ca证书

api/heart_beat.go

@@ -1,11 +1,10 @@
 package api
 
 import (
-	"omc/omc"
-
 	"github.com/aceld/zinx/ziface"
 	"github.com/aceld/zinx/zlog"
 	"github.com/aceld/zinx/znet"
+	"omc/omc"
 )
 
 // HeartBeatApi  心跳请求
@@ -38,7 +37,6 @@ func (*HeartBeatApi) Handle(request ziface.IRequest) {
 		Msg:     make(map[string]string, 0),
 	}
 	ackBody.Msg["reqId"] = reqId
-	ackBody.Keys = append(ackBody.Keys, "reqId")
 	ackBody.Pack()
 	request.GetConnection().SendMsg(omc.AckHeartBeat, ackBody.RawData)
 }

api/login.go

@@ -92,6 +92,19 @@ func (*CMCALoginSeq) Handle(request ziface.IRequest) {
 	}
 	ackBody.Msg["seqNo"] = seqNo
 	ackBody.Pack()
+	m := core.GetManager(request.GetConnection().GetName())
+	uID, err := request.GetConnection().GetProperty("UID")
+	if err != nil {
+		zlog.Ins().ErrorF("GetProperty UID error %s", err)
+		request.GetConnection().Stop()
+		return
+	}
+	if m == nil {
+		zlog.Ins().ErrorF("server internal error")
+		request.GetConnection().SendMsg(omc.AckLoginAlarm, omc.ErrorMsg("ackLoginAlarm", "", "server internal error"))
+		return
+	}
+	m.SetSeqNo(uID.(string), seqNo)
 
 	request.GetConnection().SendMsg(omc.AckCMCALoginSeq, ackBody.RawData)
 }
@@ -118,9 +131,10 @@ func (*CMCALoginAlarm) Handle(request ziface.IRequest) {
 	}
 
 	user, userOK := msgBody.Msg["user"]
-	pw, pwOK := msgBody.Msg["key"]
+	key, keyOK := msgBody.Msg["key"]
+	cert, certOK := msgBody.Msg["cert"]
 	tp, tpOK := msgBody.Msg["type"]
-	if !userOK || !pwOK || !tpOK {
+	if !userOK || !keyOK || certOK || !tpOK {
 		zlog.Ins().ErrorF("missing parameter of message body")
 		request.GetConnection().SendMsg(omc.AckLoginAlarm, omc.ErrorMsg("ackLoginAlarm", "", "missing parameter of message body"))
 		return
@@ -139,7 +153,8 @@ func (*CMCALoginAlarm) Handle(request ziface.IRequest) {
 	}
 
 	//登录信息check
-	if err := service.UserLogin(user, pw); err != nil {
+	seqNo := m.GetUserByPID(uID.(string)).SeqNo
+	if ok, err := service.CMCALogin(seqNo, key, cert); !ok || err != nil {
 		zlog.Ins().ErrorF("LoginFail %s", err)
 		request.GetConnection().SendMsg(omc.AckLoginAlarm, omc.ErrorMsg("ackLoginAlarm", "", "Incorrect username and password"))
 		isClose, _ := m.LoginFail(uID.(string)) //登录错误超过3次,断开连接

ca/CA/certs/test1.crt

@@ -0,0 +1,81 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=GD, L=shenzhen, O=https://www.agrandtech.com.cn/, CN=test
+        Validity
+            Not Before: Jul  1 10:05:48 2023 GMT
+            Not After : Mar 27 10:05:48 2026 GMT
+        Subject: C=CN, ST=GD, O=https://www.agrandtech.com.cn/, CN=test
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:f3:bd:e9:fe:aa:a6:c1:d9:7b:74:20:f0:d0:f3:
+                    ee:7c:d0:69:84:8d:1a:37:1e:29:42:98:86:51:87:
+                    fe:5d:48:2e:97:b0:c6:16:9c:46:6a:38:7b:34:54:
+                    ec:76:d2:52:50:bb:31:a8:de:7d:3f:8c:c5:f8:fb:
+                    e3:e3:73:37:36:10:e8:55:df:80:cf:c0:d9:40:30:
+                    b7:54:49:69:e3:a8:79:49:47:d8:74:b0:07:13:dd:
+                    47:72:89:69:bd:0c:40:8b:f4:ee:49:02:cb:f4:b9:
+                    c1:7a:7d:da:10:1b:b2:b1:9f:0d:70:66:d1:86:31:
