update xmind

Verthandii · Verthandii · commit 1cb4d0cb0169 · 2020-03-07T14:30:42.000+08:00
diff --git a/docs/Melody Server.xmind b/docs/Melody Server.xmind
diff --git a/middleware/melody-jose/fixtures/jwks.json b/middleware/melody-jose/fixtures/jwks.json
@@ -0,0 +1,16 @@
+{
+  "keys": [
+    {
+      "alg": "RS256",
+      "kty": "RSA",
+      "use": "sig",
+      "n": "s3X0UDM3Us5ESCKIiUHK6kgWe4utsH4-NM4LuNOJK4puamtXQRqr786U2T1bhxhIxmRqsGaIOu1bPLUuha-vuqEnQTL4SC-1LzHYt5Q1booyk01jZsBCnhJiOyJ1Y20DKiPJK3g7Zk9Qa8ELhjlx4XDkkSxuQOnKSpqnz-qjgEivX4IdVaGgbtAMY9Wk68QiTYwEWNh8GGLWJY6iIX-6YZ5YISaFSdshouvuflPixRVqCugrnetgbiOEVT3onx2rnPKWqKWnW73J2anFReGubX57dyKY2rDiz00ME6uMH3aBMzh1TSdKvQN6gihVNE3937Mefp9Hn5DSI1oMe7PAEw",
+      "e": "AQAB",
+      "kid": "RjA2MTU1NjgyMzFDRDhGMTlGQkQ0RUM5MUJGMkQzQzBCNEYwNTczMQ",
+      "x5t": "RjA2MTU1NjgyMzFDRDhGMTlGQkQ0RUM5MUJGMkQzQzBCNEYwNTczMQ",
+      "x5c": [
+        "MIIC+zCCAeOgAwIBAgIJK4SJPHkUYbLYMA0GCSqGSIb3DQEBCwUAMBsxGTAXBgNVBAMTEHhpYW9jaS5hdXRoMC5jb20wHhcNMjAwMzA2MDQ0NzUzWhcNMzMxMTEzMDQ0NzUzWjAbMRkwFwYDVQQDExB4aWFvY2kuYXV0aDAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3X0UDM3Us5ESCKIiUHK6kgWe4utsH4+NM4LuNOJK4puamtXQRqr786U2T1bhxhIxmRqsGaIOu1bPLUuha+vuqEnQTL4SC+1LzHYt5Q1booyk01jZsBCnhJiOyJ1Y20DKiPJK3g7Zk9Qa8ELhjlx4XDkkSxuQOnKSpqnz+qjgEivX4IdVaGgbtAMY9Wk68QiTYwEWNh8GGLWJY6iIX+6YZ5YISaFSdshouvuflPixRVqCugrnetgbiOEVT3onx2rnPKWqKWnW73J2anFReGubX57dyKY2rDiz00ME6uMH3aBMzh1TSdKvQN6gihVNE3937Mefp9Hn5DSI1oMe7PAEwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQ6jdBLLAINDV7ToqWHoM6aFODQ3zAOBgNVHQ8BAf8EBAMCAoQwDQYJKoZIhvcNAQELBQADggEBAFyiSikrVsuiBnPTclnvymqGWRSI/FY7pdf37BaXhp9Ybtld+Lk8kESlEAnWdig5iMeg4T4vqPQCXcFHdLqFCAFm0RYzXzd+h5Bs3U6Qm6wpPXZJRyeZSY/T/qLUtaN7bzx5PO4HyvyNYGIydH4FekDTEKO8VQB+jUk/KBS4v4QjsPnmRtVH6yLpaOZ5NiIJqGJUVUSZ1cCjnbopGt7ySLRUBo4PON9NtGblZMpMO4orZ4uHRKaVuT5PuD1YP+3FWj/yfTB4+K62vIIWc9uCjQwRXsyLtSW+m/BbyeXOm+NzIrIWAOp0nZqIrAyje392+DYxVb+J2hz35Ec5g2Hvp3U="
+      ]
+    }
+  ]
+}
diff --git a/middleware/melody-jose/gin/jose.go b/middleware/melody-jose/gin/jose.go
@@ -75,7 +75,7 @@ func TokenSignatureValidator(hf melodygin.HandlerFactory, logger logging.Logger,
 		}
 		rejecter := rejecterF.New(logger, cfg)
 
-		handler := hf(cfg, prxy)
+		handler := hf(cfg, prxy) // 完成juju的准备工作
 		signatureCfg, err := melodyjose.GetSignatureConfig(cfg)
 		if err == melodyjose.ErrNoValidatorCfg {
 			logger.Info("JOSE: validator disabled for the endpoint", cfg.Endpoint)
diff --git a/middleware/melody-jose/jwk.go b/middleware/melody-jose/jwk.go
@@ -141,7 +141,7 @@ func (d *Dialer) DialTLS(network, addr string) (net.Conn, error) {
 	}
 	connState := c.ConnectionState()
 	keyPinValid := false
-	// 指纹是 证书的PKIX格式DER编码 的 sha256 散列码
+	// 指纹是 证书里公钥的sha256散列码
 	for _, peerCert := range connState.PeerCertificates {
 		der, err := x509.MarshalPKIXPublicKey(peerCert.PublicKey)
 		hash := sha256.Sum256(der)
@@ -150,7 +150,7 @@ func (d *Dialer) DialTLS(network, addr string) (net.Conn, error) {
 		}
 		for _, fingerprint := range d.fingerprints {
 			if bytes.Compare(hash[0:], fingerprint) == 0 {
-				keyPinValid = true
+				keyPinValid = true // 证书合法
 				break
 			}
 		}

Original file line number	Diff line number	Diff line change
`@@ -75,7 +75,7 @@ func TokenSignatureValidator(hf melodygin.HandlerFactory, logger logging.Logger,`
`75`	`75`	`}`
`76`	`76`	`rejecter := rejecterF.New(logger, cfg)`
`77`	`77`
`78`		`- handler := hf(cfg, prxy)`
	`78`	`+ handler := hf(cfg, prxy) // 完成juju的准备工作`
`79`	`79`	`signatureCfg, err := melodyjose.GetSignatureConfig(cfg)`
`80`	`80`	`if err == melodyjose.ErrNoValidatorCfg {`
`81`	`81`	`logger.Info("JOSE: validator disabled for the endpoint", cfg.Endpoint)`
Original file line number	Diff line number	Diff line change
`@@ -141,7 +141,7 @@ func (d *Dialer) DialTLS(network, addr string) (net.Conn, error) {`
`141`	`141`	`}`
`142`	`142`	`connState := c.ConnectionState()`
`143`	`143`	`keyPinValid := false`
`144`		`- // 指纹是证书的PKIX格式DER编码的 sha256 散列码`
	`144`	`+ // 指纹是证书里公钥的sha256散列码`
`145`	`145`	`for _, peerCert := range connState.PeerCertificates {`
`146`	`146`	`der, err := x509.MarshalPKIXPublicKey(peerCert.PublicKey)`
`147`	`147`	`hash := sha256.Sum256(der)`
`@@ -150,7 +150,7 @@ func (d *Dialer) DialTLS(network, addr string) (net.Conn, error) {`
`150`	`150`	`}`
`151`	`151`	`for _, fingerprint := range d.fingerprints {`
`152`	`152`	`if bytes.Compare(hash[0:], fingerprint) == 0 {`
`153`		`- keyPinValid = true`
	`153`	`+ keyPinValid = true // 证书合法`
`154`	`154`	`break`
`155`	`155`	`}`
`156`	`156`	`}`