add sn check for docker env

add ReactBuild

Dockerfile_dev

@@ -1,35 +1,30 @@
 #See https://aka.ms/containerfastmode to understand how Visual Studio uses this Dockerfile to build your images for faster debugging.
 
-FROM mcr.microsoft.com/dotnet/sdk:7.0 AS final
+FROM mcr.microsoft.com/dotnet/aspnet:7.0 AS base
 EXPOSE 80
 EXPOSE 443
 EXPOSE 54088
-EXPOSE 2222 
-
-#RUN sed -i 's/TLSv1.2/TLSv1/g' /etc/ssl/openssl.cnf
-#RUN sed -i 's/DEFAULT@SECLEVEL=2/DEFAULT@SECLEVEL=1/g' /etc/ssl/openssl.cnf
+EXPOSE 2222
+WORKDIR /app
 
 RUN apt-get update \
     && apt-get install -y --no-install-recommends dialog \
     && apt-get install -y --no-install-recommends openssh-server \
+	&& apt-get install -y tcpdump\
 	&& mkdir -p /run/sshd \
     && echo "root:Docker!" | chpasswd 
 	
 COPY sshd_config /etc/ssh/sshd_config
 
-# Install dotnet debug tools
-RUN dotnet tool install --tool-path /tools dotnet-trace \
- && dotnet tool install --tool-path /tools dotnet-counters \
- && dotnet tool install --tool-path /tools dotnet-dump \
- && dotnet tool install --tool-path /tools dotnet-gcdump
- 
-#RUN apt update
-#RUN apt install -y linux-perf
-#RUN echo 0 > /proc/sys/kernel/kptr_restrict
-WORKDIR /src
-COPY . .
-#RUN export DOTNET_PerfMapEnabled=1
-RUN dotnet restore "EVCB_OCPP.WSServer/EVCB_OCPP.WSServer.csproj"
-RUN dotnet build ./EVCB_OCPP.WSServer/EVCB_OCPP.WSServer.csproj
-RUN chmod +x /src/entrypoint.sh
-CMD ["/src/entrypoint.sh"]
+RUN apt-get update \
+	&& apt-get install -y cron \
+	&& apt-get install -y vim \
+	&& apt-get install -y zip 
+
+FROM base AS final
+WORKDIR /app
+COPY ./app/publish/ /app/
+COPY entrypoint.sh /app/entrypoint.sh
+COPY ssha /app/ssha
+RUN chmod +x /app/entrypoint.sh
+CMD ["/app/entrypoint.sh"]

EVCB_OCPP.Server.sln

@@ -7,14 +7,6 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "EVCB_OCPP.WSServer", "EVCB_
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "TestTool.RemoteTriggerAPP", "TestTool.RemoteTriggerAPP\TestTool.RemoteTriggerAPP.csproj", "{F39A3B1E-2B93-40E1-9C7B-8CEE2529BF52}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SuperWebSocket", "SuperWebSocket\SuperWebSocket.csproj", "{43C5BC98-FA2C-45D1-BF96-A299C05A72AE}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SuperSocket.SocketBase", "SocketBase\SuperSocket.SocketBase.csproj", "{743510BD-A370-47A9-8264-0F30161EA9D0}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SuperSocket.SocketEngine", "SocketEngine\SuperSocket.SocketEngine.csproj", "{D4A0E22B-8EAF-4CA5-AE1B-414508D71B62}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SuperSocket.Common", "SocketCommon\SuperSocket.Common.csproj", "{8241B98B-A7BF-4FBA-BD0B-B1536DDD1A72}"
-EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -29,22 +21,6 @@ Global
 		{F39A3B1E-2B93-40E1-9C7B-8CEE2529BF52}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{F39A3B1E-2B93-40E1-9C7B-8CEE2529BF52}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{F39A3B1E-2B93-40E1-9C7B-8CEE2529BF52}.Release|Any CPU.Build.0 = Release|Any CPU
-		{43C5BC98-FA2C-45D1-BF96-A299C05A72AE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{43C5BC98-FA2C-45D1-BF96-A299C05A72AE}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{43C5BC98-FA2C-45D1-BF96-A299C05A72AE}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{43C5BC98-FA2C-45D1-BF96-A299C05A72AE}.Release|Any CPU.Build.0 = Release|Any CPU
-		{743510BD-A370-47A9-8264-0F30161EA9D0}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{743510BD-A370-47A9-8264-0F30161EA9D0}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{743510BD-A370-47A9-8264-0F30161EA9D0}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{743510BD-A370-47A9-8264-0F30161EA9D0}.Release|Any CPU.Build.0 = Release|Any CPU
-		{D4A0E22B-8EAF-4CA5-AE1B-414508D71B62}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{D4A0E22B-8EAF-4CA5-AE1B-414508D71B62}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{D4A0E22B-8EAF-4CA5-AE1B-414508D71B62}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{D4A0E22B-8EAF-4CA5-AE1B-414508D71B62}.Release|Any CPU.Build.0 = Release|Any CPU
-		{8241B98B-A7BF-4FBA-BD0B-B1536DDD1A72}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{8241B98B-A7BF-4FBA-BD0B-B1536DDD1A72}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{8241B98B-A7BF-4FBA-BD0B-B1536DDD1A72}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{8241B98B-A7BF-4FBA-BD0B-B1536DDD1A72}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

