diff --git a/api/heart_beat.go b/api/heart_beat.go index 484bf77..a668239 100644 --- a/api/heart_beat.go +++ b/api/heart_beat.go @@ -1,11 +1,10 @@ package api import ( - "omc/omc" - "github.com/aceld/zinx/ziface" "github.com/aceld/zinx/zlog" "github.com/aceld/zinx/znet" + "omc/omc" ) // HeartBeatApi 心跳请求 @@ -38,7 +37,6 @@ func (*HeartBeatApi) Handle(request ziface.IRequest) { Msg: make(map[string]string, 0), } ackBody.Msg["reqId"] = reqId - ackBody.Keys = append(ackBody.Keys, "reqId") ackBody.Pack() request.GetConnection().SendMsg(omc.AckHeartBeat, ackBody.RawData) } diff --git a/api/login.go b/api/login.go index 01ba9f9..656f2a5 100644 --- a/api/login.go +++ b/api/login.go @@ -92,6 +92,19 @@ func (*CMCALoginSeq) Handle(request ziface.IRequest) { } ackBody.Msg["seqNo"] = seqNo ackBody.Pack() + m := core.GetManager(request.GetConnection().GetName()) + uID, err := request.GetConnection().GetProperty("UID") + if err != nil { + zlog.Ins().ErrorF("GetProperty UID error %s", err) + request.GetConnection().Stop() + return + } + if m == nil { + zlog.Ins().ErrorF("server internal error") + request.GetConnection().SendMsg(omc.AckLoginAlarm, omc.ErrorMsg("ackLoginAlarm", "", "server internal error")) + return + } + m.SetSeqNo(uID.(string), seqNo) request.GetConnection().SendMsg(omc.AckCMCALoginSeq, ackBody.RawData) } @@ -118,9 +131,10 @@ func (*CMCALoginAlarm) Handle(request ziface.IRequest) { } user, userOK := msgBody.Msg["user"] - pw, pwOK := msgBody.Msg["key"] + key, keyOK := msgBody.Msg["key"] + cert, certOK := msgBody.Msg["cert"] tp, tpOK := msgBody.Msg["type"] - if !userOK || !pwOK || !tpOK { + if !userOK || !keyOK || certOK || !tpOK { zlog.Ins().ErrorF("missing parameter of message body") request.GetConnection().SendMsg(omc.AckLoginAlarm, omc.ErrorMsg("ackLoginAlarm", "", "missing parameter of message body")) return @@ -139,7 +153,8 @@ func (*CMCALoginAlarm) Handle(request ziface.IRequest) { } //登录信息check - if err := service.UserLogin(user, pw); err != nil { + seqNo := m.GetUserByPID(uID.(string)).SeqNo + if ok, err := service.CMCALogin(seqNo, key, cert); !ok || err != nil { zlog.Ins().ErrorF("LoginFail %s", err) request.GetConnection().SendMsg(omc.AckLoginAlarm, omc.ErrorMsg("ackLoginAlarm", "", "Incorrect username and password")) isClose, _ := m.LoginFail(uID.(string)) //登录错误超过3次,断开连接 diff --git a/ca/CA/certs/test1.crt b/ca/CA/certs/test1.crt new file mode 100644 index 0000000..1b11409 --- /dev/null +++ b/ca/CA/certs/test1.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CN, ST=GD, L=shenzhen, O=https://www.agrandtech.com.cn/, CN=test + Validity + Not Before: Jul 1 10:05:48 2023 GMT + Not After : Mar 27 10:05:48 2026 GMT + Subject: C=CN, ST=GD, O=https://www.agrandtech.com.cn/, CN=test + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:f3:bd:e9:fe:aa:a6:c1:d9:7b:74:20:f0:d0:f3: + ee:7c:d0:69:84:8d:1a:37:1e:29:42:98:86:51:87: + fe:5d:48:2e:97:b0:c6:16:9c:46:6a:38:7b:34:54: + ec:76:d2:52:50:bb:31:a8:de:7d:3f:8c:c5:f8:fb: + e3:e3:73:37:36:10:e8:55:df:80:cf:c0:d9:40:30: + b7:54:49:69:e3:a8:79:49:47:d8:74:b0:07:13:dd: + 47:72:89:69:bd:0c:40:8b:f4:ee:49:02:cb:f4:b9: + c1:7a:7d:da:10:1b:b2:b1:9f:0d:70:66:d1:86:31: + dc:e3:d6:e5:f5:2c:e1:57:bd:72:ea:4a:1d:0c:4c: + 58:09:2b:2e:e5:53:40:73:55:e9:78:c3:7a:95:25: + b7:9d:80:ac:e4:79:c3:d7:9b:d1:c3:73:78:da:03: + f4:aa:68:21:81:f2:53:b8:3d:91:60:e0:91:47:2e: + 6d:5d:01:ae:f2:82:c0:8a:dd:06:8c:70:6e:77:7e: + 14:ae:61:a5:d8:e0:13:1b:2c:f7:d3:62:0c:d1:5c: + 48:fe:59:ca:b5:b1:2b:89:2b:2f:69:5d:40:42:05: + ab:76:58:4f:36:1a:36:1c:21:eb:85:1c:da:22:1b: + c2:60:8e:c1:7d:50:33:39:c0:40:e0:49:20:a0:f7: + c3:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + D7:A0:3F:5F:C0:65:83:88:6F:5E:98:DB:30:3D:9F:24:6A:D0:DE:54 + X509v3 Authority Key Identifier: + keyid:6D:B3:1D:B6:78:4E:C8:19:8F:FA:4D:6B:3A:5E:A9:7D:CB:07:98:BA + + Signature Algorithm: sha256WithRSAEncryption + 39:8a:89:a2:79:0f:c0:fd:d8:db:d5:38:d2:03:b4:38:be:a2: + 6e:6b:1c:28:93:0a:a6:0b:af:0a:69:6b:8b:d5:df:3d:de:76: + ad:24:23:98:7a:21:a1:2f:90:47:9b:98:9e:d2:b4:75:21:bd: + d0:38:34:6b:b1:96:3d:24:da:ac:1a:45:e4:01:1d:a2:20:c3: + 43:d3:ec:d9:2d:3b:d1:ee:0d:1e:21:15:e7:7f:d3:95:1c:dc: + fa:88:3a:05:4b:c5:08:5d:f4:40:89:29:80:fe:6b:40:b9:34: + 92:2e:48:94:d2:4b:0b:4d:1e:3c:64:17:cf:34:ec:36:5c:6d: + 3d:90:9c:74:95:d7:c8:96:a2:70:59:4a:d2:b5:e1:c1:a9:b7: + ad:f0:99:ff:b4:4d:89:e7:e3:9d:7d:79:36:40:05:6d:20:46: + 54:af:18:73:c9:07:17:26:18:86:99:cc:e2:58:27:96:84:58: + 18:d4:fe:dc:36:cd:8a:48:cc:e6:51:27:e5:76:81:2f:c7:9c: + 7b:f9:fb:19:c9:7c:e4:27:06:75:cd:16:88:74:3c:0b:23:d6: + 86:6b:95:41:10:cf:b2:fc:e8:1e:e0:d6:a5:8c:d1:c0:1b:d5: + 6e:15:8c:9a:67:5c:9d:ac:02:5a:69:17:e8:4c:42:d0:5d:88: + da:08:4e:c0 +-----BEGIN CERTIFICATE----- +MIIDrTCCApWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEL +MAkGA1UECAwCR0QxETAPBgNVBAcMCHNoZW56aGVuMScwJQYDVQQKDB5odHRwczov +L3d3dy5hZ3JhbmR0ZWNoLmNvbS5jbi8xDTALBgNVBAMMBHRlc3QwHhcNMjMwNzAx +MTAwNTQ4WhcNMjYwMzI3MTAwNTQ4WjBSMQswCQYDVQQGEwJDTjELMAkGA1UECAwC +R0QxJzAlBgNVBAoMHmh0dHBzOi8vd3d3LmFncmFuZHRlY2guY29tLmNuLzENMAsG +A1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPO96f6q +psHZe3Qg8NDz7nzQaYSNGjceKUKYhlGH/l1ILpewxhacRmo4ezRU7HbSUlC7Maje +fT+Mxfj74+NzNzYQ6FXfgM/A2UAwt1RJaeOoeUlH2HSwBxPdR3KJab0MQIv07kkC +y/S5wXp92hAbsrGfDXBm0YYx3OPW5fUs4Ve9cupKHQxMWAkrLuVTQHNV6XjDepUl +t52ArOR5w9eb0cNzeNoD9KpoIYHyU7g9kWDgkUcubV0BrvKCwIrdBoxwbnd+FK5h +pdjgExss99NiDNFcSP5ZyrWxK4krL2ldQEIFq3ZYTzYaNhwh64Uc2iIbwmCOwX1Q +MznAQOBJIKD3w08CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd +T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNegP1/AZYOI +b16Y2zA9nyRq0N5UMB8GA1UdIwQYMBaAFG2zHbZ4TsgZj/pNazpeqX3LB5i6MA0G +CSqGSIb3DQEBCwUAA4IBAQA5iomieQ/A/djb1TjSA7Q4vqJuaxwokwqmC68KaWuL +1d893natJCOYeiGhL5BHm5ie0rR1Ib3QODRrsZY9JNqsGkXkAR2iIMND0+zZLTvR +7g0eIRXnf9OVHNz6iDoFS8UIXfRAiSmA/mtAuTSSLkiU0ksLTR48ZBfPNOw2XG09 +kJx0ldfIlqJwWUrSteHBqbet8Jn/tE2J5+OdfXk2QAVtIEZUrxhzyQcXJhiGmczi +WCeWhFgY1P7cNs2KSMzmUSfldoEvx5x7+fsZyXzkJwZ1zRaIdDwLI9aGa5VBEM+y +/Oge4NaljNHAG9VuFYyaZ1ydrAJaaRfoTELQXYjaCE7A +-----END CERTIFICATE----- diff --git a/ca/CA/certs/test2.crt b/ca/CA/certs/test2.crt new file mode 100644 index 0000000..64a6bae --- /dev/null +++ b/ca/CA/certs/test2.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CN, ST=GD, L=shenzhen, O=https://www.agrandtech.com.cn/, CN=test + Validity + Not Before: Jul 1 10:08:44 2023 GMT + Not After : Mar 27 10:08:44 2026 GMT + Subject: C=CN, ST=GD, O=https://www.agrandtech.com.cn/, CN=test1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ed:73:63:a4:7d:8c:00:e6:e5:df:f5:1e:8a:d4: + 22:e4:37:16:62:6b:64:f1:90:ec:4b:4c:37:c5:2e: + de:ef:11:93:15:da:e9:2d:7b:69:72:2d:94:29:f8: + 04:75:22:37:a4:83:53:a3:7b:b1:37:2d:a0:57:af: + 0e:65:3c:cf:fe:1a:65:de:e8:66:7b:19:81:ab:10: + 9b:9e:27:5b:a9:7c:cc:3a:44:ee:6e:af:3a:ef:67: + 72:60:a8:8d:bb:4d:3e:ce:34:1f:08:9c:72:f7:52: + 44:d7:af:eb:f7:9b:3f:62:94:09:db:26:e3:0f:eb: + b3:85:d3:c3:2d:ec:c1:14:d8:2d:b0:4c:10:c7:b1: + 22:cf:74:a7:cd:94:b7:18:9e:78:0b:0b:64:00:e0: + e1:8a:97:57:11:5d:7c:f3:c9:6c:e0:97:c1:6c:01: + b5:c4:75:fa:71:96:9a:89:c7:73:61:bd:4a:2b:28: + 17:81:4b:9f:92:ee:8e:a0:57:7f:7a:7c:89:a6:7e: + 4d:a8:f3:b8:aa:03:aa:de:30:a7:19:94:a7:87:fc: + ab:5a:e5:8d:a9:64:51:5a:f4:ad:64:e1:aa:e4:45: + b7:e4:03:dc:6b:cf:fa:4a:0d:09:ef:4f:82:39:cc: + 2f:91:c1:94:55:57:58:16:0b:14:00:62:43:c9:67: + e0:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 51:A3:41:B8:14:F9:2C:04:DE:0C:49:24:58:B5:5A:34:0E:07:FE:40 + X509v3 Authority Key Identifier: + keyid:6D:B3:1D:B6:78:4E:C8:19:8F:FA:4D:6B:3A:5E:A9:7D:CB:07:98:BA + + Signature Algorithm: sha256WithRSAEncryption + 3c:f2:58:cd:8c:39:90:b4:f5:0f:ef:f6:a7:eb:26:4c:43:63: + dc:9f:94:a1:43:6c:9a:82:2b:e4:8e:24:c5:40:da:78:93:c5: + dd:8a:5d:63:76:00:ef:c6:ca:a7:a8:10:a3:9a:ae:d1:20:d1: + 19:e1:46:03:03:98:a4:71:9a:45:8d:34:33:ce:c8:52:82:22: + 33:5f:79:74:61:88:ab:52:6f:98:75:8f:07:bf:ff:d9:2e:30: + 67:ce:05:8b:6c:ac:24:ec:2c:ac:c5:42:f7:71:b6:da:53:bc: + 48:d1:29:82:aa:03:27:81:84:0a:f5:12:e2:8c:3a:77:f9:a8: + 0e:d4:1f:7e:1f:98:28:f7:15:f0:78:8a:ba:b7:77:20:b7:82: + 0d:cd:d5:47:ed:9e:61:a7:9b:35:1b:35:c7:74:91:0b:6c:1c: + 27:1a:a9:cc:11:5b:22:0d:35:40:43:ae:f2:44:66:aa:9e:dc: + 22:ca:a7:8b:8c:44:6a:f6:b1:6d:1e:3a:51:c0:2a:02:81:d7: + b6:4a:77:1e:e0:13:19:0c:51:4c:67:e1:2f:97:c9:4a:88:25: + c8:b4:65:dc:0d:a5:71:c2:45:dd:4f:01:bf:f0:43:9c:41:37: + 28:eb:15:fc:90:f8:b6:3a:4b:57:79:df:74:4c:a9:aa:27:a2: + 77:22:37:7f +-----BEGIN CERTIFICATE----- +MIIDrjCCApagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEL +MAkGA1UECAwCR0QxETAPBgNVBAcMCHNoZW56aGVuMScwJQYDVQQKDB5odHRwczov +L3d3dy5hZ3JhbmR0ZWNoLmNvbS5jbi8xDTALBgNVBAMMBHRlc3QwHhcNMjMwNzAx +MTAwODQ0WhcNMjYwMzI3MTAwODQ0WjBTMQswCQYDVQQGEwJDTjELMAkGA1UECAwC +R0QxJzAlBgNVBAoMHmh0dHBzOi8vd3d3LmFncmFuZHRlY2guY29tLmNuLzEOMAwG +A1UEAwwFdGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtc2Ok +fYwA5uXf9R6K1CLkNxZia2TxkOxLTDfFLt7vEZMV2ukte2lyLZQp+AR1Ijekg1Oj +e7E3LaBXrw5lPM/+GmXe6GZ7GYGrEJueJ1upfMw6RO5urzrvZ3JgqI27TT7ONB8I +nHL3UkTXr+v3mz9ilAnbJuMP67OF08Mt7MEU2C2wTBDHsSLPdKfNlLcYnngLC2QA +4OGKl1cRXXzzyWzgl8FsAbXEdfpxlpqJx3NhvUorKBeBS5+S7o6gV396fImmfk2o +87iqA6reMKcZlKeH/Kta5Y2pZFFa9K1k4arkRbfkA9xrz/pKDQnvT4I5zC+RwZRV +V1gWCxQAYkPJZ+DTAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W +HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRRo0G4FPks +BN4MSSRYtVo0Dgf+QDAfBgNVHSMEGDAWgBRtsx22eE7IGY/6TWs6Xql9yweYujAN +BgkqhkiG9w0BAQsFAAOCAQEAPPJYzYw5kLT1D+/2p+smTENj3J+UoUNsmoIr5I4k +xUDaeJPF3YpdY3YA78bKp6gQo5qu0SDRGeFGAwOYpHGaRY00M87IUoIiM195dGGI +q1JvmHWPB7//2S4wZ84Fi2ysJOwsrMVC93G22lO8SNEpgqoDJ4GECvUS4ow6d/mo +DtQffh+YKPcV8HiKurd3ILeCDc3VR+2eYaebNRs1x3SRC2wcJxqpzBFbIg01QEOu +8kRmqp7cIsqni4xEavaxbR46UcAqAoHXtkp3HuATGQxRTGfhL5fJSoglyLRl3A2l +ccJF3U8Bv/BDnEE3KOsV/JD4tjpLV3nfdEypqieidyI3fw== +-----END CERTIFICATE----- diff --git a/ca/CA/demoCA/cacert.pem b/ca/CA/demoCA/cacert.pem new file mode 100644 index 0000000..7734aea --- /dev/null +++ b/ca/CA/demoCA/cacert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqzCCApOgAwIBAgIUDs5kTQVLnC1MdhXHj0KqYIG+nyAwDQYJKoZIhvcNAQEL +BQAwZTELMAkGA1UEBhMCQ04xCzAJBgNVBAgMAkdEMREwDwYDVQQHDAhzaGVuemhl +bjEnMCUGA1UECgweaHR0cHM6Ly93d3cuYWdyYW5kdGVjaC5jb20uY24vMQ0wCwYD +VQQDDAR0ZXN0MB4XDTIzMDcwMTA4NDQzOFoXDTMzMDYyODA4NDQzOFowZTELMAkG +A1UEBhMCQ04xCzAJBgNVBAgMAkdEMREwDwYDVQQHDAhzaGVuemhlbjEnMCUGA1UE +CgweaHR0cHM6Ly93d3cuYWdyYW5kdGVjaC5jb20uY24vMQ0wCwYDVQQDDAR0ZXN0 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0SMdRLkcxy3PKOSCusJ+ +AnGiJyW6AxyujqZj4xjgtIFjYIMVW5ZXVbWnY0xzRPddFddnEWgMeMLn9V3zcESV +3tu9exm6Ijop8/KaDJ1EJAESunxkP9x/1ek3kgQvuK3YAcizTeB5ODUZ/KFJw9MP +R/KUB+TYqCp50mr6mlIZE6lvhhvMxHz6ZmOFh2RvYg0h8oXpo5G8nmRVb4gNrlXK +y/HZpGtbm/mfbOtxWgvSFy3PE/49V8nOYJbhDaoOXWVN06Z7w1y4KzSKbIoZfC9C +WdWRrrhIv+Px1QLQItL17kAKqtp+vtG8lZjC5vsAgXLVAZLK71b6onv1Ir3Yuwwf +vQIDAQABo1MwUTAdBgNVHQ4EFgQUbbMdtnhOyBmP+k1rOl6pfcsHmLowHwYDVR0j +BBgwFoAUbbMdtnhOyBmP+k1rOl6pfcsHmLowDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAQEAdGZdTglVP1hI0wcxD0rkkHu7IkfFGlaad1vFL+VfujlV +6H3/WrDLCDhLDBZrdZ3m0LrQqpJjZriOaqc0O8LbT4ktquVuAgYtT/il6EQzLpyE +pEW+iM4Ae2tu9rMH1F365+C8ffQWuSenvQOOjL8L9BP5N0bguVsWA+uMNprMado4 +lLuyHOt5S36WOKh4mnMlkDBuCNnBCiFS8rcQXJugk6jrOYKji5wJGNAVMoSEtRvN +LdZh5XOkbXuFrhltPxMG/7BaPc9xS46chBKDvCQPweKGeu2eG+y6KTwCDYmakmVX +OE8TnP4Zr0miTprzkmbWhIkUWkg/FclJs1/TcSkCGw== +-----END CERTIFICATE----- diff --git a/ca/CA/demoCA/index.txt b/ca/CA/demoCA/index.txt new file mode 100644 index 0000000..7533750 --- /dev/null +++ b/ca/CA/demoCA/index.txt @@ -0,0 +1,2 @@ +V 260327100548Z 01 unknown /C=CN/ST=GD/O=https://www.agrandtech.com.cn//CN=test +V 260327100844Z 02 unknown /C=CN/ST=GD/O=https://www.agrandtech.com.cn//CN=test1 diff --git a/ca/CA/demoCA/index.txt.attr b/ca/CA/demoCA/index.txt.attr new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/ca/CA/demoCA/index.txt.attr @@ -0,0 +1 @@ +unique_subject = yes diff --git a/ca/CA/demoCA/index.txt.attr.old b/ca/CA/demoCA/index.txt.attr.old new file mode 100644 index 0000000..8f7e63a --- /dev/null +++ b/ca/CA/demoCA/index.txt.attr.old @@ -0,0 +1 @@ +unique_subject = yes diff --git a/ca/CA/demoCA/index.txt.old b/ca/CA/demoCA/index.txt.old new file mode 100644 index 0000000..e5b2d16 --- /dev/null +++ b/ca/CA/demoCA/index.txt.old @@ -0,0 +1 @@ +V 260327100548Z 01 unknown /C=CN/ST=GD/O=https://www.agrandtech.com.cn//CN=test diff --git a/ca/CA/demoCA/newcerts/01.pem b/ca/CA/demoCA/newcerts/01.pem new file mode 100644 index 0000000..1b11409 --- /dev/null +++ b/ca/CA/demoCA/newcerts/01.