+                    dc:e3:d6:e5:f5:2c:e1:57:bd:72:ea:4a:1d:0c:4c:
+                    58:09:2b:2e:e5:53:40:73:55:e9:78:c3:7a:95:25:
+                    b7:9d:80:ac:e4:79:c3:d7:9b:d1:c3:73:78:da:03:
+                    f4:aa:68:21:81:f2:53:b8:3d:91:60:e0:91:47:2e:
+                    6d:5d:01:ae:f2:82:c0:8a:dd:06:8c:70:6e:77:7e:
+                    14:ae:61:a5:d8:e0:13:1b:2c:f7:d3:62:0c:d1:5c:
+                    48:fe:59:ca:b5:b1:2b:89:2b:2f:69:5d:40:42:05:
+                    ab:76:58:4f:36:1a:36:1c:21:eb:85:1c:da:22:1b:
+                    c2:60:8e:c1:7d:50:33:39:c0:40:e0:49:20:a0:f7:
+                    c3:4f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D7:A0:3F:5F:C0:65:83:88:6F:5E:98:DB:30:3D:9F:24:6A:D0:DE:54
+            X509v3 Authority Key Identifier: 
+                keyid:6D:B3:1D:B6:78:4E:C8:19:8F:FA:4D:6B:3A:5E:A9:7D:CB:07:98:BA
+
+    Signature Algorithm: sha256WithRSAEncryption
+         39:8a:89:a2:79:0f:c0:fd:d8:db:d5:38:d2:03:b4:38:be:a2:
+         6e:6b:1c:28:93:0a:a6:0b:af:0a:69:6b:8b:d5:df:3d:de:76:
+         ad:24:23:98:7a:21:a1:2f:90:47:9b:98:9e:d2:b4:75:21:bd:
+         d0:38:34:6b:b1:96:3d:24:da:ac:1a:45:e4:01:1d:a2:20:c3:
+         43:d3:ec:d9:2d:3b:d1:ee:0d:1e:21:15:e7:7f:d3:95:1c:dc:
+         fa:88:3a:05:4b:c5:08:5d:f4:40:89:29:80:fe:6b:40:b9:34:
+         92:2e:48:94:d2:4b:0b:4d:1e:3c:64:17:cf:34:ec:36:5c:6d:
+         3d:90:9c:74:95:d7:c8:96:a2:70:59:4a:d2:b5:e1:c1:a9:b7:
+         ad:f0:99:ff:b4:4d:89:e7:e3:9d:7d:79:36:40:05:6d:20:46:
+         54:af:18:73:c9:07:17:26:18:86:99:cc:e2:58:27:96:84:58:
+         18:d4:fe:dc:36:cd:8a:48:cc:e6:51:27:e5:76:81:2f:c7:9c:
+         7b:f9:fb:19:c9:7c:e4:27:06:75:cd:16:88:74:3c:0b:23:d6:
+         86:6b:95:41:10:cf:b2:fc:e8:1e:e0:d6:a5:8c:d1:c0:1b:d5:
+         6e:15:8c:9a:67:5c:9d:ac:02:5a:69:17:e8:4c:42:d0:5d:88:
+         da:08:4e:c0
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEL
+MAkGA1UECAwCR0QxETAPBgNVBAcMCHNoZW56aGVuMScwJQYDVQQKDB5odHRwczov
+L3d3dy5hZ3JhbmR0ZWNoLmNvbS5jbi8xDTALBgNVBAMMBHRlc3QwHhcNMjMwNzAx
+MTAwNTQ4WhcNMjYwMzI3MTAwNTQ4WjBSMQswCQYDVQQGEwJDTjELMAkGA1UECAwC
+R0QxJzAlBgNVBAoMHmh0dHBzOi8vd3d3LmFncmFuZHRlY2guY29tLmNuLzENMAsG
+A1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPO96f6q
+psHZe3Qg8NDz7nzQaYSNGjceKUKYhlGH/l1ILpewxhacRmo4ezRU7HbSUlC7Maje
+fT+Mxfj74+NzNzYQ6FXfgM/A2UAwt1RJaeOoeUlH2HSwBxPdR3KJab0MQIv07kkC
+y/S5wXp92hAbsrGfDXBm0YYx3OPW5fUs4Ve9cupKHQxMWAkrLuVTQHNV6XjDepUl
+t52ArOR5w9eb0cNzeNoD9KpoIYHyU7g9kWDgkUcubV0BrvKCwIrdBoxwbnd+FK5h
+pdjgExss99NiDNFcSP5ZyrWxK4krL2ldQEIFq3ZYTzYaNhwh64Uc2iIbwmCOwX1Q
+MznAQOBJIKD3w08CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
+T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNegP1/AZYOI
+b16Y2zA9nyRq0N5UMB8GA1UdIwQYMBaAFG2zHbZ4TsgZj/pNazpeqX3LB5i6MA0G
+CSqGSIb3DQEBCwUAA4IBAQA5iomieQ/A/djb1TjSA7Q4vqJuaxwokwqmC68KaWuL
+1d893natJCOYeiGhL5BHm5ie0rR1Ib3QODRrsZY9JNqsGkXkAR2iIMND0+zZLTvR
+7g0eIRXnf9OVHNz6iDoFS8UIXfRAiSmA/mtAuTSSLkiU0ksLTR48ZBfPNOw2XG09
+kJx0ldfIlqJwWUrSteHBqbet8Jn/tE2J5+OdfXk2QAVtIEZUrxhzyQcXJhiGmczi
+WCeWhFgY1P7cNs2KSMzmUSfldoEvx5x7+fsZyXzkJwZ1zRaIdDwLI9aGa5VBEM+y
+/Oge4NaljNHAG9VuFYyaZ1ydrAJaaRfoTELQXYjaCE7A
+-----END CERTIFICATE-----

