feat: add LoadRSACrt

feat: logger trace-value 的格式

.gitignore

@@ -1,3 +1,5 @@
 .idea
 .vscode
-.DS_Store
+.DS_Store
+
+xtest

database/db/new_test.go

@@ -5,21 +5,21 @@ import (
 )
 
 func TestNew(t *testing.T) {
-	//mdb, err := New(WithMysql("127.0.0.1", 3306, "root", "MyPassw0rd", "mydb"))
+	mdb, err := New(WithMysql("127.0.0.1", 2881, "yizhi@test", "yizhi", "mie"))
-	//if err != nil {
+	if err != nil {
-	//	t.Fatal(err)
+		t.Fatal(err)
-	//}
+	}
-	//
+
-	//type User struct {
+	type User struct {
-	//	Id       uint64 `gorm:"primaryKey"`
+		Id       uint64 `gorm:"primaryKey"`
-	//	Username string `gorm:"unique"`
+		Username string `gorm:"unique"`
-	//}
+	}
-	//
+
-	//if err = mdb.Session(t.Context()).AutoMigrate(&User{}); err != nil {
+	if err = mdb.Session(t.Context()).AutoMigrate(&User{}); err != nil {
-	//	t.Fatal(err)
+		t.Fatal(err)
-	//}
+	}
-	//
+
-	//if err = mdb.Session(t.Context()).Create(&User{Username: "zyp"}).Error; err != nil {
+	if err = mdb.Session(t.Context()).Create(&User{Username: "zyp"}).Error; err != nil {
-	//	t.Fatal(err)
+		t.Fatal(err)
-	//}
+	}
 }

database/db/option.go

@@ -3,6 +3,8 @@ package db
 import (
 	"context"
 	"fmt"
+
+	"gitea.loveuer.com/yizhisec/packages/logger"
 )
 
 type config struct {
@@ -25,6 +27,7 @@ func WithCtx(ctx context.Context) OptionFn {
 func WithMysql(host string, port int, user string, password string, database string) OptionFn {
 	return func(c *config) {
 		dsn := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8mb4&parseTime=True&loc=Local", user, password, host, port, database)
+		logger.Debug("db init with mysql, dsn: %s", dsn)
 		c.mysql = &dsn
 	}
 }
@@ -32,6 +35,7 @@ func WithMysql(host string, port int, user string, password string, database str
 func WithPg(host string, port int, user string, password string, database string) OptionFn {
 	return func(c *config) {
 		dsn := fmt.Sprintf("host=%s user=%s password=%s dbname=%s port=%d sslmode=disable TimeZone=Asia/Shanghai", host, user, password, database, port)
+		logger.Debug("db init with pg, dsn: %s", dsn)
 		c.pg = &dsn
 	}
 }
@@ -39,6 +43,7 @@ func WithPg(host string, port int, user string, password string, database string
 func WithSqlite(path string) OptionFn {
 	return func(c *config) {
 		if path != "" {
+			logger.Debug("db init with sqlite, path: %s", path)
 			c.sqlite = &path
 		}
 	}

logger/ctx.go

@@ -2,17 +2,20 @@ package logger
 
 import (
 	"context"
-	"gitea.loveuer.com/yizhisec/packages/opt"
 	uuid2 "github.com/google/uuid"
 )
 
+type _traceId struct{}
+
+var TraceId = _traceId{}
+
 func traceId(ctx context.Context) string {
 	if ctx == nil {
 		uuid, _ := uuid2.NewV7()
 		return uuid.String()
 	}
 
-	if id, _ := ctx.Value(opt.TraceKey).(string); id != "" {
+	if id, _ := ctx.Value(TraceId).(string); id != "" {
 		return id
 	}
 
@@ -21,30 +24,30 @@ func traceId(ctx context.Context) string {
 }
 
 func DebugCtx(ctx context.Context, msg string, data ...any) {
-	msg = "[" + traceId(ctx) + "] " + msg
+	msg = traceId(ctx) + " | " + msg
 	DefaultLogger.Debug(msg, data...)
 }
 func InfoCtx(ctx context.Context, msg string, data ...any) {
-	msg = "[" + traceId(ctx) + "] " + msg
+	msg = traceId(ctx) + " | " + msg
 	DefaultLogger.Info(msg, data...)
 }
 
