sign
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
package cm
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"os"
|
||||
@@ -22,6 +23,7 @@ const (
|
||||
SoftwareStatusInactive = "Inactive"
|
||||
SoftwareStatusActive = "Active"
|
||||
DigestsSignOkString = "digests signatures OK"
|
||||
SoftwareVerifiedOk = "Verified OK"
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -32,6 +34,23 @@ var (
|
||||
CustomUriSoftwareNE = config.UriPrefix + "/systemManagement/{apiVersion}/{neType}/software/{version}/{neId}"
|
||||
)
|
||||
|
||||
// 验证签名
|
||||
func verify_signature(public_key_name string, source_cms_file string, source_file string) bytes.Buffer {
|
||||
cmd := exec.Command("/usr/local/omc/run/iv", "verify_signature", public_key_name, source_cms_file, source_file)
|
||||
var out bytes.Buffer
|
||||
cmd.Stdout = &out
|
||||
cmd.Env = append(os.Environ(),
|
||||
"FOO=duplicate_value", // 重复被忽略
|
||||
"FOO=actual_value", // 实际被使用
|
||||
)
|
||||
err := cmd.Run()
|
||||
if err != nil {
|
||||
log.Error(err)
|
||||
}
|
||||
|
||||
return out
|
||||
}
|
||||
|
||||
func UploadSoftwareFile(w http.ResponseWriter, r *http.Request) {
|
||||
log.Debug("UploadSoftwareFile processing... ")
|
||||
|
||||
@@ -77,7 +96,18 @@ func UploadSoftwareFile(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
filePrefix := fileName[:strings.Index(fileName, ".zip")]
|
||||
|
||||
filePath := fmt.Sprintf("%s/%s", softwarePath, fileName)
|
||||
cmd := exec.Command("unzip", filePath)
|
||||
cmd.Dir = softwarePath
|
||||
out, err := cmd.CombinedOutput()
|
||||
log.Debugf("Exec outpout:%s", string(out))
|
||||
if err != nil {
|
||||
log.Error("Failed to unzip:", err)
|
||||
services.ResponseInternalServerError500ProcessError(w, err)
|
||||
return
|
||||
}
|
||||
md5File, err := global.GetFileMD5Sum(filePath)
|
||||
if err != nil {
|
||||
log.Error("Faile to GetFileMD5Sum:", err)
|
||||
@@ -93,20 +123,31 @@ func UploadSoftwareFile(w http.ResponseWriter, r *http.Request) {
|
||||
}
|
||||
|
||||
if config.GetYamlConfig().OMC.CheckSign {
|
||||
cmd := exec.Command("rpm", "-K", filePath)
|
||||
out, err := cmd.CombinedOutput()
|
||||
log.Debugf("Exec outpout:%s", string(out))
|
||||
if err != nil {
|
||||
log.Error("Failed to execute rpm:", err)
|
||||
services.ResponseInternalServerError500ProcessError(w, err)
|
||||
return
|
||||
}
|
||||
if !strings.Contains(string(out), DigestsSignOkString) {
|
||||
rpmFileName := filePrefix + ".rpm"
|
||||
rpmFilePath := softwarePath + "/" + rpmFileName
|
||||
cmsFileName := rpmFileName + ".cms"
|
||||
cmsFilePath := softwarePath + "/" + cmsFileName
|
||||
result := verify_signature(config.GetYamlConfig().Auth.PublicKey, cmsFilePath, rpmFilePath)
|
||||
if result.String() != SoftwareVerifiedOk {
|
||||
err = global.ErrCMNotMatchSignFile
|
||||
log.Error(err)
|
||||
services.ResponseInternalServerError500ProcessError(w, err)
|
||||
return
|
||||
}
|
||||
// cmd := exec.Command("rpm", "-K", filePath)
|
||||
// out, err := cmd.CombinedOutput()
|
||||
// log.Debugf("Exec outpout:%s", string(out))
|
||||
// if err != nil {
|
||||
// log.Error("Failed to execute rpm:", err)
|
||||
// services.ResponseInternalServerError500ProcessError(w, err)
|
||||
// return
|
||||
// }
|
||||
// if !strings.Contains(string(out), DigestsSignOkString) {
|
||||
// err = global.ErrCMNotMatchSignFile
|
||||
// log.Error(err)
|
||||
// services.ResponseInternalServerError500ProcessError(w, err)
|
||||
// return
|
||||
// }
|
||||
}
|
||||
|
||||
//neBackup := dborm.NeBackup{NeType: neType, NeId: neId, Md5Sum: md5Sum}
|
||||
|
||||
Reference in New Issue
Block a user