From 6a627199ae887edf1b3d515ffd8101522416b405 Mon Sep 17 00:00:00 2001
From: chen_yuteng <chenyt@jnsec.net>
Date: Thu, 23 Mar 2023 14:12:49 +0800
Subject: [PATCH 01/24] RE

---
 go.mod                   |  10 +-
 go.sum                   | 165 ++++++++++++-
 secloud/api_auth.go      |  88 -------
 secloud/api_auth_test.go |  21 --
 secloud/api_cipher.go    | 228 ------------------
 secloud/api_kms.go       | 140 ------------
 secloud/api_kms_ext.go   | 181 ---------------
 secloud/api_kms_test.go  |  55 -----
 secloud/auth.go          |  39 ++++
 secloud/base.go          |  24 ++
 secloud/cipher.go        |  85 +++++++
 secloud/client.go        | 483 ++-------------------------------------
 secloud/common.go        |  98 ++++++++
 secloud/configuration.go |  72 ------
 secloud/error.go         |  14 ++
 secloud/kms.go           | 104 +++++++++
 secloud/response.go      |  67 ------
 secloud/util.go          |  21 ++
 test/test.go             |  32 +++
 19 files changed, 604 insertions(+), 1323 deletions(-)
 delete mode 100644 secloud/api_auth.go
 delete mode 100644 secloud/api_auth_test.go
 delete mode 100644 secloud/api_cipher.go
 delete mode 100644 secloud/api_kms.go
 delete mode 100644 secloud/api_kms_ext.go
 delete mode 100644 secloud/api_kms_test.go
 create mode 100644 secloud/auth.go
 create mode 100644 secloud/base.go
 create mode 100644 secloud/cipher.go
 create mode 100644 secloud/common.go
 delete mode 100644 secloud/configuration.go
 create mode 100644 secloud/error.go
 create mode 100644 secloud/kms.go
 delete mode 100644 secloud/response.go
 create mode 100644 secloud/util.go
 create mode 100644 test/test.go

diff --git a/go.mod b/go.mod
index 5472542..d4a6547 100644
--- a/go.mod
+++ b/go.mod
@@ -2,4 +2,12 @@ module gitee.com/wx-rdc/secloud-sdk-go
 
 go 1.18
 
-require github.com/antihax/optional v1.0.0
+require (
+	github.com/astaxie/beego v1.12.3
+	github.com/go-resty/resty/v2 v2.7.0
+)
+
+require (
+	github.com/shiena/ansicolor v0.0.0-20151119151921-a422bbe96644 // indirect
+	golang.org/x/net v0.0.0-20211029224645-99673261e6eb // indirect
+)
diff --git a/go.sum b/go.sum
index 8398806..6c62619 100644
--- a/go.sum
+++ b/go.sum
@@ -1,2 +1,163 @@
-github.com/antihax/optional v1.0.0 h1:xK2lYat7ZLaVVcIuj82J8kIro4V6kDe0AUDFboUCwcg=
-github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alicebob/gopher-json v0.0.0-20180125190556-5a6b3ba71ee6/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc=
+github.com/alicebob/miniredis v2.5.0+incompatible/go.mod h1:8HZjEj4yU0dwhYHky+DxYx+6BMjkBbe5ONFIF1MXffk=
+github.com/astaxie/beego v1.12.3 h1:SAQkdD2ePye+v8Gn1r4X6IKZM1wd28EyUOVQ3PDSOOQ=
+github.com/astaxie/beego v1.12.3/go.mod h1:p3qIm0Ryx7zeBHLljmd7omloyca1s4yu1a8kM1FkpIA=
+github.com/beego/goyaml2 v0.0.0-20130207012346-5545475820dd/go.mod h1:1b+Y/CofkYwXMUU0OhQqGvsY2Bvgr4j6jfT699wyZKQ=
+github.com/beego/x2j v0.0.0-20131220205130-a0352aadc542/go.mod h1:kSeGC/p1AbBiEp5kat81+DSQrZenVBZXklMLaELspWU=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bradfitz/gomemcache v0.0.0-20180710155616-bc664df96737/go.mod h1:PmM6Mmwb0LSuEubjR8N7PtNe1KxZLtOUHtbeikc5h60=
+github.com/casbin/casbin v1.7.0/go.mod h1:c67qKN6Oum3UF5Q1+BByfFxkwKvhwW57ITjqwtzR1KE=
+github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cloudflare/golz4 v0.0.0-20150217214814-ef862a3cdc58/go.mod h1:EOBUe0h4xcZ5GoxqC5SDxFQ8gwyZPKQoEzownBlhI80=
+github.com/couchbase/go-couchbase v0.0.0-20200519150804-63f3cdb75e0d/go.mod h1:TWI8EKQMs5u5jLKW/tsb9VwauIrMIxQG1r5fMsswK5U=