 func WarnCtx(ctx context.Context, msg string, data ...any) {
-	msg = "[" + traceId(ctx) + "] " + msg
+	msg = traceId(ctx) + " | " + msg
 	DefaultLogger.Warn(msg, data...)
 }
 
 func ErrorCtx(ctx context.Context, msg string, data ...any) {
-	msg = "[" + traceId(ctx) + "] " + msg
+	msg = traceId(ctx) + " | " + msg
 	DefaultLogger.Error(msg, data...)
 }
 
 func PanicCtx(ctx context.Context, msg string, data ...any) {
-	msg = "[" + traceId(ctx) + "] " + msg
+	msg = traceId(ctx) + " | " + msg
 	DefaultLogger.Panic(msg, data...)
 }
 
 func FatalCtx(ctx context.Context, msg string, data ...any) {
-	msg = "[" + traceId(ctx) + "] " + msg
+	msg = traceId(ctx) + " | " + msg
 	DefaultLogger.Fatal(msg, data...)
 }

logger/ctx_test.go

@@ -2,7 +2,6 @@ package logger
 
 import (
 	"context"
-	"gitea.loveuer.com/yizhisec/packages/opt"
 	"testing"
 )
 
@@ -11,7 +10,7 @@ func TestCtxLog(t *testing.T) {
 	InfoCtx(nil, "hello %s", "world")
 	WarnCtx(context.Background(), "hello %s", "world")
 	ctx := context.Background()
-	ctx = context.WithValue(ctx, opt.TraceKey, "value")
+	ctx = context.WithValue(ctx, TraceId, "value")
 	SetLogLevel(LogLevelDebug)
 	DebugCtx(ctx, "hello %s", "world")
 	ErrorCtx(ctx, "hello %s", "world")

middlewares/logger/logger.go

@@ -2,17 +2,21 @@ package logger
 
 import (
 	"fmt"
-	"gitea.loveuer.com/yizhisec/packages/logger"
-	"gitea.loveuer.com/yizhisec/packages/opt"
-	"gitea.loveuer.com/yizhisec/packages/tool"
-	"github.com/gin-gonic/gin"
 	"strings"
 	"sync"
 	"time"
+
+	"gitea.loveuer.com/yizhisec/packages/opt"
+	"gitea.loveuer.com/yizhisec/packages/tool"
+	"github.com/fatih/color"
+	"github.com/gin-gonic/gin"
+)
+
+const (
+	defaultTrace = "                   middleware-logger"
 )
 
 var (
-	defaultTrace      = "middleware-logger"
 	stringBuilderPool = sync.Pool{
 		New: func() interface{} {
 			return &strings.Builder{}
@@ -36,39 +40,42 @@ func New() gin.HandlerFunc {
 
 		c.Next()
 
-		status := c.Writer.Status()
+		var (
+			status string
+		)
+
+		_status := c.Writer.Status()
 		duration := time.Since(start)
 
-		var logFn func(msg string, data ...any)
 		switch {
-		case status >= 500:
+		case _status >= 500:
-			logFn = logger.Error
+			status = color.RedString("%3d", _status)
-		case status >= 400:
+		case _status >= 400:
-			logFn = logger.Warn
+			status = color.YellowString("%3d", _status)
 		default:
-			logFn = logger.Info
+			status = color.GreenString("%3d", _status)
 		}
 
-		if logFn != nil {
+		b := stringBuilderPool.Get().(*strings.Builder)
-			b := stringBuilderPool.Get().(*strings.Builder)
+		b.Reset()
-			b.Reset()
 
-			b.WriteString("[")
+		b.WriteString("GIN   | ")
-			b.WriteString(fmt.Sprintf("%36s", trace))
+		b.WriteString(start.Format("2006-01-02T15:04:05"))
-			b.WriteString("] | ")
+		b.WriteString(" | ")
-			b.WriteString(fmt.Sprintf("%3d", status))
+		b.WriteString(trace)
-			b.WriteString(" | ")
+		b.WriteString(" | ")
-			b.WriteString(fmt.Sprintf("%15s", ip))
+		b.WriteString(status)
-			b.WriteString(" | ")
+		b.WriteString(" | ")
-			b.WriteString(tool.HumanDuration(duration.Nanoseconds()))
+		b.WriteString(fmt.Sprintf("%15s", ip))
-			b.WriteString(" | ")
+		b.WriteString(" | ")
-			b.WriteString(c.Request.Method)
+		b.WriteString(tool.HumanDuration(duration.Nanoseconds()))
-			b.WriteString(" | ")
+		b.WriteString(" | ")
-			b.WriteString(c.Request.RequestURI)
+		b.WriteString(c.Request.Method)
+		b.WriteString(" | ")
+		b.WriteString(c.Request.RequestURI)
 
