser) GetPrivateKey() crypto.PrivateKey {
-	rs, _ := x509.ParseECPrivateKeyFromPEM(u.key)
+func (u *applyUser) GetPrivateKey() crypto.PrivateKey {
+	rs, _ := x509.ParseECPrivateKeyFromPEM(u.privkey)
 	return rs
 }

-func (u *ApplyUser) hasRegistration() bool {
+func (u *applyUser) hasRegistration() bool {
 	return u.Registration != nil
 }

-func (u *ApplyUser) getPrivateKeyString() string {
-	return u.key
+func (u *applyUser) getPrivateKeyString() string {
+	return u.privkey
 }

 type Applicant interface {
 	Apply() (*Certificate, error)
 }

+// TODO: 暂时使用代理模式以兼容之前版本代码，后续重新实现此处逻辑
+type proxyApplicant struct {
+	applyConfig *applyConfig
+	applicant   challenge.Provider
+}
+
+func (d *proxyApplicant) Apply() (*Certificate, error) {
+	return apply(d.applyConfig, d.applicant)
+}
+
 func GetWithApplyNode(node *domain.WorkflowNode) (Applicant, error) {
 	// 获取授权配置
 	accessRepo := repository.NewAccessRepository()
@@ -131,7 +145,7 @@ func GetWithApplyNode(node *domain.WorkflowNode) (Applicant, error) {
 		return nil, fmt.Errorf("access record not found: %w", err)
 	}

-	applyConfig := &ApplyOption{
+	applyConfig := &applyConfig{
 		Domains:            node.GetConfigString("domains"),
 		ContactEmail:       node.GetConfigString("contactEmail"),
 		AccessConfig:       access.Config,
@@ -141,40 +155,15 @@ func GetWithApplyNode(node *domain.WorkflowNode) (Applicant, error) {
 		DisableFollowCNAME: node.GetConfigBool("disableFollowCNAME"),
 	}

-	return GetWithTypeOption(domain.AccessProviderType(access.Provider), applyConfig)
-}
-
-func GetWithTypeOption(provider domain.AccessProviderType, option *ApplyOption) (Applicant, error) {
-	/*
-	  注意：如果追加新的常量值，请保持以 ASCII 排序。
-	  NOTICE: If you add new constant, please keep ASCII order.
-	*/
-	switch provider {
-	case domain.ACCESS_PROVIDER_ACMEHTTPREQ:
-		return NewACMEHttpReqApplicant(option), nil
-	case domain.ACCESS_PROVIDER_ALIYUN:
-		return NewAliyunApplicant(option), nil
-	case domain.ACCESS_PROVIDER_AWS:
-		return NewAWSApplicant(option), nil
-	case domain.ACCESS_PROVIDER_CLOUDFLARE:
-		return NewCloudflareApplicant(option), nil
-	case domain.ACCESS_PROVIDER_GODADDY:
-		return NewGoDaddyApplicant(option), nil
-	case domain.ACCESS_PROVIDER_HUAWEICLOUD:
-		return NewHuaweiCloudApplicant(option), nil
-	case domain.ACCESS_PROVIDER_NAMEDOTCOM:
-		return NewNameDotComApplicant(option), nil
-	case domain.ACCESS_PROVIDER_NAMESILO:
-		return NewNamesiloApplicant(option), nil
-	case domain.ACCESS_PROVIDER_POWERDNS:
-		return NewPowerDNSApplicant(option), nil
-	case domain.ACCESS_PROVIDER_TENCENTCLOUD:
-		return NewTencentCloudApplicant(option), nil
-	case domain.ACCESS_PROVIDER_VOLCENGINE:
-		return NewVolcEngineApplicant(option), nil
-	default:
-		return nil, fmt.Errorf("unsupported applicant provider type: %s", provider)
+	challengeProvider, err := createChallengeProvider(domain.AccessProviderType(access.Provider), access.Config, applyConfig)
+	if err != nil {
+		return nil, err
 	}
+
+	return &proxyApplicant{
+		applyConfig: applyConfig,
+		applicant:   challengeProvider,
+	}, nil
 }

 type SSLProviderConfig struct {
@@ -192,7 +181,7 @@ type SSLProviderEab struct {
 	EabKid     string `json:"eabKid"`
 }