+github.com/couchbase/gomemcached v0.0.0-20200526233749-ec430f949808/go.mod h1:srVSlQLB8iXBVXHgnqemxUXqN6FCvClgCMPCsjBDR7c=
+github.com/couchbase/goutils v0.0.0-20180530154633-e865a1461c8a/go.mod h1:BQwMFlJzDjFDG3DJUdU0KORxn88UlsOULuxLExMh3Hs=
+github.com/cupcake/rdb v0.0.0-20161107195141-43ba34106c76/go.mod h1:vYwsqCOLxGiisLwp9rITslkFNpZD5rz43tf41QFkTWY=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/edsrzf/mmap-go v0.0.0-20170320065105-0bce6a688712/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
+github.com/elastic/go-elasticsearch/v6 v6.8.5/go.mod h1:UwaDJsD3rWLM5rKNFzv9hgox93HoX8utj1kxD9aFUcI=
+github.com/elazarl/go-bindata-assetfs v1.0.0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/glendc/gopher-json v0.0.0-20170414221815-dc4743023d0c/go.mod h1:Gja1A+xZ9BoviGJNA2E9vFkPjjsl+CoJxSXiQM1UXtw=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-redis/redis v6.14.2+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
+github.com/go-resty/resty/v2 v2.7.0 h1:me+K9p3uhSmXtrBZ4k9jcEAfJmuC8IivWHwaLZwPrFY=
+github.com/go-resty/resty/v2 v2.7.0/go.mod h1:9PWDzw47qPphMRFfhsyk0NnSgvluHcljSMVIq3w7q0I=
+github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/snappy v0.0.0-20170215233205-553a64147049/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/hashicorp/golang-lru v0.5.4/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
+github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/ledisdb/ledisdb v0.0.0-20200510135210-d35789ec47e6/go.mod h1:n931TsDuKuq+uX4v1fulaMbA/7ZLLhjc85h7chZGBCQ=
+github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/mattn/go-sqlite3 v2.0.3+incompatible/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.12.0/go.mod h1:oUhWkIvk5aDxtKvDDuw8gItl8pKl42LzjC9KZE0HfGg=
+github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
+github.com/pelletier/go-toml v1.0.1/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
+github.com/peterh/liner v1.0.1-0.20171122030339-3681c2a91233/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.7.0/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
+github.com/shiena/ansicolor v0.0.0-20151119151921-a422bbe96644 h1:X+yvsM2yrEktyI+b2qND5gpH8YhURn0k8OCaeRnkINo=
+github.com/shiena/ansicolor v0.0.0-20151119151921-a422bbe96644/go.mod h1:nkxAfR/5quYxwPZhyDxgasBMnRtBZd0FCEpawpjMUFg=
+github.com/siddontang/go v0.0.0-20170517070808-cb568a3e5cc0/go.mod h1:3yhqj7WBBfRhbBlzyOC3gUxftwsU0u8gqevxwIHQpMw=
+github.com/siddontang/goredis v0.0.0-20150324035039-760763f78400/go.mod h1:DDcKzU3qCuvj/tPnimWSsZZzvk9qvkvrIL5naVBPh5s=
+github.com/siddontang/rdb v0.0.0-20150307021120-fc89ed2e418d/go.mod h1:AMEsy7v5z92TR1JKMkLLoaOQk++LVnOKL3ScbJ8GNGA=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/ssdb/gossdb v0.0.0-20180723034631-88f6b59b84ec/go.mod h1:QBvMkMya+gXctz3kmljlUCu/yB3GZ6oee+dUozsezQE=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/syndtr/goleveldb v0.0.0-20160425020131-cfa635847112/go.mod h1:Z4AUp2Km+PwemOoO/VB5AOx9XSsIItzFjoJlOSiYmn0=
+github.com/syndtr/goleveldb v0.0.0-20181127023241-353a9fca669c/go.mod h1:Z4AUp2Km+PwemOoO/VB5AOx9XSsIItzFjoJlOSiYmn0=
+github.com/ugorji/go v0.0.0-20171122102828-84cb69a8af83/go.mod h1:hnLbHMwcvSihnDhEfx2/BzKp2xb0Y+ErdfYcrs9tkJQ=
+github.com/wendal/errors v0.0.0-20130201093226-f66c77a7882b/go.mod h1:Q12BUT7DqIlHRmgv3RskH+UCM/4eqVMgI0EMmlSpAXc=