-			logFn(b.String())
+		fmt.Println(b.String())
 
-			stringBuilderPool.Put(b)
+		stringBuilderPool.Put(b)
-		}
 	}
 }

middlewares/logger/logger_test.go

@@ -2,10 +2,12 @@ package logger
 
 import (
 	"errors"
-	"github.com/gin-gonic/gin"
 	"net/http"
 	"testing"
 	"time"
+
+	"gitea.loveuer.com/yizhisec/packages/logger"
+	"github.com/gin-gonic/gin"
 )
 
 func TestLogger(t *testing.T) {
@@ -20,6 +22,7 @@ func TestLogger(t *testing.T) {
 		c.JSON(400, gin.H{"hello": "world"})
 	})
 	app.GET("/500", func(c *gin.Context) {
+		logger.ErrorCtx(c.Request.Context(), "oops")
 		c.JSON(500, gin.H{"hello": "world"})
 	})
 

resp/resp.go

@@ -30,6 +30,18 @@ func R200(c *gin.Context, data any, msgs ...string) {
 	c.AbortWithStatusJSON(200, r)
 }
 
+func RC(c *gin.Context, status int, args ...any) {
+	code := 1
+	if status != 200 {
+		code = -1
+	}
+
+	_r(c, &res{
+		Status: status,
+		Code:   code,
+	}, args...)
+}
+
 func RE(c *gin.Context, err error) {
 	var re *Error
 
@@ -68,11 +80,7 @@ H4:
 		r.Code = code
 	}
 H3:
-	if es, ok := args[2].(error); ok {
+	r.Err = args[2]
-		r.Err = es.Error()
-	} else {
-		r.Err = args[2]
-	}
 H2:
 	r.Data = args[1]
 H1:
@@ -86,6 +94,10 @@ END:
 		r.Msg = Msg(r.Status)
 	}
 
+	if ce, ok := r.Err.(error); ok {
+		r.Err = ce.Error()
+	}
+
 	c.AbortWithStatusJSON(r.Status, r)
 }
 

tool/aes_test.go

@@ -8,7 +8,7 @@ import (
 func TestAes(t *testing.T) {
 	key := os.Getenv("AES_KEY")
 
-	name := "admin"
+	name := "YizhiSEC@123"
 	res, err := AesEncrypt([]byte(name), []byte(key))
 	if err != nil {
 		t.Fatal(err)
@@ -23,3 +23,14 @@ func TestAes(t *testing.T) {
 
 	t.Logf("raw = %s", string(raw))
 }
+
+func TestDecrypt(t *testing.T) {
+	key := os.Getenv("AES_KEY")
+	enc := "2hurNK+0+b9lEO2hNAkc+TzVx7KH7S0/mRt7mWBJiFA="
+
+	raw, err := AesDecrypt(enc, []byte(key))
+	if err != nil {
+		t.Fatal(err)
+	}
+	t.Logf("raw = %s", string(raw))
+}