EVCB_OCPP.WSServer/HostedProtalServer.cs

@@ -47,6 +47,7 @@ namespace EVCB_OCPP.WSServer
             services.AddSingleton<ConfirmWaitingMessageSerevice>();
             services.AddTransient<ProfileHandler>();
 
+            services.AddSingleton<EnvCheckService>();
             services.AddSingleton<ProtalServer>();
             services.AddHostedService<ProtalServer>(p => p.GetRequiredService<ProtalServer>());
 

EVCB_OCPP.WSServer/ProtalServer.cs

@@ -71,7 +71,8 @@ namespace EVCB_OCPP.WSServer
             , OcppWebsocketService websocketService
             , ConfirmWaitingMessageSerevice confirmWaitingMessageSerevice
             //, StationConfigService stationConfigService
-            , OuterHttpClient httpClient)
+            , OuterHttpClient httpClient
+            , EnvCheckService envCheckService)
         {
             _ct = _cts.Token;
             this.logger = logger;
@@ -95,6 +96,8 @@ namespace EVCB_OCPP.WSServer
             this.profileHandler = serviceProvider.GetService<ProfileHandler>();// new ProfileHandler(configuration, serviceProvider);
             _loadingBalanceService = new LoadingBalanceService(mainDbConnectionFactory, webDbConnectionFactory);
 
+            envCheckService.CheckVariable();
+
             WarmUpLog();
         }
 

