feat: update

src/config.rs

@@ -121,7 +121,7 @@ impl CertConfigItem {
                 }
             }
             self.algo = None;
-            self.public_key_algo = Some(x509_certificate.public_key_algo.clone());
+            self.public_key_algo = Some(x509_certificate.public_key_algo);
             Ok(Some(x509_certificate))
         } else {
             if self.common_name.is_none() {
@@ -141,24 +141,33 @@ impl CertConfigItem {
             if cert_path_buff.exists() {
                 let pem = opt_result!(fs::read_to_string(cert_path_buff.clone()), "Read file: {:?}, failed: {}", cert_path_buff);
                 let x509_certificate = opt_result!(x509::parse_x509(&format!("{}/{}", self.path, CERT_NAME), &pem), "Parse x509: {}/{}, faield: {}", self.path, CERT_NAME);
+
+                let mut self_dns_names = vec![];
+                let mut cert_dns_names = vec![];
+
                 if let Some(common_name) = &self.common_name {
-                    if common_name != &x509_certificate.common_name {
-                        warning!("Cert: {}, common name mis-match: {} vs {}", self.path, common_name, x509_certificate.common_name);
-                        return Ok(None); // request for new cert
+                    self_dns_names.push(common_name.to_lowercase());
+                }
+                cert_dns_names.push(x509_certificate.common_name.to_lowercase());
+
+                self.dns_names.as_ref().map(|dns_names| dns_names.iter().map(|n| n.to_lowercase()).map(|n| {
+                    if !self_dns_names.contains(&n) {
+                        self_dns_names.push(n);
+                    }
+                }));
+                for n in &x509_certificate.alt_names {
+                    let n = n.to_lowercase();
+                    if !cert_dns_names.contains(&n) {
+                        cert_dns_names.push(n);
                     }
                 }
-                if let Some(dns_names) = &self.dns_names {
-                    let mut sorted_dns_names = dns_names.clone();
-                    sorted_dns_names.sort();
-                    let mut cert_sorted_dns_names = x509_certificate.alt_names.clone();
-                    if let Some(pos) = cert_sorted_dns_names.iter().position(|n| n == self.common_name.as_ref().unwrap()) {
-                        cert_sorted_dns_names.remove(pos);
-                    }
-                    cert_sorted_dns_names.sort();
-                    if sorted_dns_names != cert_sorted_dns_names {
-                        warning!("Cert: {}, dns names mis-match: {:?} vs {:?}", self.path, sorted_dns_names, cert_sorted_dns_names);
-                        return Ok(None); // request for new cert
-                    }
+
+                self_dns_names.sort();
+                cert_dns_names.sort();
+
+                if self_dns_names != cert_dns_names {
+                    warning!("Cert: {}, dns names mis-match, required: {:?} vs certs: {:?}", self.path, self_dns_names, cert_dns_names);
+                    return Ok(None); // request for new cert
                 }
                 Ok(Some(x509_certificate))
             } else {

src/main.rs

@@ -188,8 +188,8 @@ async fn main() -> tide::Result<()> {
             }
             let filtered_cert_config = cert_config.filter_cert_config_items(30);
             for item in &filtered_cert_config.cert_items {
-                if item.common_name.as_ref().map(|n| n.contains("*")).unwrap_or(false)
-                    || item.dns_names.as_ref().map(|dns_names| dns_names.iter().any(|n| n.contains("*"))).unwrap_or(false) {
+                if item.common_name.as_ref().map(|n| n.contains('*')).unwrap_or(false)
+                    || item.dns_names.as_ref().map(|dns_names| dns_names.iter().any(|n| n.contains('*'))).unwrap_or(false) {
                     warning!("Currently not support wide card domain name");
                     continue;
                 }