证书作为公钥进行验证

handle/api/req_cmca_login_alarm.go

@@ -25,8 +25,9 @@ func (*ReqCMCALoginAlarm) Handle(request ziface.IRequest) {
 	body, err := parse.RequestBodyDecode(request, []string{"user", "key", "cert", "type"})
 	username := body.Data["user"]
 	key := body.Data["key"]
+	cert := body.Data["cert"]
 	tp := body.Data["type"]
-	if err != nil || username == "" || key == "" || tp == "" {
+	if err != nil || username == "" || cert == "" || key == "" || tp == "" {
 		zlog.Ins().ErrorF("inlaid message body %s", err.Error())
 		request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.ResultError(ReqLoginAlarmMsgName, err.Error(), ""))
 		return
@@ -49,7 +50,7 @@ func (*ReqCMCALoginAlarm) Handle(request ziface.IRequest) {
 	seqNo := m.GetUserByPID(uid.(string)).SeqNo
 	content := username + ":" + seqNo
 	// 检查判断是否对应随机码
-	if err := service.CMCALogin(content, key); err != nil {
+	if err := service.CMCALogin(cert, content, key); err != nil {
 		zlog.Ins().ErrorF("LoginFail %s", err)
 		request.GetConnection().SendMsg(ReqLoginAlarmMsgType, core.Result(ReqLoginAlarmMsgName, map[string]string{
 			"result":  "autherror",

handle/service/login.go

@@ -4,11 +4,9 @@ import (
 	"encoding/base64"
 	"errors"
 	"fmt"
-	"omc/conf"
 	"omc/core/db"
 	"omc/core/utils"
 	"omc/handle/model"
-	"os"
 
 	"github.com/aceld/zinx/zlog"
 )
@@ -32,14 +30,9 @@ func UserLogin(name, passwd string) error {
 // CMCALogin 验证随机码
 // content "user:seqNo" 组合的字符
 // signatureBase64 签名数据（base64编码）
-func CMCALogin(content, signatureBase64 string) error {
-	// 读取文件内容
-	strByte, err := os.ReadFile(conf.OmcConf.PublicKey)
-	if err != nil {
-		return fmt.Errorf("无法读取文件 %v", err)
-	}
+func CMCALogin(publicKeyStr, content, signatureBase64 string) error {
 	// 公钥
-	publicKeyPEM := fmt.Sprintf("-----BEGIN RSA PUBLIC KEY-----\n %s \n-----END RSA PUBLIC KEY-----", strByte)
+	publicKeyPEM := fmt.Sprintf("-----BEGIN RSA PUBLIC KEY-----\n %s \n-----END RSA PUBLIC KEY-----", publicKeyStr)
 
 	// 解析公钥
 	publicKey, err := utils.ParsePKCS1PublicKey(publicKeyPEM)