From 55dbd7d874c753558d93c3580bc1e3abe8d831ca Mon Sep 17 00:00:00 2001 From: Fang-Pen Lin Date: Tue, 9 Dec 2025 11:32:43 -0800 Subject: [PATCH] Handle processing status for order sync --- .../ee/services/pki-acme/pki-acme-order-dal.ts | 17 +++++++++-------- .../ee/services/pki-acme/pki-acme-service.ts | 7 +++++-- backend/src/server/routes/index.ts | 2 ++ 3 files changed, 16 insertions(+), 10 deletions(-) diff --git a/backend/src/ee/services/pki-acme/pki-acme-order-dal.ts b/backend/src/ee/services/pki-acme/pki-acme-order-dal.ts index 002b9f3bf8..d20abe08d9 100644 --- a/backend/src/ee/services/pki-acme/pki-acme-order-dal.ts +++ b/backend/src/ee/services/pki-acme/pki-acme-order-dal.ts @@ -26,12 +26,13 @@ export const pkiAcmeOrderDALFactory = (db: TDbClient) => { .leftJoin( TableName.CertificateRequests, `${TableName.PkiAcmeOrder}.id`, - `${TableName.CertificateRequests}.certificateId` + `${TableName.CertificateRequests}.acmeOrderId` ) .select( selectAllTableCols(TableName.PkiAcmeOrder), db.ref("id").withSchema(TableName.CertificateRequests).as("certificateRequestId"), - db.ref("status").withSchema(TableName.CertificateRequests).as("certificateRequestStatus") + db.ref("status").withSchema(TableName.CertificateRequests).as("certificateRequestStatus"), + db.ref("certificateId").withSchema(TableName.CertificateRequests).as("certificateId") ) .forUpdate(TableName.PkiAcmeOrder) .where(`${TableName.PkiAcmeOrder}.id`, id) @@ -39,15 +40,15 @@ export const pkiAcmeOrderDALFactory = (db: TDbClient) => { if (!order) { return null; } + const { certificateRequestId, certificateRequestStatus, certificateId, ...details } = order; return { - ...order, + ...details, certificateRequest: - order.certificateRequestId && order.certificateRequestStatus + certificateRequestId && certificateRequestStatus && certificateId ? { - id: order.certificateRequestId, - status: order.certificateRequestStatus as CertificateRequestStatus, - // The certificate id for async certificate request is the same as the order id - certificateId: order.id + id: certificateRequestId, + status: certificateRequestStatus as CertificateRequestStatus, + certificateId } : undefined }; diff --git a/backend/src/ee/services/pki-acme/pki-acme-service.ts b/backend/src/ee/services/pki-acme/pki-acme-service.ts index 5b163c6f07..77b68bf537 100644 --- a/backend/src/ee/services/pki-acme/pki-acme-service.ts +++ b/backend/src/ee/services/pki-acme/pki-acme-service.ts @@ -378,7 +378,8 @@ export const pkiAcmeServiceFactory = ({ if (!order) { throw new NotFoundError({ message: "ACME order not found" }); } - if (order.status !== AcmeOrderStatus.Ready) { + if (order.status !== AcmeOrderStatus.Processing) { + // We only care about processing orders, as they are the ones that have async certificate requests return order; } return acmeOrderDAL.transaction(async (tx) => { @@ -387,8 +388,9 @@ export const pkiAcmeServiceFactory = ({ if (!orderWithCertificateRequest) { throw new NotFoundError({ message: "ACME order not found" }); } + // Check the status again after we have acquired the lock, as things may have changed since we last checked if ( - orderWithCertificateRequest.status !== AcmeOrderStatus.Ready || + orderWithCertificateRequest.status !== AcmeOrderStatus.Processing || !orderWithCertificateRequest.certificateRequest ) { return orderWithCertificateRequest; @@ -896,6 +898,7 @@ export const pkiAcmeServiceFactory = ({ notBefore: updatedCertificateRequest.notBefore, notAfter: updatedCertificateRequest.notAfter, status: CertificateRequestStatus.PENDING, + acmeOrderId: orderId, tx }); const csrObj = new x509.Pkcs10CertificateRequest(csr); diff --git a/backend/src/server/routes/index.ts b/backend/src/server/routes/index.ts index 3bc6b22e7a..adcea18220 100644 --- a/backend/src/server/routes/index.ts +++ b/backend/src/server/routes/index.ts @@ -2332,6 +2332,8 @@ export const registerRoutes = async ( licenseService, certificateV3Service, certificateTemplateV2Service, + certificateRequestService, + certificateIssuanceQueue, acmeChallengeService, pkiAcmeQueueService, auditLogService