feat: new deployment provider: wangsu certificate management

internal/deployer/providers.go

@@ -87,6 +87,7 @@ import (
 	pVolcEngineLive "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/volcengine-live"
 	pVolcEngineTOS "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/volcengine-tos"
 	pWangsuCDNPro "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/wangsu-cdnpro"
+	pWangsuCertificate "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/wangsu-certificate"
 	pWebhook "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/webhook"
 	httputil "github.com/usual2970/certimate/internal/pkg/utils/http"
 	maputil "github.com/usual2970/certimate/internal/pkg/utils/map"
@@ -1205,7 +1206,7 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 			}
 		}
 
-	case domain.DeploymentProviderTypeWangsuCDNPro:
+	case domain.DeploymentProviderTypeWangsuCDNPro, domain.DeploymentProviderTypeWangsuCertificate:
 		{
 			access := domain.AccessConfigForWangsu{}
 			if err := maputil.Populate(options.ProviderAccessConfig, &access); err != nil {
@@ -1225,6 +1226,14 @@ func createDeployerProvider(options *deployerProviderOptions) (deployer.Deployer
 				})
 				return deployer, err
 
+			case domain.DeploymentProviderTypeWangsuCertificate:
+				deployer, err := pWangsuCertificate.NewDeployer(&pWangsuCertificate.DeployerConfig{
+					AccessKeyId:     access.AccessKeyId,
+					AccessKeySecret: access.AccessKeySecret,
+					CertificateId:   maputil.GetString(options.ProviderServiceConfig, "certificateId"),
+				})
+				return deployer, err
+
 			default:
 				break
 			}

internal/domain/provider.go

@@ -245,7 +245,7 @@ const (
 	DeploymentProviderTypeVolcEngineTOS         = DeploymentProviderType(AccessProviderTypeVolcEngine + "-tos")
 	DeploymentProviderTypeWangsuCDN             = DeploymentProviderType(AccessProviderTypeWangsu + "-cdn") // 网宿 CDN（预留）
 	DeploymentProviderTypeWangsuCDNPro          = DeploymentProviderType(AccessProviderTypeWangsu + "-cdnpro")
-	DeploymentProviderTypeWangsuCert            = DeploymentProviderType(AccessProviderTypeWangsu + "-cert") // 网宿证书管理（预留）
+	DeploymentProviderTypeWangsuCertificate     = DeploymentProviderType(AccessProviderTypeWangsu + "-certificate")
 	DeploymentProviderTypeWebhook               = DeploymentProviderType(AccessProviderTypeWebhook)
 )
 

internal/pkg/core/deployer/providers/wangsu-cdnpro/wangsu_cdnpro.go

@@ -17,7 +17,7 @@ import (
 	"time"
 
 	"github.com/usual2970/certimate/internal/pkg/core/deployer"
-	wangsucdn "github.com/usual2970/certimate/internal/pkg/sdk3rd/wangsu/cdn"
+	wangsucdn "github.com/usual2970/certimate/internal/pkg/sdk3rd/wangsu/cdnpro"
 	certutil "github.com/usual2970/certimate/internal/pkg/utils/cert"
 	typeutil "github.com/usual2970/certimate/internal/pkg/utils/type"
 )

