update at 2023/08/14

tools/cmca/ca.go

@@ -0,0 +1,137 @@
+package main
+
+import (
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"os"
+)
+
+// LoadCert 读取证书文件
+func LoadCert(path string) (*x509.Certificate, error) {
+	//1.打开磁盘的公钥文件
+	file, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+	fileInfo, err := file.Stat()
+	if err != nil {
+		return nil, err
+	}
+	buf := make([]byte, fileInfo.Size())
+	_, err = file.Read(buf)
+	if err != nil {
+		return nil, err
+	}
+	//2.使用pem解码得到pem.Block结构体变量
+	block, _ := pem.Decode(buf)
+
+	//证书解析
+	certBody, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return nil, err
+	}
+	return certBody, nil
+}
+
+// LoadPriKey 读取私钥文件
+func LoadPriKey(path string) (*rsa.PrivateKey, error) {
+	//1.打开磁盘的私钥文件
+	file, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+	//2.将私钥文件中的内容读出
+	fileInfo, err := file.Stat()
+	if err != nil {
+		return nil, err
+	}
+	buf := make([]byte, fileInfo.Size())
+	_, err = file.Read(buf)
+	if err != nil {
+		return nil, err
+	}
+	//3.使用pem对数据解码，得到pem.Block结构体变量
+	block, _ := pem.Decode(buf)
+	//4.x509将数据解析成私钥结构体得到私钥
+	privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err != nil {
+		return nil, err
+	}
+	return privateKey, nil
+}
+
+// SignRSA RSA 签名
+func SignRSA(plainText []byte, priKey *rsa.PrivateKey) ([]byte, error) {
+	//1.创建一个哈希对象
+	hash := sha256.New()
+	//2.给哈希对象添加数据
+	_, err := hash.Write(plainText)
+	if err != nil {
+		return nil, err
+	}
+	//3.计算哈希值
+	hashed := hash.Sum(nil)
+	//4.使用rsa中的函数对散列值签名
+	signText, err := rsa.SignPKCS1v15(rand.Reader, priKey, crypto.SHA256, hashed)
+	if err != nil {
+		return nil, err
+	}
+	return signText, nil
+}
+
+func VerifyRSA(plainText, signText []byte, cert *x509.Certificate) error {
+	publicKeyDer, err := x509.MarshalPKIXPublicKey(cert.PublicKey)
+	if err != nil {
+		return err
+	}
+	pubKeyInterface, err := x509.ParsePKIXPublicKey(publicKeyDer)
+	if err != nil {
+		return err
+	}
+	//进行类型断言得到公钥结构体
+	publicKey := pubKeyInterface.(*rsa.PublicKey)
+
+	//* 创建哈希接口
+	hash := sha256.New()
+	//* 添加数据
+	hash.Write(plainText)
+	//* 哈希运算
+	hasded := hash.Sum(nil)
+	//
+	//6.签名认证
+	err = rsa.VerifyPKCS1v15(publicKey, crypto.SHA256, hasded, signText)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+var rootCertPool *x509.CertPool
+
+func VerifyCert(cert *x509.Certificate) error {
+	//block, _ := pem.Decode([]byte(certPEM))
+	//if block == nil {
+	//	return fmt.Errorf("failed to parse certificate PEM")
+	//}
+	//cert, err := x509.ParseCertificate(block.Bytes)
+	//if err != nil {
+	//	return fmt.Errorf("failed to parse certificate: %v", err.Error())
+	//}
+
+	opts := x509.VerifyOptions{
+		Roots: rootCertPool,
+	}
+
+	if _, err := cert.Verify(opts); err != nil {
+		return fmt.Errorf("failed to verify certificate: %v", err.Error())
+	}
+
+	return nil
+}

tools/cmca/ca/CA/certs/test1.crt

@@ -0,0 +1,81 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=GD, L=shenzhen, O=https://www.agrandtech.com.cn/, CN=test
+        Validity
+            Not Before: Jul  1 10:05:48 2023 GMT
+            Not After : Mar 27 10:05:48 2026 GMT
+        Subject: C=CN, ST=GD, O=https://www.agrandtech.com.cn/, CN=test
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:f3:bd:e9:fe:aa:a6:c1:d9:7b:74:20:f0:d0:f3:
+                    ee:7c:d0:69:84:8d:1a:37:1e:29:42:98:86:51:87:
+                    fe:5d:48:2e:97:b0:c6:16:9c:46:6a:38:7b:34:54:
+                    ec:76:d2:52:50:bb:31:a8:de:7d:3f:8c:c5:f8:fb:
+                    e3:e3:73:37:36:10:e8:55:df:80:cf:c0:d9:40:30:
+                    b7:54:49:69:e3:a8:79:49:47:d8:74:b0:07:13:dd:
+                    47:72:89:69:bd:0c:40:8b:f4:ee:49:02:cb:f4:b9:
+                    c1:7a:7d:da:10:1b:b2:b1:9f:0d:70:66:d1:86:31:
+                    dc:e3:d6:e5:f5:2c:e1:57:bd:72:ea:4a:1d:0c:4c:
+                    58:09:2b:2e:e5:53:40:73:55:e9:78:c3:7a:95:25:
+                    b7:9d:80:ac:e4:79:c3:d7:9b:d1:c3:73:78:da:03:
+                    f4:aa:68:21:81:f2:53:b8:3d:91:60:e0:91:47:2e:
+                    6d:5d:01:ae:f2:82:c0:8a:dd:06:8c:70:6e:77:7e:
+                    14:ae:61:a5:d8:e0:13:1b:2c:f7:d3:62:0c:d1:5c:
+                    48:fe:59:ca:b5:b1:2b:89:2b:2f:69:5d:40:42:05:
+                    ab:76:58:4f:36:1a:36:1c:21:eb:85:1c:da:22:1b:
+                    c2:60:8e:c1:7d:50:33:39:c0:40:e0:49:20:a0:f7:
+                    c3:4f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D7:A0:3F:5F:C0:65:83:88:6F:5E:98:DB:30:3D:9F:24:6A:D0:DE:54
+            X509v3 Authority Key Identifier: 
+                keyid:6D:B3:1D:B6:78:4E:C8:19:8F:FA:4D:6B:3A:5E:A9:7D:CB:07:98:BA
+
+    Signature Algorithm: sha256WithRSAEncryption
+         39:8a:89:a2:79:0f:c0:fd:d8:db:d5:38:d2:03:b4:38:be:a2:
+         6e:6b:1c:28:93:0a:a6:0b:af:0a:69:6b:8b:d5:df:3d:de:76:
+         ad:24:23:98:7a:21:a1:2f:90:47:9b:98:9e:d2:b4:75:21:bd:
+         d0:38:34:6b:b1:96:3d:24:da:ac:1a:45:e4:01:1d:a2:20:c3:
+         43:d3:ec:d9:2d:3b:d1:ee:0d:1e:21:15:e7:7f:d3:95:1c:dc:
+         fa:88:3a:05:4b:c5:08:5d:f4:40:89:29:80:fe:6b:40:b9:34:
+         92:2e:48:94:d2:4b:0b:4d:1e:3c:64:17:cf:34:ec:36:5c:6d:
+         3d:90:9c:74:95:d7:c8:96:a2:70:59:4a:d2:b5:e1:c1:a9:b7:
+         ad:f0:99:ff:b4:4d:89:e7:e3:9d:7d:79:36:40:05:6d:20:46:
+         54:af:18:73:c9:07:17:26:18:86:99:cc:e2:58:27:96:84:58:
+         18:d4:fe:dc:36:cd:8a:48:cc:e6:51:27:e5:76:81:2f:c7:9c:
+         7b:f9:fb:19:c9:7c:e4:27:06:75:cd:16:88:74:3c:0b:23:d6:
+         86:6b:95:41:10:cf:b2:fc:e8:1e:e0:d6:a5:8c:d1:c0:1b:d5:
+         6e:15:8c:9a:67:5c:9d:ac:02:5a:69:17:e8:4c:42:d0:5d:88:
+         da:08:4e:c0
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEL
+MAkGA1UECAwCR0QxETAPBgNVBAcMCHNoZW56aGVuMScwJQYDVQQKDB5odHRwczov
+L3d3dy5hZ3JhbmR0ZWNoLmNvbS5jbi8xDTALBgNVBAMMBHRlc3QwHhcNMjMwNzAx
+MTAwNTQ4WhcNMjYwMzI3MTAwNTQ4WjBSMQswCQYDVQQGEwJDTjELMAkGA1UECAwC
+R0QxJzAlBgNVBAoMHmh0dHBzOi8vd3d3LmFncmFuZHRlY2guY29tLmNuLzENMAsG
+A1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPO96f6q
+psHZe3Qg8NDz7nzQaYSNGjceKUKYhlGH/l1ILpewxhacRmo4ezRU7HbSUlC7Maje
+fT+Mxfj74+NzNzYQ6FXfgM/A2UAwt1RJaeOoeUlH2HSwBxPdR3KJab0MQIv07kkC
+y/S5wXp92hAbsrGfDXBm0YYx3OPW5fUs4Ve9cupKHQxMWAkrLuVTQHNV6XjDepUl
+t52ArOR5w9eb0cNzeNoD9KpoIYHyU7g9kWDgkUcubV0BrvKCwIrdBoxwbnd+FK5h
+pdjgExss99NiDNFcSP5ZyrWxK4krL2ldQEIFq3ZYTzYaNhwh64Uc2iIbwmCOwX1Q
+MznAQOBJIKD3w08CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
+T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNegP1/AZYOI
+b16Y2zA9nyRq0N5UMB8GA1UdIwQYMBaAFG2zHbZ4TsgZj/pNazpeqX3LB5i6MA0G
+CSqGSIb3DQEBCwUAA4IBAQA5iomieQ/A/djb1TjSA7Q4vqJuaxwokwqmC68KaWuL
+1d893natJCOYeiGhL5BHm5ie0rR1Ib3QODRrsZY9JNqsGkXkAR2iIMND0+zZLTvR
+7g0eIRXnf9OVHNz6iDoFS8UIXfRAiSmA/mtAuTSSLkiU0ksLTR48ZBfPNOw2XG09
+kJx0ldfIlqJwWUrSteHBqbet8Jn/tE2J5+OdfXk2QAVtIEZUrxhzyQcXJhiGmczi
+WCeWhFgY1P7cNs2KSMzmUSfldoEvx5x7+fsZyXzkJwZ1zRaIdDwLI9aGa5VBEM+y
+/Oge4NaljNHAG9VuFYyaZ1ydrAJaaRfoTELQXYjaCE7A
+-----END CERTIFICATE-----