-func apply(option *ApplyOption, provider challenge.Provider) (*Certificate, error) {
+func apply(option *applyConfig, provider challenge.Provider) (*Certificate, error) {
 	record, _ := app.GetApp().Dao().FindFirstRecordByFilter("settings", "name='sslProvider'")

 	sslProvider := &SSLProviderConfig{
@@ -259,7 +248,7 @@ func apply(option *ApplyOption, provider challenge.Provider) (*Certificate, erro
 		PrivateKey:        string(certificates.PrivateKey),
 		Certificate:       string(certificates.Certificate),
 		IssuerCertificate: string(certificates.IssuerCertificate),
-		Csr:               string(certificates.CSR),
+		CSR:               string(certificates.CSR),
 	}, nil
 }

@@ -272,7 +261,9 @@ func getAcmeAccountRepository() AcmeAccountRepository {
 	return repository.NewAcmeAccountRepository()
 }

-func getReg(client *lego.Client, sslProvider *SSLProviderConfig, user *ApplyUser) (*registration.Resource, error) {
+func getReg(client *lego.Client, sslProvider *SSLProviderConfig, user *applyUser) (*registration.Resource, error) {
+	// TODO: fix 潜在的并发问题
+
 	var reg *registration.Resource
 	var err error
 	switch sslProvider.Provider {
@@ -304,7 +295,7 @@ func getReg(client *lego.Client, sslProvider *SSLProviderConfig, user *ApplyUser

 	resp, err := repo.GetByCAAndEmail(sslProvider.Provider, user.GetEmail())
 	if err == nil {
-		user.key = resp.Key
+		user.privkey = resp.Key
 		return resp.Resource, nil
 	}