internal/pkg/core/deployer/providers/wangsu-certificate/wangsu_certificate.go

@@ -0,0 +1,109 @@
+package wangsucertificate
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"log/slog"
+	"time"
+
+	"github.com/usual2970/certimate/internal/pkg/core/deployer"
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	uploadersp "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/wangsu-certificate"
+	wangsusdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/wangsu/certificate"
+	typeutil "github.com/usual2970/certimate/internal/pkg/utils/type"
+)
+
+type DeployerConfig struct {
+	// 网宿云 AccessKeyId。
+	AccessKeyId string `json:"accessKeyId"`
+	// 网宿云 AccessKeySecret。
+	AccessKeySecret string `json:"accessKeySecret"`
+	// 证书 ID。
+	// 选填。零值时表示新建证书；否则表示更新证书。
+	CertificateId string `json:"certificateId,omitempty"`
+}
+
+type DeployerProvider struct {
+	config      *DeployerConfig
+	logger      *slog.Logger
+	sdkClient   *wangsusdk.Client
+	sslUploader uploader.Uploader
+}
+
+var _ deployer.Deployer = (*DeployerProvider)(nil)
+
+func NewDeployer(config *DeployerConfig) (*DeployerProvider, error) {
+	if config == nil {
+		panic("config is nil")
+	}
+
+	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
+	}
+
+	uploader, err := uploadersp.NewUploader(&uploadersp.UploaderConfig{
+		AccessKeyId:     config.AccessKeyId,
+		AccessKeySecret: config.AccessKeySecret,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("failed to create ssl uploader: %w", err)
+	}
+
+	return &DeployerProvider{
+		config:      config,
+		logger:      slog.Default(),
+		sdkClient:   client,
+		sslUploader: uploader,
+	}, nil
+}
+
+func (d *DeployerProvider) WithLogger(logger *slog.Logger) deployer.Deployer {
+	if logger == nil {
+		d.logger = slog.Default()
+	} else {
+		d.logger = logger
+	}
+	return d
+}
+
+func (d *DeployerProvider) Deploy(ctx context.Context, certPEM string, privkeyPEM string) (*deployer.DeployResult, error) {
+	if d.config.CertificateId == "" {
+		// 上传证书到证书管理
+		upres, err := d.sslUploader.Upload(ctx, certPEM, privkeyPEM)
+		if err != nil {
+			return nil, fmt.Errorf("failed to upload certificate file: %w", err)
+		} else {
+			d.logger.Info("ssl certificate uploaded", slog.Any("result", upres))
+		}
+	} else {
+		// 修改证书
+		// REF: https://www.wangsu.com/document/api-doc/25568?productCode=certificatemanagement
+		updateCertificateReq := &wangsusdk.UpdateCertificateRequest{
+			Name:        typeutil.ToPtr(fmt.Sprintf("certimate_%d", time.Now().UnixMilli())),
+			Certificate: typeutil.ToPtr(certPEM),
+			PrivateKey:  typeutil.ToPtr(privkeyPEM),
+			Comment:     typeutil.ToPtr("upload from certimate"),
+		}
+		updateCertificateResp, err := d.sdkClient.UpdateCertificate(d.config.CertificateId, updateCertificateReq)
+		d.logger.Debug("sdk request 'certificatemanagement.UpdateCertificate'", slog.Any("request", updateCertificateReq), slog.Any("response", updateCertificateResp))
+		if err != nil {
+			return nil, fmt.Errorf("failed to execute sdk request 'certificatemanagement.CreateCertificate': %w", err)
+		}
+	}
+
+	return &deployer.DeployResult{}, nil
+}
+
+func createSdkClient(accessKeyId, accessKeySecret string) (*wangsusdk.Client, error) {
+	if accessKeyId == "" {
+		return nil, errors.New("invalid wangsu access key id")
+	}
+
+	if accessKeySecret == "" {
+		return nil, errors.New("invalid wangsu access key secret")
+	}
+
+	return wangsusdk.NewClient(accessKeyId, accessKeySecret), nil
+}

internal/pkg/core/deployer/providers/wangsu-certificate/wangsu_certificate_test.go

