/// <summary>
/// 创建账号 pk-证书
/// </summary>
/// <param name="request"></param>
/// <param name="context"></param>
/// <returns></returns>
public override Task <AccountReply> GenerateAccount(AccountRequest request, ServerCallContext context)
{
try
{
var causername = _identityProvider.GetCAUserName();
var capassword = _identityProvider.GetCAPassword();
if (causername != request.Username || capassword != request.Password)
{
return(Task.FromResult(new AccountReply()
{
Status = false,
PravateKey = "账号或用户名错误"
}));
}
//是CA用户则创建账号
var account = RSAHelper.CreateAccount();
var privateKey = account[0];
var publicKey = account[1];
var ca = new Certificate();
ca.TBSCertificate.Version = "1.0";
ca.TBSCertificate.SerialNumber = Guid.NewGuid().ToString();
ca.TBSCertificate.Signature = "RSA";
ca.TBSCertificate.NotBefore = DateTime.Now.Ticks;
ca.TBSCertificate.NotAfter = DateTime.Now.AddYears(3).Ticks;
ca.TBSCertificate.Subject = request.AccountName;
ca.TBSCertificate.PublicKey = publicKey;
//如果不是创建peer节点的根证书 则需要验证peer节点的身份
if (request.AccountType != "0")
{
var identity = _identityProvider.GetPeerIdentity();
if (!identity.Valid())
{
throw new Exception("身份校验失败");
}
}
//根据账号类型生成证书 跟证书是自签名,其他是根证书签名
switch (request.AccountType)
{
case "0":
ca.TBSCertificate.CAType = CAType.Peer;
ca.TBSCertificate.Issuer = request.AccountName;
ca.SignatureValue = RSAHelper.SignData(privateKey, ca.TBSCertificate);
break;
case "1":
ca.TBSCertificate.Issuer = _identityProvider.GetPeerIdentity().GetPublic().Certificate.TBSCertificate.Subject;
ca.TBSCertificate.CAType = CAType.Admin;
ca.SignatureValue = RSAHelper.SignData(_identityProvider.GetPrivateKey(), ca.TBSCertificate);
break;
case "2":
ca.TBSCertificate.Issuer = _identityProvider.GetPeerIdentity().GetPublic().Certificate.TBSCertificate.Subject;
ca.TBSCertificate.CAType = CAType.User;
ca.SignatureValue = RSAHelper.SignData(_identityProvider.GetPrivateKey(), ca.TBSCertificate);
break;
case "3":
ca.TBSCertificate.Issuer = _identityProvider.GetPeerIdentity().GetPublic().Certificate.TBSCertificate.Subject;
ca.TBSCertificate.CAType = CAType.Reader;
ca.SignatureValue = RSAHelper.SignData(_identityProvider.GetPrivateKey(), ca.TBSCertificate);
break;
default:
break;
}
return(Task.FromResult(new AccountReply()
{
Status = true,
Certificate = Newtonsoft.Json.JsonConvert.SerializeObject(ca),
PravateKey = privateKey
}));
}
catch (Exception ex)
{
_logger.LogError(ex, ex.Message);
return(Task.FromResult(new AccountReply()
{
Status = false,
PravateKey = ex.Message
}));
}
}
