From 0904a0019e24ace3a51c114fb72d03d6c668d658 Mon Sep 17 00:00:00 2001
From: yuyan <yuyan@50yc.com>
Date: Thu, 19 Dec 2024 13:56:28 +0800
Subject: [PATCH] =?UTF-8?q?fix=EF=BC=9A=E4=BF=AE=E5=A4=8D=E9=A1=B9?=
 =?UTF-8?q?=E7=9B=AE=E9=83=A8=E7=BD=B2=E6=97=B6=E4=BD=BF=E7=94=A8=E8=87=AA?=
 =?UTF-8?q?=E5=AE=9A=E4=B9=89=E8=AF=81=E4=B9=A6=E4=B8=8D=E7=94=9F=E6=95=88?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 deploy/sso_example/zabbix.md |  2 +-
 utils/decryption.go          | 16 ++++++++--------
 utils/encryption.go          | 16 ++++++++--------
 3 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/deploy/sso_example/zabbix.md b/deploy/sso_example/zabbix.md
index 8eeab5e..c515b4d 100644
--- a/deploy/sso_example/zabbix.md
+++ b/deploy/sso_example/zabbix.md
@@ -4,7 +4,7 @@ Zabbix 支持的单点登录方式：SAML2
 1. **创建密钥和证书**：可以使用 [在线生成工具](https://www.qvdv.net/tools/qvdv-csrpfx.html "在线生成工具")。建议证书有效期设置为10年，不设置密码，生成完成后需要下载 CRT 证书和私钥并按以下名称命名：<br><br>
    * sp.key：私钥。
    * sp.crt：证书。<br><br>
-2. **获取 IDP 证书**：IDP 的证书的存放路径为项目的 `config/certs/certificate.crt`，需要将此证书下载并保存为 `idp.crt`。<br><br>
+2. **获取 IDP 证书**：IDP 的证书默认为为项目的 `config/certs/certificate.crt`，需要将此证书下载并保存为 `idp.crt`，如果你使用了自定义证书请使用自己的证书。<br><br>
 3. **上传密钥和证书**：将 `sp.key`、`sp.crt`、`idp.crt` 上传到 Zabbix 站点部署的 `ui/conf/certs/` 目录下，除非 `zabbix.conf.php` 中提供了自定义路径，否则 Zabbix 默认在 `ui/conf/certs/` 路径中查找文件。<br><br>
 4. **Zabbix 单点登录配置**：登录到 Zabbix，进入【认证】配置界面，如下图所示：<br><br>
 ![img.png](img/zabbix-config.jpg)<br><br>
diff --git a/utils/decryption.go b/utils/decryption.go
index 264095d..5f70bfa 100644
--- a/utils/decryption.go
+++ b/utils/decryption.go
@@ -8,19 +8,19 @@ import (
 	"encoding/pem"
 )
 
-var privateKey []byte
-
-func readPrivateKeyFile(file string) {
-	privateKey, _ = ReadFile(file)
-}
-
 // Decrypt 字符串解密
 func Decrypt(cipherText string) (string, error) {
 	// 对Base64编码的字符串解码
 	str, err := base64.RawURLEncoding.DecodeString(cipherText)
 
-	readPrivateKeyFile("config/certs/private.key")
-	block, _ := pem.Decode(privateKey)
+	file, err := ReadFile("/data/certs/private.key")
+	if err != nil {
+		file, err = ReadFile("config/certs/private.key")
+		if err != nil {
+			return "", err
+		}
+	}
+	block, _ := pem.Decode(file)
 
 	// 解析私钥
 	privateKeyInterface, err := x509.ParsePKCS8PrivateKey(block.Bytes)
diff --git a/utils/encryption.go b/utils/encryption.go
index b27a596..eee2464 100644
--- a/utils/encryption.go
+++ b/utils/encryption.go
@@ -8,18 +8,18 @@ import (
 	"encoding/pem"
 )
 
-var publicKey []byte
-
-func readPublicKeyFile(file string) {
-	publicKey, _ = ReadFile(file)
-}
-
 // Encrypt 字符串加密
 func Encrypt(str string) (string, error) {
-	readPublicKeyFile("config/certs/public.key")
+	file, err := ReadFile("/data/certs/public.key")
+	if err != nil {
+		file, err = ReadFile("config/certs/public.pem")
+		if err != nil {
+			return "", err
+		}
+	}
 
 	// 解析公钥数据
-	block, _ := pem.Decode(publicKey)
+	block, _ := pem.Decode(file)
 
 	// 解析PEM格式的公钥
 	publicKey, err := x509.ParsePKIXPublicKey(block.Bytes)