@@ -0,0 +1,75 @@
+package wangsucertificate_test
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+
+	provider "github.com/usual2970/certimate/internal/pkg/core/deployer/providers/wangsu-certificate"
+)
+
+var (
+	fInputCertPath   string
+	fInputKeyPath    string
+	fAccessKeyId     string
+	fAccessKeySecret string
+	fCertificateId   string
+)
+
+func init() {
+	argsPrefix := "CERTIMATE_DEPLOYER_WANGSUCERTIFICATE_"
+
+	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+	flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
+	flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
+	flag.StringVar(&fCertificateId, argsPrefix+"CERTIFICATEID", "", "")
+}
+
+/*
+Shell command to run this test:
+
+	go test -v ./wangsu_certificate_test.go -args \
+	--CERTIMATE_DEPLOYER_WANGSUCERTIFICATE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_DEPLOYER_WANGSUCERTIFICATE_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_DEPLOYER_WANGSUCERTIFICATE_ACCESSKEYID="your-access-key-id" \
+	--CERTIMATE_DEPLOYER_WANGSUCERTIFICATE_ACCESSKEYSECRET="your-access-key-secret" \
+	--CERTIMATE_DEPLOYER_WANGSUCERTIFICATE_CERTIFICATEID="your-certificate-id"
+*/
+func TestDeploy(t *testing.T) {
+	flag.Parse()
+
+	t.Run("Deploy", func(t *testing.T) {
+		t.Log(strings.Join([]string{
+			"args:",
+			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+			fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
+			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
+			fmt.Sprintf("CERTIFICATEID: %v", fCertificateId),
+		}, "\n"))
+
+		deployer, err := provider.NewDeployer(&provider.DeployerConfig{
+			AccessKeyId:     fAccessKeyId,
+			AccessKeySecret: fAccessKeySecret,
+			CertificateId:   fCertificateId,
+		})
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		fInputCertData, _ := os.ReadFile(fInputCertPath)
+		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+		res, err := deployer.Deploy(context.Background(), string(fInputCertData), string(fInputKeyData))
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		t.Logf("ok: %v", res)
+	})
+}