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CN, ST=GD, L=shenzhen, O=https://www.agrandtech.com.cn/, CN=test + Validity + Not Before: Jul 1 10:05:48 2023 GMT + Not After : Mar 27 10:05:48 2026 GMT + Subject: C=CN, ST=GD, O=https://www.agrandtech.com.cn/, CN=test + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:f3:bd:e9:fe:aa:a6:c1:d9:7b:74:20:f0:d0:f3: + ee:7c:d0:69:84:8d:1a:37:1e:29:42:98:86:51:87: + fe:5d:48:2e:97:b0:c6:16:9c:46:6a:38:7b:34:54: + ec:76:d2:52:50:bb:31:a8:de:7d:3f:8c:c5:f8:fb: + e3:e3:73:37:36:10:e8:55:df:80:cf:c0:d9:40:30: + b7:54:49:69:e3:a8:79:49:47:d8:74:b0:07:13:dd: + 47:72:89:69:bd:0c:40:8b:f4:ee:49:02:cb:f4:b9: + c1:7a:7d:da:10:1b:b2:b1:9f:0d:70:66:d1:86:31: + dc:e3:d6:e5:f5:2c:e1:57:bd:72:ea:4a:1d:0c:4c: + 58:09:2b:2e:e5:53:40:73:55:e9:78:c3:7a:95:25: + b7:9d:80:ac:e4:79:c3:d7:9b:d1:c3:73:78:da:03: + f4:aa:68:21:81:f2:53:b8:3d:91:60:e0:91:47:2e: + 6d:5d:01:ae:f2:82:c0:8a:dd:06:8c:70:6e:77:7e: + 14:ae:61:a5:d8:e0:13:1b:2c:f7:d3:62:0c:d1:5c: + 48:fe:59:ca:b5:b1:2b:89:2b:2f:69:5d:40:42:05: + ab:76:58:4f:36:1a:36:1c:21:eb:85:1c:da:22:1b: + c2:60:8e:c1:7d:50:33:39:c0:40:e0:49:20:a0:f7: + c3:4f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + D7:A0:3F:5F:C0:65:83:88:6F:5E:98:DB:30:3D:9F:24:6A:D0:DE:54 + X509v3 Authority Key Identifier: + keyid:6D:B3:1D:B6:78:4E:C8:19:8F:FA:4D:6B:3A:5E:A9:7D:CB:07:98:BA + + Signature Algorithm: sha256WithRSAEncryption + 39:8a:89:a2:79:0f:c0:fd:d8:db:d5:38:d2:03:b4:38:be:a2: + 6e:6b:1c:28:93:0a:a6:0b:af:0a:69:6b:8b:d5:df:3d:de:76: + ad:24:23:98:7a:21:a1:2f:90:47:9b:98:9e:d2:b4:75:21:bd: + d0:38:34:6b:b1:96:3d:24:da:ac:1a:45:e4:01:1d:a2:20:c3: + 43:d3:ec:d9:2d:3b:d1:ee:0d:1e:21:15:e7:7f:d3:95:1c:dc: + fa:88:3a:05:4b:c5:08:5d:f4:40:89:29:80:fe:6b:40:b9:34: + 92:2e:48:94:d2:4b:0b:4d:1e:3c:64:17:cf:34:ec:36:5c:6d: + 3d:90:9c:74:95:d7:c8:96:a2:70:59:4a:d2:b5:e1:c1:a9:b7: + ad:f0:99:ff:b4:4d:89:e7:e3:9d:7d:79:36:40:05:6d:20:46: + 54:af:18:73:c9:07:17:26:18:86:99:cc:e2:58:27:96:84:58: + 18:d4:fe:dc:36:cd:8a:48:cc:e6:51:27:e5:76:81:2f:c7:9c: + 7b:f9:fb:19:c9:7c:e4:27:06:75:cd:16:88:74:3c:0b:23:d6: + 86:6b:95:41:10:cf:b2:fc:e8:1e:e0:d6:a5:8c:d1:c0:1b:d5: + 6e:15:8c:9a:67:5c:9d:ac:02:5a:69:17:e8:4c:42:d0:5d:88: + da:08:4e:c0 +-----BEGIN CERTIFICATE----- +MIIDrTCCApWgAwIBAgIBATANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEL +MAkGA1UECAwCR0QxETAPBgNVBAcMCHNoZW56aGVuMScwJQYDVQQKDB5odHRwczov +L3d3dy5hZ3JhbmR0ZWNoLmNvbS5jbi8xDTALBgNVBAMMBHRlc3QwHhcNMjMwNzAx +MTAwNTQ4WhcNMjYwMzI3MTAwNTQ4WjBSMQswCQYDVQQGEwJDTjELMAkGA1UECAwC +R0QxJzAlBgNVBAoMHmh0dHBzOi8vd3d3LmFncmFuZHRlY2guY29tLmNuLzENMAsG +A1UEAwwEdGVzdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPO96f6q +psHZe3Qg8NDz7nzQaYSNGjceKUKYhlGH/l1ILpewxhacRmo4ezRU7HbSUlC7Maje +fT+Mxfj74+NzNzYQ6FXfgM/A2UAwt1RJaeOoeUlH2HSwBxPdR3KJab0MQIv07kkC +y/S5wXp92hAbsrGfDXBm0YYx3OPW5fUs4Ve9cupKHQxMWAkrLuVTQHNV6XjDepUl +t52ArOR5w9eb0cNzeNoD9KpoIYHyU7g9kWDgkUcubV0BrvKCwIrdBoxwbnd+FK5h +pdjgExss99NiDNFcSP5ZyrWxK4krL2ldQEIFq3ZYTzYaNhwh64Uc2iIbwmCOwX1Q +MznAQOBJIKD3w08CAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYd +T3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFNegP1/AZYOI +b16Y2zA9nyRq0N5UMB8GA1UdIwQYMBaAFG2zHbZ4TsgZj/pNazpeqX3LB5i6MA0G +CSqGSIb3DQEBCwUAA4IBAQA5iomieQ/A/djb1TjSA7Q4vqJuaxwokwqmC68KaWuL +1d893natJCOYeiGhL5BHm5ie0rR1Ib3QODRrsZY9JNqsGkXkAR2iIMND0+zZLTvR +7g0eIRXnf9OVHNz6iDoFS8UIXfRAiSmA/mtAuTSSLkiU0ksLTR48ZBfPNOw2XG09 +kJx0ldfIlqJwWUrSteHBqbet8Jn/tE2J5+OdfXk2QAVtIEZUrxhzyQcXJhiGmczi +WCeWhFgY1P7cNs2KSMzmUSfldoEvx5x7+fsZyXzkJwZ1zRaIdDwLI9aGa5VBEM+y +/Oge4NaljNHAG9VuFYyaZ1ydrAJaaRfoTELQXYjaCE7A +-----END CERTIFICATE----- diff --git a/ca/CA/demoCA/newcerts/02.pem b/ca/CA/demoCA/newcerts/02.pem new file mode 100644 index 0000000..64a6bae --- /dev/null +++ b/ca/CA/demoCA/newcerts/02.pem @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 2 (0x2) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=CN, ST=GD, L=shenzhen, O=https://www.agrandtech.com.cn/, CN=test + Validity + Not Before: Jul 1 10:08:44 2023 GMT + Not After : Mar 27 10:08:44 2026 GMT + Subject: C=CN, ST=GD, O=https://www.agrandtech.com.cn/, CN=test1 + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public-Key: (2048 bit) + Modulus: + 00:ed:73:63:a4:7d:8c:00:e6:e5:df:f5:1e:8a:d4: + 