ca/CA/certs/test2.crt

@@ -0,0 +1,81 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=GD, L=shenzhen, O=https://www.agrandtech.com.cn/, CN=test
+        Validity
+            Not Before: Jul  1 10:08:44 2023 GMT
+            Not After : Mar 27 10:08:44 2026 GMT
+        Subject: C=CN, ST=GD, O=https://www.agrandtech.com.cn/, CN=test1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:ed:73:63:a4:7d:8c:00:e6:e5:df:f5:1e:8a:d4:
+                    22:e4:37:16:62:6b:64:f1:90:ec:4b:4c:37:c5:2e:
+                    de:ef:11:93:15:da:e9:2d:7b:69:72:2d:94:29:f8:
+                    04:75:22:37:a4:83:53:a3:7b:b1:37:2d:a0:57:af:
+                    0e:65:3c:cf:fe:1a:65:de:e8:66:7b:19:81:ab:10:
+                    9b:9e:27:5b:a9:7c:cc:3a:44:ee:6e:af:3a:ef:67:
+                    72:60:a8:8d:bb:4d:3e:ce:34:1f:08:9c:72:f7:52:
+                    44:d7:af:eb:f7:9b:3f:62:94:09:db:26:e3:0f:eb:
+                    b3:85:d3:c3:2d:ec:c1:14:d8:2d:b0:4c:10:c7:b1:
+                    22:cf:74:a7:cd:94:b7:18:9e:78:0b:0b:64:00:e0:
+                    e1:8a:97:57:11:5d:7c:f3:c9:6c:e0:97:c1:6c:01:
+                    b5:c4:75:fa:71:96:9a:89:c7:73:61:bd:4a:2b:28:
+                    17:81:4b:9f:92:ee:8e:a0:57:7f:7a:7c:89:a6:7e:
+                    4d:a8:f3:b8:aa:03:aa:de:30:a7:19:94:a7:87:fc:
+                    ab:5a:e5:8d:a9:64:51:5a:f4:ad:64:e1:aa:e4:45:
+                    b7:e4:03:dc:6b:cf:fa:4a:0d:09:ef:4f:82:39:cc:
+                    2f:91:c1:94:55:57:58:16:0b:14:00:62:43:c9:67:
+                    e0:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                51:A3:41:B8:14:F9:2C:04:DE:0C:49:24:58:B5:5A:34:0E:07:FE:40
+            X509v3 Authority Key Identifier: 
+                keyid:6D:B3:1D:B6:78:4E:C8:19:8F:FA:4D:6B:3A:5E:A9:7D:CB:07:98:BA
+
+    Signature Algorithm: sha256WithRSAEncryption
+         3c:f2:58:cd:8c:39:90:b4:f5:0f:ef:f6:a7:eb:26:4c:43:63:
+         dc:9f:94:a1:43:6c:9a:82:2b:e4:8e:24:c5:40:da:78:93:c5:
+         dd:8a:5d:63:76:00:ef:c6:ca:a7:a8:10:a3:9a:ae:d1:20:d1:
+         19:e1:46:03:03:98:a4:71:9a:45:8d:34:33:ce:c8:52:82:22:
+         33:5f:79:74:61:88:ab:52:6f:98:75:8f:07:bf:ff:d9:2e:30:
+         67:ce:05:8b:6c:ac:24:ec:2c:ac:c5:42:f7:71:b6:da:53:bc:
+         48:d1:29:82:aa:03:27:81:84:0a:f5:12:e2:8c:3a:77:f9:a8:
+         0e:d4:1f:7e:1f:98:28:f7:15:f0:78:8a:ba:b7:77:20:b7:82:
+         0d:cd:d5:47:ed:9e:61:a7:9b:35:1b:35:c7:74:91:0b:6c:1c:
+         27:1a:a9:cc:11:5b:22:0d:35:40:43:ae:f2:44:66:aa:9e:dc:
+         22:ca:a7:8b:8c:44:6a:f6:b1:6d:1e:3a:51:c0:2a:02:81:d7:
+         b6:4a:77:1e:e0:13:19:0c:51:4c:67:e1:2f:97:c9:4a:88:25:
+         c8:b4:65:dc:0d:a5:71:c2:45:dd:4f:01:bf:f0:43:9c:41:37:
+         28:eb:15:fc:90:f8:b6:3a:4b:57:79:df:74:4c:a9:aa:27:a2:
+         77:22:37:7f
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEL
+MAkGA1UECAwCR0QxETAPBgNVBAcMCHNoZW56aGVuMScwJQYDVQQKDB5odHRwczov
+L3d3dy5hZ3JhbmR0ZWNoLmNvbS5jbi8xDTALBgNVBAMMBHRlc3QwHhcNMjMwNzAx
+MTAwODQ0WhcNMjYwMzI3MTAwODQ0WjBTMQswCQYDVQQGEwJDTjELMAkGA1UECAwC
+R0QxJzAlBgNVBAoMHmh0dHBzOi8vd3d3LmFncmFuZHRlY2guY29tLmNuLzEOMAwG
+A1UEAwwFdGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtc2Ok
+fYwA5uXf9R6K1CLkNxZia2TxkOxLTDfFLt7vEZMV2ukte2lyLZQp+AR1Ijekg1Oj
+e7E3LaBXrw5lPM/+GmXe6GZ7GYGrEJueJ1upfMw6RO5urzrvZ3JgqI27TT7ONB8I
+nHL3UkTXr+v3mz9ilAnbJuMP67OF08Mt7MEU2C2wTBDHsSLPdKfNlLcYnngLC2QA
+4OGKl1cRXXzzyWzgl8FsAbXEdfpxlpqJx3NhvUorKBeBS5+S7o6gV396fImmfk2o
+87iqA6reMKcZlKeH/Kta5Y2pZFFa9K1k4arkRbfkA9xrz/pKDQnvT4I5zC+RwZRV
+V1gWCxQAYkPJZ+DTAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W
+HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRRo0G4FPks
+BN4MSSRYtVo0Dgf+QDAfBgNVHSMEGDAWgBRtsx22eE7IGY/6TWs6Xql9yweYujAN
+BgkqhkiG9w0BAQsFAAOCAQEAPPJYzYw5kLT1D+/2p+smTENj3J+UoUNsmoIr5I4k
+xUDaeJPF3YpdY3YA78bKp6gQo5qu0SDRGeFGAwOYpHGaRY00M87IUoIiM195dGGI
+q1JvmHWPB7//2S4wZ84Fi2ysJOwsrMVC93G22lO8SNEpgqoDJ4GECvUS4ow6d/mo
+DtQffh+YKPcV8HiKurd3ILeCDc3VR+2eYaebNRs1x3SRC2wcJxqpzBFbIg01QEOu
+8kRmqp7cIsqni4xEavaxbR46UcAqAoHXtkp3HuATGQxRTGfhL5fJSoglyLRl3A2l
+ccJF3U8Bv/BDnEE3KOsV/JD4tjpLV3nfdEypqieidyI3fw==
+-----END CERTIFICATE-----

ca/CA/demoCA/cacert.pem

@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqzCCApOgAwIBAgIUDs5kTQVLnC1MdhXHj0KqYIG+nyAwDQYJKoZIhvcNAQEL
+BQAwZTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMREwDwYDVQQHDAhzaGVuemhl
+bjEnMCUGA1UECgweaHR0cHM6Ly93d3cuYWdyYW5kdGVjaC5jb20uY24vMQ0wCwYD
+VQQDDAR0ZXN0MB4XDTIzMDcwMTA4NDQzOFoXDTMzMDYyODA4NDQzOFowZTELMAkG
+A1UEBhMCQ04xCzAJBgNVBAgMAkdEMREwDwYDVQQHDAhzaGVuemhlbjEnMCUGA1UE
+CgweaHR0cHM6Ly93d3cuYWdyYW5kdGVjaC5jb20uY24vMQ0wCwYDVQQDDAR0ZXN0
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SMdRLkcxy3PKOSCusJ+
+AnGiJyW6AxyujqZj4xjgtIFjYIMVW5ZXVbWnY0xzRPddFddnEWgMeMLn9V3zcESV
+3tu9exm6Ijop8/KaDJ1EJAESunxkP9x/1ek3kgQvuK3YAcizTeB5ODUZ/KFJw9MP
+R/KUB+TYqCp50mr6mlIZE6lvhhvMxHz6ZmOFh2RvYg0h8oXpo5G8nmRVb4gNrlXK
+y/HZpGtbm/mfbOtxWgvSFy3PE/49V8nOYJbhDaoOXWVN06Z7w1y4KzSKbIoZfC9C
+WdWRrrhIv+Px1QLQItL17kAKqtp+vtG8lZjC5vsAgXLVAZLK71b6onv1Ir3Yuwwf
+vQIDAQABo1MwUTAdBgNVHQ4EFgQUbbMdtnhOyBmP+k1rOl6pfcsHmLowHwYDVR0j
+BBgwFoAUbbMdtnhOyBmP+k1rOl6pfcsHmLowDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAQEAdGZdTglVP1hI0wcxD0rkkHu7IkfFGlaad1vFL+VfujlV
+6H3/WrDLCDhLDBZrdZ3m0LrQqpJjZriOaqc0O8LbT4ktquVuAgYtT/il6EQzLpyE
+pEW+iM4Ae2tu9rMH1F365+C8ffQWuSenvQOOjL8L9BP5N0bguVsWA+uMNprMado4
+lLuyHOt5S36WOKh4mnMlkDBuCNnBCiFS8rcQXJugk6jrOYKji5wJGNAVMoSEtRvN
+LdZh5XOkbXuFrhltPxMG/7BaPc9xS46chBKDvCQPweKGeu2eG+y6KTwCDYmakmVX
+OE8TnP4Zr0miTprzkmbWhIkUWkg/FclJs1/TcSkCGw==
+-----END CERTIFICATE-----