tool/rsa.go

@@ -0,0 +1,255 @@
+package tool
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/base64"
+	"encoding/pem"
+	"errors"
+	"fmt"
+)
+
+// 通用RSA加密方法（支持选择填充方式）
+func rsaEncrypt(data []byte, publicKey *rsa.PublicKey, useOAEP bool) ([]byte, error) {
+	if len(data) == 0 {
+		return nil, errors.New("input data is empty")
+	}
+
+	if useOAEP {
+		// 使用OAEP填充（更安全）
+		hash := sha256.New()
+		return rsa.EncryptOAEP(hash, rand.Reader, publicKey, data, nil)
+	} else {
+		// 使用PKCS1v15填充（兼容旧系统）
+		return rsa.EncryptPKCS1v15(rand.Reader, publicKey, data)
+	}
+}
+
+// 方法1：通过tls.Config加密
+func RSAEncrypt(data []byte, cfg *tls.Config) (string, error) {
+	// 验证参数
+	if len(data) == 0 {
+		return "", errors.New("input data is empty")
+	}
+	if cfg == nil {
+		return "", errors.New("TLS config is nil")
+	}
+
+	// 获取第一个证书
+	if len(cfg.Certificates) == 0 {
+		return "", errors.New("no certificates found in TLS config")
+	}
+	cert := cfg.Certificates[0]
+
+	// 获取RSA公钥
+	rsaPublicKey, ok := cert.Leaf.PublicKey.(*rsa.PublicKey)
+	if !ok {
+		return "", errors.New("certificate does not contain RSA public key")
+	}
+
+	// 加密（无分块，适用于小数据）
+	encrypted, err := rsaEncrypt(data, rsaPublicKey, true)
+	if err != nil {
+		return "", fmt.Errorf("encryption failed: %w", err)
+	}
+
+	return base64.StdEncoding.EncodeToString(encrypted), nil
+}
+
+// 方法2：通过证书PEM加密（支持分块）
+func RSAEncryptByCert(data, cert []byte) (string, error) {
+	// 解析PEM证书
+	block, _ := pem.Decode(cert)
+	if block == nil || block.Type != "CERTIFICATE" {
+		return "", errors.New("failed to parse certificate PEM")
+	}
+
+	// 解析X.509证书
+	crt, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return "", fmt.Errorf("failed to parse certificate: %w", err)
+	}
+
+	// 获取RSA公钥
+	publicKey, ok := crt.PublicKey.(*rsa.PublicKey)
+	if !ok {
+		return "", errors.New("certificate does not contain RSA public key")
+	}
+
+	// 计算最大分块大小
+	keySize := publicKey.Size()
+	maxChunk := 0
+
+	maxChunk = keySize - 42 // OAEP填充
+
+	// 不需要分块的情况
+	if len(data) <= maxChunk {
+		encrypted, err := rsaEncrypt(data, publicKey, true)
+		if err != nil {
+			return "", err
+		}
+		return base64.StdEncoding.EncodeToString(encrypted), nil
+	}
+
+	// 需要分块的情况
+	var encrypted []byte
+	for i := 0; i < len(data); i += maxChunk {
+		end := i + maxChunk
+		if end > len(data) {
+			end = len(data)
+		}
+
+		chunk, err := rsaEncrypt(data[i:end], publicKey, true)
+		if err != nil {
+			return "", fmt.Errorf("RSA encryption failed: %w", err)
+		}
+		encrypted = append(encrypted, chunk...)
+	}
+
+	return base64.StdEncoding.EncodeToString(encrypted), nil
+}
+
+func rsaDecryptBlock(block []byte, privateKey *rsa.PrivateKey, useOAEP bool) ([]byte, error) {
+	if useOAEP {
+		// Use OAEP with SHA-256
+		return rsa.DecryptOAEP(
+			sha256.New(),
+			rand.Reader,
+			privateKey,
+			block,
+			nil,
+		)
+	} else {
+		// Use PKCS1v15 for backward compatibility
+		return rsa.DecryptPKCS1v15(
+			rand.Reader,
+			privateKey,
+			block,
+		)
+	}
+}
+
+func RSADecrypt(encryptedBase64 string, cfg *tls.Config) ([]byte, error) {