tools/cmca/ca/CA/certs/test2.crt

@@ -0,0 +1,81 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=GD, L=shenzhen, O=https://www.agrandtech.com.cn/, CN=test
+        Validity
+            Not Before: Jul  1 10:08:44 2023 GMT
+            Not After : Mar 27 10:08:44 2026 GMT
+        Subject: C=CN, ST=GD, O=https://www.agrandtech.com.cn/, CN=test1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:ed:73:63:a4:7d:8c:00:e6:e5:df:f5:1e:8a:d4:
+                    22:e4:37:16:62:6b:64:f1:90:ec:4b:4c:37:c5:2e:
+                    de:ef:11:93:15:da:e9:2d:7b:69:72:2d:94:29:f8:
+                    04:75:22:37:a4:83:53:a3:7b:b1:37:2d:a0:57:af:
+                    0e:65:3c:cf:fe:1a:65:de:e8:66:7b:19:81:ab:10:
+                    9b:9e:27:5b:a9:7c:cc:3a:44:ee:6e:af:3a:ef:67:
+                    72:60:a8:8d:bb:4d:3e:ce:34:1f:08:9c:72:f7:52:
+                    44:d7:af:eb:f7:9b:3f:62:94:09:db:26:e3:0f:eb:
+                    b3:85:d3:c3:2d:ec:c1:14:d8:2d:b0:4c:10:c7:b1:
+                    22:cf:74:a7:cd:94:b7:18:9e:78:0b:0b:64:00:e0:
+                    e1:8a:97:57:11:5d:7c:f3:c9:6c:e0:97:c1:6c:01:
+                    b5:c4:75:fa:71:96:9a:89:c7:73:61:bd:4a:2b:28:
+                    17:81:4b:9f:92:ee:8e:a0:57:7f:7a:7c:89:a6:7e:
+                    4d:a8:f3:b8:aa:03:aa:de:30:a7:19:94:a7:87:fc:
+                    ab:5a:e5:8d:a9:64:51:5a:f4:ad:64:e1:aa:e4:45:
+                    b7:e4:03:dc:6b:cf:fa:4a:0d:09:ef:4f:82:39:cc:
+                    2f:91:c1:94:55:57:58:16:0b:14:00:62:43:c9:67:
+                    e0:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                51:A3:41:B8:14:F9:2C:04:DE:0C:49:24:58:B5:5A:34:0E:07:FE:40
+            X509v3 Authority Key Identifier: 
+                keyid:6D:B3:1D:B6:78:4E:C8:19:8F:FA:4D:6B:3A:5E:A9:7D:CB:07:98:BA
+
+    Signature Algorithm: sha256WithRSAEncryption
+         3c:f2:58:cd:8c:39:90:b4:f5:0f:ef:f6:a7:eb:26:4c:43:63:
+         dc:9f:94:a1:43:6c:9a:82:2b:e4:8e:24:c5:40:da:78:93:c5:
+         dd:8a:5d:63:76:00:ef:c6:ca:a7:a8:10:a3:9a:ae:d1:20:d1:
+         19:e1:46:03:03:98:a4:71:9a:45:8d:34:33:ce:c8:52:82:22:
+         33:5f:79:74:61:88:ab:52:6f:98:75:8f:07:bf:ff:d9:2e:30:
+         67:ce:05:8b:6c:ac:24:ec:2c:ac:c5:42:f7:71:b6:da:53:bc:
+         48:d1:29:82:aa:03:27:81:84:0a:f5:12:e2:8c:3a:77:f9:a8:
+         0e:d4:1f:7e:1f:98:28:f7:15:f0:78:8a:ba:b7:77:20:b7:82:
+         0d:cd:d5:47:ed:9e:61:a7:9b:35:1b:35:c7:74:91:0b:6c:1c:
+         27:1a:a9:cc:11:5b:22:0d:35:40:43:ae:f2:44:66:aa:9e:dc:
+         22:ca:a7:8b:8c:44:6a:f6:b1:6d:1e:3a:51:c0:2a:02:81:d7:
+         b6:4a:77:1e:e0:13:19:0c:51:4c:67:e1:2f:97:c9:4a:88:25:
+         c8:b4:65:dc:0d:a5:71:c2:45:dd:4f:01:bf:f0:43:9c:41:37:
+         28:eb:15:fc:90:f8:b6:3a:4b:57:79:df:74:4c:a9:aa:27:a2:
+         77:22:37:7f
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEL
+MAkGA1UECAwCR0QxETAPBgNVBAcMCHNoZW56aGVuMScwJQYDVQQKDB5odHRwczov
+L3d3dy5hZ3JhbmR0ZWNoLmNvbS5jbi8xDTALBgNVBAMMBHRlc3QwHhcNMjMwNzAx
+MTAwODQ0WhcNMjYwMzI3MTAwODQ0WjBTMQswCQYDVQQGEwJDTjELMAkGA1UECAwC
+R0QxJzAlBgNVBAoMHmh0dHBzOi8vd3d3LmFncmFuZHRlY2guY29tLmNuLzEOMAwG
+A1UEAwwFdGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtc2Ok
+fYwA5uXf9R6K1CLkNxZia2TxkOxLTDfFLt7vEZMV2ukte2lyLZQp+AR1Ijekg1Oj
+e7E3LaBXrw5lPM/+GmXe6GZ7GYGrEJueJ1upfMw6RO5urzrvZ3JgqI27TT7ONB8I
+nHL3UkTXr+v3mz9ilAnbJuMP67OF08Mt7MEU2C2wTBDHsSLPdKfNlLcYnngLC2QA
+4OGKl1cRXXzzyWzgl8FsAbXEdfpxlpqJx3NhvUorKBeBS5+S7o6gV396fImmfk2o
+87iqA6reMKcZlKeH/Kta5Y2pZFFa9K1k4arkRbfkA9xrz/pKDQnvT4I5zC+RwZRV
+V1gWCxQAYkPJZ+DTAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W
+HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRRo0G4FPks
+BN4MSSRYtVo0Dgf+QDAfBgNVHSMEGDAWgBRtsx22eE7IGY/6TWs6Xql9yweYujAN
+BgkqhkiG9w0BAQsFAAOCAQEAPPJYzYw5kLT1D+/2p+smTENj3J+UoUNsmoIr5I4k
+xUDaeJPF3YpdY3YA78bKp6gQo5qu0SDRGeFGAwOYpHGaRY00M87IUoIiM195dGGI
+q1JvmHWPB7//2S4wZ84Fi2ysJOwsrMVC93G22lO8SNEpgqoDJ4GECvUS4ow6d/mo
+DtQffh+YKPcV8HiKurd3ILeCDc3VR+2eYaebNRs1x3SRC2wcJxqpzBFbIg01QEOu
+8kRmqp7cIsqni4xEavaxbR46UcAqAoHXtkp3HuATGQxRTGfhL5fJSoglyLRl3A2l
+ccJF3U8Bv/BDnEE3KOsV/JD4tjpLV3nfdEypqieidyI3fw==
+-----END CERTIFICATE-----

