crypto.go

src/config.go

@@ -1,6 +1,7 @@
 package src
 
 import (
+	"acme-mana/src/crypto"
 	"github.com/go-acme/lego/v4/log"
 	"github.com/go-acme/lego/v4/platform/config/env"
 	"gopkg.in/yaml.v3"
@@ -50,7 +51,8 @@ func InitConfig() {
 }
 
 func defaultConf() *AppConfig {
-	priKey, pubKey, err := GenRsa()
+	//priKey, pubKey, err := GenRsa()
+	priKey, pubKey, err := crypto.GenRSA()
 	if err != nil {
 		log.Fatal(err)
 	}

src/crypto/crypto.go

@@ -0,0 +1,96 @@
+package crypto
+
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
+	"encoding/base64"
+	"io"
+)
+
+func EncryptAES(key []byte, plaintext []byte) []byte {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err)
+	}
+	ciphertext := make([]byte, aes.BlockSize+len(plaintext))
+	iv := ciphertext[:aes.BlockSize]
+	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+		panic(err)
+	}
+	stream := cipher.NewCFBEncrypter(block, iv)
+	stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
+	return ciphertext
+}
+
+func DecryptAES(key []byte, ciphertext []byte) []byte {
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err)
+	}
+	if len(ciphertext) < aes.BlockSize {
+		panic("ciphertext too short")
+	}
+	iv := ciphertext[:aes.BlockSize]
+	ciphertext = ciphertext[aes.BlockSize:]
+	stream := cipher.NewCFBDecrypter(block, iv)
+	stream.XORKeyStream(ciphertext, ciphertext)
+	return ciphertext
+}
+
+func EncryptRSA(publicKey *rsa.PublicKey, message []byte) ([]byte, error) {
+	ciphertext, err := rsa.EncryptPKCS1v15(rand.Reader, publicKey, message)
+	if err != nil {
+		return nil, err
+	}
+	return ciphertext, nil
+}
+
+func EncryptRSABase64(publicKey string, content []byte) ([]byte, error) {
+	pubKey, err := base64.StdEncoding.DecodeString(publicKey)
+	if err != nil {
+		return nil, err
+	}
+	key, err := x509.ParsePKCS1PublicKey(pubKey)
+	if err != nil {
+		return nil, err
+	}
+	return EncryptRSA(key, content)
+}
+
+func DecryptRSA(privateKey *rsa.PrivateKey, ciphertext []byte) ([]byte, error) {
+	plaintext, err := rsa.DecryptPKCS1v15(rand.Reader, privateKey, ciphertext)
+	if err != nil {
+		return nil, err
+	}
+	return plaintext, nil
+}
+
+func DecryptRSABase64(privateKey string, ciphertext []byte) ([]byte, error) {
+	priKey, err := base64.StdEncoding.DecodeString(privateKey)
+	if err != nil {
+		return nil, err
+	}
+	key, err := x509.ParsePKCS1PrivateKey(priKey)
+	if err != nil {
+		return nil, err
+	}
+	return DecryptRSA(key, ciphertext)
+}
+
+func GenRSA() (priKey string, pubKey string, err error) {
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return "", "", err
+	}
+	priKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey)
+
+	publicKey := &privateKey.PublicKey
+	publicKeyBytes := x509.MarshalPKCS1PublicKey(publicKey)
+	pubKey = base64.StdEncoding.EncodeToString(publicKeyBytes)
+	priKey = base64.StdEncoding.EncodeToString(priKeyBytes)
+	err = nil
+	return
+}

src/daemon.go

@@ -21,7 +21,8 @@ func Start() {
 	log.Println("Run Acme Mana...")
 	args := os.Args
 	if len(args) <= 1 {
-		daemonStart()
+		//daemonStart()
+		doTask()
 		return
 	}
 	command := args[1]

src/http.go

@@ -1,17 +1,12 @@
 package src
 
 import (
+	"acme-mana/src/crypto"
 	"bytes"
-	"crypto/cipher"
-	"crypto/des"
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
 	"encoding/base64"
+	"encoding/hex"
 	"encoding/json"
-	"encoding/pem"
 	"github.com/gin-gonic/gin"
-	"io"
 	"log"
 	"os"
 	"path"
@@ -111,51 +106,66 @@ func refreshCert(c *gin.Context) {
 }
 
 func getToken(c *gin.Context) (token string) {
-	token = decryptParam(c.Param("token"))
+	token = c.Query("token")
+	token = decryptParam(token)
 	return
 }
 
 func decryptParam(param string) string {
 	priKey := GetAppConfig().Encrypt.PriKey
 