ca/CA/demoCA/index.txt

@@ -0,0 +1,2 @@
+V	260327100548Z		01	unknown	/C=CN/ST=GD/O=https://www.agrandtech.com.cn//CN=test
+V	260327100844Z		02	unknown	/C=CN/ST=GD/O=https://www.agrandtech.com.cn//CN=test1

ca/CA/demoCA/index.txt.attr

@@ -0,0 +1 @@
+unique_subject = yes

ca/CA/demoCA/index.txt.attr.old

@@ -0,0 +1 @@
+unique_subject = yes

ca/CA/demoCA/index.txt.old

@@ -0,0 +1 @@
+V	260327100548Z		01	unknown	/C=CN/ST=GD/O=https://www.agrandtech.com.cn//CN=test

ca/CA/demoCA/newcerts/01.pem

@@ -0,0 +1,81 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 1 (0x1)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=GD, L=shenzhen, O=https://www.agrandtech.com.cn/, CN=test
+        Validity
+            Not Before: Jul  1 10:05:48 2023 GMT
+            Not After : Mar 27 10:05:48 2026 GMT
+        Subject: C=CN, ST=GD, O=https://www.agrandtech.com.cn/, CN=test
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:f3:bd:e9:fe:aa:a6:c1:d9:7b:74:20:f0:d0:f3:
+                    ee:7c:d0:69:84:8d:1a:37:1e:29:42:98:86:51:87:
+                    fe:5d:48:2e:97:b0:c6:16:9c:46:6a:38:7b:34:54:
+                    ec:76:d2:52:50:bb:31:a8:de:7d:3f:8c:c5:f8:fb:
+                    e3:e3:73:37:36:10:e8:55:df:80:cf:c0:d9:40:30:
+                    b7:54:49:69:e3:a8:79:49:47:d8:74:b0:07:13:dd:
+                    47:72:89:69:bd:0c:40:8b:f4:ee:49:02:cb:f4:b9:
+                    c1:7a:7d:da:10:1b:b2:b1:9f:0d:70:66:d1:86:31:
+                    dc:e3:d6:e5:f5:2c:e1:57:bd:72:ea:4a:1d:0c:4c:
+                    58:09:2b:2e:e5:53:40:73:55:e9:78:c3:7a:95:25:
+                    b7:9d:80:ac:e4:79:c3:d7:9b:d1:c3:73:78:da:03:
+                    f4:aa:68:21:81:f2:53:b8:3d:91:60:e0:91:47:2e:
+                    6d:5d:01:ae:f2:82:c0:8a:dd:06:8c:70:6e:77:7e:
+                    14:ae:61:a5:d8:e0:13:1b:2c:f7:d3:62:0c:d1:5c:
+                    48:fe:59:ca:b5:b1:2b:89:2b:2f:69:5d:40:42:05:
+                    ab:76:58:4f:36:1a:36:1c:21:eb:85:1c:da:22:1b:
+                    c2:60:8e:c1:7d:50:33:39:c0:40:e0:49:20:a0:f7:
+                    c3:4f
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                D7:A0:3F:5F:C0:65:83:88:6F:5E:98:DB:30:3D:9F:24:6A:D0:DE:54
+            X509v3 Authority Key Identifier: 
+                keyid:6D:B3:1D:B6:78:4E:C8:19:8F:FA:4D:6B:3A:5E:A9:7D:CB:07:98:BA
+
+    Signature Algorithm: sha256WithRSAEncryption
+         39:8a:89:a2:79:0f:c0:fd:d8:db:d5:38:d2:03:b4:38:be:a2:
+         6e:6b:1c:28:93:0a:a6:0b:af:0a:69:6b:8b:d5:df:3d:de:76:
+         ad:24:23:98:7a:21:a1:2f:90:47:9b:98:9e:d2:b4:75:21:bd:
+         d0:38:34:6b:b1:96:3d:24:da:ac:1a:45:e4:01:1d:a2:20:c3:
+         43:d3:ec:d9:2d:3b:d1:ee:0d:1e:21:15:e7:7f:d3:95:1c:dc:
+         fa:88:3a:05:4b:c5:08:5d:f4:40:89:29:80:fe:6b:40:b9:34:
+         92:2e:48:94:d2:4b:0b:4d:1e:3c:64:17:cf:34:ec:36:5c:6d:
+         3d:90:9c:74:95:d7:c8:96:a2:70:59:4a:d2:b5:e1:c1:a9:b7:
+         ad:f0:99:ff:b4:4d:89:e7:e3:9d:7d:79:36:40:05:6d:20:46:
+         54:af:18:73:c9:07:17:26:18:86:99:cc:e2:58:27:96:84:58:
+         18:d4:fe:dc:36:cd:8a:48:cc:e6:51:27:e5:76:81:2f:c7:9c:
+         7b:f9:fb:19:c9:7c:e4:27:06:75:cd:16:88:74:3c:0b:23:d6:
+         86:6b:95:41:10:cf:b2:fc:e8:1e:e0:d6:a5:8c:d1:c0:1b:d5:
+         6e:15:8c:9a:67:5c:9d:ac:02:5a:69:17:e8:4c:42:d0:5d:88:
+         da:08:4e:c0
+-----BEGIN CERTIFICATE-----
+MIIDrTCCApWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEL
+MAkGA1UECAwCR0QxETAPBgNVBAcMCHNoZW56aGVuMScwJQYDVQQKDB5odHRwczov
+L3d3dy5hZ3JhbmR0ZWNoLmNvbS5jbi8xDTALBgNVBAMMBHRlc3QwHhcNMjMwNzAx
+MTAwNTQ4WhcNMjYwMzI3MTAwNTQ4WjBSMQswCQYDVQQGEwJDTjELMAkGA1UECAwC
+R0QxJzAlBgNVBAoMHmh0dHBzOi8vd3d3LmFncmFuZHRlY2guY29tLmNuLzENMAsG
+A1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPO96f6q
+psHZe3Qg8NDz7nzQaYSNGjceKUKYhlGH/l1ILpewxhacRmo4ezRU7HbSUlC7Maje
+fT+Mxfj74+NzNzYQ6FXfgM/A2UAwt1RJaeOoeUlH2HSwBxPdR3KJab0MQIv07kkC
+y/S5wXp92hAbsrGfDXBm0YYx3OPW5fUs4Ve9cupKHQxMWAkrLuVTQHNV6XjDepUl
+t52ArOR5w9eb0cNzeNoD9KpoIYHyU7g9kWDgkUcubV0BrvKCwIrdBoxwbnd+FK5h
+pdjgExss99NiDNFcSP5ZyrWxK4krL2ldQEIFq3ZYTzYaNhwh64Uc2iIbwmCOwX1Q
+MznAQOBJIKD3w08CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd
+T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNegP1/AZYOI
+b16Y2zA9nyRq0N5UMB8GA1UdIwQYMBaAFG2zHbZ4TsgZj/pNazpeqX3LB5i6MA0G
+CSqGSIb3DQEBCwUAA4IBAQA5iomieQ/A/djb1TjSA7Q4vqJuaxwokwqmC68KaWuL
+1d893natJCOYeiGhL5BHm5ie0rR1Ib3QODRrsZY9JNqsGkXkAR2iIMND0+zZLTvR
+7g0eIRXnf9OVHNz6iDoFS8UIXfRAiSmA/mtAuTSSLkiU0ksLTR48ZBfPNOw2XG09
+kJx0ldfIlqJwWUrSteHBqbet8Jn/tE2J5+OdfXk2QAVtIEZUrxhzyQcXJhiGmczi
+WCeWhFgY1P7cNs2KSMzmUSfldoEvx5x7+fsZyXzkJwZ1zRaIdDwLI9aGa5VBEM+y
+/Oge4NaljNHAG9VuFYyaZ1ydrAJaaRfoTELQXYjaCE7A
+-----END CERTIFICATE-----