tools/cmca/ca/CA/data/test1.csr

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqjCCAZICAQAwZTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMREwDwYDVQQH
+DAhzaGVuemhlbjEnMCUGA1UECgweaHR0cHM6Ly93d3cuYWdyYW5kdGVjaC5jb20u
+Y24vMQ0wCwYDVQQDDAR0ZXN0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEA873p/qqmwdl7dCDw0PPufNBphI0aNx4pQpiGUYf+XUgul7DGFpxGajh7NFTs
+dtJSULsxqN59P4zF+Pvj43M3NhDoVd+Az8DZQDC3VElp46h5SUfYdLAHE91Hcolp
+vQxAi/TuSQLL9LnBen3aEBuysZ8NcGbRhjHc49bl9SzhV71y6kodDExYCSsu5VNA
+c1XpeMN6lSW3nYCs5HnD15vRw3N42gP0qmghgfJTuD2RYOCRRy5tXQGu8oLAit0G
+jHBud34UrmGl2OATGyz302IM0VxI/lnKtbEriSsvaV1AQgWrdlhPNho2HCHrhRza
+IhvCYI7BfVAzOcBA4EkgoPfDTwIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBAE7E
+xGSbr/UbRNE3dzD42GnTRTUCJGgk0sUFgURfuZhKhFNSloEQBzfL7hb4M2uuirOB
+t8NxImkp70/3Cw+UuewBAO5Ajp6GIYr4dZGb1KNWxqFMC1k0RCoEDcRPow5+okzf
+d8QbHVQnyYNahAfxWdxLmq9g3dBmJA9d3Z4XfbPWbp3sDk7fb08Fg9Uond33vW1J
+Qzco4UTcwLuicNwh6vytikjUV5zX0RS9QHSu9+akMbZbOwX9cFOhjbpmw4oGLx8h
+fXeB9pgqbvdQ4Q5Bj+bScK2CR344yKY6nEw4pxdS78a7Sor+njSgvNlbBzjg+EP0
+UpTObJ9sModlMYn6h70=
+-----END CERTIFICATE REQUEST-----

tools/cmca/ca/CA/data/test1.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA873p/qqmwdl7dCDw0PPufNBphI0aNx4pQpiGUYf+XUgul7DG
+FpxGajh7NFTsdtJSULsxqN59P4zF+Pvj43M3NhDoVd+Az8DZQDC3VElp46h5SUfY
+dLAHE91HcolpvQxAi/TuSQLL9LnBen3aEBuysZ8NcGbRhjHc49bl9SzhV71y6kod
+DExYCSsu5VNAc1XpeMN6lSW3nYCs5HnD15vRw3N42gP0qmghgfJTuD2RYOCRRy5t
+XQGu8oLAit0GjHBud34UrmGl2OATGyz302IM0VxI/lnKtbEriSsvaV1AQgWrdlhP
+Nho2HCHrhRzaIhvCYI7BfVAzOcBA4EkgoPfDTwIDAQABAoIBAFTFQ0GABnk681XD
+Mx3pCJO+RESGcoyi38S6mVR30L6OoS2+nFY2ycKdnDPqKUd2BIzxXecWYkcc5amf
+qXVsl9Ik9TkQf5NBxg0uJESbN8mmyW/0HdMPeZauCfBK3EyUm0pRyCH6aAbYJ/M7
+HAEoMPDXmWvzRoG+i81t6xJnJoRFwI8xQfKf6DbiP4KUlU7MVRWpVFkCXzZkyoqi
+NWKyYfv7cBTZrWpeBCvyKRtUDvA9xjgfRTmR5rBfre9XCcu0hD2HwYBR8Nh0kz0g
+4/ZgEX4LYpL40r/tbzL1hlG2zaKQw/Hmb90CvUBfwwNFA/Xvhq5NYJhwVaauPhVN
+vDxIf/ECgYEA/gyooDz0B/OGSDeetBuZyQ1HjlWc7wNSCG+SBbaDb5WCLAcJCOEc
+ybCg81s3P1p4IRo1BR0II1RM8RHhMLVlL/NgYQsvpYJd/02BTxYQka7EXXOdL533
+CuKYTEKODisSSjNPF051kADHs0iL5Jc8iDT21Rb8C6E4N1J1lCEWsCkCgYEA9Zz+
+16P7UVKGZzEF6/xtOf59H+Arrty9eW9nlGH+Wjkz+xySYAVSaa/6n6LiBGOwXvKc
+GmUSMhanIgvnTXVkwpCEAl6cVufwuPR5V0Y66xnSsAtpascJqvCgVAxS9b0SVAju
+WvExxRrEquvYUlZ7kwN2a8Rnm02BjFPijy8D5rcCgYBZWApVkBoiUbp/20+s96f1
+1P29SM6QIBLRdKtd5voCXAoTgcXjoYeGRt/TtdiQJzjoK1dKHROnmRYWEbuobaLQ
+Yj8a4dw30MlN5+v57ECXe2cDlo1JGbyvz1DQQPfEc9FS1wiRob4mjp+spW7NTYK0
+RCwqdJLfZCtpCU7gcWKRQQKBgG9DB064Qgi80ZW9Z2lXmENFPXlLG37DEDIKfWmC
+Wq6Uay+96bEFuCeYSHg4WRqT7jmUvZJXZr659ExACC/WliZtQN+x7DCSMUIXvUAD
+2HzX3dFR2hc8wuxkxLxOOOaJF9xpj1AzItCfJ6gl3oCuHJykXOjEuApqOd1PwroK
+GkJRAoGBANzf7rFrVxapMa5W/Q5fGFMwzF6sKPU0xZUhYKen0jwndl4NEQakWoiI
+oWjeeFgPoKQa7LPfwfPEsCNTt3D/7ow/5kk39kTpegmICDcF+f1ij8w5ekuw4QyO
+ltQsHXNdzdulT8Mhg1+R6EabgvBGZEFyWMH2yeF3QKhg6ezRAzcV
+-----END RSA PRIVATE KEY-----

tools/cmca/ca/CA/data/test2.csr

@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICqzCCAZMCAQAwZjELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMREwDwYDVQQH
+DAhzaGVuemhlbjEnMCUGA1UECgweaHR0cHM6Ly93d3cuYWdyYW5kdGVjaC5jb20u
+Y24vMQ4wDAYDVQQDDAV0ZXN0MTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAO1zY6R9jADm5d/1HorUIuQ3FmJrZPGQ7EtMN8Uu3u8RkxXa6S17aXItlCn4
+BHUiN6SDU6N7sTctoFevDmU8z/4aZd7oZnsZgasQm54nW6l8zDpE7m6vOu9ncmCo
+jbtNPs40HwiccvdSRNev6/ebP2KUCdsm4w/rs4XTwy3swRTYLbBMEMexIs90p82U
+txieeAsLZADg4YqXVxFdfPPJbOCXwWwBtcR1+nGWmonHc2G9SisoF4FLn5LujqBX
+f3p8iaZ+TajzuKoDqt4wpxmUp4f8q1rljalkUVr0rWThquRFt+QD3GvP+koNCe9P
+gjnML5HBlFVXWBYLFABiQ8ln4NMCAwEAAaAAMA0GCSqGSIb3DQEBCwUAA4IBAQBh
+7RKvFZzrt7cDmIPEaTpXZnXKbSaU6Yq4PzG6mnG0B2wd15wZ41nVQobprVEd/hIY
+ifjtTh0fZp7IBhBomX2QJWlhqdK4RvlMDX9w0Q6oSYjbHKj7TfGnBpyi5gjK/a12
+cQvupDTXWp5Hq5McnBKdo/SDow1papl4jFkGeNq8ItD+2FQQhcJGMLnNndQ9p9Mj
+3TRtcfxbsJgmDHBQyefM5ASnG4j5X7wi2zSdgN9hEFIzm9weFpYGAnNx431BE0Vg
+9bR1YWFBPzjMI4x5DN7HWt+z5acZlXjws2OM68zum3MR7UbreV/eJjtE3Un9AuNW
+e5nUqnFMJ7RVZnTvPlGz
+-----END CERTIFICATE REQUEST-----

