备份-基础ssl通信

2026-01-23 08:39:07 +08:00
parent ef6b8511b1
commit dbb053a691
625 changed files with 305003 additions and 0 deletions
--- a/generate-and-convert.ps1
+++ b/generate-and-convert.ps1
@@ -0,0 +1,227 @@
+# 一键生成证书并转换为C++代码
+# 使用方法：powershell -ExecutionPolicy Bypass -File .\generate-and-convert.ps1
+
+param(
+    [string]$CertDir = ".\certs",
+    [string]$ServerPass = "MyServerPass123",
+    [string]$ClientPass = "MyClientPass123",
+    [string]$Country = "CN",
+    [string]$State = "Beijing",
+    [string]$City = "Beijing",
+    [string]$Organization = "MyCompany",
+    [string]$OrgUnit = "IT",
+    [string]$ServerCN = "localhost",
+    [string]$ClientCN = "MyClient",
+    [string]$CACN = "MyCA"
+)
+
+Write-Host "=====================================" -ForegroundColor Cyan
+Write-Host "  HP-Socket SSL证书生成工具" -ForegroundColor Cyan
+Write-Host "=====================================" -ForegroundColor Cyan
+Write-Host ""
+
+# 创建证书目录
+if (Test-Path $CertDir) {
+    Write-Host "警告: 目录 $CertDir 已存在" -ForegroundColor Yellow
+    $confirm = Read-Host "是否删除并重新生成? (y/n)"
+    if ($confirm -eq 'y') {
+        Remove-Item -Recurse -Force $CertDir
+    } else {
+        Write-Host "已取消" -ForegroundColor Red
+        exit
+    }
+}
+
+New-Item -ItemType Directory -Force -Path $CertDir | Out-Null
+Push-Location $CertDir
+
+Write-Host "[1/5] 生成CA证书..." -ForegroundColor Green
+
+# 生成CA私钥
+openssl genrsa -out ca-key.pem 4096 2>&1 | Out-Null
+
+# 生成CA证书
+openssl req -new -x509 -days 3650 -key ca-key.pem -out ca-cert.pem `
+    -subj "/C=$Country/ST=$State/L=$City/O=$Organization/OU=$OrgUnit/CN=$CACN" 2>&1 | Out-Null
+
+Write-Host "✓ CA证书生成完成" -ForegroundColor Green
+
+Write-Host "[2/5] 生成服务器证书..." -ForegroundColor Green
+
+# 生成服务器私钥
+openssl genrsa -aes256 -passout pass:$ServerPass -out server-key.pem 2048 2>&1 | Out-Null
+
+# 生成服务器CSR
+openssl req -new -key server-key.pem -passin pass:$ServerPass -out server-csr.pem `
+    -subj "/C=$Country/ST=$State/L=$City/O=$Organization/OU=$OrgUnit/CN=$ServerCN" 2>&1 | Out-Null
+
+# 签发服务器证书
+openssl x509 -req -days 3650 -in server-csr.pem `
+    -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem 2>&1 | Out-Null
+
+Write-Host "✓ 服务器证书生成完成" -ForegroundColor Green
+
+Write-Host "[3/5] 生成客户端证书..." -ForegroundColor Green
+
+# 生成客户端私钥
+openssl genrsa -aes256 -passout pass:$ClientPass -out client-key.pem 2048 2>&1 | Out-Null
+
+# 生成客户端CSR
+openssl req -new -key client-key.pem -passin pass:$ClientPass -out client-csr.pem `
+    -subj "/C=$Country/ST=$State/L=$City/O=$Organization/OU=$OrgUnit/CN=$ClientCN" 2>&1 | Out-Null
+
+# 签发客户端证书
+openssl x509 -req -days 3650 -in client-csr.pem `
+    -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out client-cert.pem 2>&1 | Out-Null
+
+Write-Host "✓ 客户端证书生成完成" -ForegroundColor Green
+
+Write-Host "[4/5] 验证证书..." -ForegroundColor Green
+
+$serverVerify = openssl verify -CAfile ca-cert.pem server-cert.pem 2>&1
+$clientVerify = openssl verify -CAfile ca-cert.pem client-cert.pem 2>&1
+
+if ($serverVerify -like "*OK*" -and $clientVerify -like "*OK*") {
+    Write-Host "✓ 证书验证通过" -ForegroundColor Green
+} else {
+    Write-Host "✗ 证书验证失败" -ForegroundColor Red
+    Write-Host $serverVerify
+    Write-Host $clientVerify
+    Pop-Location
+    exit 1
+}
+
+Write-Host "[5/5] 转换为C++代码..." -ForegroundColor Green
+
+# 读取证书内容
+$serverCert = Get-Content "server-cert.pem" -Raw
+$serverKey = Get-Content "server-key.pem" -Raw
+$clientCert = Get-Content "client-cert.pem" -Raw
+$clientKey = Get-Content "client-key.pem" -Raw
+$caCert = Get-Content "ca-cert.pem" -Raw
+
+# 转换函数
+function Convert-ToCppString {
+    param([string]$content)
+    