--- a/internal/applicant/aws.go
+++ b/internal/applicant/aws.go
@@ -1,41 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/go-acme/lego/v4/providers/dns/route53"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type awsApplicant struct {
-	option *ApplyOption
-}
-
-func NewAWSApplicant(option *ApplyOption) Applicant {
-	return &awsApplicant{
-		option: option,
-	}
-}
-
-func (a *awsApplicant) Apply() (*Certificate, error) {
-	access := &domain.AWSAccessConfig{}
-	json.Unmarshal([]byte(a.option.AccessConfig), access)
-
-	config := route53.NewDefaultConfig()
-	config.AccessKeyID = access.AccessKeyId
-	config.SecretAccessKey = access.SecretAccessKey
-	config.Region = access.Region
-	config.HostedZoneID = access.HostedZoneId
-	if a.option.PropagationTimeout != 0 {
-		config.PropagationTimeout = time.Duration(a.option.PropagationTimeout) * time.Second
-	}
-
-	provider, err := route53.NewDNSProviderConfig(config)
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(a.option, provider)
-}
--- a/internal/applicant/cloudflare.go
+++ b/internal/applicant/cloudflare.go
@@ -1,38 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/go-acme/lego/v4/providers/dns/cloudflare"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type cloudflareApplicant struct {
-	option *ApplyOption
-}
-
-func NewCloudflareApplicant(option *ApplyOption) Applicant {
-	return &cloudflareApplicant{
-		option: option,
-	}
-}
-
-func (a *cloudflareApplicant) Apply() (*Certificate, error) {
-	access := &domain.CloudflareAccessConfig{}
-	json.Unmarshal([]byte(a.option.AccessConfig), access)
-
-	config := cloudflare.NewDefaultConfig()
-	config.AuthToken = access.DnsApiToken
-	if a.option.PropagationTimeout != 0 {
-		config.PropagationTimeout = time.Duration(a.option.PropagationTimeout) * time.Second
-	}
-
-	provider, err := cloudflare.NewDNSProviderConfig(config)
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(a.option, provider)
-}
--- a/internal/applicant/godaddy.go
+++ b/internal/applicant/godaddy.go
@@ -1,39 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/go-acme/lego/v4/providers/dns/godaddy"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type godaddyApplicant struct {
-	option *ApplyOption
-}
-
-func NewGoDaddyApplicant(option *ApplyOption) Applicant {
-	return &godaddyApplicant{
-		option: option,
-	}
-}
-
-func (a *godaddyApplicant) Apply() (*Certificate, error) {
-	access := &domain.GoDaddyAccessConfig{}
-	json.Unmarshal([]byte(a.option.AccessConfig), access)
-
-	config := godaddy.NewDefaultConfig()
-	config.APIKey = access.ApiKey
-	config.APISecret = access.ApiSecret
-	if a.option.PropagationTimeout != 0 {
-		config.PropagationTimeout = time.Duration(a.option.PropagationTimeout) * time.Second
-	}
-
-	provider, err := godaddy.NewDNSProviderConfig(config)
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(a.option, provider)
-}
--- a/internal/applicant/huaweicloud.go
+++ b/internal/applicant/huaweicloud.go
@@ -1,46 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"time"
-
-	huaweicloud "github.com/go-acme/lego/v4/providers/dns/huaweicloud"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type huaweicloudApplicant struct {
-	option *ApplyOption
-}
-
-func NewHuaweiCloudApplicant(option *ApplyOption) Applicant {
-	return &huaweicloudApplicant{
-		option: option,
-	}
-}
-
-func (a *huaweicloudApplicant) Apply() (*Certificate, error) {
-	access := &domain.HuaweiCloudAccessConfig{}
-	json.Unmarshal([]byte(a.option.AccessConfig), access)
-
-	region := access.Region
-	if region == "" {
-		// 华为云的 SDK 要求必须传一个区域，实际上 DNS-01 流程里用不到，但不传会报错
-		region = "cn-north-1"
-	}
-
-	config := huaweicloud.NewDefaultConfig()
-	config.AccessKeyID = access.AccessKeyId
-	config.SecretAccessKey = access.SecretAccessKey
-	config.Region = region
-	if a.option.PropagationTimeout != 0 {
-		config.PropagationTimeout = time.Duration(a.option.PropagationTimeout) * time.Second
-	}
-
-	provider, err := huaweicloud.NewDNSProviderConfig(config)
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(a.option, provider)
-}
--- a/internal/applicant/namedotcom.go