tools/cmca/ca/CA/data/test2.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA7XNjpH2MAObl3/UeitQi5DcWYmtk8ZDsS0w3xS7e7xGTFdrp
+LXtpci2UKfgEdSI3pINTo3uxNy2gV68OZTzP/hpl3uhmexmBqxCbnidbqXzMOkTu
+bq8672dyYKiNu00+zjQfCJxy91JE16/r95s/YpQJ2ybjD+uzhdPDLezBFNgtsEwQ
+x7Eiz3SnzZS3GJ54CwtkAODhipdXEV1888ls4JfBbAG1xHX6cZaaicdzYb1KKygX
+gUufku6OoFd/enyJpn5NqPO4qgOq3jCnGZSnh/yrWuWNqWRRWvStZOGq5EW35APc
+a8/6Sg0J70+COcwvkcGUVVdYFgsUAGJDyWfg0wIDAQABAoIBAQCWcM8mvmxffesS
+s8iACNt6X/SMsqIn8rvjEQ0cnw+bxDS+Wg32RQSP1JTU6lBYri82ygXJxGqJHR1D
+sKOcPKVCxxLX4cJcJ9LhwQn3b9RBU9JI8Ldn5Rmf6Jis6N2zV8N8/cTTvduRGsyH
+IuyL2g6UtFpyQPcHdTwug/ZbOG80dnI9Z4qWFLKe5JFgsrpTyOIC9ta8CcHYNZiV
+uSPYEH/CWvgZQOc6VpfnnNefiLxMKq2Tbpk/FbioUiqGwxtWBmE9YyFvtSpUb/TU
+MKwPidMV/0V7wRQafjD3qL/Y2V8ZVaEnwVAT8GjQECPCLPON6i8gr/oi6bVrpwb4
+B8tixqWBAoGBAPj36K5ofGPVi2TsK78q3+pPKrGL1HHpdloVglME+8H1AbMf1nBX
+iH2T4iAR4o13KDa0gc3vUttW1P8fiTTGHL32mF6gvUPG2u3T9riZoKGQ+2aKHG6e
+0MwcXmq53WwLseNykwb2qOSISBSkjjv4mkbpuOrurOF0UMKnA04k9eizAoGBAPQo
+NJOZTQiLW61ckc1Cy3pDtW4dTKsAomt8Aw6AbZyZUqP3smB/DhnsHXe3W84f6DZC
+pkIvnX7WMWQLLBEpe09rKfhWMGbk8gGo9sOf0RYVE93rwxFVA/sXSle4HeGur2ku
+YgaJ86YGRgN4ctb9CCZ3IqZmL5jds73ajmAHcvdhAoGAPBdJ996MN2RxUpiWLnvg
+s6MMAPJpAl2BDVknrXYEddn24Q8MKO1XqkepSmhGsDJUaG/E7LmY3AvnOPSZnz05
+7re4Kw7M37D9Ym3InOGnnZdqtmMbXa/DYaBvQX8+7DceZnFe/01FknM6QpE9K0hj
+pD4BPeMBoyD55SF+cLwHBnUCgYBypPJTIBe43F7231GjFSsgROzLQLzASvL5D2kM
+BSfy8VeJoIREpUREzcbkcNeNyROrbs5Mo7kLVp4ogMp3YIgDOamiby4ZEoXEW8dL
+Ah8WhF0oxkx5NfdBjqUc3VpCn1jERcBHm70phyaW+JbL9lI+ZZCCm9bbq7Z7fkV+
+N+E24QKBgQDNKwrWWtm5GAf8CFxE8ZSyqa3Si9Fa65GIb+5ful8VuklK6bhGkCjd
+gV0zDTBnV0Cm7CBhGsKaXGy49J7Ti5BwFv/txEsnU0ZmC7qXKExckm/gJ/uer0QU
+XWCIGtHDn2UNtv1wS6MBIYEeb09aoUhjFDXLPDNipdLh1Wh25wF2sw==
+-----END RSA PRIVATE KEY-----

tools/cmca/ca/CA/demoCA/cacert.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqzCCApOgAwIBAgIUDs5kTQVLnC1MdhXHj0KqYIG+nyAwDQYJKoZIhvcNAQEL
+BQAwZTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMREwDwYDVQQHDAhzaGVuemhl
+bjEnMCUGA1UECgweaHR0cHM6Ly93d3cuYWdyYW5kdGVjaC5jb20uY24vMQ0wCwYD
+VQQDDAR0ZXN0MB4XDTIzMDcwMTA4NDQzOFoXDTMzMDYyODA4NDQzOFowZTELMAkG
+A1UEBhMCQ04xCzAJBgNVBAgMAkdEMREwDwYDVQQHDAhzaGVuemhlbjEnMCUGA1UE
+CgweaHR0cHM6Ly93d3cuYWdyYW5kdGVjaC5jb20uY24vMQ0wCwYDVQQDDAR0ZXN0
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SMdRLkcxy3PKOSCusJ+
+AnGiJyW6AxyujqZj4xjgtIFjYIMVW5ZXVbWnY0xzRPddFddnEWgMeMLn9V3zcESV
+3tu9exm6Ijop8/KaDJ1EJAESunxkP9x/1ek3kgQvuK3YAcizTeB5ODUZ/KFJw9MP
+R/KUB+TYqCp50mr6mlIZE6lvhhvMxHz6ZmOFh2RvYg0h8oXpo5G8nmRVb4gNrlXK
+y/HZpGtbm/mfbOtxWgvSFy3PE/49V8nOYJbhDaoOXWVN06Z7w1y4KzSKbIoZfC9C
+WdWRrrhIv+Px1QLQItL17kAKqtp+vtG8lZjC5vsAgXLVAZLK71b6onv1Ir3Yuwwf
+vQIDAQABo1MwUTAdBgNVHQ4EFgQUbbMdtnhOyBmP+k1rOl6pfcsHmLowHwYDVR0j
+BBgwFoAUbbMdtnhOyBmP+k1rOl6pfcsHmLowDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAQEAdGZdTglVP1hI0wcxD0rkkHu7IkfFGlaad1vFL+VfujlV
+6H3/WrDLCDhLDBZrdZ3m0LrQqpJjZriOaqc0O8LbT4ktquVuAgYtT/il6EQzLpyE
+pEW+iM4Ae2tu9rMH1F365+C8ffQWuSenvQOOjL8L9BP5N0bguVsWA+uMNprMado4
+lLuyHOt5S36WOKh4mnMlkDBuCNnBCiFS8rcQXJugk6jrOYKji5wJGNAVMoSEtRvN
+LdZh5XOkbXuFrhltPxMG/7BaPc9xS46chBKDvCQPweKGeu2eG+y6KTwCDYmakmVX
+OE8TnP4Zr0miTprzkmbWhIkUWkg/FclJs1/TcSkCGw==
+-----END CERTIFICATE-----

tools/cmca/ca/CA/demoCA/index.txt

@@ -0,0 +1,2 @@
+V	260327100548Z		01	unknown	/C=CN/ST=GD/O=https://www.agrandtech.com.cn//CN=test
+V	260327100844Z		02	unknown	/C=CN/ST=GD/O=https://www.agrandtech.com.cn//CN=test1

tools/cmca/ca/CA/demoCA/index.txt.attr

@@ -0,0 +1 @@
+unique_subject = yes

tools/cmca/ca/CA/demoCA/index.txt.attr.old

@@ -0,0 +1 @@
+unique_subject = yes

tools/cmca/ca/CA/demoCA/index.txt.old

@@ -0,0 +1 @@
+V	260327100548Z		01	unknown	/C=CN/ST=GD/O=https://www.agrandtech.com.cn//CN=test