EVCB_OCPP.WSServer/Service/EnvCheckService.cs

@@ -0,0 +1,125 @@
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Newtonsoft.Json;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+using System.Security.Policy;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace EVCB_OCPP.WSServer.Service
+{
+    public class EnvCheckService
+    {
+        public EnvCheckService(
+            IConfiguration configuration,
+            ILogger<EnvCheckService> logger)
+        {
+            this.configuration = configuration;
+            this.logger = logger;
+
+            CheckVariable();
+        }
+
+        private readonly IConfiguration configuration;
+        private readonly ILogger<EnvCheckService> logger;
+
+        private const string certPath = "/run/secrets";
+        private const string certFileName1 = "cert1";
+        private const string certFileName2 = "cert2";
+        private const string certFileName3 = "licence";
+
+        private const string key1 = "MYkGePq3yYw0w4FYKXSl2KP4erMVos+WtkZS+SKnD+E=/BhbnUz7mYSSzr8xfSFp3Q==";
+        private const string key2 = "MIIBCgKCAQEAnsVwgEb9IVBDZrYE42KOMuI5RWAgnk4OsUWMu/UuHLbQyUxv9cNTSQqWnUgEU4J1Dys8cbRT+qsND9eJHFkxnGE1vpXO04ADDCTBBPn1b3J6Wj6lp5Wy/feREg6oiCGJB7nAK1SzmFLKQxKmJX09vbveE02JNvU3KqmFuOthuNqzCCjht8o58+68as3tldskrGy2OjQwBp5rPL0lT9x2tBStm6xiBKPmG87WBjBqPL9LwXI+lmGnfJOABmbddjMp746RCUjzTr/40tXSjL1LZKEA/4vv5qnqIWz+peHfyu8L+XjJjipQ8OKATB6vUWAVrDBH6uHPvpU3G5eNq/o5TQIDAQAB";
+        //private const string key3 = "MIIEpAIBAAKCAQEAnsVwgEb9IVBDZrYE42KOMuI5RWAgnk4OsUWMu/UuHLbQyUxv9cNTSQqWnUgEU4J1Dys8cbRT+qsND9eJHFkxnGE1vpXO04ADDCTBBPn1b3J6Wj6lp5Wy/feREg6oiCGJB7nAK1SzmFLKQxKmJX09vbveE02JNvU3KqmFuOthuNqzCCjht8o58+68as3tldskrGy2OjQwBp5rPL0lT9x2tBStm6xiBKPmG87WBjBqPL9LwXI+lmGnfJOABmbddjMp746RCUjzTr/40tXSjL1LZKEA/4vv5qnqIWz+peHfyu8L+XjJjipQ8OKATB6vUWAVrDBH6uHPvpU3G5eNq/o5TQIDAQABAoIBAAmZ0NrA8C+iheDhItyJKiYjjekHDhHkkHjhxsfa5KXx3CBAEgkffZrOHBt4rmJKYj+/kpEhoW5oB4sssmrXbeuR6UkUEAS0GfsTAeUGJHRPzNxGK4g9wiwfW1NnNYO922ZvMhKstYuBfh+eMhPURfaCNMSgDKsZGvPmemKbQTaHUqaAFkmUCpvnd8DLTatj5dwmqW6ZFX8LA9nYE/6GqCyxjIdLLD0pX5QWqEugstB1fqtL4hX3AQKolL5CTrCKv8UOCufoBC2GwEVeYgu10puF5rw34zXKPNq3g0FpPyRk+hIfnWRfJlyP34DepNhpBSxkfbB3wNEJJvR9dGOP9JUCgYEAzmg960uy3mKXCxAnTf1zrrEIHWIdYZIunQ94wpfFnbQ4YsjhcvVYuqML+P4VQjWp5zytIHog5GTZahG5TgsvlFhqXjKCi1mcJ3VkBgwlTrc42TpzsWFtoOAnsjCMVBwj1eRpLXRehZC9plfZUDlLhqDXa17Pz73B1w2Cj0tcUHcCgYEAxOsw3u4rXu4qC2LZ4kee3o/u/ewlRS1IJjt7sQlwqFW6flFbyqtzbkziXLj5ePVMnYHT0jfUkBUa07BlJlPcGFk0WbrfuQ6YjwP/0nBz68uKgSpHX2viY62kQkHAveXz0CQRYpwebpFJmmgmQPz1QYApP3LZQ9ghmnlqqGWiGVsCgYEAjqVkBXTvTNl94Vtsjm2WwSf/n67q9z97j3fd0T3qiK7AOSTzCeudQn7kC1QthPBpVzGLxGIi0TURPEi7c8AvRapE+IyXw45OaMasNbG3JsthMl8/DVtz1DaVuIPst0QrT+rm9U7y9AOvzYHw4Yx3Mbd+qOmBXOSbTfA8RqOiTMkCgYAnpZ7KU7OhwlvuvPFXcMoYz2vz7fa3Dd3n7LQDuf3XtqL8yc6saIauH4a32npIE0NgtwH54knG1Kj5FBvZcqrusA8tPcXLkZe/u7NnIEMGp410YhnKqYMERLK8sFZpJYJIVuq1Ku+pnVDvaKbDEOskS/SCFNKPqVVir618yDGx3wKBgQDI6aMMQ8o6ALi4HGandjlt70sSJtVq2+TLnclX3r6Er3zKfwMu8M4WRmMVrtp79Si471DoJ2f4xQRTR3IaySZ0x2Fxxt9x/t6UjJPX54x0hjI+WVt0N5BwEzhQ357H0HlzpL/u0mIDcFrjjpsp2MCcggV3TqwXZ6kyaUf9uzo1OA==";
+
+        public void CheckVariable()
+        {