ca/CA/demoCA/newcerts/02.pem

@@ -0,0 +1,81 @@
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 2 (0x2)
+        Signature Algorithm: sha256WithRSAEncryption
+        Issuer: C=CN, ST=GD, L=shenzhen, O=https://www.agrandtech.com.cn/, CN=test
+        Validity
+            Not Before: Jul  1 10:08:44 2023 GMT
+            Not After : Mar 27 10:08:44 2026 GMT
+        Subject: C=CN, ST=GD, O=https://www.agrandtech.com.cn/, CN=test1
+        Subject Public Key Info:
+            Public Key Algorithm: rsaEncryption
+                RSA Public-Key: (2048 bit)
+                Modulus:
+                    00:ed:73:63:a4:7d:8c:00:e6:e5:df:f5:1e:8a:d4:
+                    22:e4:37:16:62:6b:64:f1:90:ec:4b:4c:37:c5:2e:
+                    de:ef:11:93:15:da:e9:2d:7b:69:72:2d:94:29:f8:
+                    04:75:22:37:a4:83:53:a3:7b:b1:37:2d:a0:57:af:
+                    0e:65:3c:cf:fe:1a:65:de:e8:66:7b:19:81:ab:10:
+                    9b:9e:27:5b:a9:7c:cc:3a:44:ee:6e:af:3a:ef:67:
+                    72:60:a8:8d:bb:4d:3e:ce:34:1f:08:9c:72:f7:52:
+                    44:d7:af:eb:f7:9b:3f:62:94:09:db:26:e3:0f:eb:
+                    b3:85:d3:c3:2d:ec:c1:14:d8:2d:b0:4c:10:c7:b1:
+                    22:cf:74:a7:cd:94:b7:18:9e:78:0b:0b:64:00:e0:
+                    e1:8a:97:57:11:5d:7c:f3:c9:6c:e0:97:c1:6c:01:
+                    b5:c4:75:fa:71:96:9a:89:c7:73:61:bd:4a:2b:28:
+                    17:81:4b:9f:92:ee:8e:a0:57:7f:7a:7c:89:a6:7e:
+                    4d:a8:f3:b8:aa:03:aa:de:30:a7:19:94:a7:87:fc:
+                    ab:5a:e5:8d:a9:64:51:5a:f4:ad:64:e1:aa:e4:45:
+                    b7:e4:03:dc:6b:cf:fa:4a:0d:09:ef:4f:82:39:cc:
+                    2f:91:c1:94:55:57:58:16:0b:14:00:62:43:c9:67:
+                    e0:d3
+                Exponent: 65537 (0x10001)
+        X509v3 extensions:
+            X509v3 Basic Constraints: 
+                CA:FALSE
+            Netscape Comment: 
+                OpenSSL Generated Certificate
+            X509v3 Subject Key Identifier: 
+                51:A3:41:B8:14:F9:2C:04:DE:0C:49:24:58:B5:5A:34:0E:07:FE:40
+            X509v3 Authority Key Identifier: 
+                keyid:6D:B3:1D:B6:78:4E:C8:19:8F:FA:4D:6B:3A:5E:A9:7D:CB:07:98:BA
+
+    Signature Algorithm: sha256WithRSAEncryption
+         3c:f2:58:cd:8c:39:90:b4:f5:0f:ef:f6:a7:eb:26:4c:43:63:
+         dc:9f:94:a1:43:6c:9a:82:2b:e4:8e:24:c5:40:da:78:93:c5:
+         dd:8a:5d:63:76:00:ef:c6:ca:a7:a8:10:a3:9a:ae:d1:20:d1:
+         19:e1:46:03:03:98:a4:71:9a:45:8d:34:33:ce:c8:52:82:22:
+         33:5f:79:74:61:88:ab:52:6f:98:75:8f:07:bf:ff:d9:2e:30:
+         67:ce:05:8b:6c:ac:24:ec:2c:ac:c5:42:f7:71:b6:da:53:bc:
+         48:d1:29:82:aa:03:27:81:84:0a:f5:12:e2:8c:3a:77:f9:a8:
+         0e:d4:1f:7e:1f:98:28:f7:15:f0:78:8a:ba:b7:77:20:b7:82:
+         0d:cd:d5:47:ed:9e:61:a7:9b:35:1b:35:c7:74:91:0b:6c:1c:
+         27:1a:a9:cc:11:5b:22:0d:35:40:43:ae:f2:44:66:aa:9e:dc:
+         22:ca:a7:8b:8c:44:6a:f6:b1:6d:1e:3a:51:c0:2a:02:81:d7:
+         b6:4a:77:1e:e0:13:19:0c:51:4c:67:e1:2f:97:c9:4a:88:25:
+         c8:b4:65:dc:0d:a5:71:c2:45:dd:4f:01:bf:f0:43:9c:41:37:
+         28:eb:15:fc:90:f8:b6:3a:4b:57:79:df:74:4c:a9:aa:27:a2:
+         77:22:37:7f
+-----BEGIN CERTIFICATE-----
+MIIDrjCCApagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEL
+MAkGA1UECAwCR0QxETAPBgNVBAcMCHNoZW56aGVuMScwJQYDVQQKDB5odHRwczov
+L3d3dy5hZ3JhbmR0ZWNoLmNvbS5jbi8xDTALBgNVBAMMBHRlc3QwHhcNMjMwNzAx
+MTAwODQ0WhcNMjYwMzI3MTAwODQ0WjBTMQswCQYDVQQGEwJDTjELMAkGA1UECAwC
+R0QxJzAlBgNVBAoMHmh0dHBzOi8vd3d3LmFncmFuZHRlY2guY29tLmNuLzEOMAwG
+A1UEAwwFdGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtc2Ok
+fYwA5uXf9R6K1CLkNxZia2TxkOxLTDfFLt7vEZMV2ukte2lyLZQp+AR1Ijekg1Oj
+e7E3LaBXrw5lPM/+GmXe6GZ7GYGrEJueJ1upfMw6RO5urzrvZ3JgqI27TT7ONB8I
+nHL3UkTXr+v3mz9ilAnbJuMP67OF08Mt7MEU2C2wTBDHsSLPdKfNlLcYnngLC2QA
+4OGKl1cRXXzzyWzgl8FsAbXEdfpxlpqJx3NhvUorKBeBS5+S7o6gV396fImmfk2o
+87iqA6reMKcZlKeH/Kta5Y2pZFFa9K1k4arkRbfkA9xrz/pKDQnvT4I5zC+RwZRV
+V1gWCxQAYkPJZ+DTAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W
+HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRRo0G4FPks
+BN4MSSRYtVo0Dgf+QDAfBgNVHSMEGDAWgBRtsx22eE7IGY/6TWs6Xql9yweYujAN
+BgkqhkiG9w0BAQsFAAOCAQEAPPJYzYw5kLT1D+/2p+smTENj3J+UoUNsmoIr5I4k
+xUDaeJPF3YpdY3YA78bKp6gQo5qu0SDRGeFGAwOYpHGaRY00M87IUoIiM195dGGI
+q1JvmHWPB7//2S4wZ84Fi2ysJOwsrMVC93G22lO8SNEpgqoDJ4GECvUS4ow6d/mo
+DtQffh+YKPcV8HiKurd3ILeCDc3VR+2eYaebNRs1x3SRC2wcJxqpzBFbIg01QEOu
+8kRmqp7cIsqni4xEavaxbR46UcAqAoHXtkp3HuATGQxRTGfhL5fJSoglyLRl3A2l
+ccJF3U8Bv/BDnEE3KOsV/JD4tjpLV3nfdEypqieidyI3fw==
+-----END CERTIFICATE-----