tools/cmca/ca/CA/demoCA/newcerts/01.pem

@@ -0,0 +1,81 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=GD, L=shenzhen, O=https://www.agrandtech.com.cn/, CN=test
+        Validity
+            Not Before: Jul  1 10:05:48 2023 GMT
+            Not After : Mar 27 10:05:48 2026 GMT
+        Subject: C=CN, ST=GD, O=https://www.agrandtech.com.cn/, CN=test
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:f3:bd:e9:fe:aa:a6:c1:d9:7b:74:20:f0:d0:f3:
+                    ee:7c:d0:69:84:8d:1a:37:1e:29:42:98:86:51:87:
+                    fe:5d:48:2e:97:b0:c6:16:9c:46:6a:38:7b:34:54:
+                    ec:76:d2:52:50:bb:31:a8:de:7d:3f:8c:c5:f8:fb:
+                    e3:e3:73:37:36:10:e8:55:df:80:cf:c0:d9:40:30:
+                    b7:54:49:69:e3:a8:79:49:47:d8:74:b0:07:13:dd:
+                    47:72:89:69:bd:0c:40:8b:f4:ee:49:02:cb:f4:b9:
+                    c1:7a:7d:da:10:1b:b2:b1:9f:0d:70:66:d1:86:31:
+                    dc:e3:d6:e5:f5:2c:e1:57:bd:72:ea:4a:1d:0c:4c:
+                    58:09:2b:2e:e5:53:40:73:55:e9:78:c3:7a:95:25:
+                    b7:9d:80:ac:e4:79:c3:d7:9b:d1:c3:73:78:da:03:
+                    f4:aa:68:21:81:f2:53:b8:3d:91:60:e0:91:47:2e:
+                    6d:5d:01:ae:f2:82:c0:8a:dd:06:8c:70:6e:77:7e:
+                    14:ae:61:a5:d8:e0:13:1b:2c:f7:d3:62:0c:d1:5c:
+                    48:fe:59:ca:b5:b1:2b:89:2b:2f:69:5d:40:42:05:
+                    ab:76:58:4f:36:1a:36:1c:21:eb:85:1c:da:22:1b:
+                    c2:60:8e:c1:7d:50:33:39:c0:40:e0:49:20:a0:f7:
+                    c3:4f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D7:A0:3F:5F:C0:65:83:88:6F:5E:98:DB:30:3D:9F:24:6A:D0:DE:54
+            X509v3 Authority Key Identifier: 
+                keyid:6D:B3:1D:B6:78:4E:C8:19:8F:FA:4D:6B:3A:5E:A9:7D:CB:07:98:BA
+
+    Signature Algorithm: sha256WithRSAEncryption
+         39:8a:89:a2:79:0f:c0:fd:d8:db:d5:38:d2:03:b4:38:be:a2:
+         6e:6b:1c:28:93:0a:a6:0b:af:0a:69:6b:8b:d5:df:3d:de:76:
+         ad:24:23:98:7a:21:a1:2f:90:47:9b:98:9e:d2:b4:75:21:bd:
+         d0:38:34:6b:b1:96:3d:24:da:ac:1a:45:e4:01:1d:a2:20:c3:
+         43:d3:ec:d9:2d:3b:d1:ee:0d:1e:21:15:e7:7f:d3:95:1c:dc:
+         fa:88:3a:05:4b:c5:08:5d:f4:40:89:29:80:fe:6b:40:b9:34:
+         92:2e:48:94:d2:4b:0b:4d:1e:3c:64:17:cf:34:ec:36:5c:6d:
+         3d:90:9c:74:95:d7:c8:96:a2:70:59:4a:d2:b5:e1:c1:a9:b7:
+         ad:f0:99:ff:b4:4d:89:e7:e3:9d:7d:79:36:40:05:6d:20:46:
+         54:af:18:73:c9:07:17:26:18:86:99:cc:e2:58:27:96:84:58:
+         18:d4:fe:dc:36:cd:8a:48:cc:e6:51:27:e5:76:81:2f:c7:9c:
+         7b:f9:fb:19:c9:7c:e4:27:06:75:cd:16:88:74:3c:0b:23:d6:
+         86:6b:95:41:10:cf:b2:fc:e8:1e:e0:d6:a5:8c:d1:c0:1b:d5:
+         6e:15:8c:9a:67:5c:9d:ac:02:5a:69:17:e8:4c:42:d0:5d:88:
+         da:08:4e:c0
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEL
+MAkGA1UECAwCR0QxETAPBgNVBAcMCHNoZW56aGVuMScwJQYDVQQKDB5odHRwczov
+L3d3dy5hZ3JhbmR0ZWNoLmNvbS5jbi8xDTALBgNVBAMMBHRlc3QwHhcNMjMwNzAx
+MTAwNTQ4WhcNMjYwMzI3MTAwNTQ4WjBSMQswCQYDVQQGEwJDTjELMAkGA1UECAwC
+R0QxJzAlBgNVBAoMHmh0dHBzOi8vd3d3LmFncmFuZHRlY2guY29tLmNuLzENMAsG
+A1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPO96f6q
+psHZe3Qg8NDz7nzQaYSNGjceKUKYhlGH/l1ILpewxhacRmo4ezRU7HbSUlC7Maje
+fT+Mxfj74+NzNzYQ6FXfgM/A2UAwt1RJaeOoeUlH2HSwBxPdR3KJab0MQIv07kkC
+y/S5wXp92hAbsrGfDXBm0YYx3OPW5fUs4Ve9cupKHQxMWAkrLuVTQHNV6XjDepUl
+t52ArOR5w9eb0cNzeNoD9KpoIYHyU7g9kWDgkUcubV0BrvKCwIrdBoxwbnd+FK5h
+pdjgExss99NiDNFcSP5ZyrWxK4krL2ldQEIFq3ZYTzYaNhwh64Uc2iIbwmCOwX1Q
+MznAQOBJIKD3w08CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
+T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNegP1/AZYOI
+b16Y2zA9nyRq0N5UMB8GA1UdIwQYMBaAFG2zHbZ4TsgZj/pNazpeqX3LB5i6MA0G
+CSqGSIb3DQEBCwUAA4IBAQA5iomieQ/A/djb1TjSA7Q4vqJuaxwokwqmC68KaWuL
+1d893natJCOYeiGhL5BHm5ie0rR1Ib3QODRrsZY9JNqsGkXkAR2iIMND0+zZLTvR
+7g0eIRXnf9OVHNz6iDoFS8UIXfRAiSmA/mtAuTSSLkiU0ksLTR48ZBfPNOw2XG09
+kJx0ldfIlqJwWUrSteHBqbet8Jn/tE2J5+OdfXk2QAVtIEZUrxhzyQcXJhiGmczi
+WCeWhFgY1P7cNs2KSMzmUSfldoEvx5x7+fsZyXzkJwZ1zRaIdDwLI9aGa5VBEM+y
+/Oge4NaljNHAG9VuFYyaZ1ydrAJaaRfoTELQXYjaCE7A
+-----END CERTIFICATE-----

