OpenAtomFoundation · springrain · Nov 9, 2021 · Nov 9, 2021 · Nov 9, 2021 · Nov 10, 2021
diff --git a/go.mod b/go.mod
@@ -3,19 +3,16 @@ module github.com/xuperchain/xupercore
 go 1.14
 
 require (
-	github.com/ChainSafe/go-schnorrkel v0.0.0-20200626160457-b38283118816 // indirect
 	github.com/aws/aws-sdk-go v1.32.4
 	github.com/btcsuite/btcutil v0.0.0-20190425235716-9e5f4b9a998d
 	github.com/dgraph-io/badger/v3 v3.2103.1
-	github.com/docker/go-connections v0.4.1-0.20180821093606-97c2040d34df // indirect
 	github.com/docker/go-units v0.4.0
 	github.com/emirpasic/gods v1.12.1-0.20201118132343-79df803e554c
 	github.com/fsouza/go-dockerclient v1.6.0
 	github.com/gammazero/deque v0.1.0
 	github.com/gogo/protobuf v1.3.2
 	github.com/golang/protobuf v1.4.3
 	github.com/golang/snappy v0.0.3
-	github.com/google/gofuzz v1.1.1-0.20200604201612-c04b05f3adfa // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.2.2
 	github.com/hashicorp/golang-lru v0.5.4
 	github.com/hyperledger/burrow v0.30.5
@@ -33,10 +30,11 @@ require (
 	github.com/spf13/cobra v1.0.0
 	github.com/spf13/viper v1.6.2
 	github.com/syndtr/goleveldb v1.0.1-0.20200815110645-5c35d600f0ca
+	github.com/tjfoc/gmsm v1.4.1
 	github.com/xuperchain/crypto v0.0.0-20201028025054-4d560674bcd6
 	github.com/xuperchain/log15 v0.0.0-20190620081506-bc88a9198230
 	github.com/xuperchain/xvm v0.0.0-20210126142521-68fd016c56d7
-	golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de
+	golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee
 	golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9
 	google.golang.org/grpc v1.35.0
 )

diff --git a/kernel/network/p2p/util.go b/kernel/network/p2p/util.go
@@ -2,16 +2,22 @@ package p2p
 
 import (
 	"crypto/rand"
-	"crypto/tls"
-	"crypto/x509"
+	defaulttls "crypto/tls"
+	defaultx509 "crypto/x509"
 	"encoding/base64"
 	"encoding/pem"
+	"errors"
 	"io/ioutil"
 	math_rand "math/rand"
 	"os"
 	"path/filepath"
+	"strings"
 	"time"
 
+	tls "github.com/tjfoc/gmsm/gmtls"
+	"github.com/tjfoc/gmsm/gmtls/gmcredentials"
+	"github.com/tjfoc/gmsm/x509"
+
 	iaddr "github.com/ipfs/go-ipfs-addr"
 	"github.com/libp2p/go-libp2p-core/crypto"
 	"github.com/libp2p/go-libp2p-core/peer"
@@ -20,32 +26,79 @@ import (
 	"github.com/xuperchain/xupercore/kernel/network/config"
 )
 
+// serverName  为key,缓存 creds
+var serverNameMap = make(map[string]credentials.TransportCredentials)
+
 func NewTLS(path, serviceName string) (credentials.TransportCredentials, error) {
+
+	if len(serviceName) < 1 {
+		return nil, errors.New("serviceName is empty")
+	}
+
+	//如果缓存中有值
+	if creds, ok := serverNameMap[serviceName]; ok {
+		return creds, nil
+	}
+
 	bs, err := ioutil.ReadFile(filepath.Join(path, "cacert.pem"))
 	if err != nil {
 		return nil, err
 	}
-
-	certPool := x509.NewCertPool()
-	ok := certPool.AppendCertsFromPEM(bs)
-	if !ok {
+	cacert, err := ioutil.ReadFile(filepath.Join(path, "cacert.pem"))
+	if err != nil {
 		return nil, err
 	}
-
-	certificate, err := tls.LoadX509KeyPair(filepath.Join(path, "cert.pem"), filepath.Join(path, "private.key"))
+	pb, _ := pem.Decode(cacert)
+	x509cert, err := x509.ParseCertificate(pb.Bytes)
 	if err != nil {
 		return nil, err
 	}
 
-	creds := credentials.NewTLS(
-		&tls.Config{
-			ServerName:   serviceName,
-			Certificates: []tls.Certificate{certificate},
-			RootCAs:      certPool,
-			ClientCAs:    certPool,
-			ClientAuth:   tls.RequireAndVerifyClientCert,
-		})
-	return creds, nil
+	if strings.Contains(strings.ToLower(x509cert.SignatureAlgorithm.String()), "sm") { //国密
+		certPool := x509.NewCertPool()
+		ok := certPool.AppendCertsFromPEM(bs)
+		if !ok {
+			return nil, err
+		}
+		certificate, err := tls.LoadX509KeyPair(filepath.Join(path, "cert.pem"), filepath.Join(path, "private.key"))
+		if err != nil {
+			return nil, err
+		}
+		creds := gmcredentials.NewTLS(
+			&tls.Config{
+				GMSupport:    tls.NewGMSupport(),
+				ServerName:   serviceName,
+				Certificates: []tls.Certificate{certificate, certificate},
+				RootCAs:      certPool,
+				ClientCAs:    certPool,
+				ClientAuth:   tls.RequireAndVerifyClientCert,
+			})
+		serverNameMap[serviceName] = creds
+		return creds, nil
+	} else { //非国密
+		certPool := defaultx509.NewCertPool()
+		ok := certPool.AppendCertsFromPEM(bs)
+		if !ok {
+			return nil, err
+		}
+
+		certificate, err := defaulttls.LoadX509KeyPair(filepath.Join(path, "cert.pem"), filepath.Join(path, "private.key"))
+		if err != nil {
+			return nil, err
+		}
+
+		creds := credentials.NewTLS(
+			&defaulttls.Config{
+				ServerName:   serviceName,
+				Certificates: []defaulttls.Certificate{certificate},
+				RootCAs:      certPool,
+				ClientCAs:    certPool,
+				ClientAuth:   defaulttls.RequireAndVerifyClientCert,
+			})
+		serverNameMap[serviceName] = creds
+		return creds, nil
+	}
+
 }
 
 // GenerateKeyPairWithPath generate xuper net key pair