internal/pkg/core/uploader/providers/wangsu-certificate/wangsu_certificate.go

@@ -0,0 +1,143 @@
+package jdcloudssl
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"log/slog"
+	"regexp"
+	"strings"
+	"time"
+
+	wangsusdk "github.com/usual2970/certimate/internal/pkg/sdk3rd/wangsu/certificate"
+
+	"github.com/usual2970/certimate/internal/pkg/core/uploader"
+	certutil "github.com/usual2970/certimate/internal/pkg/utils/cert"
+	typeutil "github.com/usual2970/certimate/internal/pkg/utils/type"
+)
+
+type UploaderConfig struct {
+	// 网宿云 AccessKeyId。
+	AccessKeyId string `json:"accessKeyId"`
+	// 网宿云 AccessKeySecret。
+	AccessKeySecret string `json:"accessKeySecret"`
+}
+
+type UploaderProvider struct {
+	config    *UploaderConfig
+	logger    *slog.Logger
+	sdkClient *wangsusdk.Client
+}
+
+var _ uploader.Uploader = (*UploaderProvider)(nil)
+
+func NewUploader(config *UploaderConfig) (*UploaderProvider, error) {
+	if config == nil {
+		panic("config is nil")
+	}
+
+	client, err := createSdkClient(config.AccessKeyId, config.AccessKeySecret)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create sdk client: %w", err)
+	}
+
+	return &UploaderProvider{
+		config:    config,
+		logger:    slog.Default(),
+		sdkClient: client,
+	}, nil
+}
+
+func (u *UploaderProvider) WithLogger(logger *slog.Logger) uploader.Uploader {
+	if logger == nil {
+		u.logger = slog.Default()
+	} else {
+		u.logger = logger
+	}
+	return u
+}
+
+func (u *UploaderProvider) Upload(ctx context.Context, certPEM string, privkeyPEM string) (res *uploader.UploadResult, err error) {
+	// 解析证书内容
+	certX509, err := certutil.ParseCertificateFromPEM(certPEM)
+	if err != nil {
+		return nil, err
+	}
+
+	// 查询证书列表，避免重复上传
+	// REF: https://www.wangsu.com/document/api-doc/26426
+	listCertificatesResp, err := u.sdkClient.ListCertificates()
+	u.logger.Debug("sdk request 'certificatemanagement.ListCertificates'", slog.Any("response", listCertificatesResp))
+	if err != nil {
+		return nil, fmt.Errorf("failed to execute sdk request 'certificatemanagement.ListCertificates': %w", err)
+	}
+
+	if listCertificatesResp.Certificates != nil {
+		for _, certificate := range listCertificatesResp.Certificates {
+			// 对比证书序列号
+			if !strings.EqualFold(certX509.SerialNumber.Text(16), certificate.Serial) {
+				continue
+			}
+
+			// 再对比证书有效期
+			cstzone := time.FixedZone("CST", 8*60*60)
+			oldCertNotBefore, _ := time.ParseInLocation(time.DateTime, certificate.ValidityFrom, cstzone)
+			oldCertNotAfter, _ := time.ParseInLocation(time.DateTime, certificate.ValidityTo, cstzone)
+			if !certX509.NotBefore.Equal(oldCertNotBefore) || !certX509.NotAfter.Equal(oldCertNotAfter) {
+				continue
+			}
+
+			// 如果以上信息都一致，则视为已存在相同证书，直接返回
+			u.logger.Info("ssl certificate already exists")
+			return &uploader.UploadResult{
+				CertId:   certificate.CertificateId,
+				CertName: certificate.Name,
+			}, nil
+		}
+	}
+
+	// 生成新证书名（需符合网宿云命名规则）
+	var certId string
+	certName := fmt.Sprintf("certimate_%d", time.Now().UnixMilli())
+
+	// 新增证书
+	// REF: https://www.wangsu.com/document/api-doc/25199?productCode=certificatemanagement
+	createCertificateReq := &wangsusdk.CreateCertificateRequest{
+		Name:        typeutil.ToPtr(certName),
+		Certificate: typeutil.ToPtr(certPEM),
+		PrivateKey:  typeutil.ToPtr(privkeyPEM),
+		Comment:     typeutil.ToPtr("upload from certimate"),
+	}
+	createCertificateResp, err := u.sdkClient.CreateCertificate(createCertificateReq)
+	u.logger.Debug("sdk request 'certificatemanagement.CreateCertificate'", slog.Any("request", createCertificateReq), slog.Any("response", createCertificateResp))
+	if err != nil {
+		return nil, fmt.Errorf("failed to execute sdk request 'certificatemanagement.CreateCertificate': %w", err)
+	}
+
+	// 网宿云证书 URL 中包含证书 ID
+	// 格式：
+	//    https://open.chinanetcenter.com/api/certificate/100001
+	wangsuCertIdMatches := regexp.MustCompile(`/certificate/([0-9]+)`).FindStringSubmatch(createCertificateResp.CertificateUrl)
+	if len(wangsuCertIdMatches) > 1 {
+		certId = wangsuCertIdMatches[1]
+	} else {
+		return nil, fmt.Errorf("received empty certificate id")
+	}
+
+	return &uploader.UploadResult{
+		CertId:   certId,
+		CertName: certName,
+	}, nil
+}
+
+func createSdkClient(accessKeyId, accessKeySecret string) (*wangsusdk.Client, error) {
+	if accessKeyId == "" {
+		return nil, errors.New("invalid wangsu access key id")
+	}
+
+	if accessKeySecret == "" {
+		return nil, errors.New("invalid wangsu access key secret")
+	}
+
+	return wangsusdk.NewClient(accessKeyId, accessKeySecret), nil
+}

internal/pkg/core/uploader/providers/wangsu-certificate/wangsu_certificate_test.go