+    $lines = $content -split "`n" | ForEach-Object { $_.TrimEnd("`r") }
+    $cppLines = $lines | ForEach-Object { "`t`"$_\n`"" }
+    return ($cppLines -join "`n")
+}
+
+$serverCertCpp = Convert-ToCppString $serverCert
+$serverKeyCpp = Convert-ToCppString $serverKey
+$clientCertCpp = Convert-ToCppString $clientCert
+$clientKeyCpp = Convert-ToCppString $clientKey
+$caCertCpp = Convert-ToCppString $caCert
+
+# 生成C++头文件
+$cppCode = @"
+// ============================================
+// SSL证书配置
+// 自动生成时间: $(Get-Date -Format "yyyy-MM-dd HH:mm:ss")
+// ============================================
+//
+// 证书信息:
+//   CA CN: $CACN
+//   服务器 CN: $ServerCN
+//   客户端 CN: $ClientCN
+//   有效期: 10年
+//
+// 使用说明:
+//   1. 将此文件内容复制到 Server/main.cpp 和 Client/main.cpp 的证书定义部分
+//   2. 服务器使用: g_s_lpszPemCert, g_s_lpszPemKey, g_s_lpszCAPemCert
+//   3. 客户端使用: g_c_lpszPemCert, g_c_lpszPemKey, g_c_lpszCAPemCert
+//   4. 修改密码: g_s_lpszKeyPassword, g_c_lpszKeyPassword
+//
+// ============================================
+
+// CA证书（服务器和客户端共用）
+static const char* g_s_lpszCAPemCert =
+$caCertCpp;
+
+// 服务器证书
+static const char* g_s_lpszPemCert =
+$serverCertCpp;
+
+// 服务器私钥（密码保护）
+static const char* g_s_lpszPemKey =
+$serverKeyCpp;
+
+// 服务器私钥密码
+static const char* g_s_lpszKeyPassword = "$ServerPass";
+
+// ============================================
+
+// CA证书（客户端使用，与服务器相同）
+static const char* g_c_lpszCAPemCert = g_s_lpszCAPemCert;
+
+// 客户端证书
+static const char* g_c_lpszPemCert =
+$clientCertCpp;
+
+// 客户端私钥（密码保护）
+static const char* g_c_lpszPemKey =
+$clientKeyCpp;
+
+// 客户端私钥密码
+static const char* g_c_lpszKeyPassword = "$ClientPass";
+
+// ============================================
+// 配置参数
+// ============================================
+
+// 服务器验证模式：要求客户端提供证书并验证
+static const int g_s_iVerifyMode = SSL_VM_PEER | SSL_VM_FAIL_IF_NO_PEER_CERT;
+
+// 客户端验证模式：验证服务器证书
+static const int g_c_iVerifyMode = SSL_VM_PEER;
+
+// 服务器监听地址和端口
+static const LPCTSTR ADDRESS = _T("0.0.0.0");
+static const USHORT PORT = 5555;
+
+// 客户端连接地址和端口
+static const LPCTSTR DEFAULT_ADDRESS = _T("127.0.0.1");
+static const USHORT DEFAULT_PORT = 5555;
+"@
+
+$cppCode | Out-File -FilePath "certificates.h" -Encoding utf8 -NoNewline
+
+Write-Host "✓ C++代码生成完成: certificates.h" -ForegroundColor Green
+
+Pop-Location
+
+# 生成摘要信息
+Write-Host ""
+Write-Host "=====================================" -ForegroundColor Cyan
+Write-Host "  生成完成！" -ForegroundColor Cyan
+Write-Host "=====================================" -ForegroundColor Cyan
+Write-Host ""
+Write-Host "证书目录: $CertDir" -ForegroundColor Yellow
+Write-Host ""
+Write-Host "生成的文件:" -ForegroundColor Yellow
+Get-ChildItem $CertDir -Filter *.pem | Format-Table Name, @{Label="大小"; Expression={"{0:N0} bytes" -f $_.Length}}
+Write-Host ""
+Write-Host "下一步操作:" -ForegroundColor Cyan
+Write-Host "  1. 查看 $CertDir\certificates.h" -ForegroundColor White
+Write-Host "  2. 复制证书代码到 Server\main.cpp 和 Client\main.cpp" -ForegroundColor White
+Write-Host "  3. 重新编译项目" -ForegroundColor White
+Write-Host ""
+Write-Host "快速查看C++代码:" -ForegroundColor Cyan
+Write-Host "  notepad $CertDir\certificates.h" -ForegroundColor White
+Write-Host ""
+Write-Host "证书信息:" -ForegroundColor Cyan
+Write-Host "  CA通用名称: $CACN" -ForegroundColor White
+Write-Host "  服务器通用名称: $ServerCN" -ForegroundColor White
+Write-Host "  客户端通用名称: $ClientCN" -ForegroundColor White
+Write-Host "  服务器密钥密码: $ServerPass" -ForegroundColor White
+Write-Host "  客户端密钥密码: $ClientPass" -ForegroundColor White
+Write-Host "  证书有效期: 10年" -ForegroundColor White
+Write-Host ""
+
+# 询问是否打开certificates.h
+$openFile = Read-Host "是否打开 certificates.h 文件? (y/n)"
+if ($openFile -eq 'y') {
+    notepad "$CertDir\certificates.h"
+}