【新增】雷池waf认证中心证书上传

2026-04-10 12:43:16 +08:00 · 2026-02-05 21:21:01 +08:00
parent 4c3ddd71c9
commit 1f6ffe36e9
16 changed files with 104 additions and 1 deletions
--- a/backend/internal/cert/deploy/safelinewaf.go
+++ b/backend/internal/cert/deploy/safelinewaf.go
@@ -93,6 +93,15 @@ func matchSafeLineSiteByColumn(siteList []any, column string, keyword string) (s
 	return siteInfo
 }

+func GetSafeLineWafPortalConfig(providerID string) (map[string]any, error) {
+	response, err := RequestSafeLineWaf(&map[string]any{}, "GET", providerID, "api/open/portal")
+	if err != nil {
+		return nil, err
+	}
+	res := response["data"].(map[string]any)
+	return res, nil
+}
+
 // 上传证书 certId="" 新上传证书 否则覆盖证书
 func uploadSafeLineCert(certId float64, key, cert, providerId string) (id float64, err error) {
 	data := map[string]any{
@@ -206,6 +215,59 @@ func DeploySafeLineWafSite(cfg map[string]any, logger *public.Logger) error {
 	return nil
 }

+// DeploySafeLineWafPortal 部署证书到雷池WAF认证中心
+func DeploySafeLineWafPortal(cfg map[string]any, logger *public.Logger) error {
+	cert, ok := cfg["certificate"].(map[string]any)
+	if !ok {
+		return fmt.Errorf("证书不存在")
+	}
+	keyPem, ok := cert["key"].(string)
+	if !ok {
+		return fmt.Errorf("证书错误：key")
+	}
+	certPem, ok := cert["cert"].(string)
+	if !ok {
+		return fmt.Errorf("证书错误：cert")
+	}
+	var providerID string
+	switch v := cfg["provider_id"].(type) {
+	case float64:
+		providerID = strconv.Itoa(int(v))
+	case string:
+		providerID = v
+	default:
+		return fmt.Errorf("参数错误：provider_id")
+	}
+
+	portalCfg, err := GetSafeLineWafPortalConfig(providerID)
+	if err != nil {
+		return fmt.Errorf("获取认证中心配置失败: %s", err.Error())
+	}
+
+	var portalCertId float64
+	if v, ok := portalCfg["cert_id"].(float64); ok {
+		portalCertId = v
+	}
+
+	// 上传/更新证书
+	if portalCertId == 0 {
+		logger.Debug("认证中心未启用证书，上传证书中...")
+		certId, err := uploadSafeLineCert(0, keyPem, certPem, providerID)
+		if err != nil {
+			return fmt.Errorf("认证中心上传证书失败: %s", err.Error())
+		}
+		logger.Debug(fmt.Sprintf("认证中心上传证书成功 证书ID：%d 请手动添加至认证中心", int(certId)))
+	} else {
+		logger.Debug(fmt.Sprintf("认证中心已启用证书ID：%d，更新证书中...", int(portalCertId)))
+		_, err = uploadSafeLineCert(portalCertId, keyPem, certPem, providerID)
+		if err != nil {
+			return fmt.Errorf("认证中心更新证书失败: %s", err.Error())
+		}
+	}
+
+	return nil
+}
+
 func SafeLineAPITest(providerID string) error {
 	_, err := RequestSafeLineWaf(&map[string]any{}, "GET", providerID, "api/open/site/group")
 	if err != nil {