gitee.com/chunanyong/dm@v1.8.12/security/zzi.go (about)

     1  /*
     2   * Copyright (c) 2000-2018, 达梦数据库有限公司.
     3   * All rights reserved.
     4   */
     5  
     6  package security
     7  
     8  import (
     9  	"crypto/tls"
    10  	"errors"
    11  	"flag"
    12  	"net"
    13  	"os"
    14  	"sync"
    15  )
    16  
    17  var dmHome = flag.String("DM_HOME", "", "Where DMDB installed")
    18  var flagLock = sync.Mutex{}
    19  
    20  func NewTLSFromTCP(conn *net.TCPConn, sslCertPath string, sslKeyPath string, user string) (*tls.Conn, error) {
    21  	if sslCertPath == "" && sslKeyPath == "" {
    22  		// 为什么从os.getEnv改为flag? 参照JDBC,它通过System.getProperty()获取命令中的-DDM_HOME=值
    23  		// flag非协程安全,内部存在并发写map的操作
    24  		func () {
    25  			flagLock.Lock()
    26  			defer flagLock.Unlock()
    27  			flag.Parse()
    28  		}()
    29  		separator := string(os.PathSeparator)
    30  		if *dmHome != "" {
    31  			sslCertPath = *dmHome + separator + "bin" + separator + "client_ssl" + separator +
    32  				user + separator + "client-cert.pem"
    33  			sslKeyPath = *dmHome + separator + "bin" + separator + "client_ssl" + separator +
    34  				user + separator + "client-key.pem"
    35  		} else {
    36  			return nil, errors.New("sslCertPath and sslKeyPath can not be empty!")
    37  		}
    38  	}
    39  	cer, err := tls.LoadX509KeyPair(sslCertPath, sslKeyPath)
    40  	if err != nil {
    41  		return nil, err
    42  	}
    43  	conf := &tls.Config{
    44  		InsecureSkipVerify: true,
    45  		Certificates:       []tls.Certificate{cer},
    46  	}
    47  	tlsConn := tls.Client(conn, conf)
    48  	if err := tlsConn.Handshake(); err != nil {
    49  		return nil, err
    50  	}
    51  	return tlsConn, nil
    52  }