tools/cmca/ca/CA/demoCA/newcerts/02.pem

@@ -0,0 +1,81 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=GD, L=shenzhen, O=https://www.agrandtech.com.cn/, CN=test
+        Validity
+            Not Before: Jul  1 10:08:44 2023 GMT
+            Not After : Mar 27 10:08:44 2026 GMT
+        Subject: C=CN, ST=GD, O=https://www.agrandtech.com.cn/, CN=test1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:ed:73:63:a4:7d:8c:00:e6:e5:df:f5:1e:8a:d4:
+                    22:e4:37:16:62:6b:64:f1:90:ec:4b:4c:37:c5:2e:
+                    de:ef:11:93:15:da:e9:2d:7b:69:72:2d:94:29:f8:
+                    04:75:22:37:a4:83:53:a3:7b:b1:37:2d:a0:57:af:
+                    0e:65:3c:cf:fe:1a:65:de:e8:66:7b:19:81:ab:10:
+                    9b:9e:27:5b:a9:7c:cc:3a:44:ee:6e:af:3a:ef:67:
+                    72:60:a8:8d:bb:4d:3e:ce:34:1f:08:9c:72:f7:52:
+                    44:d7:af:eb:f7:9b:3f:62:94:09:db:26:e3:0f:eb:
+                    b3:85:d3:c3:2d:ec:c1:14:d8:2d:b0:4c:10:c7:b1:
+                    22:cf:74:a7:cd:94:b7:18:9e:78:0b:0b:64:00:e0:
+                    e1:8a:97:57:11:5d:7c:f3:c9:6c:e0:97:c1:6c:01:
+                    b5:c4:75:fa:71:96:9a:89:c7:73:61:bd:4a:2b:28:
+                    17:81:4b:9f:92:ee:8e:a0:57:7f:7a:7c:89:a6:7e:
+                    4d:a8:f3:b8:aa:03:aa:de:30:a7:19:94:a7:87:fc:
+                    ab:5a:e5:8d:a9:64:51:5a:f4:ad:64:e1:aa:e4:45:
+                    b7:e4:03:dc:6b:cf:fa:4a:0d:09:ef:4f:82:39:cc:
+                    2f:91:c1:94:55:57:58:16:0b:14:00:62:43:c9:67:
+                    e0:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                51:A3:41:B8:14:F9:2C:04:DE:0C:49:24:58:B5:5A:34:0E:07:FE:40
+            X509v3 Authority Key Identifier: 
+                keyid:6D:B3:1D:B6:78:4E:C8:19:8F:FA:4D:6B:3A:5E:A9:7D:CB:07:98:BA
+
+    Signature Algorithm: sha256WithRSAEncryption
+         3c:f2:58:cd:8c:39:90:b4:f5:0f:ef:f6:a7:eb:26:4c:43:63:
+         dc:9f:94:a1:43:6c:9a:82:2b:e4:8e:24:c5:40:da:78:93:c5:
+         dd:8a:5d:63:76:00:ef:c6:ca:a7:a8:10:a3:9a:ae:d1:20:d1:
+         19:e1:46:03:03:98:a4:71:9a:45:8d:34:33:ce:c8:52:82:22:
+         33:5f:79:74:61:88:ab:52:6f:98:75:8f:07:bf:ff:d9:2e:30:
+         67:ce:05:8b:6c:ac:24:ec:2c:ac:c5:42:f7:71:b6:da:53:bc:
+         48:d1:29:82:aa:03:27:81:84:0a:f5:12:e2:8c:3a:77:f9:a8:
+         0e:d4:1f:7e:1f:98:28:f7:15:f0:78:8a:ba:b7:77:20:b7:82:
+         0d:cd:d5:47:ed:9e:61:a7:9b:35:1b:35:c7:74:91:0b:6c:1c:
+         27:1a:a9:cc:11:5b:22:0d:35:40:43:ae:f2:44:66:aa:9e:dc:
+         22:ca:a7:8b:8c:44:6a:f6:b1:6d:1e:3a:51:c0:2a:02:81:d7:
+         b6:4a:77:1e:e0:13:19:0c:51:4c:67:e1:2f:97:c9:4a:88:25:
+         c8:b4:65:dc:0d:a5:71:c2:45:dd:4f:01:bf:f0:43:9c:41:37:
+         28:eb:15:fc:90:f8:b6:3a:4b:57:79:df:74:4c:a9:aa:27:a2:
+         77:22:37:7f
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEL
+MAkGA1UECAwCR0QxETAPBgNVBAcMCHNoZW56aGVuMScwJQYDVQQKDB5odHRwczov
+L3d3dy5hZ3JhbmR0ZWNoLmNvbS5jbi8xDTALBgNVBAMMBHRlc3QwHhcNMjMwNzAx
+MTAwODQ0WhcNMjYwMzI3MTAwODQ0WjBTMQswCQYDVQQGEwJDTjELMAkGA1UECAwC
+R0QxJzAlBgNVBAoMHmh0dHBzOi8vd3d3LmFncmFuZHRlY2guY29tLmNuLzEOMAwG
+A1UEAwwFdGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtc2Ok
+fYwA5uXf9R6K1CLkNxZia2TxkOxLTDfFLt7vEZMV2ukte2lyLZQp+AR1Ijekg1Oj
+e7E3LaBXrw5lPM/+GmXe6GZ7GYGrEJueJ1upfMw6RO5urzrvZ3JgqI27TT7ONB8I
+nHL3UkTXr+v3mz9ilAnbJuMP67OF08Mt7MEU2C2wTBDHsSLPdKfNlLcYnngLC2QA
+4OGKl1cRXXzzyWzgl8FsAbXEdfpxlpqJx3NhvUorKBeBS5+S7o6gV396fImmfk2o
+87iqA6reMKcZlKeH/Kta5Y2pZFFa9K1k4arkRbfkA9xrz/pKDQnvT4I5zC+RwZRV
+V1gWCxQAYkPJZ+DTAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W
+HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRRo0G4FPks
+BN4MSSRYtVo0Dgf+QDAfBgNVHSMEGDAWgBRtsx22eE7IGY/6TWs6Xql9yweYujAN
+BgkqhkiG9w0BAQsFAAOCAQEAPPJYzYw5kLT1D+/2p+smTENj3J+UoUNsmoIr5I4k
+xUDaeJPF3YpdY3YA78bKp6gQo5qu0SDRGeFGAwOYpHGaRY00M87IUoIiM195dGGI
+q1JvmHWPB7//2S4wZ84Fi2ysJOwsrMVC93G22lO8SNEpgqoDJ4GECvUS4ow6d/mo
+DtQffh+YKPcV8HiKurd3ILeCDc3VR+2eYaebNRs1x3SRC2wcJxqpzBFbIg01QEOu
+8kRmqp7cIsqni4xEavaxbR46UcAqAoHXtkp3HuATGQxRTGfhL5fJSoglyLRl3A2l
+ccJF3U8Bv/BDnEE3KOsV/JD4tjpLV3nfdEypqieidyI3fw==
+-----END CERTIFICATE-----

tools/cmca/ca/CA/demoCA/private/cakey.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEA0SMdRLkcxy3PKOSCusJ+AnGiJyW6AxyujqZj4xjgtIFjYIMV
+W5ZXVbWnY0xzRPddFddnEWgMeMLn9V3zcESV3tu9exm6Ijop8/KaDJ1EJAESunxk
+P9x/1ek3kgQvuK3YAcizTeB5ODUZ/KFJw9MPR/KUB+TYqCp50mr6mlIZE6lvhhvM
+xHz6ZmOFh2RvYg0h8oXpo5G8nmRVb4gNrlXKy/HZpGtbm/mfbOtxWgvSFy3PE/49
+V8nOYJbhDaoOXWVN06Z7w1y4KzSKbIoZfC9CWdWRrrhIv+Px1QLQItL17kAKqtp+
+vtG8lZjC5vsAgXLVAZLK71b6onv1Ir3YuwwfvQIDAQABAoIBAQCi1khvvgJeQ5jN
+Kj9v0wfyNzAecw2GZsqzX3Le2/v6D9SkzOvQSBrwLWSLuHb39/KOkw05TF6JmJir
+P9/QRla7EzVRqBJ5m/gWbYrsz3bC4eMHONuFrdYLZG9UTdYqYZGSsgaKWIGJ9i6p
+uZuJ0chQKNyB2Pmo1onMAGfnyIyl9RruM0G3KOl2tHOqJnoqOoJAdWvq/vjmEb1H
+lypiZZpIede2Q58oXC1HZFNT/q1NA3SGMbPoXmG4XoCTtq9Llt1kyk9FMbhKV1oj
+FoneRwXRMEqu0AEGgk9XSEdSPVLZ4nspgrdA5mkTxa/fUyPvWjantzR/ovR6zx95
+mKKnEVIBAoGBAOwtRkIciCNSa7xwJD8QvEFCADvZDU/+RmFk2tDbbA+gDYPy1bdD
+1qDqbzwdCnuMeVbTSAP+KNxxa1M9pOun21t6nC7sUPdqGbQEwkQrFs9v859wf2j9
+GU/oeu+aQabDGFXjwTC23wifqXTVc1/JnfGsqd3+9WwqR31SG+88/OjdAoGBAOKw
+1r7/9XqrYxL3SuxYhEm6Qasj3OwRgTXBfRYBcwyN8NDTqY/QvsTwPvLVaDy8lrjc
+kHJUx+zxmOBg/aKlxmzH5OTp0vRoVBFAOW4bITfGHKTjPjud7lfeAP2txPUR4i/4
+vHgYIlVFjGT6+p4oMsX7wtYl8ZmO184pVHNbZzRhAoGBAOJQQBL55Dp0sGhRzWnh
+T4P5CuBOjUMqFaceTc/1cwdGB6149PI4P2LTQuQHsBPT+DILI+cvlVgoFwAdAfwP
+TVPLmf4c1TlAooCuTrmj0KfWT01pL64bWjYIQEV5O4/hQ2CKboWPtwk8ddVO9M/F
+E2SSX/QqbGLJ4Ndl5v7JIlDBAoGBAJQnnzIVdwpFGOs8U+tDrrHA2UpQlgJzLk9D
+tcy8BcUev1S8AQXNF+D+YyWx8/4+AwOuo3kVj9R70b5TpXC3h4dw3Vf+ubCivs7H
+esFLWdpp0C6zlejAvxUOMveYqjDBD2Lq3cJfg5DXc3pLzZ+wBf7/G8d55PzHLqO+
+v0Llaf4BAoGBAI4Fu4Sr0fD38pAUAehfDlzngoXIs7eqdJU5Gu19U3PKKhDRKptp
+YBKt6mGv1R9rk9hCwXpXGRpABy6mpNkOCcYYmTtLGbwyy8Y1dbY9kNBrdhvrCcLh
+RZL9VrFMOuoHrd/yB4AEwvoZHAhNAkheU6CC/R6uiWof6eH8YmXJEt0n
+-----END RSA PRIVATE KEY-----