+	// Validate inputs
+	if encryptedBase64 == "" {
+		return nil, errors.New("encrypted data is empty")
+	}
+	if cfg == nil {
+		return nil, errors.New("TLS config is nil")
+	}
+	if len(cfg.Certificates) == 0 {
+		return nil, errors.New("no certificates found in TLS config")
+	}
+
+	// Decode base64 string
+	encryptedData, err := base64.StdEncoding.DecodeString(encryptedBase64)
+	if err != nil {
+		return nil, fmt.Errorf("base64 decoding failed: %w", err)
+	}
+
+	// Get private key from first certificate
+	privateKey, ok := cfg.Certificates[0].PrivateKey.(*rsa.PrivateKey)
+	if !ok {
+		return nil, errors.New("failed to get RSA private key from TLS config")
+	}
+
+	// Determine block size for decryption
+	blockSize := privateKey.Size()
+	if len(encryptedData)%blockSize != 0 {
+		return nil, fmt.Errorf("invalid encrypted data size. Expected multiple of %d, got %d",
+			blockSize, len(encryptedData))
+	}
+
+	// Handle single block decryption
+	if len(encryptedData) == blockSize {
+		return rsaDecryptBlock(encryptedData, privateKey, true)
+	}
+
+	// Handle multi-block decryption
+	var decrypted []byte
+	for i := 0; i < len(encryptedData); i += blockSize {
+		end := i + blockSize
+		block := encryptedData[i:end]
+
+		decryptedBlock, err := rsaDecryptBlock(block, privateKey, true)
+		if err != nil {
+			return nil, fmt.Errorf("block decryption failed at offset %d: %w", i, err)
+		}
+
+		decrypted = append(decrypted, decryptedBlock...)
+	}
+
+	return decrypted, nil
+}
+
+func LoadRSACertificate(pubKeyBytes, priKeyBytes []byte) (*rsa.PublicKey, *rsa.PrivateKey, error) {
+	var (
+		err    error
+		pubKey *rsa.PublicKey
+		priKey *rsa.PrivateKey
+	)
+
+	if len(pubKeyBytes) == 0 && len(priKeyBytes) == 0 {
+		return nil, nil, errors.New("both public and private key bytes are empty")
+	}
+
+	if len(pubKeyBytes) > 0 {
+		pubKey, err = parsePublicKey(pubKeyBytes)
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+
+	if len(priKeyBytes) > 0 {
+		priKey, err = parsePrivateKey(priKeyBytes)
+		if err != nil {
+			return nil, nil, err
+		}
+	}
+
+	return pubKey, priKey, nil
+}
+
+func parsePublicKey(pubKeyBytes []byte) (*rsa.PublicKey, error) {
+	block, _ := pem.Decode(pubKeyBytes)
+	if block == nil {
+		return nil, errors.New("failed to decode public key")
+	}
+
+	pubKey, err := x509.ParsePKIXPublicKey(block.Bytes)
+	if err != nil {
+		return nil, err
+	}
+
+	rsaPubKey, ok := pubKey.(*rsa.PublicKey)
+	if !ok {
+		return nil, errors.New("not an RSA public key")
+	}
+
+	return rsaPubKey, nil
+}
+
+func parsePrivateKey(priKeyBytes []byte) (*rsa.PrivateKey, error) {
+	block, _ := pem.Decode(priKeyBytes)
+	if block == nil {
+		return nil, errors.New("failed to decode private key")
+	}
+
+	priKey, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+	if err != nil {
+		priKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	rsaPriKey, ok := priKey.(*rsa.PrivateKey)
+	if !ok {
+		return nil, errors.New("not an RSA private key")
+	}
+
+	return rsaPriKey, nil
+}