ca/CA/demoCA/private/cakey.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpgIBAAKCAQEA0SMdRLkcxy3PKOSCusJ+AnGiJyW6AxyujqZj4xjgtIFjYIMV
+W5ZXVbWnY0xzRPddFddnEWgMeMLn9V3zcESV3tu9exm6Ijop8/KaDJ1EJAESunxk
+P9x/1ek3kgQvuK3YAcizTeB5ODUZ/KFJw9MPR/KUB+TYqCp50mr6mlIZE6lvhhvM
+xHz6ZmOFh2RvYg0h8oXpo5G8nmRVb4gNrlXKy/HZpGtbm/mfbOtxWgvSFy3PE/49
+V8nOYJbhDaoOXWVN06Z7w1y4KzSKbIoZfC9CWdWRrrhIv+Px1QLQItL17kAKqtp+
+vtG8lZjC5vsAgXLVAZLK71b6onv1Ir3YuwwfvQIDAQABAoIBAQCi1khvvgJeQ5jN
+Kj9v0wfyNzAecw2GZsqzX3Le2/v6D9SkzOvQSBrwLWSLuHb39/KOkw05TF6JmJir
+P9/QRla7EzVRqBJ5m/gWbYrsz3bC4eMHONuFrdYLZG9UTdYqYZGSsgaKWIGJ9i6p
+uZuJ0chQKNyB2Pmo1onMAGfnyIyl9RruM0G3KOl2tHOqJnoqOoJAdWvq/vjmEb1H
+lypiZZpIede2Q58oXC1HZFNT/q1NA3SGMbPoXmG4XoCTtq9Llt1kyk9FMbhKV1oj
+FoneRwXRMEqu0AEGgk9XSEdSPVLZ4nspgrdA5mkTxa/fUyPvWjantzR/ovR6zx95
+mKKnEVIBAoGBAOwtRkIciCNSa7xwJD8QvEFCADvZDU/+RmFk2tDbbA+gDYPy1bdD
+1qDqbzwdCnuMeVbTSAP+KNxxa1M9pOun21t6nC7sUPdqGbQEwkQrFs9v859wf2j9
+GU/oeu+aQabDGFXjwTC23wifqXTVc1/JnfGsqd3+9WwqR31SG+88/OjdAoGBAOKw
+1r7/9XqrYxL3SuxYhEm6Qasj3OwRgTXBfRYBcwyN8NDTqY/QvsTwPvLVaDy8lrjc
+kHJUx+zxmOBg/aKlxmzH5OTp0vRoVBFAOW4bITfGHKTjPjud7lfeAP2txPUR4i/4
+vHgYIlVFjGT6+p4oMsX7wtYl8ZmO184pVHNbZzRhAoGBAOJQQBL55Dp0sGhRzWnh
+T4P5CuBOjUMqFaceTc/1cwdGB6149PI4P2LTQuQHsBPT+DILI+cvlVgoFwAdAfwP
+TVPLmf4c1TlAooCuTrmj0KfWT01pL64bWjYIQEV5O4/hQ2CKboWPtwk8ddVO9M/F
+E2SSX/QqbGLJ4Ndl5v7JIlDBAoGBAJQnnzIVdwpFGOs8U+tDrrHA2UpQlgJzLk9D
+tcy8BcUev1S8AQXNF+D+YyWx8/4+AwOuo3kVj9R70b5TpXC3h4dw3Vf+ubCivs7H
+esFLWdpp0C6zlejAvxUOMveYqjDBD2Lq3cJfg5DXc3pLzZ+wBf7/G8d55PzHLqO+
+v0Llaf4BAoGBAI4Fu4Sr0fD38pAUAehfDlzngoXIs7eqdJU5Gu19U3PKKhDRKptp
+YBKt6mGv1R9rk9hCwXpXGRpABy6mpNkOCcYYmTtLGbwyy8Y1dbY9kNBrdhvrCcLh
+RZL9VrFMOuoHrd/yB4AEwvoZHAhNAkheU6CC/R6uiWof6eH8YmXJEt0n
+-----END RSA PRIVATE KEY-----

