gitee.com/aurawing/surguard-go@v0.3.1-0.20240409071558-96509a61ecf3/device/kms.go (about) 1 package device 2 3 import ( 4 "bytes" 5 "crypto/sha256" 6 "crypto/tls" 7 "encoding/json" 8 "errors" 9 "fmt" 10 "io" 11 "net/http" 12 13 "github.com/mr-tron/base58" 14 uuid "github.com/satori/go.uuid" 15 ) 16 17 type createEntityResp struct { 18 Code int `json:"code"` 19 Message string `json:"message"` 20 Data *createEntityData `json:"data"` 21 } 22 23 type createEntityData struct { 24 Yid string `json:"yid"` 25 Yentity string `json:"yentity"` 26 Yaccount string `json:"yaccount"` 27 } 28 29 var client *http.Client 30 31 func init() { 32 transport := &http.Transport{ 33 TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, 34 } 35 client = &http.Client{Transport: transport} 36 } 37 38 func (device *Device) createEntity(url string) (string, string, string, error) { 39 u2 := uuid.NewV4() 40 fullURL := fmt.Sprintf("%s/api/encryption/kms/v1/createvuientity?vui=%s", url, fmt.Sprintf("%s-%s", groupName, u2.String())) 41 resp, err := client.Post(fullURL, "application/json", bytes.NewBuffer([]byte{})) 42 if err != nil { 43 device.log.Errorf("KMS: post create entity request failed: %s", err) 44 return "", "", "", err 45 } 46 defer resp.Body.Close() 47 reader := io.Reader(resp.Body) 48 response := new(createEntityResp) 49 err = json.NewDecoder(reader).Decode(&response) 50 if err != nil { 51 device.log.Errorf("KMS: decode create entity response failed: %s", err) 52 return "", "", "", err 53 } 54 if response.Code != 1000 { 55 err := errors.New(response.Message) 56 device.log.Errorf("KMS: response of create entity request failed: %s", err) 57 return "", "", "", err 58 } 59 return fmt.Sprintf("%s-%s", groupName, u2.String()), response.Data.Yid, response.Data.Yentity, nil 60 } 61 62 type loginEntityResp struct { 63 Code int `json:"code"` 64 Message string `json:"message"` 65 Data *createEntityData `json:"data"` 66 } 67 68 // type loginEntityData struct { 69 // Msg string `json:"msg"` 70 // } 71 72 func (device *Device) loginEntity(url, vui, yid string) error { 73 fullURL := fmt.Sprintf("%s/api/encryption/kms/v1/login?yid=%s&vui=%s", url, yid, vui) 74 resp, err := client.Post(fullURL, "application/json", bytes.NewBuffer([]byte{})) 75 if err != nil { 76 device.log.Errorf("KMS: post login entity request failed: %s", err) 77 return err 78 } 79 defer resp.Body.Close() 80 reader := io.Reader(resp.Body) 81 response := new(loginEntityResp) 82 err = json.NewDecoder(reader).Decode(&response) 83 if err != nil { 84 device.log.Errorf("KMS: decode login entity response failed: %s", err) 85 return err 86 } 87 if response.Code != 1000 { 88 err := errors.New(response.Message) 89 device.log.Errorf("KMS: response of login entity request failed: %s", err) 90 return err 91 } 92 return nil 93 } 94 95 type privateKeyResp struct { 96 Code int `json:"code"` 97 Message string `json:"message"` 98 Data *privateKeyData `json:"data"` 99 } 100 101 type privateKeyData struct { 102 PrvKey string `json:"prvKey"` 103 } 104 105 func (device *Device) getPrivateKey(url string, entityID int) (string, error) { 106 fullURL := fmt.Sprintf("%s/api/encryption/kms/v1/getprv?id=%d", url, entityID) 107 resp, err := client.Get(fullURL) 108 if err != nil { 109 device.log.Errorf("KMS: get private key request failed: %s", err) 110 return "", err 111 } 112 defer resp.Body.Close() 113 reader := io.Reader(resp.Body) 114 response := new(privateKeyResp) 115 err = json.NewDecoder(reader).Decode(&response) 116 if err != nil { 117 device.log.Errorf("KMS: decode private key response failed: %s", err) 118 return "", err 119 } 120 if response.Code != 1000 { 121 err := errors.New(response.Message) 122 device.log.Errorf("KMS: response of private key request failed: %s", err) 123 return "", err 124 } 125 return response.Data.PrvKey, nil 126 } 127 128 func (device *Device) parsePrivateKey(s string) (NoisePrivateKey, error) { 129 privKey, err := base58.Decode(s) 130 if err != nil { 131 device.log.Errorf("KMS: decode base58 format private key failed: %s", err) 132 return NoisePrivateKey{}, err 133 } 134 if privKey[0] != 0x80 && privKey[0] != 0x10 { 135 err := fmt.Errorf("expected version %x , instead got %x", 0x80, privKey[0]) 136 device.log.Errorf("KMS: private key format error: %s", err) 137 return NoisePrivateKey{}, err 138 } 139 if len(privKey) == 33 { 140 return NoisePrivateKey(privKey[1:]), nil 141 } 142 if len(privKey) != 37 { 143 return NoisePrivateKey{}, errors.New("length of private key must be 33 or 37") 144 } 145 rawPrivKey := privKey[0:33] 146 checksum := privKey[33:] 147 verify := sha256Sum(rawPrivKey) 148 verify = sha256Sum(verify[:]) 149 verifyCode := verify[0:4] 150 if !bytes.Equal(checksum, verifyCode) { 151 err := errors.New("checksum is not correct") 152 device.log.Errorf("KMS: private key checksum failed: %s", err) 153 return NoisePrivateKey{}, err 154 } 155 return NoisePrivateKey(rawPrivKey[1:]), nil 156 } 157 158 func sha256Sum(bytes []byte) []byte { 159 h := sha256.New() 160 h.Write(bytes) 161 return h.Sum(nil) 162 }