tool/rsa_test.go

@@ -0,0 +1,62 @@
+package tool
+
+import "testing"
+
+func TestRSA(t *testing.T) {
+	var (
+		crt, key string
+	)
+
+	cfg, err := LoadTLSConfig(StringToBytes(crt), StringToBytes(key))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	raw := []byte("admin")
+	enc, err := RSAEncrypt(raw, cfg)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Logf("Encrypted data: %s", enc)
+
+	org, err := RSADecrypt(enc, cfg)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Logf("Decrypted data: %s", string(org))
+
+	enc2, err := RSAEncryptByCert(raw, []byte(crt))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	org2, err := RSADecrypt(enc2, cfg)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if string(org) != string(org2) {
+		t.Fatalf("Original and decrypted data don't match, org1 = %s, org2 = %s", org, org2)
+	}
+}
+
+func TestLoadRSACertificate(t *testing.T) {
+	const (
+		pubKey = `-----BEGIN PUBLIC KEY-----
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAwJZyF1WhhsmtDpTfmvGnGIcLHIK/QLYV7Xy3O7Cwb28fxcbHw7z+1WHdbE65QxIAUvh9niR8EzAZyLOD2ZOrXdKyz4cZ48YjisNeGxf2x61uX0Ao6JZsbNjyp3NJCcyLmenDO8BCzPaj1UJ6nkDO53/W494UJ8nKVB726JCWdBCKSijOWutBvxYqC1bZHs/etQ8KwWPiBiEthV/6hHnlzm9oGfKfHapB6eNTtzKjrl39cuKwZwlbDo3R2Xe8bK8ATwkCbGq2EGdWuNKt94dPVH8f+RhqkEdnR4mJrTFVNifWLcPi2dTNCaP8Q87KlI4dnzyq0uo3gS9U7bvIVSH6HhhmwLN33WzZsUnQ+laVTZqOmwuNZosc8BQ4k2Bu+w4ZobjkY7dTJDG+JHuMKH9W9zzu5eF/1oVA9zd6Gi1nYo/G+y/UaaBLXdqaQijZFQHmRWGI+rvKN0tl6Ruw1pFjvrEd/kBYpfIl5BIPX2D0ElSTfXACjb4TcEoMGMGjbr6awjzb0X6Z6hVzuWN1oJcaMFat0VInNdjiG7o6EvgW3DKiSWiRaRAxaF+d1pp7wIRipLKQbp9VCp8OPAVXLRuma4R/VDqpVt53i0tJGBbR+ICixdKUp6hszOgup0DClSLSwQv30SXEWcJSPf+x1Y1kdS9XytqkJwuyO7IirFAZXZ0CAwEAAQ==
+-----END PUBLIC KEY-----`
+		priKey = `-----BEGIN RSA PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDAlnIXVaGGya0OlN+a8acYhwscgr9AthXtfLc7sLBvbx/FxsfDvP7VYd1sTrlDEgBS+H2eJHwTMBnIs4PZk6td0rLPhxnjxiOKw14bF/bHrW5fQCjolmxs2PKnc0kJzIuZ6cM7wELM9qPVQnqeQM7nf9bj3hQnycpUHvbokJZ0EIpKKM5a60G/FioLVtkez961DwrBY+IGIS2FX/qEeeXOb2gZ8p8dqkHp41O3MqOuXf1y4rBnCVsOjdHZd7xsrwBPCQJsarYQZ1a40q33h09Ufx/5GGqQR2dHiYmtMVU2J9Ytw+LZ1M0Jo/xDzsqUjh2fPKrS6jeBL1Ttu8hVIfoeGGbAs3fdbNmxSdD6VpVNmo6bC41mixzwFDiTYG77DhmhuORjt1MkMb4ke4wof1b3PO7l4X/WhUD3N3oaLWdij8b7L9RpoEtd2ppCKNkVAeZFYYj6u8o3S2XpG7DWkWO+sR3+QFil8iXkEg9fYPQSVJN9cAKNvhNwSgwYwaNuvprCPNvRfpnqFXO5Y3WglxowVq3RUic12OIbujoS+BbcMqJJaJFpEDFoX53WmnvAhGKkspBun1UKnw48BVctG6ZrhH9UOqlW3neLS0kYFtH4gKLF0pSnqGzM6C6nQMKVItLBC/fRJcRZwlI9/7HVjWR1L1fK2qQnC7I7siKsUBldnQIDAQABAoICABLWJC6YF4Zhb2W/tecnv5osiy+sshwYMyjZS+qwq3Eaw1bKzHsenyYrvkZ7pK8ksZdr6o1vMBuIVt1EgZ7kTJyOoSKfKi8XEB7gYPHxdBevpN34HogxPkWfKoyqP/iPYxAYxxmvAlmdvgR7zhZwbExEOrZq4DnMCNgVdzzj93M+sufx+cz2uaWA+3fEdNQIrNW0tO6ZYGANGrCy5IPUkF+SkfIHwvxZzLydmXCPqWbClqmH9oz9Y0SXJnFIvss6iqMwVGZaQZh1IwxMvus49s9i57OrabDW6wkaMLcZ3iW/27j6MdPwdmV8/o17SmEhTVBn1KVwdyFRidL+zOdWvWnMrFL2uS69lbyM3Zk2e7hEAkViVcdIy5UfJfC/OthUXWvuiMS6UJtZFz62p2Knd8rH4qVRk3k+RNuS/jAhptgLmNuXsqV0IWGUNumr4Kl4IaoHms6U3zXTr2kCsYxIXmpbRr+Rzx07Q+nYi1Swtrq2/CIZaCnU3TIyvEQsxEWdT1ay0JFn+U+uxD29am5sKxKBa7RJLvy4mM61XtP1UCtyoPRJCMqtX5KeACVtpzkvuOgzc5SBdmQTvfhRdWSX2NGQuAFoXumEl7h0m8yG/rztw+TfJnfxH1znQ5RriqTk0usk/b2W5xin9yqgdM2w4mYVxhuuzNdXaXm4my6v2juBAoIBAQDnYaWTiia6AwLP7mLsQ+QByrnzXf447CMjzBWaCdNINjHAyiwDOay9foG3eX70+qpSx92V5NZkKFQFWuDHV0SLgIxp36YUYMODzxFSwLgzHjZwJCcNKKumtCjX6Y2JdQTuFN2rwcuI1y0L3uMFVmv86+01KcbijkgHAmEypfGBuSCpzmO4+tmjdvahn8qoml93ivRUimjUvTwE4iVm/zpvG2xLF7kZfSG/NaaEkYRz4T42Vx/JLrpdbyBqrqmqP1yeM3ufBAdiG1baK4stnpKczMSB4Ph4iWXCCWAZGmT6D/haYcg3LH5JkpSpOytW/W+TqHk850zJAcNuo8q/IDaRAoIBAQDVFCMSBkG7C/PxiD/ea1eOR7KVOSrfxlSJveNozDZDEBNlQ4rj5DQNL5a1c6iMQn2mwr2u29ORt1sTD10wbYDic6yng51Vzrzw7uZH+9+IIGTWhbpf4eWgfc3rVZV5kSmt54vALH9rGVBdw/dItWVBalXwePT7/QHsrKBGC9n9V6+0ygFcE9sBcjypETB8dSpkXBDLUfYrJFesfu8UKZLLlAGyzIeKTbdtaobq/vf5GSqQhVnRUkNkIC8JYHbF7xvwDuVz71v3UYoighFkZc1jXSDnc+Z6Hr/JElwyej4UKRr4ACp0Mm71cOGBTKUIeHnR1R8ZSKDmZp6uLD0P27RNAoIBAB3ZzCm/rgVbdBZtU9fVXmoYxGqwWqbvWA07PCI2WEq9qyeLLahw3WdJFeUcyJNEb4rkfCLldf9P8J8MPWmaSZ6RxAu4rc19Olwb78k0Uc9Oe4l2MI+TCqokHgzU9cyhCzTH/l01UFPkJsycQb+jiaUErwKn1B/QaVx2IyIMpJ6uypb9qIHp4wAizejGG7gqylw60hDCFoozq7WZk2e5T8mbyRnbAqdWLG9ltYju2R62FXefP9uNqr95Ib6BsCPlrsY+MBmwxF8U1dypt3f4OEQAau2yn3u1hipFWV+DtzlHrCvE57auh9BoF8PJfWrooWd0WcfQs2hPUO5KNVL5DfECggEBALKM1jpzXb8ka/04Y/S4VD0YnW/n4KJ1aj+mDBq0DMAzh10ytP70Kh3mg853JYSq7um/g/0znd0cHUgidr9u8zJPJh2U71GJFNB8ECG/0Pcb1gPhOWTBQY8z/Eq4g7HDz343aebWIsuXAb4gyWV3A2tGdM82PGuv/l3Z5c/sfHWLdePz5iHHTZyvol811UBlWemRME1/190c7g7QqvxlPeozkxzFwMpHB267dmUS1K46xW0nITWDTo9nXKLp331LOUj24pU8vP7IqAz0myhbGjmqPzlT6IzqmWEfbnyp7L0uGLg6Q1jtLgej2INlu2EWu1X21cF1F8cZtNxUm7JfM30CggEBAJf3zw8wY4I6zuJvnb1d8YLLiLygUsxC8Iw7XeDc8H8oeQUf367QuHJWM9r0/t8eFr/7ym521ECdoXTBeu3rFpOIOxL0rNKgkMBQ9YX7XLGKtrpQTsiQ5amPMZ0ULHLYa+WNRYfka4o4kN8VSCvCoToDZJeM1V48+wvzGithAPXtDUEfH6XPE0XYCrlfqmtVx/M9hAu/8jxsTLrEb4Zih/mYd5xk4wVfiF1YMmCesmKkxRKO8VL5t3VwCWbRqzKYlTsgqX+Q/w9U/rvzUzHiheXohLsCnrAEEeaAF7bGVVDPN4U4aU3HFLvfsNDTIVFuS9q7TIxV8dWBPcSANGB0f7U=
+-----END RSA PRIVATE KEY-----`
+	)
+
+	pub, pri, err := LoadRSACertificate(StringToBytes(pubKey), StringToBytes(priKey))
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Logf("Public Key: %#v", pub)
+	t.Logf("Private Key: %#v", pri)
+}