ca/CA/demoCA/serial

@@ -0,0 +1 @@
+03

ca/CA/demoCA/serial.old

@@ -0,0 +1 @@
+02

ca/ca.go

@@ -0,0 +1,149 @@
+package ca
+
+import (
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"omc/conf"
+	"os"
+)
+
+// LoadCert 读取证书文件
+func LoadCert(path string) (*x509.Certificate, error) {
+	//1.打开磁盘的公钥文件
+	file, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+	fileInfo, err := file.Stat()
+	if err != nil {
+		return nil, err
+	}
+	buf := make([]byte, fileInfo.Size())
+	_, err = file.Read(buf)
+	if err != nil {
+		return nil, err
+	}
+	//2.使用pem解码得到pem.Block结构体变量
+	block, _ := pem.Decode(buf)
+
+	//证书解析
+	certBody, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return nil, err
+	}
+	return certBody, nil
+}
+
+// LoadPriKey 读取私钥文件
+func LoadPriKey(path string) (*rsa.PrivateKey, error) {
+	//1.打开磁盘的私钥文件
+	file, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer file.Close()
+	//2.将私钥文件中的内容读出
+	fileInfo, err := file.Stat()
+	if err != nil {
+		return nil, err
+	}
+	buf := make([]byte, fileInfo.Size())
+	_, err = file.Read(buf)
+	if err != nil {
+		return nil, err
+	}
+	//3.使用pem对数据解码，得到pem.Block结构体变量
+	block, _ := pem.Decode(buf)
+	//4.x509将数据解析成私钥结构体得到私钥
+	privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	if err != nil {
+		return nil, err
+	}
+	return privateKey, nil
+}
+
+// SignRSA RSA 签名
+func SignRSA(plainText []byte, priKey *rsa.PrivateKey) ([]byte, error) {
+	//1.创建一个哈希对象
+	hash := sha256.New()
+	//2.给哈希对象添加数据
+	_, err := hash.Write(plainText)
+	if err != nil {
+		return nil, err
+	}
+	//3.计算哈希值
+	hashed := hash.Sum(nil)
+	//4.使用rsa中的函数对散列值签名
+	signText, err := rsa.SignPKCS1v15(rand.Reader, priKey, crypto.SHA256, hashed)
+	if err != nil {
+		return nil, err
+	}
+	return signText, nil
+}
+
+func VerifyRSA(plainText, signText []byte, cert *x509.Certificate) error {
+	publicKeyDer, err := x509.MarshalPKIXPublicKey(cert.PublicKey)
+	if err != nil {
+		return err
+	}
+	pubKeyInterface, err := x509.ParsePKIXPublicKey(publicKeyDer)
+	if err != nil {
+		return err
+	}
+	//进行类型断言得到公钥结构体
+	publicKey := pubKeyInterface.(*rsa.PublicKey)
+
+	//* 创建哈希接口
+	hash := sha256.New()
+	//* 添加数据
+	hash.Write(plainText)
+	//* 哈希运算
+	hasded := hash.Sum(nil)
+	//
+	//6.签名认证
+	err = rsa.VerifyPKCS1v15(publicKey, crypto.SHA256, hasded, signText)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+var rootCertPool *x509.CertPool
+
+func Init() error {
+	roots := x509.NewCertPool()
+	rootCert, err := LoadCert(conf.OmcConf.CA.RootCert)
+	if err != nil {
+		return err
+	}
+	roots.AddCert(rootCert)
+	rootCertPool = roots
+	return nil
+}
+
+func VerifyCert(cert *x509.Certificate) error {
+	//block, _ := pem.Decode([]byte(certPEM))
+	//if block == nil {
+	//	return fmt.Errorf("failed to parse certificate PEM")
+	//}
+	//cert, err := x509.ParseCertificate(block.Bytes)
+	//if err != nil {
+	//	return fmt.Errorf("failed to parse certificate: %v", err.Error())
+	//}
+
+	opts := x509.VerifyOptions{
+		Roots: rootCertPool,
+	}
+
+	if _, err := cert.Verify(opts); err != nil {
+		return fmt.Errorf("failed to verify certificate: %v", err.Error())
+	}
+
+	return nil
+}

ca/ca_test.go

@@ -0,0 +1,50 @@
+package ca
+
+import (
+	"encoding/base64"
+	"fmt"
+	"nbi_agent_api/conf"
+	"testing"
+)
+
+func TestCa(t *testing.T) {
+	// 初始化
+	conf.OmcConf.CA.RootCert = "CA/demoCA/cacert.pem"
+	Init()
+
+	//证书验证：
+	cert, err := LoadCert("CA/certs/test1.crt")
+	if err != nil {
+		fmt.Println("LoadCert:", err)
+		return
+	}
+
+	err = VerifyCert(cert)
+	fmt.Println("VerifyCert:", err)
+
+	//签名
+	fmt.Println("RSA签名认证:")
+	pri, err := LoadPriKey("CA/data/test1.key")
+	if err != nil {
+		fmt.Println("LoadPriKey:", err)
+		return
+	}
+	username := "admin"
+	rsaSign, err := SignRSA([]byte(username), pri)
+	if err != nil {
+		fmt.Println("SignRSA:", err)
+		return
+	}
+	rsaSign64 := base64.StdEncoding.EncodeToString(rsaSign)
+	fmt.Println("rsaSign64:", rsaSign64)
+
+	//签证验证
+	cert, err = LoadCert("CA/certs/test1.crt")
+	if err != nil {
+		fmt.Println("LoadCert:", err)
+		return
+	}
+	err = VerifyRSA([]byte(username), rsaSign, cert)
+	fmt.Println("VerifyRSA sign:", err)
+
+}

client_robot.go

@@ -145,7 +145,7 @@ func (this *TcpClient) Receive() {
 
 func (this *TcpClient) Start() {
 	//登录
-	data := "reqLoginAlarm;user=omc;key=omc@password;type=ftp"
+	data := "reqLoginAlarm;user=audit;key=omc@password;type=ftp"
 	this.SendMsg(0x01, []byte(data))
 
 	//发送同步告警信息
@@ -162,7 +162,7 @@ func (this *TcpClient) Start() {
 }
 
 func DataMock() {
-	conf := "root:1000omc@kp!@tcp(192.168.0.229:33066)/omc_db?charset=utf8mb4&parseTime=True&loc=Local"
+	conf := "root:1000omc@kp!@tcp(192.168.4.130:33066)/omc_db?charset=utf8mb4&parseTime=True&loc=Local"
 	d, err := gorm.Open(mysql.Open(conf), &gorm.Config{})
 	if err != nil {
 		zlog.Ins().ErrorF("open mysql %s error, ", conf, err)
@@ -212,7 +212,7 @@ func NewTcpClient(ip string, port int) *TcpClient {
 }
 
 func main() {
-	client := NewTcpClient("127.0.0.1", 31232)
+	client := NewTcpClient("192.168.4.130", 31232)
 	client.Start()
 	//DataMock()
 	select {}

conf/global.go

@@ -30,6 +30,14 @@ type Config struct {
 	HeartbeatMax   int    `json:"heartbeat_max"`
 	LogDir         string `json:"log_dir"`
 	LogFile        string `json:"log_file"`
+
+	//证书配置
+	CA struct {
+		RootCert   string `json:"root_cert"`   //root CA证书存放路径
+		Cert       string `json:"cert"`        // 服务端CA证书存放路径
+		PrivateKey string `json:"private_key"` // 服务端私钥存放路径
+		Check      bool   `json:"check"`       // 是否开启服务端证书检查功能
+	} `json:"ca"`
 }
 
