示例#1
0
        /// <summary>
        /// 创建账号 pk-证书
        /// </summary>
        /// <param name="request"></param>
        /// <param name="context"></param>
        /// <returns></returns>
        public override Task <AccountReply> GenerateAccount(AccountRequest request, ServerCallContext context)
        {
            try
            {
                var causername = _identityProvider.GetCAUserName();
                var capassword = _identityProvider.GetCAPassword();
                if (causername != request.Username || capassword != request.Password)
                {
                    return(Task.FromResult(new AccountReply()
                    {
                        Status = false,
                        PravateKey = "账号或用户名错误"
                    }));
                }
                //是CA用户则创建账号
                var account    = RSAHelper.CreateAccount();
                var privateKey = account[0];
                var publicKey  = account[1];
                var ca         = new Certificate();

                ca.TBSCertificate.Version      = "1.0";
                ca.TBSCertificate.SerialNumber = Guid.NewGuid().ToString();
                ca.TBSCertificate.Signature    = "RSA";
                ca.TBSCertificate.NotBefore    = DateTime.Now.Ticks;
                ca.TBSCertificate.NotAfter     = DateTime.Now.AddYears(3).Ticks;
                ca.TBSCertificate.Subject      = request.AccountName;
                ca.TBSCertificate.PublicKey    = publicKey;

                //如果不是创建peer节点的根证书 则需要验证peer节点的身份
                if (request.AccountType != "0")
                {
                    var identity = _identityProvider.GetPeerIdentity();
                    if (!identity.Valid())
                    {
                        throw new Exception("身份校验失败");
                    }
                }

                //根据账号类型生成证书 跟证书是自签名,其他是根证书签名
                switch (request.AccountType)
                {
                case "0":
                    ca.TBSCertificate.CAType = CAType.Peer;
                    ca.TBSCertificate.Issuer = request.AccountName;
                    ca.SignatureValue        = RSAHelper.SignData(privateKey, ca.TBSCertificate);
                    break;

                case "1":
                    ca.TBSCertificate.Issuer = _identityProvider.GetPeerIdentity().GetPublic().Certificate.TBSCertificate.Subject;
                    ca.TBSCertificate.CAType = CAType.Admin;
                    ca.SignatureValue        = RSAHelper.SignData(_identityProvider.GetPrivateKey(), ca.TBSCertificate);
                    break;

                case "2":
                    ca.TBSCertificate.Issuer = _identityProvider.GetPeerIdentity().GetPublic().Certificate.TBSCertificate.Subject;
                    ca.TBSCertificate.CAType = CAType.User;
                    ca.SignatureValue        = RSAHelper.SignData(_identityProvider.GetPrivateKey(), ca.TBSCertificate);
                    break;

                case "3":
                    ca.TBSCertificate.Issuer = _identityProvider.GetPeerIdentity().GetPublic().Certificate.TBSCertificate.Subject;
                    ca.TBSCertificate.CAType = CAType.Reader;
                    ca.SignatureValue        = RSAHelper.SignData(_identityProvider.GetPrivateKey(), ca.TBSCertificate);
                    break;

                default:
                    break;
                }

                return(Task.FromResult(new AccountReply()
                {
                    Status = true,
                    Certificate = Newtonsoft.Json.JsonConvert.SerializeObject(ca),
                    PravateKey = privateKey
                }));
            }
            catch (Exception ex)
            {
                _logger.LogError(ex, ex.Message);
                return(Task.FromResult(new AccountReply()
                {
                    Status = false,
                    PravateKey = ex.Message
                }));
            }
        }