登录回跳

handle/service/login.go

@@ -1,15 +1,14 @@
 package service
 
 import (
-	"crypto/x509"
 	"encoding/base64"
-	"encoding/pem"
 	"errors"
-	"omc/ca"
+	"fmt"
 	"omc/conf"
 	"omc/core/db"
 	"omc/core/utils"
 	"omc/handle/model"
+	"os"
 
 	"github.com/aceld/zinx/zlog"
 )
@@ -30,37 +29,34 @@ func UserLogin(name, passwd string) error {
 	return nil
 }
 
-func CMCALogin(source, sign, cert string) (login bool, err error) {
-	defer func() {
-		if r := recover(); r != nil {
-			zlog.Ins().ErrorF("CMCALogin panic:%v", r)
-		}
-	}()
-	//base64 解码签名数据
-	signBytes, err := base64.StdEncoding.DecodeString(sign)
+// CMCALogin 验证随机码
+// content "user:seqNo" 组合的字符
+// signatureBase64 签名数据（base64编码）
+func CMCALogin(content, signatureBase64 string) error {
+	// 读取文件内容
+	strByte, err := os.ReadFile(conf.OmcConf.PublicKey)
 	if err != nil {
-		return false, err
+		return fmt.Errorf("无法读取文件 %v", err)
 	}
-	//证书加载
-	block, _ := pem.Decode([]byte(cert))
+	// 公钥
+	publicKeyPEM := fmt.Sprintf("-----BEGIN RSA PUBLIC KEY-----\n %s \n-----END RSA PUBLIC KEY-----", strByte)
 
-	//证书解析
-	certBody, err := x509.ParseCertificate(block.Bytes)
+	// 解析公钥
+	publicKey, err := utils.ParsePKCS1PublicKey(publicKeyPEM)
 	if err != nil {
-		return false, err
+		fmt.Println("解析公钥失败:", err)
 	}
 
-	//证书校验
-	if conf.OmcConf.CA.Check {
-		if err := ca.VerifyCert(certBody); err != nil {
-			return false, err
-		}
+	// 解码base64得到签名字节串
+	signature, err := base64.StdEncoding.DecodeString(signatureBase64)
+	if err != nil {
+		fmt.Println("解码签名数据失败:", err)
 	}
 
-	//签名验证
-	err = ca.VerifyRSA([]byte(source), signBytes, certBody)
-	if err != nil {
-		return false, err
+	// 验证签名
+	valid := utils.VerifySignature(publicKey, []byte(content), signature)
+	if valid {
+		return nil
 	}
-	return true, nil
+	return errors.New("随机码签名验证失败")
 }