+github.com/yuin/gopher-lua v0.0.0-20171031051903-609c9cd26973/go.mod h1:aEV29XrmTYFr3CiRxZeGHpkvbwq+prZduBqMaascyCU=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20211029224645-99673261e6eb h1:pirldcYWx7rx7kE5r+9WsOXPXK0+WH5+uZ7uPmJ44uM=
+golang.org/x/net v0.0.0-20211029224645-99673261e6eb/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200106162015-b016eb3dc98e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/secloud/api_auth.go b/secloud/api_auth.go
deleted file mode 100644
index 436aaaf..0000000
--- a/secloud/api_auth.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package secloud
-
-import (
-	"context"
-	"net/url"
-	"strings"
-
-	"github.com/antihax/optional"
-)
-
-// Linger please
-var (
-	_ context.Context
-)
-
-type AuthApiService service
-
-/*
-AuthApiService
-*/
-
-type AuthOpts struct {
-	ClientId     optional.String
-	ClientSecret optional.String
-}
-
-type AuthRespData struct {
-	AccessToken string `json:"access_token"`
-	ExpiresIn   int    `json:"expires_in"`
-}
-
-func (a *AuthApiService) Token(ctx context.Context,
-	localVarOptionals *AuthOpts) (*AuthRespData, error) {
-	var (
-		localVarHttpMethod = strings.ToUpper("Get")
-		localVarPostBody   interface{}
-		localVarFileName   string
-		localVarFileBytes  []byte
-	)
-
-	// create path and map variables
-	localVarPath := a.client.cfg.BasePath + "/auth/token"
-
-	localVarHeaderParams := make(map[string]string)
-	localVarQueryParams := url.Values{}
-	localVarFormParams := url.Values{}
-
-	if localVarOptionals != nil && localVarOptionals.ClientId.IsSet() {
-		localVarQueryParams.Add("clientId", parameterToString(localVarOptionals.ClientId.Value(), ""))
-	}
-	if localVarOptionals != nil && localVarOptionals.ClientSecret.IsSet() {
-		localVarQueryParams.Add("clientSecret", parameterToString(localVarOptionals.ClientSecret.Value(), ""))
-	}
-
-	// to determine the Content-Type header
-	localVarHttpContentTypes := []string{"application/json", "multipart/form-data"}
-
-	// set Content-Type header
-	localVarHttpContentType := selectHeaderContentType(localVarHttpContentTypes)
-	if localVarHttpContentType != "" {
-		localVarHeaderParams["Content-Type"] = localVarHttpContentType
-	}
-
-	// to determine the Accept header
-	localVarHttpHeaderAccepts := []string{"application/json"}
-
-	// set Accept header
-	localVarHttpHeaderAccept := selectHeaderAccept(localVarHttpHeaderAccepts)
-	if localVarHttpHeaderAccept != "" {
-		localVarHeaderParams["Accept"] = localVarHttpHeaderAccept
-	}
-	r, err := a.client.prepareRequest(ctx, localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes)
-	if err != nil {
-		return nil, err
-	}
-
-	localVarHttpResponse, err := a.client.callAPI(r)
-	if err != nil || localVarHttpResponse == nil {
-		return nil, err
-	}
-
-	data := AuthRespData{}
-	_, err = NewAPIResponse(localVarHttpResponse, &data)
-	if err != nil {
-		return nil, err
-	}
-	return &data, nil
-}
diff --git a/secloud/api_auth_test.go b/secloud/api_auth_test.go
deleted file mode 100644
index e89ef58..0000000
--- a/secloud/api_auth_test.go
+++ /dev/null
@@ -1,21 +0,0 @@
-package secloud
-
-import (
-	"context"
-	"testing"
-
-	"github.com/antihax/optional"
-)
-
-func TestAuth(t *testing.T) {
-	client := NewAPIClient(NewConfiguration("http://localhost:8080"))
-	authOpts := &AuthOpts{
-		ClientId:     optional.NewString("pingduoduo"),
-		ClientSecret: optional.NewString("123"),
-	}
-	data, err := client.AuthApi.Token(context.Background(), authOpts)
-	if err != nil {
-		t.Error(err)
-	}