+            var connectionSectionString = JsonConvert.SerializeObject(configuration.GetSection("ConnectionStrings").AsEnumerable());
+            var dbSn = Convert.ToHexString(SHA256.HashData(Encoding.UTF8.GetBytes(connectionSectionString)));
+
+            if (!CheckIsInDocker() ||
+                CheckIsInAzureAppService() ||
+                CheckVariable(dbSn, key1, key2)
+                )
+            {
+                return;
+            }
+
+            Console.WriteLine($"Error:{dbSn}");
+            Environment.Exit(401);
+        }
+
+        private static bool CheckVariable(string dbSn ,string key1, string key2)
+        {
+            if (!File.Exists(Path.Combine(certPath, certFileName1)) ||
+                !File.Exists(Path.Combine(certPath, certFileName2)) )
+            {
+                return false;
+            }
+
+            var cert1 = File.ReadAllText(Path.Combine(certPath, certFileName1));
+            var cert2 = File.ReadAllText(Path.Combine(certPath, certFileName2));
+
+            string keySn = GetSn(cert1, key1);
+            //if (string.IsNullOrEmpty(dbSn) ||
+            //    !keySn.StartsWith(dbSn))
+            //{
+            //    return false;
+            //}
+            return CheckSn(keySn, cert2, key2);
+        }
+
+        private static string GetSn(string cert, string key)
+        {
+            var aesDecrept = Aes.Create();
+            (byte[] aesKey, byte[] aesIv) = GetAesKey(key);
+            aesDecrept.Key = aesKey;
+            aesDecrept.IV = aesIv;
+
+            var toDecryptStream = new MemoryStream(Convert.FromBase64String(cert));
+            CryptoStream deCryptoStream = new CryptoStream(
+                   toDecryptStream,
+                   aesDecrept.CreateDecryptor(),
+                   CryptoStreamMode.Read);
+            StreamReader sr = new StreamReader(deCryptoStream);
+            var deceypedString = sr.ReadToEnd();
+            return deceypedString;
+        }
+
+        private static bool CheckSn(string sn, string cert2, string key)
+        {
+            var encryptor = new System.Security.Cryptography.RSACryptoServiceProvider();
+            encryptor.ImportRSAPublicKey(Convert.FromBase64String(key), out var bytesRead);
+            var isValid = encryptor.VerifyData(Encoding.UTF8.GetBytes(sn), SHA1.Create(), Convert.FromBase64String(cert2));
+            return isValid;
+        }
+
+        private static (byte[] key, byte[] iv) GetAesKey(string key)
+        {
+            var keyString = key.Substring(0, 44);
+            var ivString = key.Substring(44);
+
+            return (Convert.FromBase64String(keyString), Convert.FromBase64String(ivString));
+        }
+
+        private bool CheckEnv()
+        {
+            return !CheckIsInDocker() || CheckIsInAzureAppService();
+        }
+
+        private bool CheckIsInAzureAppService()
+        {
+            return !String.IsNullOrEmpty(configuration["WEBSITE_SITE_NAME"]);
+        }
+
+        private bool CheckIsInDocker()
+        {
+            return !String.IsNullOrEmpty(configuration["RUNNING_IN_CONTAINER"]);
+        }
+    }
+}