+++ b/internal/applicant/namedotcom.go
@@ -1,38 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/go-acme/lego/v4/providers/dns/namedotcom"
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type nameDotComApplicant struct {
-	option *ApplyOption
-}
-
-func NewNameDotComApplicant(option *ApplyOption) Applicant {
-	return &nameDotComApplicant{
-		option: option,
-	}
-}
-
-func (a *nameDotComApplicant) Apply() (*Certificate, error) {
-	access := &domain.NameDotComAccessConfig{}
-	json.Unmarshal([]byte(a.option.AccessConfig), access)
-
-	config := namedotcom.NewDefaultConfig()
-	config.Username = access.Username
-	config.APIToken = access.ApiToken
-	if a.option.PropagationTimeout != 0 {
-		config.PropagationTimeout = time.Duration(a.option.PropagationTimeout) * time.Second
-	}
-
-	provider, err := namedotcom.NewDNSProviderConfig(config)
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(a.option, provider)
-}
--- a/internal/applicant/namesilo.go
+++ b/internal/applicant/namesilo.go
@@ -1,38 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"time"
-
-	namesilo "github.com/go-acme/lego/v4/providers/dns/namesilo"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type namesiloApplicant struct {
-	option *ApplyOption
-}
-
-func NewNamesiloApplicant(option *ApplyOption) Applicant {
-	return &namesiloApplicant{
-		option: option,
-	}
-}
-
-func (a *namesiloApplicant) Apply() (*Certificate, error) {
-	access := &domain.NameSiloAccessConfig{}
-	json.Unmarshal([]byte(a.option.AccessConfig), access)
-
-	config := namesilo.NewDefaultConfig()
-	config.APIKey = access.ApiKey
-	if a.option.PropagationTimeout != 0 {
-		config.PropagationTimeout = time.Duration(a.option.PropagationTimeout) * time.Second
-	}
-
-	provider, err := namesilo.NewDNSProviderConfig(config)
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(a.option, provider)
-}
--- a/internal/applicant/powerdns.go
+++ b/internal/applicant/powerdns.go
@@ -1,41 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"net/url"
-	"time"
-
-	"github.com/go-acme/lego/v4/providers/dns/pdns"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type powerdnsApplicant struct {
-	option *ApplyOption
-}
-
-func NewPowerDNSApplicant(option *ApplyOption) Applicant {
-	return &powerdnsApplicant{
-		option: option,
-	}
-}
-
-func (a *powerdnsApplicant) Apply() (*Certificate, error) {
-	access := &domain.PowerDNSAccessConfig{}
-	json.Unmarshal([]byte(a.option.AccessConfig), access)
-
-	config := pdns.NewDefaultConfig()
-	host, _ := url.Parse(access.ApiUrl)
-	config.Host = host
-	config.APIKey = access.ApiKey
-	if a.option.PropagationTimeout != 0 {
-		config.PropagationTimeout = time.Duration(a.option.PropagationTimeout) * time.Second
-	}
-
-	provider, err := pdns.NewDNSProviderConfig(config)
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(a.option, provider)
-}
--- a/internal/applicant/providers.go
+++ b/internal/applicant/providers.go
@@ -0,0 +1,199 @@
+package applicant
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/go-acme/lego/v4/challenge"
+
+	"github.com/usual2970/certimate/internal/domain"
+	providerACMEHttpReq "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/acmehttpreq"
+	providerAliyun "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/aliyun"
+	providerAWS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/aws"
+	providerCloudflare "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/cloudflare"
+	providerGoDaddy "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/godaddy"
+	providerHuaweiCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/huaweicloud"
+	providerNameDotCom "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/namedotcom"
+	providerNameSilo "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/namesilo"
+	providerPowerDNS "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/powerdns"
+	providerTencentCloud "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/tencentcloud"
+	providerVolcEngine "github.com/usual2970/certimate/internal/pkg/core/applicant/acme-dns-01/lego-providers/volcengine"
+)
+