@@ -0,0 +1,72 @@
+package jdcloudssl_test
+
+import (
+	"context"
+	"encoding/json"
+	"flag"
+	"fmt"
+	"os"
+	"strings"
+	"testing"
+
+	provider "github.com/usual2970/certimate/internal/pkg/core/uploader/providers/wangsu-certificate"
+)
+
+var (
+	fInputCertPath   string
+	fInputKeyPath    string
+	fAccessKeyId     string
+	fAccessKeySecret string
+)
+
+func init() {
+	argsPrefix := "CERTIMATE_UPLOADER_JDCLOUDSSL_"
+
+	flag.StringVar(&fInputCertPath, argsPrefix+"INPUTCERTPATH", "", "")
+	flag.StringVar(&fInputKeyPath, argsPrefix+"INPUTKEYPATH", "", "")
+	flag.StringVar(&fAccessKeyId, argsPrefix+"ACCESSKEYID", "", "")
+	flag.StringVar(&fAccessKeySecret, argsPrefix+"ACCESSKEYSECRET", "", "")
+}
+
+/*
+Shell command to run this test:
+
+	go test -v ./wangsu_certificate_test.go -args \
+	--CERTIMATE_UPLOADER_WANGSUCERTIFICATE_INPUTCERTPATH="/path/to/your-input-cert.pem" \
+	--CERTIMATE_UPLOADER_WANGSUCERTIFICATE_INPUTKEYPATH="/path/to/your-input-key.pem" \
+	--CERTIMATE_DEPLOYER_WANGSUCERTIFICATE_ACCESSKEYID="your-access-key-id" \
+	--CERTIMATE_DEPLOYER_WANGSUCERTIFICATE_ACCESSKEYSECRET="your-access-key-secret"
+*/
+func TestDeploy(t *testing.T) {
+	flag.Parse()
+
+	t.Run("Deploy", func(t *testing.T) {
+		t.Log(strings.Join([]string{
+			"args:",
+			fmt.Sprintf("INPUTCERTPATH: %v", fInputCertPath),
+			fmt.Sprintf("INPUTKEYPATH: %v", fInputKeyPath),
+			fmt.Sprintf("ACCESSKEYID: %v", fAccessKeyId),
+			fmt.Sprintf("ACCESSKEYSECRET: %v", fAccessKeySecret),
+		}, "\n"))
+
+		uploader, err := provider.NewUploader(&provider.UploaderConfig{
+			AccessKeyId:     fAccessKeyId,
+			AccessKeySecret: fAccessKeySecret,
+		})
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		fInputCertData, _ := os.ReadFile(fInputCertPath)
+		fInputKeyData, _ := os.ReadFile(fInputKeyPath)
+		res, err := uploader.Upload(context.Background(), string(fInputCertData), string(fInputKeyData))
+		if err != nil {
+			t.Errorf("err: %+v", err)
+			return
+		}
+
+		sres, _ := json.Marshal(res)
+		t.Logf("ok: %s", string(sres))
+	})
+}

internal/pkg/sdk3rd/dogecloud/client.go

@@ -174,10 +174,10 @@ func (c *Client) sendReq(method string, path string, data map[string]interface{}
 	}
 	defer resp.Body.Close()
 
-	r, err := io.ReadAll(resp.Body)
+	bytes, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
 
-	return r, nil
+	return bytes, nil
 }

internal/pkg/sdk3rd/lecdn/v3/client/api.go

@@ -14,6 +14,7 @@ func (c *Client) ensureAccessTokenExists() error {
 	}
 
 	req := &loginRequest{
+		Email:    c.username,
 		Username: c.username,
 		Password: c.password,
 	}

internal/pkg/sdk3rd/lecdn/v3/client/models.go

@@ -19,6 +19,7 @@ func (r *baseResponse) GetMessage() string {
 }
 
 type loginRequest struct {
+	Email    string `json:"email"`
 	Username string `json:"username"`
 	Password string `json:"password"`
 }