-	t.Log(data.AccessToken)
-}
diff --git a/secloud/api_cipher.go b/secloud/api_cipher.go
deleted file mode 100644
index c9b2c21..0000000
--- a/secloud/api_cipher.go
+++ /dev/null
@@ -1,228 +0,0 @@
-package secloud
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-	"strings"
-
-	"github.com/antihax/optional"
-)
-
-// Linger please
-var (
-	_ context.Context
-)
-
-type CipherApiService service
-
-/*
-CipherApiService - Encrypt
-*/
-
-type EncryptOpts struct {
-	KeyId optional.String
-	Data  optional.String
-}
-
-type EncryptRespData struct {
-	EncData string `json:"enc_data"`
-}
-
-func (a *CipherApiService) Encrypt(ctx context.Context,
-	localVarOptionals *EncryptOpts) (*EncryptRespData, error) {
-	var (
-		localVarHttpMethod = strings.ToUpper("Post")
-		localVarPostBody   interface{}
-		localVarFileName   string
-		localVarFileBytes  []byte
-	)
-
-	// create path and map variables
-	localVarPath := a.client.cfg.BasePath + "/cipher/encrypt"
-
-	localVarHeaderParams := make(map[string]string)
-	localVarQueryParams := url.Values{}
-	localVarFormParams := url.Values{}
-	localBodyMap := make(map[string]interface{})
-
-	if localVarOptionals != nil && localVarOptionals.KeyId.IsSet() {
-		localBodyMap["keyId"] = parameterToString(localVarOptionals.KeyId.Value(), "")
-	}
-	if localVarOptionals != nil && localVarOptionals.Data.IsSet() {
-		localBodyMap["data"] = parameterToString(localVarOptionals.Data.Value(), "")
-	}
-	localVarPostBody, _ = json.Marshal(localBodyMap)
-
-	// to determine the Content-Type header
-	localVarHttpContentTypes := []string{"application/json", "multipart/form-data"}
-
-	// set Content-Type header
-	localVarHttpContentType := selectHeaderContentType(localVarHttpContentTypes)
-	if localVarHttpContentType != "" {
-		localVarHeaderParams["Content-Type"] = localVarHttpContentType
-	}
-
-	// to determine the Accept header
-	localVarHttpHeaderAccepts := []string{"application/json"}
-
-	// set Accept header
-	localVarHttpHeaderAccept := selectHeaderAccept(localVarHttpHeaderAccepts)
-	if localVarHttpHeaderAccept != "" {
-		localVarHeaderParams["Accept"] = localVarHttpHeaderAccept
-	}
-	r, err := a.client.prepareRequest(ctx, localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes)
-	if err != nil {
-		return nil, err
-	}
-
-	localVarHttpResponse, err := a.client.callAPI(r)
-	if err != nil || localVarHttpResponse == nil {
-		return nil, err
-	}
-
-	data := EncryptRespData{}
-	_, err = NewAPIResponse(localVarHttpResponse, &data)
-	if err != nil {
-		return nil, err
-	}
-	return &data, nil
-}
-
-/*
-CipherApiService - Decrypt
-*/
-
-type DecryptOpts struct {
-	EncData optional.String
-}
-
-type DecryptRespData struct {
-	Data string `json:"data"`
-}
-
-func (a *CipherApiService) Decrypt(ctx context.Context,
-	localVarOptionals *DecryptOpts) (*DecryptRespData, error) {
-	var (
-		localVarHttpMethod = strings.ToUpper("Post")
-		localVarPostBody   interface{}
-		localVarFileName   string
-		localVarFileBytes  []byte
-	)
-
-	// create path and map variables
-	localVarPath := a.client.cfg.BasePath + "/cipher/decrypt"
-
-	localVarHeaderParams := make(map[string]string)
-	localVarQueryParams := url.Values{}
-	localVarFormParams := url.Values{}
-	localBodyMap := make(map[string]interface{})
-
-	if localVarOptionals != nil && localVarOptionals.EncData.IsSet() {
-		localBodyMap["encData"] = parameterToString(localVarOptionals.EncData.Value(), "")
-	}
-	localVarPostBody, _ = json.Marshal(localBodyMap)