+func createChallengeProvider(provider domain.AccessProviderType, accessConfig string, applyConfig *applyConfig) (challenge.Provider, error) {
+	/*
+	  注意：如果追加新的常量值，请保持以 ASCII 排序。
+	  NOTICE: If you add new constant, please keep ASCII order.
+	*/
+	switch provider {
+	case domain.AccessProviderTypeACMEHttpReq:
+		{
+			access := &domain.AccessConfigForACMEHttpReq{}
+			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
+				return nil, fmt.Errorf("failed to unmarshal access config: %w", err)
+			}
+
+			applicant, err := providerACMEHttpReq.NewChallengeProvider(&providerACMEHttpReq.ACMEHttpReqApplicantConfig{
+				Endpoint:           access.Endpoint,
+				Mode:               access.Mode,
+				Username:           access.Username,
+				Password:           access.Password,
+				PropagationTimeout: applyConfig.PropagationTimeout,
+			})
+			return applicant, err
+		}
+
+	case domain.AccessProviderTypeAliyun:
+		{
+			access := &domain.AccessConfigForAliyun{}
+			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
+				return nil, fmt.Errorf("failed to unmarshal access config: %w", err)
+			}
+
+			applicant, err := providerAliyun.NewChallengeProvider(&providerAliyun.AliyunApplicantConfig{
+				AccessKeyId:        access.AccessKeyId,
+				AccessKeySecret:    access.AccessKeySecret,
+				PropagationTimeout: applyConfig.PropagationTimeout,
+			})
+			return applicant, err
+		}
+
+	case domain.AccessProviderTypeAWS:
+		{
+			access := &domain.AccessConfigForAWS{}
+			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
+				return nil, fmt.Errorf("failed to unmarshal access config: %w", err)
+			}
+
+			applicant, err := providerAWS.NewChallengeProvider(&providerAWS.AWSApplicantConfig{
+				AccessKeyId:        access.AccessKeyId,
+				SecretAccessKey:    access.SecretAccessKey,
+				Region:             access.Region,
+				HostedZoneId:       access.HostedZoneId,
+				PropagationTimeout: applyConfig.PropagationTimeout,
+			})
+			return applicant, err
+		}
+
+	case domain.AccessProviderTypeCloudflare:
+		{
+			access := &domain.AccessConfigForCloudflare{}
+			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
+				return nil, fmt.Errorf("failed to unmarshal access config: %w", err)
+			}
+
+			applicant, err := providerCloudflare.NewChallengeProvider(&providerCloudflare.CloudflareApplicantConfig{
+				DnsApiToken:        access.DnsApiToken,
+				PropagationTimeout: applyConfig.PropagationTimeout,
+			})
+			return applicant, err
+		}
+
+	case domain.AccessProviderTypeGoDaddy:
+		{
+			access := &domain.AccessConfigForGoDaddy{}
+			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
+				return nil, fmt.Errorf("failed to unmarshal access config: %w", err)
+			}
+
+			applicant, err := providerGoDaddy.NewChallengeProvider(&providerGoDaddy.GoDaddyApplicantConfig{
+				ApiKey:             access.ApiKey,
+				ApiSecret:          access.ApiSecret,
+				PropagationTimeout: applyConfig.PropagationTimeout,
+			})
+			return applicant, err
+		}
+
+	case domain.AccessProviderTypeHuaweiCloud:
+		{
+			access := &domain.AccessConfigForHuaweiCloud{}
+			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
+				return nil, fmt.Errorf("failed to unmarshal access config: %w", err)
+			}
+
+			applicant, err := providerHuaweiCloud.NewChallengeProvider(&providerHuaweiCloud.HuaweiCloudApplicantConfig{
+				AccessKeyId:        access.AccessKeyId,
+				SecretAccessKey:    access.SecretAccessKey,
+				Region:             access.Region,
+				PropagationTimeout: applyConfig.PropagationTimeout,
+			})
+			return applicant, err
+		}
+
+	case domain.AccessProviderTypeNameDotCom:
+		{
+			access := &domain.AccessConfigForNameDotCom{}
+			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
+				return nil, fmt.Errorf("failed to unmarshal access config: %w", err)
+			}
+
+			applicant, err := providerNameDotCom.NewChallengeProvider(&providerNameDotCom.NameDotComApplicantConfig{
+				Username:           access.Username,
+				ApiToken:           access.ApiToken,
+				PropagationTimeout: applyConfig.PropagationTimeout,
+			})
+			return applicant, err
+		}
+
+	case domain.AccessProviderTypeNameSilo:
+		{
