Handle processing status for order sync

2026-01-09 15:38:03 -05:00 · 2025-12-09 11:32:43 -08:00
parent 066599de05
commit 55dbd7d874
3 changed files with 16 additions and 10 deletions
--- a/backend/src/ee/services/pki-acme/pki-acme-order-dal.ts
+++ b/backend/src/ee/services/pki-acme/pki-acme-order-dal.ts
@@ -26,12 +26,13 @@ export const pkiAcmeOrderDALFactory = (db: TDbClient) => {
        .leftJoin(
          TableName.CertificateRequests,
          `${TableName.PkiAcmeOrder}.id`,
-          `${TableName.CertificateRequests}.certificateId`
+          `${TableName.CertificateRequests}.acmeOrderId`
        )
        .select(
          selectAllTableCols(TableName.PkiAcmeOrder),
          db.ref("id").withSchema(TableName.CertificateRequests).as("certificateRequestId"),
-          db.ref("status").withSchema(TableName.CertificateRequests).as("certificateRequestStatus")
+          db.ref("status").withSchema(TableName.CertificateRequests).as("certificateRequestStatus"),
+          db.ref("certificateId").withSchema(TableName.CertificateRequests).as("certificateId")
        )
        .forUpdate(TableName.PkiAcmeOrder)
        .where(`${TableName.PkiAcmeOrder}.id`, id)
@@ -39,15 +40,15 @@ export const pkiAcmeOrderDALFactory = (db: TDbClient) => {
      if (!order) {
        return null;
      }
+      const { certificateRequestId, certificateRequestStatus, certificateId, ...details } = order;
      return {
-        ...order,
+        ...details,
        certificateRequest:
-          order.certificateRequestId && order.certificateRequestStatus
+          certificateRequestId && certificateRequestStatus && certificateId
            ? {
-                id: order.certificateRequestId,
-                status: order.certificateRequestStatus as CertificateRequestStatus,
-                // The certificate id for async certificate request is the same as the order id
-                certificateId: order.id
+                id: certificateRequestId,
+                status: certificateRequestStatus as CertificateRequestStatus,
+                certificateId
              }
            : undefined
      };
--- a/backend/src/ee/services/pki-acme/pki-acme-service.ts
+++ b/backend/src/ee/services/pki-acme/pki-acme-service.ts
@@ -378,7 +378,8 @@ export const pkiAcmeServiceFactory = ({
    if (!order) {
      throw new NotFoundError({ message: "ACME order not found" });
    }
-    if (order.status !== AcmeOrderStatus.Ready) {
+    if (order.status !== AcmeOrderStatus.Processing) {
+      // We only care about processing orders, as they are the ones that have async certificate requests
      return order;
    }
    return acmeOrderDAL.transaction(async (tx) => {
@@ -387,8 +388,9 @@ export const pkiAcmeServiceFactory = ({
      if (!orderWithCertificateRequest) {
        throw new NotFoundError({ message: "ACME order not found" });
      }
+      // Check the status again after we have acquired the lock, as things may have changed since we last checked
      if (
-        orderWithCertificateRequest.status !== AcmeOrderStatus.Ready ||
+        orderWithCertificateRequest.status !== AcmeOrderStatus.Processing ||
        !orderWithCertificateRequest.certificateRequest
      ) {
        return orderWithCertificateRequest;
@@ -896,6 +898,7 @@ export const pkiAcmeServiceFactory = ({
      notBefore: updatedCertificateRequest.notBefore,
      notAfter: updatedCertificateRequest.notAfter,
      status: CertificateRequestStatus.PENDING,
+      acmeOrderId: orderId,
      tx
    });
    const csrObj = new x509.Pkcs10CertificateRequest(csr);
--- a/backend/src/server/routes/index.ts
+++ b/backend/src/server/routes/index.ts
@@ -2332,6 +2332,8 @@ export const registerRoutes = async (
    licenseService,
    certificateV3Service,
    certificateTemplateV2Service,
+    certificateRequestService,
+    certificateIssuanceQueue,
    acmeChallengeService,
    pkiAcmeQueueService,
    auditLogService