22:e4:37:16:62:6b:64:f1:90:ec:4b:4c:37:c5:2e: + de:ef:11:93:15:da:e9:2d:7b:69:72:2d:94:29:f8: + 04:75:22:37:a4:83:53:a3:7b:b1:37:2d:a0:57:af: + 0e:65:3c:cf:fe:1a:65:de:e8:66:7b:19:81:ab:10: + 9b:9e:27:5b:a9:7c:cc:3a:44:ee:6e:af:3a:ef:67: + 72:60:a8:8d:bb:4d:3e:ce:34:1f:08:9c:72:f7:52: + 44:d7:af:eb:f7:9b:3f:62:94:09:db:26:e3:0f:eb: + b3:85:d3:c3:2d:ec:c1:14:d8:2d:b0:4c:10:c7:b1: + 22:cf:74:a7:cd:94:b7:18:9e:78:0b:0b:64:00:e0: + e1:8a:97:57:11:5d:7c:f3:c9:6c:e0:97:c1:6c:01: + b5:c4:75:fa:71:96:9a:89:c7:73:61:bd:4a:2b:28: + 17:81:4b:9f:92:ee:8e:a0:57:7f:7a:7c:89:a6:7e: + 4d:a8:f3:b8:aa:03:aa:de:30:a7:19:94:a7:87:fc: + ab:5a:e5:8d:a9:64:51:5a:f4:ad:64:e1:aa:e4:45: + b7:e4:03:dc:6b:cf:fa:4a:0d:09:ef:4f:82:39:cc: + 2f:91:c1:94:55:57:58:16:0b:14:00:62:43:c9:67: + e0:d3 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 51:A3:41:B8:14:F9:2C:04:DE:0C:49:24:58:B5:5A:34:0E:07:FE:40 + X509v3 Authority Key Identifier: + keyid:6D:B3:1D:B6:78:4E:C8:19:8F:FA:4D:6B:3A:5E:A9:7D:CB:07:98:BA + + Signature Algorithm: sha256WithRSAEncryption + 3c:f2:58:cd:8c:39:90:b4:f5:0f:ef:f6:a7:eb:26:4c:43:63: + dc:9f:94:a1:43:6c:9a:82:2b:e4:8e:24:c5:40:da:78:93:c5: + dd:8a:5d:63:76:00:ef:c6:ca:a7:a8:10:a3:9a:ae:d1:20:d1: + 19:e1:46:03:03:98:a4:71:9a:45:8d:34:33:ce:c8:52:82:22: + 33:5f:79:74:61:88:ab:52:6f:98:75:8f:07:bf:ff:d9:2e:30: + 67:ce:05:8b:6c:ac:24:ec:2c:ac:c5:42:f7:71:b6:da:53:bc: + 48:d1:29:82:aa:03:27:81:84:0a:f5:12:e2:8c:3a:77:f9:a8: + 0e:d4:1f:7e:1f:98:28:f7:15:f0:78:8a:ba:b7:77:20:b7:82: + 0d:cd:d5:47:ed:9e:61:a7:9b:35:1b:35:c7:74:91:0b:6c:1c: + 27:1a:a9:cc:11:5b:22:0d:35:40:43:ae:f2:44:66:aa:9e:dc: + 22:ca:a7:8b:8c:44:6a:f6:b1:6d:1e:3a:51:c0:2a:02:81:d7: + b6:4a:77:1e:e0:13:19:0c:51:4c:67:e1:2f:97:c9:4a:88:25: + c8:b4:65:dc:0d:a5:71:c2:45:dd:4f:01:bf:f0:43:9c:41:37: + 28:eb:15:fc:90:f8:b6:3a:4b:57:79:df:74:4c:a9:aa:27:a2: + 77:22:37:7f +-----BEGIN CERTIFICATE----- +MIIDrjCCApagAwIBAgIBAjANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJDTjEL +MAkGA1UECAwCR0QxETAPBgNVBAcMCHNoZW56aGVuMScwJQYDVQQKDB5odHRwczov +L3d3dy5hZ3JhbmR0ZWNoLmNvbS5jbi8xDTALBgNVBAMMBHRlc3QwHhcNMjMwNzAx +MTAwODQ0WhcNMjYwMzI3MTAwODQ0WjBTMQswCQYDVQQGEwJDTjELMAkGA1UECAwC +R0QxJzAlBgNVBAoMHmh0dHBzOi8vd3d3LmFncmFuZHRlY2guY29tLmNuLzEOMAwG +A1UEAwwFdGVzdDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDtc2Ok +fYwA5uXf9R6K1CLkNxZia2TxkOxLTDfFLt7vEZMV2ukte2lyLZQp+AR1Ijekg1Oj +e7E3LaBXrw5lPM/+GmXe6GZ7GYGrEJueJ1upfMw6RO5urzrvZ3JgqI27TT7ONB8I +nHL3UkTXr+v3mz9ilAnbJuMP67OF08Mt7MEU2C2wTBDHsSLPdKfNlLcYnngLC2QA +4OGKl1cRXXzzyWzgl8FsAbXEdfpxlpqJx3NhvUorKBeBS5+S7o6gV396fImmfk2o +87iqA6reMKcZlKeH/Kta5Y2pZFFa9K1k4arkRbfkA9xrz/pKDQnvT4I5zC+RwZRV +V1gWCxQAYkPJZ+DTAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8W +HU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRRo0G4FPks +BN4MSSRYtVo0Dgf+QDAfBgNVHSMEGDAWgBRtsx22eE7IGY/6TWs6Xql9yweYujAN +BgkqhkiG9w0BAQsFAAOCAQEAPPJYzYw5kLT1D+/2p+smTENj3J+UoUNsmoIr5I4k +xUDaeJPF3YpdY3YA78bKp6gQo5qu0SDRGeFGAwOYpHGaRY00M87IUoIiM195dGGI +q1JvmHWPB7//2S4wZ84Fi2ysJOwsrMVC93G22lO8SNEpgqoDJ4GECvUS4ow6d/mo +DtQffh+YKPcV8HiKurd3ILeCDc3VR+2eYaebNRs1x3SRC2wcJxqpzBFbIg01QEOu +8kRmqp7cIsqni4xEavaxbR46UcAqAoHXtkp3HuATGQxRTGfhL5fJSoglyLRl3A2l +ccJF3U8Bv/BDnEE3KOsV/JD4tjpLV3nfdEypqieidyI3fw== +-----END CERTIFICATE----- diff --git a/ca/CA/demoCA/private/cakey.pem b/ca/CA/demoCA/private/cakey.pem new file mode 100644 index 0000000..a8ca5b4 --- /dev/null +++ b/ca/CA/demoCA/private/cakey.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpgIBAAKCAQEA0SMdRLkcxy3PKOSCusJ+AnGiJyW6AxyujqZj4xjgtIFjYIMV +W5ZXVbWnY0xzRPddFddnEWgMeMLn9V3zcESV3tu9exm6Ijop8/KaDJ1EJAESunxk +P9x/1ek3kgQvuK3YAcizTeB5ODUZ/KFJw9MPR/KUB+TYqCp50mr6mlIZE6lvhhvM +xHz6ZmOFh2RvYg0h8oXpo5G8nmRVb4gNrlXKy/HZpGtbm/mfbOtxWgvSFy3PE/49 +V8nOYJbhDaoOXWVN06Z7w1y4KzSKbIoZfC9CWdWRrrhIv+Px1QLQItL17kAKqtp+ +vtG8lZjC5vsAgXLVAZLK71b6onv1Ir3YuwwfvQIDAQABAoIBAQCi1khvvgJeQ5jN +Kj9v0wfyNzAecw2GZsqzX3Le2/v6D9SkzOvQSBrwLWSLuHb39/KOkw05TF6JmJir +P9/QRla7EzVRqBJ5m/gWbYrsz3bC4eMHONuFrdYLZG9UTdYqYZGSsgaKWIGJ9i6p +uZuJ0chQKNyB2Pmo1onMAGfnyIyl9RruM0G3KOl2tHOqJnoqOoJAdWvq/vjmEb1H +lypiZZpIede2Q58oXC1HZFNT/q1NA3SGMbPoXmG4XoCTtq9Llt1kyk9FMbhKV1oj +FoneRwXRMEqu0AEGgk9XSEdSPVLZ4nspgrdA5mkTxa/fUyPvWjantzR/ovR6zx95 +mKKnEVIBAoGBAOwtRkIciCNSa7xwJD8QvEFCADvZDU/+RmFk2tDbbA+gDYPy1bdD +1qDqbzwdCnuMeVbTSAP+KNxxa1M9pOun21t6nC7sUPdqGbQEwkQrFs9v859wf2j9 +GU/oeu+aQabDGFXjwTC23wifqXTVc1/JnfGsqd3+9WwqR31SG+88/OjdAoGBAOKw +1r7/9XqrYxL3SuxYhEm6Qasj3OwRgTXBfRYBcwyN8NDTqY/QvsTwPvLVaDy8lrjc +kHJUx+zxmOBg/aKlxmzH5OTp0vRoVBFAOW4bITfGHKTjPjud7lfeAP2txPUR4i/4 +vHgYIlVFjGT6+p4oMsX7wtYl8ZmO184pVHNbZzRhAoGBAOJQQBL55Dp0sGhRzWnh +T4P5CuBOjUMqFaceTc/1cwdGB6149PI4P2LTQuQHsBPT+DILI+cvlVgoFwAdAfwP +TVPLmf4c1TlAooCuTrmj0KfWT01pL64bWjYIQEV5O4/hQ2CKboWPtwk8ddVO9M/F +E2SSX/QqbGLJ4Ndl5v7JIlDBAoGBAJQnnzIVdwpFGOs8U+tDrrHA2UpQlgJzLk9D +tcy8BcUev1S8AQXNF+D+YyWx8/4+AwOuo3kVj9R70b5TpXC3h4dw3Vf+ubCivs7H +esFLWdpp0C6zlejAvxUOMveYqjDBD2Lq3cJfg5DXc3pLzZ+wBf7/G8d55PzHLqO+ +v0Llaf4BAoGBAI4Fu4Sr0fD38pAUAehfDlzngoXIs7eqdJU5Gu19U3PKKhDRKptp +YBKt6mGv1R9rk9hCwXpXGRpABy6mpNkOCcYYmTtLGbwyy8Y1dbY9kNBrdhvrCcLh +RZL9VrFMOuoHrd/yB4AEwvoZHAhNAkheU6CC/R6uiWof6eH8YmXJEt0n +-----END RSA PRIVATE KEY----- diff --git a/ca/CA/demoCA/serial b/ca/CA/demoCA/serial new file mode 100644 index 0000000..75016ea --- /dev/null +++ b/ca/CA/demoCA/serial @@ -0,0 +1 @@ +03 diff --git a/ca/CA/demoCA/serial.old b/ca/CA/demoCA/serial.old new file mode 100644 index 0000000..9e22bcb --- /dev/null +++ b/ca/CA/demoCA/serial.old @@ -0,0 +1 @@ +02 diff --git a/ca/ca.go b/ca/ca.go new file mode 100644 index 0000000..183fe13 --- /dev/null +++ b/ca/ca.go @@ -0,0 +1,149 @@ +package ca + +import ( + "crypto" + "crypto/rand" + "crypto/rsa" + "crypto/sha256" + "crypto/x509" + "encoding/pem" + "fmt" + "omc/conf" + "os" +) + +// LoadCert 读取证书文件 +func LoadCert(path string) (*x509.Certificate, error) { + //1.打开磁盘的公钥文件 + file, err := os.Open(path) + if err != nil { + return nil, err + } + defer file.Close() + fileInfo, err := file.Stat() + if err != nil { + return nil, err + } + buf := make([]byte, fileInfo.Size()) + _, err = file.Read(buf) + if err != nil { + return nil, err + } + //2.使用pem解码得到pem.Block结构体变量 + block, _ := pem.Decode(buf) + + //证书解析 + certBody, err := x509.ParseCertificate(block.Bytes) + if err != nil { + return nil, err + } + return certBody, nil +} + +// LoadPriKey 读取私钥文件 +func LoadPriKey(path string) (*rsa.PrivateKey, error) { + //1.打开磁盘的私钥文件 + file, err := os.Open(path) + if err != nil { + return nil, err + } + defer file.Close() + //2.将私钥文件中的内容读出 + fileInfo, err := file.Stat() + if err != nil { + return nil, err + } + buf := make([]byte, fileInfo.Size()) + _, err = file.Read(buf) + if err != nil { + return nil, err + } + //3.使用pem对数据解码,得到pem.Block结构体变量 + block, _ := pem.Decode(buf) + //4.x509将数据解析成私钥结构体得到私钥 + privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes) + if err != nil { + return nil, err + } + return privateKey, nil +} + +// SignRSA RSA 签名 +func SignRSA(plainText []byte, priKey *rsa.PrivateKey) ([]byte, error) { + //1.创建一个哈希对象 + hash := sha256.New() + //2.给哈希对象添加数据 + _, err := hash.Write(plainText) + if err != nil { + return nil, err + } + //3.计算哈希值 + hashed := hash.Sum(nil) + //4.使用rsa中的函数对散列值签名 + signText, err := rsa.SignPKCS1v15(rand.Reader, priKey, crypto.SHA256, hashed) + if err != nil { + return nil, err + } + return signText, nil +} + +func VerifyRSA(plainText, signText []byte, cert *x509.Certificate) error { + publicKeyDer, err := x509.MarshalPKIXPublicKey(cert.PublicKey) + if err != nil { + return err + } + pubKeyInterface, err := x509.ParsePKIXPublicKey(publicKeyDer) + if err != nil { + return err + } + //进行类型断言得到公钥结构体 + publicKey := pubKeyInterface.(*rsa.PublicKey) + + //* 创建哈希接口 + hash := sha256.New() + //* 添加数据 + hash.Write(plainText) + //* 哈希运算 + hasded := hash.Sum(nil) + // + //6.