internal/pkg/sdk3rd/wangsu/cdnpro/api.go

@@ -1,4 +1,4 @@
-package cdn
+package cdnpro
 
 import (
 	"fmt"
@@ -10,14 +10,14 @@ import (
 
 func (c *Client) CreateCertificate(req *CreateCertificateRequest) (*CreateCertificateResponse, error) {
 	resp := &CreateCertificateResponse{}
-	r, err := c.client.SendRequestWithResult(http.MethodPost, "/cdn/certificates", req, resp, func(r *resty.Request) {
+	rres, err := c.client.SendRequestWithResult(http.MethodPost, "/cdn/certificates", req, resp, func(r *resty.Request) {
 		r.SetHeader("x-cnc-timestamp", fmt.Sprintf("%d", req.Timestamp))
 	})
 	if err != nil {
 		return resp, err
 	}
 
-	resp.CertificateUrl = r.Header().Get("Location")
+	resp.CertificateUrl = rres.Header().Get("Location")
 	return resp, err
 }
 
@@ -27,14 +27,14 @@ func (c *Client) UpdateCertificate(certificateId string, req *UpdateCertificateR
 	}
 
 	resp := &UpdateCertificateResponse{}
-	r, err := c.client.SendRequestWithResult(http.MethodPatch, fmt.Sprintf("/cdn/certificates/%s", url.PathEscape(certificateId)), req, resp, func(r *resty.Request) {
+	rres, err := c.client.SendRequestWithResult(http.MethodPatch, fmt.Sprintf("/cdn/certificates/%s", url.PathEscape(certificateId)), req, resp, func(r *resty.Request) {
 		r.SetHeader("x-cnc-timestamp", fmt.Sprintf("%d", req.Timestamp))
 	})
 	if err != nil {
 		return resp, err
 	}
 
-	resp.CertificateUrl = r.Header().Get("Location")
+	resp.CertificateUrl = rres.Header().Get("Location")
 	return resp, err
 }
 
@@ -50,12 +50,12 @@ func (c *Client) GetHostnameDetail(hostname string) (*GetHostnameDetailResponse,
 
 func (c *Client) CreateDeploymentTask(req *CreateDeploymentTaskRequest) (*CreateDeploymentTaskResponse, error) {
 	resp := &CreateDeploymentTaskResponse{}
-	r, err := c.client.SendRequestWithResult(http.MethodPost, "/cdn/deploymentTasks", req, resp)
+	rres, err := c.client.SendRequestWithResult(http.MethodPost, "/cdn/deploymentTasks", req, resp)
 	if err != nil {
 		return resp, err
 	}
 
-	resp.DeploymentTaskUrl = r.Header().Get("Location")
+	resp.DeploymentTaskUrl = rres.Header().Get("Location")
 	return resp, err
 }
 

internal/pkg/sdk3rd/wangsu/cdnpro/client.go

@@ -1,4 +1,4 @@
-package cdn
+package cdnpro
 
 import (
 	"time"

internal/pkg/sdk3rd/wangsu/cdnpro/models.go

@@ -1,11 +1,11 @@
-package cdn
+package cdnpro
 
 import (
 	"github.com/usual2970/certimate/internal/pkg/sdk3rd/wangsu/openapi"
 )
 
 type baseResponse struct {
-	RequestId *string `json:"-"`
+	RequestId *string `json:"requestId,omitempty"`
 	Code      *string `json:"code,omitempty"`
 	Message   *string `json:"message,omitempty"`
 }