tools/cmca/ca/CA/demoCA/serial

@@ -0,0 +1 @@
+03

tools/cmca/ca/CA/demoCA/serial.old

@@ -0,0 +1 @@
+02

tools/cmca/casign.go

@@ -0,0 +1,71 @@
+package main
+
+import (
+	"crypto/x509"
+	"encoding/base64"
+	"fmt"
+	"os"
+
+	"ems.agt/cmca/config"
+)
+
+// func init() {
+// 	roots := x509.NewCertPool()
+// 	rootCert, err := LoadCert(config.CaConfig.CA.RootCert)
+// 	if err != nil {
+// 		os.Exit(1)
+// 	}
+// 	roots.AddCert(rootCert)
+// 	rootCertPool = roots
+// }
+
+func main() {
+	// 初始化
+	//config.CaConfig.CA.RootCert = "./certs/cacert.pem"
+
+	//Init()
+	fmt.Println("CaConfig:", config.CaConfig)
+
+	roots := x509.NewCertPool()
+	rootCert, err := LoadCert(config.CaConfig.CA.RootCert)
+	if err != nil {
+		os.Exit(1)
+	}
+	roots.AddCert(rootCert)
+	rootCertPool = roots
+
+	//证书验证：
+	cert, err := LoadCert(config.CaConfig.CA.Cert)
+	if err != nil {
+		fmt.Println("LoadCert:", err)
+		return
+	}
+
+	err = VerifyCert(cert)
+	fmt.Println("VerifyCert:", err)
+
+	//签名
+	fmt.Println("RSA签名认证:")
+	pri, err := LoadPriKey(config.CaConfig.CA.PrivateKey)
+	if err != nil {
+		fmt.Println("LoadPriKey:", err)
+		return
+	}
+	username := config.UserName
+	rsaSign, err := SignRSA([]byte(*username), pri)
+	if err != nil {
+		fmt.Println("SignRSA:", err)
+		return
+	}
+	rsaSign64 := base64.StdEncoding.EncodeToString(rsaSign)
+	fmt.Println("rsaSign64:", rsaSign64)
+
+	//签证验证
+	cert, err = LoadCert(config.CaConfig.CA.Cert)
+	if err != nil {
+		fmt.Println("LoadCert:", err)
+		return
+	}
+	err = VerifyRSA([]byte(*username), rsaSign, cert)
+	fmt.Println("VerifyRSA sign:", err)
+}

tools/cmca/certs/cacert.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDnzCCAoegAwIBAgIUSBd+zbdjx31N0Q51+NrVdeDEPKYwDQYJKoZIhvcNAQEL
+BQAwXzELMAkGA1UEBhMCQ04xEDAOBgNVBAgMB0JlaWppbmcxCzAJBgNVBAcMAkJK
+MSIwIAYDVQQKDBlodHRwczovL3d3dy5ydWlqaWUuY29tLmNuMQ0wCwYDVQQDDAR0
+ZXN0MB4XDTIzMDgxMjA5MzMxMloXDTMzMDgwOTA5MzMxMlowXzELMAkGA1UEBhMC
+Q04xEDAOBgNVBAgMB0JlaWppbmcxCzAJBgNVBAcMAkJKMSIwIAYDVQQKDBlodHRw
+czovL3d3dy5ydWlqaWUuY29tLmNuMQ0wCwYDVQQDDAR0ZXN0MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jW6bA//53YP3cqWmE42GGcJyZw1imzoIvDR
+stTYosiu/8cju1NHBJE6xF84huTs4Q+f6ZCE931Kg4ORX6iQFvbMK6/n0kpBFchA
+mZRqBElcIbjK8sNTbyJgjX2iRI5Mkm6mBgIaB0C/9iWN64WxSdk7Gs3ZTipn4SYW
+Ejn6wP3B1BGpj3NMUm1xah6XhCmnlxXDNvpjBOEOSsgs9fM3Bvatpn4pRXQtzsMD
+CkeicdSTnave3EQHskBCpw0f2ojG5LgGsibKRzijzt4LiMzt5jrMWxRgv/So9bAt
+QmMZhyP3ZE+AySkh7df7WobsoGtFAv+8aiIBYtJl94yLq+kssQIDAQABo1MwUTAd
+BgNVHQ4EFgQUjCKd8br99RMOcoMAuuHaOZJvskcwHwYDVR0jBBgwFoAUjCKd8br9
+9RMOcoMAuuHaOZJvskcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AQEANWTC8AiQOsWQQEqErAbuemA9GrW94t0cxrAuu86P7RJSvsyC7OzIg0Exp8rI
+AnEeRef8tHi19iepMtvSHTLwsPcAFA6NlDBX+kf2CI1XM0OrjLgmIgfdnCvAjaNm
+kWiDpMtMq/PsRfGVFb15NGUdqv25mGofR2bluYvFyybmZoVcKXkoCZ5JvvTOEPO/
+VPqRYnDMj5LVKefaBWp+xtGnTGx0m6ki2bk19OZAZz2GAzS+Kc27CiuO/hsjt0Bj
+s1wJPdBdGvNNRJBIiwrf8wCpCrRQQl2uczatYJdoZK+3szmsWZJg3wGKLqp6Ua6y
+URxUlN2SyT01lco4vat6Eh1t3A==
+-----END CERTIFICATE-----

tools/cmca/certs/nbi_agent.crt

@@ -0,0 +1,81 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=Beijing, L=BJ, O=https://www.ruijie.com.cn
+        Validity
+            Not Before: Aug 12 09:41:13 2023 GMT
+            Not After : Nov 20 09:41:13 2023 GMT
+        Subject: C=CN, ST=Beijing, O=https://www.ruijie.com.cn, CN=test
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:a7:da:88:69:ee:bd:5c:11:8e:69:fc:7b:11:ae:
+                    43:21:b9:1e:da:d2:6e:f5:bb:93:37:af:6e:8c:ae:
+                    b3:7b:dd:b6:fd:af:48:e7:ac:a8:b5:7a:15:ab:0e:
+                    b7:b5:27:b4:e3:83:92:3a:91:e6:f0:83:34:b8:74:
+                    42:2c:a8:df:4e:14:5d:4e:a4:5f:4d:0c:79:b0:5c:
+                    79:9a:ee:26:0f:76:82:67:48:0f:6a:3f:df:6d:a0:
+                    c8:64:9a:2b:17:6a:c6:19:a5:c1:54:9b:f2:e4:6d:
+                    b4:fe:5f:70:c9:ca:9b:47:ca:fe:50:f4:23:e1:fe:
+                    94:d7:d1:ae:17:51:57:c7:78:da:b4:b2:b7:bb:e9:
+                    1b:55:a1:f1:fd:17:63:9f:cf:3b:81:87:d8:80:7d:
+                    1e:d6:ac:cc:b5:96:b1:78:df:d4:cb:0e:ec:42:da:
+                    3d:f9:87:df:01:45:5f:3e:b6:93:24:18:b3:d1:d5:
+                    c2:42:f8:2a:e8:c4:bd:48:f4:ec:c7:2c:1a:cf:bc:
+                    a4:9c:df:f4:15:71:9d:ea:f4:4a:04:7f:54:64:f6:
+                    79:3a:36:fb:10:1a:c3:18:2e:81:83:c2:62:47:a0:
+                    88:70:13:1d:f9:9d:fb:ef:72:a8:3c:6d:9b:8e:69:
+                    f8:c5:a0:92:32:87:19:21:dd:68:5c:0d:0c:fd:21:
+                    28:69
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                93:D4:BE:FF:27:3C:D0:91:A2:1E:36:1B:F1:A3:43:B3:70:CC:00:DA
+            X509v3 Authority Key Identifier: 
+                keyid:8C:22:9D:F1:BA:FD:F5:13:0E:72:83:00:BA:E1:DA:39:92:6F:B2:47
+
+    Signature Algorithm: sha256WithRSAEncryption
+         61:f7:28:fb:02:42:57:0f:34:9b:e4:b6:8a:9b:8a:3b:b8:d1:
+         e0:4d:55:07:8d:7c:87:a3:88:3a:6f:4c:ab:cf:76:f8:76:17:
+         bc:76:32:69:3a:19:9b:50:f2:b2:97:7f:73:eb:7e:6f:05:b9:
+         ea:a3:88:c0:ab:96:bd:36:e4:36:59:e1:2c:44:08:78:da:4f:
+         5d:e3:87:e1:d5:ec:86:0e:08:27:e0:e9:ad:20:e0:6b:67:26:
+         9b:31:a9:17:ac:ee:e0:dc:d9:e6:50:69:fe:83:23:51:6b:51:
+         6b:c4:45:36:8a:48:a5:cd:61:99:cf:25:05:8a:94:5e:3c:29:
+         35:67:00:fa:77:2f:09:2c:a0:18:bb:35:ce:f0:45:43:b7:47:
+         d5:89:cb:aa:a1:6f:8d:ac:16:d1:8d:be:39:a9:54:3d:da:70:
+         43:ca:e1:a3:a2:13:83:9b:a8:3b:e8:80:60:21:26:af:f9:09:
+         8a:6a:b0:77:82:7b:76:a1:03:13:a4:e2:e0:5c:d1:83:bd:50:
+         43:b3:23:96:a7:c9:7d:e5:2f:e6:95:c9:ff:9b:3b:1f:a4:30:
+         df:4c:67:99:92:fc:b7:e7:25:fc:bd:d7:30:c3:3a:34:78:93:
+         87:ae:4e:61:5a:12:04:43:25:c8:7a:9e:c5:cd:31:12:48:22:
+         2d:4f:d9:ed
+-----BEGIN CERTIFICATE-----
+MIIDmDCCAoCgAwIBAgIBATANBgkqhkiG9w0BAQsFADBQMQswCQYDVQQGEwJDTjEQ
+MA4GA1UECAwHQmVpamluZzELMAkGA1UEBwwCQkoxIjAgBgNVBAoMGWh0dHBzOi8v
+d3d3LnJ1aWppZS5jb20uY24wHhcNMjMwODEyMDk0MTEzWhcNMjMxMTIwMDk0MTEz
+WjBSMQswCQYDVQQGEwJDTjEQMA4GA1UECAwHQmVpamluZzEiMCAGA1UECgwZaHR0
+cHM6Ly93d3cucnVpamllLmNvbS5jbjENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAKfaiGnuvVwRjmn8exGuQyG5HtrSbvW7kzev
+boyus3vdtv2vSOesqLV6FasOt7UntOODkjqR5vCDNLh0Qiyo304UXU6kX00MebBc
+eZruJg92gmdID2o/322gyGSaKxdqxhmlwVSb8uRttP5fcMnKm0fK/lD0I+H+lNfR
+rhdRV8d42rSyt7vpG1Wh8f0XY5/PO4GH2IB9HtaszLWWsXjf1MsO7ELaPfmH3wFF
+Xz62kyQYs9HVwkL4KujEvUj07McsGs+8pJzf9BVxner0SgR/VGT2eTo2+xAawxgu
+gYPCYkegiHATHfmd++9yqDxtm45p+MWgkjKHGSHdaFwNDP0hKGkCAwEAAaN7MHkw
+CQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2Vy
+dGlmaWNhdGUwHQYDVR0OBBYEFJPUvv8nPNCRoh42G/GjQ7NwzADaMB8GA1UdIwQY
+MBaAFIwinfG6/fUTDnKDALrh2jmSb7JHMA0GCSqGSIb3DQEBCwUAA4IBAQBh9yj7
+AkJXDzSb5LaKm4o7uNHgTVUHjXyHo4g6b0yrz3b4dhe8djJpOhmbUPKyl39z635v
+Bbnqo4jAq5a9NuQ2WeEsRAh42k9d44fh1eyGDggn4OmtIOBrZyabMakXrO7g3Nnm
+UGn+gyNRa1FrxEU2ikilzWGZzyUFipRePCk1ZwD6dy8JLKAYuzXO8EVDt0fVicuq
+oW+NrBbRjb45qVQ92nBDyuGjohODm6g76IBgISav+QmKarB3gnt2oQMTpOLgXNGD
+vVBDsyOWp8l95S/mlcn/mzsfpDDfTGeZkvy35yX8vdcwwzo0eJOHrk5hWhIEQyXI
+ep7FzTESSCItT9nt
+-----END CERTIFICATE-----

