From 4bcc4706150343e6b23c2f328aa8a31402de62a6 Mon Sep 17 00:00:00 2001
From: dyzulk <66510723+dyzulk@users.noreply.github.com>
Date: Wed, 7 Jan 2026 09:35:29 +0700
Subject: [PATCH] feat: add issuer_name tracking and display in CA management

---
 .../Controllers/Api/RootCaApiController.php   | 27 +-----------------
 app/Models/CaCertificate.php                  |  1 +
 app/Services/OpenSslService.php               |  6 ++--
 ...931_add_issuer_name_to_ca_certificates.php | 28 +++++++++++++++++++
 4 files changed, 34 insertions(+), 28 deletions(-)
 create mode 100644 database/migrations/2026_01_07_092931_add_issuer_name_to_ca_certificates.php

diff --git a/app/Http/Controllers/Api/RootCaApiController.php b/app/Http/Controllers/Api/RootCaApiController.php
index f005177..3387c19 100644
--- a/app/Http/Controllers/Api/RootCaApiController.php
+++ b/app/Http/Controllers/Api/RootCaApiController.php
@@ -38,32 +38,7 @@ class RootCaApiController extends Controller
         $days = (int) $request->input('days', 3650);
 
         try {
-            $newData = $this->sslService->renewCaCertificate($certificate, $days);
-
-            // 1. Unset 'is_latest' from all versions of this CA type/name
-            CaCertificate::where('ca_type', $certificate->ca_type)
-                ->where('common_name', $certificate->common_name)
-                ->update(['is_latest' => false]);
-
-            // 2. Create NEW version record
-            $newCertificate = CaCertificate::create([
-                'ca_type' => $certificate->ca_type,
-                'common_name' => $certificate->common_name,
-                'organization' => $certificate->organization,
-                'key_content' => $certificate->key_content, // Keep same private key for renewal
-                'cert_content' => $newData['cert_content'],
-                'serial_number' => $newData['serial_number'],
-                'valid_from' => $newData['valid_from'],
-                'valid_to' => $newData['valid_to'],
-                'is_latest' => true,
-            ]);
-
-            // 3. Automatically sync the new version to CDN (Both latest and archive locations)
-            $this->sslService->uploadPublicCertsOnly($newCertificate, 'both');
-            $this->sslService->uploadIndividualInstallersOnly($newCertificate, 'both');
-            
-            // 4. Update bundles
-            $this->sslService->syncAllBundles();
+            $newCertificate = $this->sslService->executeRenewalFlow($certificate, $days);
 
             return response()->json([
                 'status' => 'success',
diff --git a/app/Models/CaCertificate.php b/app/Models/CaCertificate.php
index 55e5789..1ef7564 100644
--- a/app/Models/CaCertificate.php
+++ b/app/Models/CaCertificate.php
@@ -24,6 +24,7 @@ class CaCertificate extends Model
         'valid_from',
         'valid_to',
         'is_latest',
+        'issuer_name',
         'cert_path',
         'der_path',
         'bat_path',
diff --git a/app/Services/OpenSslService.php b/app/Services/OpenSslService.php
index 0026170..c2b2b39 100644
--- a/app/Services/OpenSslService.php
+++ b/app/Services/OpenSslService.php
@@ -416,6 +416,7 @@ class OpenSslService
                 'serial_number' => $newSerialHex,
                 'valid_from' => date('Y-m-d H:i:s', $newInfo['validFrom_time_t']),
                 'valid_to' => date('Y-m-d H:i:s', $newInfo['validTo_time_t']),
+                'issuer_name' => $cert->ca_type === 'root' ? 'Self-Signed' : ($root ? $root->common_name : 'Unknown Root'),
             ];
 
         } finally {
@@ -452,9 +453,9 @@ class OpenSslService
     }
 
     /**
-     * Internal helper to handle the DB + CDN flow for a single renewal.
+     * Handle the DB + CDN flow for a single renewal.
      */
-    private function executeRenewalFlow(CaCertificate $cert, int $days)
+    public function executeRenewalFlow(CaCertificate $cert, int $days)
     {
         $newData = $this->renewCaCertificate($cert, $days);
 
@@ -473,6 +474,7 @@ class OpenSslService
             'serial_number' => $newData['serial_number'],
             'valid_from' => $newData['valid_from'],
             'valid_to' => $newData['valid_to'],
+            'issuer_name' => $newData['issuer_name'],
             'is_latest' => true,
         ]);
 
diff --git a/database/migrations/2026_01_07_092931_add_issuer_name_to_ca_certificates.php b/database/migrations/2026_01_07_092931_add_issuer_name_to_ca_certificates.php
new file mode 100644
index 0000000..1be5312
--- /dev/null
+++ b/database/migrations/2026_01_07_092931_add_issuer_name_to_ca_certificates.php
@@ -0,0 +1,28 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::connection('mysql_ca')->table('ca_certificates', function (Blueprint $table) {
+            $table->string('issuer_name')->nullable()->after('organization');
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::connection('mysql_ca')->table('ca_certificates', function (Blueprint $table) {
+            $table->dropColumn('issuer_name');
+        });
+    }
+};