internal/pkg/sdk3rd/wangsu/certificate/api.go

@@ -0,0 +1,42 @@
+package certificate
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+)
+
+func (c *Client) ListCertificates() (*ListCertificatesResponse, error) {
+	resp := &ListCertificatesResponse{}
+	_, err := c.client.SendRequestWithResult(http.MethodGet, "/api/certificate", nil, resp)
+	if err != nil {
+		return resp, err
+	}
+
+	return resp, err
+}
+
+func (c *Client) CreateCertificate(req *CreateCertificateRequest) (*CreateCertificateResponse, error) {
+	resp := &CreateCertificateResponse{}
+	rres, err := c.client.SendRequestWithResult(http.MethodPost, "/api/certificate", req, resp)
+	if err != nil {
+		return resp, err
+	}
+
+	resp.CertificateUrl = rres.Header().Get("Location")
+	return resp, err
+}
+
+func (c *Client) UpdateCertificate(certificateId string, req *UpdateCertificateRequest) (*UpdateCertificateResponse, error) {
+	if certificateId == "" {
+		return nil, fmt.Errorf("wangsu api error: invalid parameter: certificateId")
+	}
+
+	resp := &UpdateCertificateResponse{}
+	_, err := c.client.SendRequestWithResult(http.MethodPut, fmt.Sprintf("/api/certificate/%s", url.PathEscape(certificateId)), req, resp)
+	if err != nil {
+		return resp, err
+	}
+
+	return resp, err
+}

internal/pkg/sdk3rd/wangsu/certificate/client.go

@@ -0,0 +1,20 @@
+package certificate
+
+import (
+	"time"
+
+	"github.com/usual2970/certimate/internal/pkg/sdk3rd/wangsu/openapi"
+)
+
+type Client struct {
+	client *openapi.Client
+}
+
+func NewClient(accessKey, secretKey string) *Client {
+	return &Client{client: openapi.NewClient(accessKey, secretKey)}
+}
+
+func (c *Client) WithTimeout(timeout time.Duration) *Client {
+	c.client.WithTimeout(timeout)
+	return c
+}

internal/pkg/sdk3rd/wangsu/certificate/models.go

@@ -0,0 +1,52 @@
+package certificate
+
+import (
+	"github.com/usual2970/certimate/internal/pkg/sdk3rd/wangsu/openapi"
+)
+
+type baseResponse struct {
+	RequestId *string `json:"requestId,omitempty"`
+	Code      *string `json:"code,omitempty"`
+	Message   *string `json:"message,omitempty"`
+}
+
+var _ openapi.Result = (*baseResponse)(nil)
+
+func (r *baseResponse) SetRequestId(requestId string) {
+	r.RequestId = &requestId
+}
+
+type CreateCertificateRequest struct {
+	Name        *string `json:"name,omitempty" required:"true"`
+	Certificate *string `json:"certificate,omitempty" required:"true"`
+	PrivateKey  *string `json:"privateKey,omitempty"`
+	Comment     *string `json:"comment,omitempty" `
+}
+
+type CreateCertificateResponse struct {
+	baseResponse
+	CertificateUrl string `json:"location,omitempty"`
+}
+
+type UpdateCertificateRequest struct {
+	Name        *string `json:"name,omitempty" required:"true"`
+	Certificate *string `json:"certificate,omitempty"`
+	PrivateKey  *string `json:"privateKey,omitempty"`
+	Comment     *string `json:"comment,omitempty" `
+}
+
+type UpdateCertificateResponse struct {
+	baseResponse
+}
+
+type ListCertificatesResponse struct {
+	baseResponse
+	Certificates []*struct {
+		CertificateId string `json:"certificate-id"`
+		Name          string `json:"name"`
+		Comment       string `json:"comment"`
+		ValidityFrom  string `json:"certificate-validity-from"`
+		ValidityTo    string `json:"certificate-validity-to"`
+		Serial        string `json:"certificate-serial"`
+	} `json:"ssl-certificates,omitempty"`
+}

internal/pkg/sdk3rd/wangsu/openapi/client.go

@@ -154,8 +154,10 @@ func (c *Client) sendRequest(method string, path string, params interface{}, con
 		req = req.SetBody(params)
 	}
 
-	for _, fn := range configureReq {
-		fn(req)
+	if configureReq != nil {
+		for _, fn := range configureReq {
+			fn(req)
+		}
 	}
 
 	resp, err := req.Send()