 var OmcConf Config

conf/nbi_alarm_agent.json

@@ -18,5 +18,11 @@
   "mame":"nbi north alarm agent",
   "heartbeat_max": 180,
   "log_dir": "./nbi_alarm",
-  "log_file":"nbi_alarm.log"
+  "log_file":"nbi_alarm.log",
+  "ca":{
+    "root_cert":"ca/CA/demoCA/cacert.pem",
+    "cert":"/ca/CA/certs/test1.crt",
+    "private_key":"ca/CA/data/test1.key",
+    "check":true
+  }
 }

lib/file.go

@@ -1,7 +1,6 @@
 package lib
 
 import (
-	"archive/zip"
 	"os"
 	"strings"
 )
@@ -65,17 +64,5 @@ func GenFile(meta *FileMeta, content []byte) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	// 创建一个新的ZIP文件
-	fileName = fileName + ".zip"
-	zipFile, err := os.Create(fileName)
-	if err != nil {
-		return "", err
-	}
-	defer zipFile.Close()
-
-	// 创建一个ZIP写入器
-	zipWriter := zip.NewWriter(zipFile)
-	defer zipWriter.Close()
-
 	return fileName, nil
 }

omc/msg.go

@@ -8,12 +8,9 @@ func ErrorMsg(msgType string, reqID string, desc string) []byte {
 	}
 	if reqID != "" {
 		msgBody.Msg["reqId"] = reqID
-		msgBody.Keys = append(msgBody.Keys, "reqId")
 	}
 	msgBody.Msg["result"] = "fail"
-	msgBody.Keys = append(msgBody.Keys, "result")
 	msgBody.Msg["resDesc"] = desc
-	msgBody.Keys = append(msgBody.Keys, "resDesc")
 	msgBody.Pack()
 	return msgBody.RawData
 }
@@ -25,13 +22,9 @@ func SuccessMsg(msgType string, reqID string, desc string) []byte {
 	}
 	if reqID != "" {
 		msgBody.Msg["reqId"] = reqID
-		msgBody.Keys = append(msgBody.Keys, "reqId")
 	}
 	msgBody.Msg["result"] = "succ"
-	msgBody.Keys = append(msgBody.Keys, "result")
-	//msgBody.Msg["resDesc"] = desc
-	msgBody.Msg["resDesc"] = "succ"
-	msgBody.Keys = append(msgBody.Keys, "resDesc")
+	msgBody.Msg["resDesc"] = desc
 
 	msgBody.Pack()
 	return msgBody.RawData

omc/omc_pack.go

@@ -11,11 +11,10 @@ type MsgBody struct {
 	RawData []byte
 	MsgName string
 	Msg     map[string]string
-	Keys    []string
 }
 
 // Decode
-// reqLoginAlarm;user=yiy;key=qw#$@;type=msg
+//reqLoginAlarm;user=yiy;key=qw#$@;type=msg
 func (o *MsgBody) Decode() error {
 	multi := strings.Split(string(o.RawData), ";")
 	if len(multi) < 1 {
@@ -32,12 +31,12 @@ func (o *MsgBody) Decode() error {
 }
 
 // Pack
-// reqLoginAlarm;user=yiy;key=qw#$@;type=msg
+//reqLoginAlarm;user=yiy;key=qw#$@;type=msg
 func (o *MsgBody) Pack() error {
 	var multi []string
 	multi = append(multi, o.MsgName)
-	for _, key := range o.Keys {
-		item := fmt.Sprintf("%s=%s", key, o.Msg[key])
+	for i, v := range o.Msg {
+		item := fmt.Sprintf("%s=%s", i, v)
 		multi = append(multi, item)
 	}
 	raw := strings.Join(multi, ";")

service/login.go

@@ -1,8 +1,13 @@
 package service
 
 import (
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/pem"
 	"errors"
 	"github.com/aceld/zinx/zlog"
+	"omc/ca"
+	"omc/conf"
 	"omc/db"
 	"omc/lib"
 	"omc/model"
@@ -21,3 +26,38 @@ func UserLogin(name, pw string) error {
 	}
 	return nil
 }
+
+func CMCALogin(source, sign, cert string) (login bool, err error) {
+	defer func() {
+		if r := recover(); r != nil {
+			zlog.Ins().ErrorF("CMCALogin panic:%v", r)
+		}
+	}()
+	//base64 解码签名数据
+	signBytes, err := base64.StdEncoding.DecodeString(sign)
+	if err != nil {
+		return false, err
+	}
+	//证书加载
+	block, _ := pem.Decode([]byte(cert))
+
+	//证书解析
+	certBody, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return false, err
+	}
+
+	//证书校验
+	if conf.OmcConf.CA.Check {
+		if err := ca.VerifyCert(certBody); err != nil {
+			return false, err
+		}
+	}
+
+	//签名验证
+	err = ca.VerifyRSA([]byte(source), signBytes, certBody)
+	if err != nil {
+		return false, err
+	}
+	return true, nil
+}

service/sysn_alarm_file.go

@@ -5,14 +5,12 @@ import (
 	"encoding/binary"
 	"encoding/json"
 	"errors"
-	"fmt"
+	"github.com/aceld/zinx/ziface"
 	"omc/db"
 	"omc/lib"
 	"omc/model"
 	"omc/omc"
 	"time"
-
-	"github.com/aceld/zinx/ziface"
 )
 
 func GenFile(request ziface.IRequest, meta *lib.FileMeta, data []OmcAlarm) {
@@ -30,24 +28,15 @@ func GenFile(request ziface.IRequest, meta *lib.FileMeta, data []OmcAlarm) {
 		return
 	}
 
-	// add by simon at 2023/08/14
-	fmt.Println("meta:", meta)
-	if meta.ReqId == "" {
-		meta.ReqId = "2"
-	}
 	//发送文件同步信息
 	ackBody := omc.MsgBody{
-		MsgName: "ackSyncAlarmFileResult",
+		MsgName: "ackSyncOmcAlarmFileResult",
 		Msg:     make(map[string]string, 0),
 	}
 	ackBody.Msg["reqId"] = meta.ReqId
-	ackBody.Keys = append(ackBody.Keys, "reqId")
 	ackBody.Msg["result"] = "succ"
-	ackBody.Keys = append(ackBody.Keys, "result")
 	ackBody.Msg["fileName"] = file
-	ackBody.Keys = append(ackBody.Keys, "fileName")
-	ackBody.Msg["resDesc"] = "succ"
-	ackBody.Keys = append(ackBody.Keys, "resDesc")
+	ackBody.Msg["resDesc"] = ""
 	ackBody.Pack()
 	request.GetConnection().SendMsg(omc.AckSyncAlarmFileResult, ackBody.RawData)
 }