tools/cmca/certs/nbi_agent.key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpQIBAAKCAQEAp9qIae69XBGOafx7Ea5DIbke2tJu9buTN69ujK6ze922/a9I
+56yotXoVqw63tSe044OSOpHm8IM0uHRCLKjfThRdTqRfTQx5sFx5mu4mD3aCZ0gP
+aj/fbaDIZJorF2rGGaXBVJvy5G20/l9wycqbR8r+UPQj4f6U19GuF1FXx3jatLK3
+u+kbVaHx/Rdjn887gYfYgH0e1qzMtZaxeN/Uyw7sQto9+YffAUVfPraTJBiz0dXC
+Qvgq6MS9SPTsxywaz7yknN/0FXGd6vRKBH9UZPZ5Ojb7EBrDGC6Bg8JiR6CIcBMd
++Z3773KoPG2bjmn4xaCSMocZId1oXA0M/SEoaQIDAQABAoIBAQCnLMfgeZ6vK+0j
+MguAuIaz96P7XMqWg5NESr1X8EdifpfaYdHCq/v7gvRBwg7Fph5K2qexHc9ci9De
+RSwDPs3o/e9Qe/VOz7YDKJcU70uI6wdFxkdUEvl8Pj5XtBRm5jkXIjdDBW8MgxdY
+ocW7tMai4lIYXo++bcfgiz1Qi/tY9jAuloUaTnSnggayEx/4N6JDj8e8X+7ju6b7
+A1lYt6jb10jU+8McxXfx/G2H+xTEvfDLGyeXnmkeYK5HmAl49xpaowSgk2siYJrd
+M1a8Y7tb44tBNTymrJqjea32/S5U8qa0hywnRx9B9/GAsm1+bgyLdQBoxY5dUBU+
+mu3x73fhAoGBANEKtywRjD4jOjp01Q7gxiBjBzjXAjm/DODB6jtWG16CEJ5LCMkE
+MgKAsvac/z9gdWnGrRxNuO8CZExHW1XfwDcWbQ7jnpW4+JcXwG82djg91guzmOMV
+bDdPhusUDFVtLJry+nf6kQ+JetZXQzDSoNrUHUWPRioSxZDmk0D9TIjrAoGBAM2P
+OT+bGZDVsW1XpmHhPMXrce01S2jb17rKT3nikT/lZ3W8j8EbVHZXw/Q1PtrHDBiX
+HQdG1V38vbSG9MvlEOKOXe0/7DLRxkE5n0Wke8qregLDxKnlPy+hiu9y1iCcs0Mm
+QTcmShz29iSx6aG7pW4qvMQIm31O6zbhMLQSSj77AoGAFzbnbJ9uQaBL4R4EYyiX
+GBWnQaqu9pa+6V7fkkNXusEa81lF2nz6yMheF4EL34/ouhx0MQZ4mSJc3RO3kuvM
+PtHgvpyMifgGs1DR8AfOTSSg1p/VRLKmV+YfB5AsZng/Ud3V7ukGnwEXgSIjthJO
+Br8zmPv2QMng4tyYUclPbI0CgYEAkp1NH+joWz2Px4V0zutwBVrhb2dL2gaz4C7c
+cPsAzqo5GOjdP8bWf3Ip+czgf/rozcE6my4SkW7rgA+iGqvPV0hkBgxJ1BV7appG
+181x3iRgaghoBSXV44s9JXyq7afW1FY8vbE5u18KQTIEia7lV6Zz7P6WqNHZQtNr
+gYRqIHECgYEAgoMSfiaP+gtVwa24GajeoyaHrbsJmUAU4mMKVWFGwic8J4NfXmct
+ebGGXpNAAzZFKSyYYr2IL1M1rbxy8pEnO4hB5eCbYyvnsmQgHtrixly/YCBKXBMK
+Y/xp2u/QkpdL2ZkNuoeoXMLcrzM/24TG/RahFRMGi979/DUNkdm+i8M=
+-----END RSA PRIVATE KEY-----

tools/cmca/config/config.go

@@ -0,0 +1,58 @@
+package config
+
+import (
+	"flag"
+	"fmt"
+	"os"
+
+	"gopkg.in/yaml.v3"
+)
+
+// Yaml struct of config
+type YamlConfig struct {
+	//证书配置
+	CA struct {
+		RootCert   string `yaml:"rootCert"`   //root CA证书存放路径
+		Cert       string `yaml:"cert"`       // 服务端CA证书存放路径
+		PrivateKey string `yaml:"privateKey"` // 服务端私钥存放路径
+		Check      bool   `yaml:"check"`      // 是否开启服务端证书检查功能
+	} `json:"ca"`
+}
+
+var CaConfig YamlConfig
+
+func ReadConfig(configFile string) {
+	yamlFile, err := os.ReadFile(configFile)
+	if err != nil {
+		fmt.Println("Read yaml config file error:", err)
+		os.Exit(2)
+	}
+
+	err = yaml.Unmarshal(yamlFile, &CaConfig)
+	if err != nil {
+		fmt.Println("Unmarshal error:", err)
+		os.Exit(3)
+	}
+}
+
+var UserName *string
+
+const defaultConfigFile = "./etc/cmca.yaml"
+
+func init() {
+	cfile := flag.String("c", defaultConfigFile, "config file")
+	pv := flag.Bool("v", false, "print version")
+	ph := flag.Bool("h", false, "print help")
+	UserName = flag.String("u", "admin", "user name")
+
+	flag.Parse()
+	if *pv {
+		os.Exit(0)
+	}
+	if *ph {
+		flag.Usage()
+		os.Exit(0)
+	}
+
+	ReadConfig(*cfile)
+}

tools/cmca/etc/cmca.yaml

@@ -0,0 +1,4 @@
+ca:
+  rootCert: ./certs/cacert.pem
+  cert: ./certs/nbi_agent.crt
+  privateKey: ./certs/nbi_agent.key