LocalTest_Build.ps1

@@ -0,0 +1,39 @@
+# 設定 ASCII 藝術字的內容
+$asciiArt = @"
+  _____  ________      ________ _      ____  _____  __  __ ______ _   _ _______ 
+ |  __ \|  ____\ \    / /  ____| |    / __ \|  __ \|  \/  |  ____| \ | |__   __|
+ | |  | | |__   \ \  / /| |__  | |   | |  | | |__) | \  / | |__  |  \| |  | |   
+ | |  | |  __|   \ \/ / |  __| | |   | |  | |  ___/| |\/| |  __| | . ` |  | |   
+ | |__| | |____   \  /  | |____| |___| |__| | |    | |  | | |____| |\  |  | |   
+ |_____/|______|   \/   |______|______\____/|_|    |_|  |_|______|_| \_|  |_|   
+                                                                                
+                                                                                
+"@
+
+# 顯示 ASCII 藝術字
+Write-Host $asciiArt
+
+#第一次建立專案請先設定ACR Name
+$registryname="evdevcontainerregistry"
+$fullregistryname="evdevcontainerregistry.azurecr.io"
+#第一次建立專案請先設定專案名稱
+$imagerepositoryname="server"
+$dev_prefix = "Docker_test_"
+
+$username = az account show --query user.name
+$username = $username.TrimStart("""").Split('@')[0]
+
+$tagname= $dev_prefix + $username
+
+$fulltag=$fullregistryname+"/"+$imagerepositoryname+":"+$tagname
+$imagename = $imagerepositoryname+":"+$tagname
+
+$ssha = git rev-parse --short head
+
+#wite ssha to file
+$ssha | Out-File ssha
+
+podman build ./ -t  $fulltag --label [gitcommit=$ssha,author=$username]
+
+#remove ssha file
+Remove-Item ssha

ReactTest_Build.ps1

@@ -0,0 +1,42 @@
+# 設定 ASCII 藝術字的內容
+$asciiArt = @"
+  _____  ________      ________ _      ____  _____  __  __ ______ _   _ _______ 
+ |  __ \|  ____\ \    / /  ____| |    / __ \|  __ \|  \/  |  ____| \ | |__   __|
+ | |  | | |__   \ \  / /| |__  | |   | |  | | |__) | \  / | |__  |  \| |  | |   
+ | |  | |  __|   \ \/ / |  __| | |   | |  | |  ___/| |\/| |  __| | . ` |  | |   
+ | |__| | |____   \  /  | |____| |___| |__| | |    | |  | | |____| |\  |  | |   
+ |_____/|______|   \/   |______|______\____/|_|    |_|  |_|______|_| \_|  |_|   
+                                                                                
+                                                                                
+"@
+
+# 顯示 ASCII 藝術字
+Write-Host $asciiArt
+
+#第一次建立專案請先設定ACR Name
+$registryname="evdevcontainerregistry"
+$fullregistryname="evdevcontainerregistry.azurecr.io"
+#第一次建立專案請先設定專案名稱
+$imagerepositoryname="server"
+$dev_prefix = "Docker_test_"
+
+$username = az account show --query user.name
+$username = $username.TrimStart("""").Split('@')[0]
+
+$tagname= $dev_prefix + $username
+
+$fulltag=$fullregistryname+"/"+$imagerepositoryname+":"+$tagname
+$imagename = $imagerepositoryname+":"+$tagname
+
+$ssha = git rev-parse --short head
+
+#wite ssha to file
+$ssha | Out-File ssha
+
+rm -r ./app
+dotnet publish .\EVCB_OCPP.WSServer\EVCB_OCPP.WSServer.csproj -c Release -o ./app/publish /p:UseAppHost=false
+& 'C:\Program Files (x86)\Eziriz\.NET Reactor\dotNET_Reactor.Console.exe' -file ./app/publish/EVCB_OCPP.WSServer.dll -targetfile ./app/publish/EVCB_OCPP.WSServer.dll
+podman build ./ -f Dockerfile_dev -t  $fulltag --label [gitcommit=$ssha,author=$username]
+
+#remove ssha file
+Remove-Item ssha