gitee.com/aurawing/surguard-go@v0.3.1-0.20240409071558-96509a61ecf3/device/kms.go (about)

     1  package device
     2  
     3  import (
     4  	"bytes"
     5  	"crypto/sha256"
     6  	"crypto/tls"
     7  	"encoding/json"
     8  	"errors"
     9  	"fmt"
    10  	"io"
    11  	"net/http"
    12  
    13  	"github.com/mr-tron/base58"
    14  	uuid "github.com/satori/go.uuid"
    15  )
    16  
    17  type createEntityResp struct {
    18  	Code    int               `json:"code"`
    19  	Message string            `json:"message"`
    20  	Data    *createEntityData `json:"data"`
    21  }
    22  
    23  type createEntityData struct {
    24  	Yid      string `json:"yid"`
    25  	Yentity  string `json:"yentity"`
    26  	Yaccount string `json:"yaccount"`
    27  }
    28  
    29  var client *http.Client
    30  
    31  func init() {
    32  	transport := &http.Transport{
    33  		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
    34  	}
    35  	client = &http.Client{Transport: transport}
    36  }
    37  
    38  func (device *Device) createEntity(url string) (string, string, string, error) {
    39  	u2 := uuid.NewV4()
    40  	fullURL := fmt.Sprintf("%s/api/encryption/kms/v1/createvuientity?vui=%s", url, fmt.Sprintf("%s-%s", groupName, u2.String()))
    41  	resp, err := client.Post(fullURL, "application/json", bytes.NewBuffer([]byte{}))
    42  	if err != nil {
    43  		device.log.Errorf("KMS: post create entity request failed: %s", err)
    44  		return "", "", "", err
    45  	}
    46  	defer resp.Body.Close()
    47  	reader := io.Reader(resp.Body)
    48  	response := new(createEntityResp)
    49  	err = json.NewDecoder(reader).Decode(&response)
    50  	if err != nil {
    51  		device.log.Errorf("KMS: decode create entity response failed: %s", err)
    52  		return "", "", "", err
    53  	}
    54  	if response.Code != 1000 {
    55  		err := errors.New(response.Message)
    56  		device.log.Errorf("KMS: response of create entity request failed: %s", err)
    57  		return "", "", "", err
    58  	}
    59  	return fmt.Sprintf("%s-%s", groupName, u2.String()), response.Data.Yid, response.Data.Yentity, nil
    60  }
    61  
    62  type loginEntityResp struct {
    63  	Code    int               `json:"code"`
    64  	Message string            `json:"message"`
    65  	Data    *createEntityData `json:"data"`
    66  }
    67  
    68  // type loginEntityData struct {
    69  // 	Msg string `json:"msg"`
    70  // }
    71  
    72  func (device *Device) loginEntity(url, vui, yid string) error {
    73  	fullURL := fmt.Sprintf("%s/api/encryption/kms/v1/login?yid=%s&vui=%s", url, yid, vui)
    74  	resp, err := client.Post(fullURL, "application/json", bytes.NewBuffer([]byte{}))
    75  	if err != nil {
    76  		device.log.Errorf("KMS: post login entity request failed: %s", err)
    77  		return err
    78  	}
    79  	defer resp.Body.Close()
    80  	reader := io.Reader(resp.Body)
    81  	response := new(loginEntityResp)
    82  	err = json.NewDecoder(reader).Decode(&response)
    83  	if err != nil {
    84  		device.log.Errorf("KMS: decode login entity response failed: %s", err)
    85  		return err
    86  	}
    87  	if response.Code != 1000 {
    88  		err := errors.New(response.Message)
    89  		device.log.Errorf("KMS: response of login entity request failed: %s", err)
    90  		return err
    91  	}
    92  	return nil
    93  }
    94  
    95  type privateKeyResp struct {
    96  	Code    int             `json:"code"`
    97  	Message string          `json:"message"`
    98  	Data    *privateKeyData `json:"data"`
    99  }
   100  
   101  type privateKeyData struct {
   102  	PrvKey string `json:"prvKey"`
   103  }
   104  
   105  func (device *Device) getPrivateKey(url string, entityID int) (string, error) {
   106  	fullURL := fmt.Sprintf("%s/api/encryption/kms/v1/getprv?id=%d", url, entityID)
   107  	resp, err := client.Get(fullURL)
   108  	if err != nil {
   109  		device.log.Errorf("KMS: get private key request failed: %s", err)
   110  		return "", err
   111  	}
   112  	defer resp.Body.Close()
   113  	reader := io.Reader(resp.Body)
   114  	response := new(privateKeyResp)
   115  	err = json.NewDecoder(reader).Decode(&response)
   116  	if err != nil {
   117  		device.log.Errorf("KMS: decode private key response failed: %s", err)
   118  		return "", err
   119  	}
   120  	if response.Code != 1000 {
   121  		err := errors.New(response.Message)
   122  		device.log.Errorf("KMS: response of private key request failed: %s", err)
   123  		return "", err
   124  	}
   125  	return response.Data.PrvKey, nil
   126  }
   127  
   128  func (device *Device) parsePrivateKey(s string) (NoisePrivateKey, error) {
   129  	privKey, err := base58.Decode(s)
   130  	if err != nil {
   131  		device.log.Errorf("KMS: decode base58 format private key failed: %s", err)
   132  		return NoisePrivateKey{}, err
   133  	}
   134  	if privKey[0] != 0x80 && privKey[0] != 0x10 {
   135  		err := fmt.Errorf("expected version %x , instead got %x", 0x80, privKey[0])
   136  		device.log.Errorf("KMS: private key format error: %s", err)
   137  		return NoisePrivateKey{}, err
   138  	}
   139  	if len(privKey) == 33 {
   140  		return NoisePrivateKey(privKey[1:]), nil
   141  	}
   142  	if len(privKey) != 37 {
   143  		return NoisePrivateKey{}, errors.New("length of private key must be 33 or 37")
   144  	}
   145  	rawPrivKey := privKey[0:33]
   146  	checksum := privKey[33:]
   147  	verify := sha256Sum(rawPrivKey)
   148  	verify = sha256Sum(verify[:])
   149  	verifyCode := verify[0:4]
   150  	if !bytes.Equal(checksum, verifyCode) {
   151  		err := errors.New("checksum is not correct")
   152  		device.log.Errorf("KMS: private key checksum failed: %s", err)
   153  		return NoisePrivateKey{}, err
   154  	}
   155  	return NoisePrivateKey(rawPrivKey[1:]), nil
   156  }
   157  
   158  func sha256Sum(bytes []byte) []byte {
   159  	h := sha256.New()
   160  	h.Write(bytes)
   161  	return h.Sum(nil)
   162  }