+			access := &domain.AccessConfigForNameSilo{}
+			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
+				return nil, fmt.Errorf("failed to unmarshal access config: %w", err)
+			}
+
+			applicant, err := providerNameSilo.NewChallengeProvider(&providerNameSilo.NameSiloApplicantConfig{
+				ApiKey:             access.ApiKey,
+				PropagationTimeout: applyConfig.PropagationTimeout,
+			})
+			return applicant, err
+		}
+
+	case domain.AccessProviderTypePowerDNS:
+		{
+			access := &domain.AccessConfigForPowerDNS{}
+			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
+				return nil, fmt.Errorf("failed to unmarshal access config: %w", err)
+			}
+
+			applicant, err := providerPowerDNS.NewChallengeProvider(&providerPowerDNS.PowerDNSApplicantConfig{
+				ApiUrl:             access.ApiUrl,
+				ApiKey:             access.ApiKey,
+				PropagationTimeout: applyConfig.PropagationTimeout,
+			})
+			return applicant, err
+		}
+
+	case domain.AccessProviderTypeTencentCloud:
+		{
+			access := &domain.AccessConfigForTencentCloud{}
+			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
+				return nil, fmt.Errorf("failed to unmarshal access config: %w", err)
+			}
+
+			applicant, err := providerTencentCloud.NewChallengeProvider(&providerTencentCloud.TencentCloudApplicantConfig{
+				SecretId:           access.SecretId,
+				SecretKey:          access.SecretKey,
+				PropagationTimeout: applyConfig.PropagationTimeout,
+			})
+			return applicant, err
+		}
+
+	case domain.AccessProviderTypeVolcEngine:
+		{
+			access := &domain.AccessConfigForVolcEngine{}
+			if err := json.Unmarshal([]byte(accessConfig), access); err != nil {
+				return nil, fmt.Errorf("failed to unmarshal access config: %w", err)
+			}
+
+			applicant, err := providerVolcEngine.NewChallengeProvider(&providerVolcEngine.VolcEngineApplicantConfig{
+				AccessKeyId:        access.AccessKeyId,
+				SecretAccessKey:    access.SecretAccessKey,
+				PropagationTimeout: applyConfig.PropagationTimeout,
+			})
+			return applicant, err
+		}
+	}
+
+	return nil, fmt.Errorf("unsupported applicant provider: %s", provider)
+}
--- a/internal/applicant/tencentcloud.go
+++ b/internal/applicant/tencentcloud.go
@@ -1,39 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/go-acme/lego/v4/providers/dns/tencentcloud"
-
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type tencentcloudApplicant struct {
-	option *ApplyOption
-}
-
-func NewTencentCloudApplicant(option *ApplyOption) Applicant {
-	return &tencentcloudApplicant{
-		option: option,
-	}
-}
-
-func (a *tencentcloudApplicant) Apply() (*Certificate, error) {
-	access := &domain.TencentCloudAccessConfig{}
-	json.Unmarshal([]byte(a.option.AccessConfig), access)
-
-	config := tencentcloud.NewDefaultConfig()
-	config.SecretID = access.SecretId
-	config.SecretKey = access.SecretKey
-	if a.option.PropagationTimeout != 0 {
-		config.PropagationTimeout = time.Duration(a.option.PropagationTimeout) * time.Second
-	}
-
-	provider, err := tencentcloud.NewDNSProviderConfig(config)
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(a.option, provider)
-}
--- a/internal/applicant/volcengine.go
+++ b/internal/applicant/volcengine.go
@@ -1,38 +0,0 @@
-package applicant
-
-import (
-	"encoding/json"
-	"time"
-
-	"github.com/go-acme/lego/v4/providers/dns/volcengine"
-	"github.com/usual2970/certimate/internal/domain"
-)
-
-type volcengineApplicant struct {
-	option *ApplyOption
-}
-
-func NewVolcEngineApplicant(option *ApplyOption) Applicant {
-	return &volcengineApplicant{
-		option: option,
-	}
-}
-
-func (a *volcengineApplicant) Apply() (*Certificate, error) {
-	access := &domain.VolcEngineAccessConfig{}
-	json.Unmarshal([]byte(a.option.AccessConfig), access)
-
-	config := volcengine.NewDefaultConfig()
-	config.AccessKey = access.AccessKeyId
-	config.SecretKey = access.SecretAccessKey
-	if a.option.PropagationTimeout != 0 {
-		config.PropagationTimeout = time.Duration(a.option.PropagationTimeout) * time.Second
-	}
-
-	provider, err := volcengine.NewDNSProviderConfig(config)
-	if err != nil {
-		return nil, err
-	}
-
-	return apply(a.option, provider)
-}