签名认证 + err = rsa.VerifyPKCS1v15(publicKey, crypto.SHA256, hasded, signText) + if err != nil { + return err + } + return nil +} + +var rootCertPool *x509.CertPool + +func Init() error { + roots := x509.NewCertPool() + rootCert, err := LoadCert(conf.OmcConf.CA.RootCert) + if err != nil { + return err + } + roots.AddCert(rootCert) + rootCertPool = roots + return nil +} + +func VerifyCert(cert *x509.Certificate) error { + //block, _ := pem.Decode([]byte(certPEM)) + //if block == nil { + // return fmt.Errorf("failed to parse certificate PEM") + //} + //cert, err := x509.ParseCertificate(block.Bytes) + //if err != nil { + // return fmt.Errorf("failed to parse certificate: %v", err.Error()) + //} + + opts := x509.VerifyOptions{ + Roots: rootCertPool, + } + + if _, err := cert.Verify(opts); err != nil { + return fmt.Errorf("failed to verify certificate: %v", err.Error()) + } + + return nil +} diff --git a/ca/ca_test.go b/ca/ca_test.go new file mode 100644 index 0000000..3aca6a6 --- /dev/null +++ b/ca/ca_test.go @@ -0,0 +1,50 @@ +package ca + +import ( + "encoding/base64" + "fmt" + "nbi_agent_api/conf" + "testing" +) + +func TestCa(t *testing.T) { + // 初始化 + conf.OmcConf.CA.RootCert = "CA/demoCA/cacert.pem" + Init() + + //证书验证: + cert, err := LoadCert("CA/certs/test1.crt") + if err != nil { + fmt.Println("LoadCert:", err) + return + } + + err = VerifyCert(cert) + fmt.Println("VerifyCert:", err) + + //签名 + fmt.Println("RSA签名认证:") + pri, err := LoadPriKey("CA/data/test1.key") + if err != nil { + fmt.Println("LoadPriKey:", err) + return + } + username := "admin" + rsaSign, err := SignRSA([]byte(username), pri) + if err != nil { + fmt.Println("SignRSA:", err) + return + } + rsaSign64 := base64.StdEncoding.EncodeToString(rsaSign) + fmt.Println("rsaSign64:", rsaSign64) + + //签证验证 + cert, err = LoadCert("CA/certs/test1.crt") + if err != nil { + fmt.Println("LoadCert:", err) + return + } + err = VerifyRSA([]byte(username), rsaSign, cert) + fmt.Println("VerifyRSA sign:", err) + +} diff --git a/client_robot.go b/client_robot.go index f2f886d..7ab6376 100644 --- a/client_robot.go +++ b/client_robot.go @@ -145,7 +145,7 @@ func (this *TcpClient) Receive() { func (this *TcpClient) Start() { //登录 - data := "reqLoginAlarm;user=omc;key=omc@password;type=ftp" + data := "reqLoginAlarm;user=audit;key=omc@password;type=ftp" this.SendMsg(0x01, []byte(data)) //发送同步告警信息 @@ -162,7 +162,7 @@ func (this *TcpClient) Start() { } func DataMock() { - conf := "root:1000omc@kp!@tcp(192.168.0.229:33066)/omc_db?charset=utf8mb4&parseTime=True&loc=Local" + conf := "root:1000omc@kp!@tcp(192.168.4.130:33066)/omc_db?charset=utf8mb4&parseTime=True&loc=Local" d, err := gorm.Open(mysql.Open(conf), &gorm.Config{}) if err != nil { zlog.Ins().ErrorF("open mysql %s error, ", conf, err) @@ -212,7 +212,7 @@ func NewTcpClient(ip string, port int) *TcpClient { } func main() { - client := NewTcpClient("127.0.0.1", 31232) + client := NewTcpClient("192.168.4.130", 31232) client.Start() //DataMock() select {} diff --git a/conf/global.go b/conf/global.go index 038e142..2791baa 100644 --- a/conf/global.go +++ b/conf/global.go @@ -30,6 +30,14 @@ type Config struct { HeartbeatMax int `json:"heartbeat_max"` LogDir string `json:"log_dir"` LogFile string `json:"log_file"` + + //证书配置 + CA struct { + RootCert string `json:"root_cert"` //root CA证书存放路径 + Cert string `json:"cert"` // 服务端CA证书存放路径 + PrivateKey string `json:"private_key"` // 服务端私钥存放路径 + Check bool `json:"check"` // 是否开启服务端证书检查功能 + } `json:"ca"` } var OmcConf Config diff --git a/conf/nbi_alarm_agent.json b/conf/nbi_alarm_agent.json index b74adfb..37b27d6 100644 --- a/conf/nbi_alarm_agent.json +++ b/conf/nbi_alarm_agent.json @@ -18,5 +18,11 @@ "mame":"nbi north alarm agent", "heartbeat_max": 180, "log_dir": "./nbi_alarm", - "log_file":"nbi_alarm.log" + "log_file":"nbi_alarm.log", + "ca":{ + "root_cert":"ca/CA/demoCA/cacert.pem", + "cert":"/ca/CA/certs/test1.crt", + "private_key":"ca/CA/data/test1.key", + "check":true + } } diff --git a/lib/file.go b/lib/file.go index b768861..883d040 100644 --- a/lib/file.go +++ b/lib/file.go @@ -1,7 +1,6 @@ package lib import ( - "archive/zip" "os" "strings" ) @@ -65,17 +64,5 @@ func GenFile(meta *FileMeta, content []byte) (string, error) { if err != nil { return "", err } - // 创建一个新的ZIP文件 - fileName = fileName + ".zip" - zipFile, err := os.Create(fileName) - if err != nil { - return "", err - } - defer zipFile.Close() - - // 创建一个ZIP写入器 - zipWriter := zip.NewWriter(zipFile) - defer zipWriter.Close() - return fileName, nil } diff --git a/nb_alarm_agent.exe b/nb_alarm_agent.exe new file mode 100644 index 0000000..542cc62 Binary files /dev/null and b/nb_alarm_agent.exe differ diff --git a/nbi_alarm_agent.exe b/nbi_alarm_agent.exe new file mode 100644 index 0000000..ba1921a Binary files /dev/null and b/nbi_alarm_agent.exe differ diff --git a/omc/msg.go b/omc/msg.go index 50650a5..a5980d1 100644 --- a/omc/msg.go +++ b/omc/msg.go @@ -8,12 +8,9 @@ func ErrorMsg(msgType string, reqID string, desc string) []byte { } if reqID != "" { msgBody.Msg["reqId"] = reqID - msgBody.Keys = append(msgBody.Keys, "reqId") } msgBody.Msg["result"] = "fail" - msgBody.Keys = append(msgBody.Keys, "result") msgBody.Msg["resDesc"] = desc - msgBody.Keys = append(msgBody.Keys, "resDesc") msgBody.Pack() return msgBody.RawData } @@ -25,13 +22,9 @@ func SuccessMsg(msgType string, reqID string, desc string) []byte { } if reqID != "" { msgBody.Msg["reqId"] = reqID - msgBody.Keys = append(msgBody.Keys, "reqId") } msgBody.Msg["result"] = "succ" - msgBody.Keys = append(msgBody.Keys, "result") - //msgBody.Msg["resDesc"] = desc - msgBody.Msg["resDesc"] = "succ" - msgBody.Keys = append(msgBody.Keys, "resDesc") + msgBody.Msg["resDesc"] = desc msgBody.Pack() return msgBody.RawData diff --git a/omc/omc_pack.go b/omc/omc_pack.go index 918d1d0..03bf8e6 100644 --- a/omc/omc_pack.go +++ b/omc/omc_pack.go @@ -11,11 +11,10 @@ type MsgBody struct { RawData []byte MsgName string Msg map[string]string - Keys []string } // Decode -// reqLoginAlarm;user=yiy;key=qw#$@;type=msg +//reqLoginAlarm;user=yiy;key=qw#$@;type=msg func (o *MsgBody) Decode() error { multi := strings.Split(string(o.RawData), ";") if len(multi) < 1 { @@ -32,12 +31,12 @@ func (o *MsgBody) Decode() error { } // Pack -// reqLoginAlarm;user=yiy;key=qw#$@;type=msg +//reqLoginAlarm;user=yiy;key=qw#$@;type=msg func (o *MsgBody) Pack() error { var multi []string multi = append(multi, o.MsgName) - for _, key := range o.Keys { - item := fmt.Sprintf("%s=%s", key, o.Msg[key]) + for i, v := range o.Msg { + item := fmt.Sprintf("%s=%s", i, v) multi = append(multi, item) } raw := strings.Join(multi, ";") diff --git a/service/login.go b/service/login.go index e62dfe9..4f49feb 100644 --- a/service/login.go +++ b/service/login.go @@ -1,8 +1,13 @@ package service import ( + "crypto/x509" + "encoding/base64" + "encoding/pem" "errors" "github.com/aceld/zinx/zlog" + "omc/ca" + "omc/conf" "omc/db" "omc/lib" "omc/model" @@ -21,3 +26,38 @@ func UserLogin(name, pw string) error { } return nil } + +func CMCALogin(source, sign, cert string) (login bool, err error) { + defer func() { + if r := recover(); r != nil { + zlog.Ins().ErrorF("CMCALogin panic:%v", r) + } + }() + //base64 解码签名数据 + signBytes, err := base64.StdEncoding.DecodeString(sign) + if err != nil { + return false, err + } + //证书加载 + block, _ := pem.Decode([]byte(cert)) + + //证书解析 + certBody, err := x509.ParseCertificate(block.Bytes) + if err != nil { + return false, err + } + + //证书校验 + if conf.OmcConf.CA.Check { + if err := ca.VerifyCert(certBody); err != nil { + return false, err + } + } + + //签名验证 + err = ca.VerifyRSA([]byte(source), signBytes, certBody) + if err != nil { + return false, err + } + return true, nil +} diff --git a/service/sysn_alarm_file.go b/service/sysn_alarm_file.go index 5cc3ba5..91a3b3c 100644 --- a/service/sysn_alarm_file.go +++ b/service/sysn_alarm_file.go @@ -5,14 +5,12 @@ import ( "encoding/binary" "encoding/json" "errors" - "fmt" + "github.com/aceld/zinx/ziface" "omc/db" "omc/lib" "omc/model" "omc/omc" "time" - - "github.com/aceld/zinx/ziface" ) func GenFile(request ziface.IRequest, meta *lib.FileMeta, data []OmcAlarm) { @@ -30,24 +28,15 @@ func GenFile(request ziface.IRequest, meta *lib.FileMeta, data []OmcAlarm) { return } - // add by simon at 2023/08/14 - fmt.Println("meta:", meta) - if meta.ReqId == "" { - meta.ReqId = "2" - } //发送文件同步信息 ackBody := omc.MsgBody{ - MsgName: "ackSyncAlarmFileResult", + MsgName: "ackSyncOmcAlarmFileResult", Msg: make(map[string]string, 0), } ackBody.Msg["reqId"] = meta.ReqId - ackBody.Keys = append(ackBody.Keys, "reqId") ackBody.Msg["result"] = "succ" - ackBody.Keys = append(ackBody.Keys, "result") ackBody.Msg["fileName"] = file - ackBody.Keys = append(ackBody.Keys, "fileName") - ackBody.Msg["resDesc"] = "succ" - ackBody.Keys = append(ackBody.Keys, "resDesc") + ackBody.Msg["resDesc"] = "" ackBody.Pack() request.GetConnection().SendMsg(omc.AckSyncAlarmFileResult, ackBody.RawData) }