OCT 1. 增加服务端接口签名验证BASE64编码功能

2023-08-15 15:34:54 +08:00 · 2023-08-15 15:34:54 +08:00 · 4a046bd6e2
parent dc9d15267a
commit 4a046bd6e2
5 changed files with 43 additions and 20 deletions
--- a/NetTunnelSDK/crypto/HashDigest.cpp
+++ b/NetTunnelSDK/crypto/HashDigest.cpp
@ -6,6 +6,8 @@
 #include <bcrypt.h>
 #include <wincrypt.h>
 #include <shlwapi.h>
+#include <strsafe.h>
+#include <cppcodec/base64_url_unpadded.hpp>
 #include <spdlog/spdlog.h>

 #pragma comment(lib, "Bcrypt.lib")
@ -271,15 +273,8 @@ int CalcHmacHash(HASH_TYPE type,
    }

    if (outBase64) {
-        DWORD len;
-        if (!CryptBinaryToString(pbHash, cbHash, CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF, outHash, &len)) {
-            SPDLOG_ERROR(TEXT("Error {0} returned by BCryptFinishHash"), status);
-            BCryptCloseAlgorithmProvider(hAlg, 0);
-            BCryptDestroyHash(hHash);
-            HeapFree(GetProcessHeap(), 0, pbHashObject);
-            HeapFree(GetProcessHeap(), 0, pbHash);
-            return -ERR_BCRYPT_FINISHHASH;
-        }
+        using base64 = cppcodec::base64_url_unpadded;
+        StringCbCopy(outHash, 256, base64::encode(pbHash, cbHash).c_str());
    } else {
        binToHexString(outHash, pbHash, cbHash);
    }
--- a/NetTunnelSDK/protocol/protocol.cpp
+++ b/NetTunnelSDK/protocol/protocol.cpp
@ -5,6 +5,7 @@

 #include "globalcfg.h"
 #include "httplib.h"
+#include "misc.h"
 #include "usrerr.h"

 #include <strsafe.h>
@ -95,6 +96,7 @@ template<class T> int CreateProtocolRequest(T *pReqParams, TCHAR **pOutJson) {
    if (!g_httpCtx && lstrlen(GetGlobalCfgInfo()->platformServerUrl) > 0) {
        g_httpCtx = new httplib::Client(GetGlobalCfgInfo()->platformServerUrl);
        if (g_httpCtx) {
+            g_httpCtx->enable_server_certificate_verification(false);
            g_httpCtx->set_connection_timeout(0, 300000);    // 300 milliseconds
            g_httpCtx->set_read_timeout(5, 0);               // 5 seconds
            g_httpCtx->set_write_timeout(5, 0);              // 5 seconds
@ -342,7 +344,6 @@ template<class T1, class T2> int PlatformProtolPostMessage(const TCHAR *pUrlPath
                     lstrlen(GetGlobalCfgInfo()->clientSecret),
                     hashValeu,
                     true) == ERR_SUCCESS) {
-
        if (lstrcmp(typeid(T1).name(), TEXT("class PlatformReqClientCfgParms")) == 0) {
            const auto            *p       = reinterpret_cast<PlatformReqClientCfgParms *>(pReq);
            const httplib::Headers headers = {
--- a/NetTunnelServerApp/NetTunnelServerApp.cpp
+++ b/NetTunnelServerApp/NetTunnelServerApp.cpp
@ -10,12 +10,14 @@ int main() {
    int                 ret;
    //https://xajhuang.com:9276
    //http://172.21.40.39:32549
-    if ((ret = TunnelSDKInitEnv(nullptr, "http://172.21.40.39:32549", nullptr, LOG_DEBUG, true)) != ERR_SUCCESS) {
+    if ((ret = TunnelSDKInitEnv(nullptr, "https://112.17.28.201:1443", nullptr, LOG_DEBUG, true)) != ERR_SUCCESS) {
        wprintf(L"Init SCC SDK Error: %d\n", ret);
        return -1;
    }

-    if (ERR_SUCCESS != (ret = GetUserServerConfigure("tunnel_svr", "asfdafdafdaf", &pSvrCfg))) {
+    EnableVerifySignature("sc-winvdisdk-efa9v12xwtz5eppr", "lh5r8sw6m9m416nm");
+
+    if (ERR_SUCCESS != (ret = GetUserServerConfigure("tunnel_svr", "172.21.97.100", &pSvrCfg))) {
        wprintf(L"GetUserServerConfigure Error: %d\n", ret);
        return -2;
    }
--- a/TestNetTunnelSDK/TestNetTunnelSDK.cpp
+++ b/TestNetTunnelSDK/TestNetTunnelSDK.cpp
@ -2,7 +2,12 @@
 #include "CppUnitTest.h"

 #include "sccsdk.h"
+
+#include <iostream>
 #include <strsafe.h>
+#include <cppcodec/base64_url_unpadded.hpp>
+#include <cppcodec/base64_rfc4648.hpp>
+#include <cppcodec/base64_url.hpp>

 using namespace Microsoft::VisualStudio::CppUnitTestFramework;

@ -11,7 +16,7 @@ TEST_MODULE_INITIALIZE(ModuleInitialize) {
    const TCHAR *path = TEXT(
        "C:\\Users\\HuangXin\\Documents\\development\\visual_studio\\tunnel_windows\\NetTunnelApp\\bin\\Debug");

-    Logger::WriteMessage("In Module Initialize");
+    Logger::WriteMessage("In Module Initialize\n");
    Assert::AreEqual(0,
                     TunnelSDKInitEnv(path,
                                      "http://172.21.40.39:32549",
@ -24,7 +29,7 @@ TEST_MODULE_INITIALIZE(ModuleInitialize) {
 }

 TEST_MODULE_CLEANUP(ModuleCleanup) {
-    Logger::WriteMessage("In Module Cleanup");
+    Logger::WriteMessage("In Module Cleanup\n");
    TunnelSDKUnInit();
 }

@ -192,6 +197,26 @@ public:
        //Assert::AreEqual(RET_OK, SetNetConnectionNetworkCategory());
    }

+    TEST_METHOD(TestBase64UrlEncode) {
+        const std::string src = "iTeBvsuhkSOIoLB/t8qC/dBOu1lhLWwIZ675nF37MwM=";
+        using base64urlunPad = cppcodec::base64_url_unpadded;
+        using base64url = cppcodec::base64_url;
+        using base64 = cppcodec::base64_rfc4648;
+
+        std::string base = base64::encode(src);
+        std::string baseurl = base64url::encode(src);
+        std::string baseunpad = base64urlunPad::encode(src);
+
+        //std::string dbase = base64::decode(base);
+
+
+        //std::cout << base64::encode(pSrc, lstrlen(pSrc)) << std::endl;   
+        //std::string encode = ::encode(pSrc);
+        Logger::WriteMessage("[");
+        Logger::WriteMessage(base64::encode(src).c_str());
+        Logger::WriteMessage("]\n");
+    }
+
    TEST_METHOD(TestUserLogin) {
        PUSER_CLIENT_CONFIG pCfg;
        Assert::AreEqual(RET_OK, GetUserClientConfigure(TEXT("admin"), TEXT("1689189114026041344"), &pCfg));