tool/tls.go

@@ -0,0 +1,131 @@
+package tool
+
+import (
+	"bytes"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/pem"
+	"math/big"
+	"net"
+	"time"
+)
+
+func GenerateTlsConfig() (serverTLSConf *tls.Config, clientTLSConf *tls.Config, err error) {
+	ca := &x509.Certificate{
+		SerialNumber: big.NewInt(2019),
+		Subject: pkix.Name{
+			Organization:  []string{"Company, INC."},
+			Country:       []string{"US"},
+			Province:      []string{""},
+			Locality:      []string{"San Francisco"},
+			StreetAddress: []string{"Golden Gate Bridge"},
+			PostalCode:    []string{"94016"},
+		},
+		NotBefore:             time.Now(),
+		NotAfter:              time.Now().AddDate(99, 0, 0),
+		IsCA:                  true,
+		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+		KeyUsage:              x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		BasicConstraintsValid: true,
+	}
+	// create our private and public key
+	caPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		return nil, nil, err
+	}
+	// create the CA
+	caBytes, err := x509.CreateCertificate(rand.Reader, ca, ca, &caPrivKey.PublicKey, caPrivKey)
+	if err != nil {
+		return nil, nil, err
+	}
+	// pem encode
+	caPEM := new(bytes.Buffer)
+	pem.Encode(caPEM, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: caBytes,
+	})
+	caPrivKeyPEM := new(bytes.Buffer)
+	pem.Encode(caPrivKeyPEM, &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(caPrivKey),
+	})
+	// set up our server certificate
+	cert := &x509.Certificate{
+		SerialNumber: big.NewInt(2019),
+		Subject: pkix.Name{
+			Organization:  []string{"Company, INC."},
+			Country:       []string{"US"},
+			Province:      []string{""},
+			Locality:      []string{"San Francisco"},
+			StreetAddress: []string{"Golden Gate Bridge"},
+			PostalCode:    []string{"94016"},
+		},
+		IPAddresses:  []net.IP{net.IPv4(127, 0, 0, 1), net.IPv6loopback},
+		NotBefore:    time.Now(),
+		NotAfter:     time.Now().AddDate(10, 0, 0),
+		SubjectKeyId: []byte{1, 2, 3, 4, 6},
+		ExtKeyUsage:  []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth, x509.ExtKeyUsageServerAuth},
+		KeyUsage:     x509.KeyUsageDigitalSignature,
+	}
+	certPrivKey, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		return nil, nil, err
+	}
+	certBytes, err := x509.CreateCertificate(rand.Reader, cert, ca, &certPrivKey.PublicKey, caPrivKey)
+	if err != nil {
+		return nil, nil, err
+	}
+	certPEM := new(bytes.Buffer)
+	pem.Encode(certPEM, &pem.Block{
+		Type:  "CERTIFICATE",
+		Bytes: certBytes,
+	})
+	certPrivKeyPEM := new(bytes.Buffer)
+	pem.Encode(certPrivKeyPEM, &pem.Block{
+		Type:  "RSA PRIVATE KEY",
+		Bytes: x509.MarshalPKCS1PrivateKey(certPrivKey),
+	})
+	serverCert, err := tls.X509KeyPair(certPEM.Bytes(), certPrivKeyPEM.Bytes())
+	if err != nil {
+		return nil, nil, err
+	}
+	serverTLSConf = &tls.Config{
+		Certificates: []tls.Certificate{serverCert},
+	}
+	certpool := x509.NewCertPool()
+	certpool.AppendCertsFromPEM(caPEM.Bytes())
+	clientTLSConf = &tls.Config{
+		RootCAs: certpool,
+	}
+	return
+}
+
+// LoadTLSConfig 从字节数据加载TLS配置
+func LoadTLSConfig(certPEM, keyPEM []byte, caPEMs ...[]byte) (*tls.Config, error) {
+	// 加载客户端证书密钥对
+	cert, err := tls.X509KeyPair(certPEM, keyPEM)
+	if err != nil {
+		return nil, err
+	}
+
+	config := &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		MinVersion:   tls.VersionTLS12, // 设置最低TLS版本
+	}
+
+	// 加载CA证书（如果有）
+	if len(caPEMs) > 0 {
+		pool := x509.NewCertPool()
+		for _, caPEM := range caPEMs {
+			if !pool.AppendCertsFromPEM(caPEM) {
+				return nil, x509.SystemRootsError{}
+			}
+		}
+		config.RootCAs = pool
+	}
+
+	return config, nil
+}