+	tokenBytes, err := hex.DecodeString(param)
+	//tokenBytes, err := base64.StdEncoding.DecodeString(param)
+	//if err != nil {
+	//	log.Fatalln(err)
+	//}
+	tokenPlain, err := crypto.DecryptRSABase64(priKey, tokenBytes)
+	if err != nil {
+		log.Fatal(err)
+	}
+	return string(tokenPlain)
+
 	// 使用RSA解密
-	block, _ := pem.Decode([]byte(priKey))
+	//block, _ := pem.Decode([]byte(priKey))
-	if block == nil {
+	//if block == nil {
-		log.Fatal("failed to parse PEM block containing the private key")
+	//	log.Fatal("failed to parse PEM block containing the private key")
-	}
+	//}
-	privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
+	//privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
-	if err != nil {
+	//if err != nil {
-		log.Fatal(err)
+	//	log.Fatal(err)
-	}
+	//}
-	paramData := []byte(param)
+	//paramData := []byte(param)
-	plaintext, err := rsa.DecryptPKCS1v15(nil, privateKey, paramData)
+	//plaintext, err := rsa.DecryptPKCS1v15(nil, privateKey, paramData)
-	if err != nil {
+	//if err != nil {
-		log.Fatal(err)
+	//	log.Fatal(err)
-	}
+	//}
-	return string(plaintext)
+	//return string(plaintext)
 }
 
 func encryptResult(content string, token string) string {
-	key := []byte(token)
+	result := crypto.EncryptAES([]byte(token), []byte(content))
-	plaintext := []byte(content)
+	return base64.StdEncoding.EncodeToString(result)
 
-	block, err := des.NewCipher(key)
+	//key := []byte(token)
-	if err != nil {
+	//plaintext := []byte(content)
-		log.Fatal(err)
+	//
-	}
+	//block, err := des.NewCipher(key)
-
+	//if err != nil {
-	plaintext = pad(plaintext, block.BlockSize())
+	//	log.Fatal(err)
-
+	//}
-	iv := make([]byte, block.BlockSize())
+	//
-	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
+	//plaintext = pad(plaintext, block.BlockSize())
-		log.Fatal("Error generating random IV:", err)
+	//
-	}
+	//iv := make([]byte, block.BlockSize())
-	mode := cipher.NewCBCEncrypter(block, iv)
+	//if _, err := io.ReadFull(rand.Reader, iv); err != nil {
-
+	//	log.Fatal("Error generating random IV:", err)
-	ciphertext := make([]byte, len(plaintext))
+	//}
-	mode.CryptBlocks(ciphertext, plaintext)
+	//mode := cipher.NewCBCEncrypter(block, iv)
-
+	//
-	return base64.StdEncoding.EncodeToString(ciphertext)
+	//ciphertext := make([]byte, len(plaintext))
+	//mode.CryptBlocks(ciphertext, plaintext)
+	//
+	//return base64.StdEncoding.EncodeToString(ciphertext)
 }
 
 func pad(src []byte, blockSize int) []byte {

test/encrypt_test.go

@@ -1,6 +1,7 @@
 package test
 
 import (
+	"acme-mana/src/crypto"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/x509"
@@ -20,12 +21,43 @@ func TestGenRsa(t *testing.T) {
 		log.Fatal(err)
 	}
 	pubKey := base64.StdEncoding.EncodeToString(publicKeyBytes)
-	//publicKey := &privateKey.PublicKey
-	//publicKeyBytes := x509.MarshalPKCS1PublicKey(publicKey)
-	//pubKey := base64.StdEncoding.EncodeToString(publicKeyBytes)
 	key := x509.MarshalPKCS1PrivateKey(privateKey)
 	priKey := base64.StdEncoding.EncodeToString(key)
 	fmt.Println(pubKey)
 	fmt.Println()
 	fmt.Println(priKey)
 }
+
+func TestAesEncrypt(t *testing.T) {
+	key := []byte("12345678901234561234567890123456")
+	encryptd := crypto.EncryptAES(key, []byte("hello"))
+	fmt.Println(base64.StdEncoding.EncodeToString(encryptd))
+	content := crypto.DecryptAES(key, encryptd)
+	fmt.Println(string(content))
+}
+
+func TestRSA(t *testing.T) {
+	priKey, pubKey, err := crypto.GenRSA()
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Println("---- pri key ---")
+	fmt.Println(priKey)
+	fmt.Println("---- pub key ---")
+	fmt.Println(pubKey)
+	fmt.Println("---- encrypt ---")
+
+	content := "hello"
+	encrypted, err := crypto.EncryptRSABase64(pubKey, []byte(content))
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Println(base64.StdEncoding.EncodeToString(encrypted))
+	fmt.Println("---- decrypt ---")
+	decryptd, err := crypto.DecryptRSABase64(priKey, encrypted)
+	if err != nil {
+		log.Fatal(err)
+	}
+	fmt.Println(string(decryptd))
+
+}