-
-	// to determine the Content-Type header
-	localVarHttpContentTypes := []string{"application/json", "multipart/form-data"}
-
-	// set Content-Type header
-	localVarHttpContentType := selectHeaderContentType(localVarHttpContentTypes)
-	if localVarHttpContentType != "" {
-		localVarHeaderParams["Content-Type"] = localVarHttpContentType
-	}
-
-	// to determine the Accept header
-	localVarHttpHeaderAccepts := []string{"application/json"}
-
-	// set Accept header
-	localVarHttpHeaderAccept := selectHeaderAccept(localVarHttpHeaderAccepts)
-	if localVarHttpHeaderAccept != "" {
-		localVarHeaderParams["Accept"] = localVarHttpHeaderAccept
-	}
-	r, err := a.client.prepareRequest(ctx, localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes)
-	if err != nil {
-		return nil, err
-	}
-
-	localVarHttpResponse, err := a.client.callAPI(r)
-	if err != nil || localVarHttpResponse == nil {
-		return nil, err
-	}
-
-	data := DecryptRespData{}
-	_, err = NewAPIResponse(localVarHttpResponse, &data)
-	if err != nil {
-		return nil, err
-	}
-	return &data, nil
-}
-
-/*
-CipherApiService - Random
-*/
-
-type RandomOpts struct {
-	Len optional.Int
-}
-
-type RandomRespData struct {
-	Data string `json:"data"`
-}
-
-func (a *CipherApiService) Random(ctx context.Context,
-	localVarOptionals *RandomOpts) (*RandomRespData, error) {
-	var (
-		localVarHttpMethod = strings.ToUpper("Post")
-		localVarPostBody   interface{}
-		localVarFileName   string
-		localVarFileBytes  []byte
-	)
-
-	// create path and map variables
-	localVarPath := a.client.cfg.BasePath + "/cipher/random"
-
-	localVarHeaderParams := make(map[string]string)
-	localVarQueryParams := url.Values{}
-	localVarFormParams := url.Values{}
-	localBodyMap := make(map[string]interface{})
-
-	if localVarOptionals != nil && localVarOptionals.Len.IsSet() {
-		localBodyMap["len"] = localVarOptionals.Len.Value()
-	}
-	localVarPostBody, _ = json.Marshal(localBodyMap)
-
-	// to determine the Content-Type header
-	localVarHttpContentTypes := []string{"application/json", "multipart/form-data"}
-
-	// set Content-Type header
-	localVarHttpContentType := selectHeaderContentType(localVarHttpContentTypes)
-	if localVarHttpContentType != "" {
-		localVarHeaderParams["Content-Type"] = localVarHttpContentType
-	}
-
-	// to determine the Accept header
-	localVarHttpHeaderAccepts := []string{"application/json"}
-
-	// set Accept header
-	localVarHttpHeaderAccept := selectHeaderAccept(localVarHttpHeaderAccepts)
-	if localVarHttpHeaderAccept != "" {
-		localVarHeaderParams["Accept"] = localVarHttpHeaderAccept
-	}
-	r, err := a.client.prepareRequest(ctx, localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes)
-	if err != nil {
-		return nil, err
-	}
-
-	localVarHttpResponse, err := a.client.callAPI(r)
-	if err != nil || localVarHttpResponse == nil {
-		return nil, err
-	}
-
-	data := RandomRespData{}
-	_, err = NewAPIResponse(localVarHttpResponse, &data)
-	if err != nil {
-		return nil, err
-	}
-	return &data, nil
-}
diff --git a/secloud/api_kms.go b/secloud/api_kms.go
deleted file mode 100644
index 894cc04..0000000
--- a/secloud/api_kms.go
+++ /dev/null
@@ -1,140 +0,0 @@
-package secloud
-
-import (
-	"context"
-	"net/url"
-	"strings"
-)
-
-// Linger please
-var (
-	_ context.Context
-)
-
-type KmsApiService service
-
-/*
-KmsApiService - GenerateKeyPair
-*/
-
-type GenerateKeyPairOpts struct {
-}
-
-type GenerateKeyPairRespData struct {
-	Pkey string `json:"pkey"`
-	Skey string `json:"skey"`
-}
-
-func (a *KmsApiService) GenerateKeyPair(ctx context.Context,
-	localVarOptionals *GenerateKeyPairOpts) (*GenerateKeyPairRespData, error) {
-	var (
-		localVarHttpMethod = strings.ToUpper("Get")
-		localVarPostBody   interface{}
-		localVarFileName   string
-		localVarFileBytes  []byte
-	)
-
-	// create path and map variables
-	localVarPath := a.client.cfg.BasePath + "/kms/generateKeyPair"
-
-	localVarHeaderParams := make(map[string]string)
-	localVarQueryParams := url.Values{}
-	localVarFormParams := url.Values{}
-
-	// to determine the Content-Type header
-	localVarHttpContentTypes := []string{"application/json", "multipart/form-data"}
-
-	// set Content-Type header
-	localVarHttpContentType := selectHeaderContentType(localVarHttpContentTypes)
-	if localVarHttpContentType != "" {
-		localVarHeaderParams["Content-Type"] = localVarHttpContentType
-	}
-
-	// to determine the Accept header
-	localVarHttpHeaderAccepts := []string{"application/json"}
-
-	// set Accept header
-	localVarHttpHeaderAccept := selectHeaderAccept(localVarHttpHeaderAccepts)
-	if localVarHttpHeaderAccept != "" {
-		localVarHeaderParams["Accept"] = localVarHttpHeaderAccept
-	}
-	r, err := a.client.prepareRequest(ctx, localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes)
-	if err != nil {
-		return nil, err
-	}
-
-	localVarHttpResponse, err := a.client.callAPI(r)
-	if err != nil || localVarHttpResponse == nil {
-		return nil, err
-	}
-
-	data := GenerateKeyPairRespData{}
-	_, err = NewAPIResponse(localVarHttpResponse, &data)
-	if err != nil {
-		return nil, err
-	}
-	return &data, nil
-}
-
-/*
-KmsApiService - GenerateKeyPair
-*/
-
-type GenerateWorkingKeyOpts struct {
-}
-
-type GenerateWorkingKeyRespData struct {
-	EncKey string `json:"enc_key"`
-	Code   string `json:"code"`
-}
-
-func (a *KmsApiService) GenerateWorkingKey(ctx context.Context,
-	localVarOptionals *GenerateWorkingKeyOpts) (*GenerateWorkingKeyRespData, error) {
-	var (
-		localVarHttpMethod = strings.ToUpper("Get")
-		localVarPostBody   interface{}
-		localVarFileName   string
-		localVarFileBytes  []byte
-	)
-
-	// create path and map variables
-	localVarPath := a.client.cfg.BasePath + "/kms/generateWorkingKey"
-
-	localVarHeaderParams := make(map[string]string)
-	localVarQueryParams := url.Values{}
-	localVarFormParams := url.Values{}
-
-	// to determine the Content-Type header
-	localVarHttpContentTypes := []string{"application/json", "multipart/form-data"}
-
-	// set Content-Type header
-	localVarHttpContentType := selectHeaderContentType(localVarHttpContentTypes)
-	if localVarHttpContentType != "" {
-		localVarHeaderParams["Content-Type"] = localVarHttpContentType
-	}
-
-	// to determine the Accept header
-	localVarHttpHeaderAccepts := []string{"application/json"}
-
-	// set Accept header
-	localVarHttpHeaderAccept := selectHeaderAccept(localVarHttpHeaderAccepts)
-	if localVarHttpHeaderAccept != "" {
-		localVarHeaderParams["Accept"] = localVarHttpHeaderAccept
-	}
-	r, err := a.client.prepareRequest(ctx, localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes)
-	if err != nil {
-		return nil, err
-	}
-
-	localVarHttpResponse, err := a.client.callAPI(r)
-	if err != nil || localVarHttpResponse == nil {
-		return nil, err
-	}
-
-	data := GenerateWorkingKeyRespData{}
-	_, err = NewAPIResponse(localVarHttpResponse, &data)
-	if err != nil {
-		return nil, err
-	}
-	return &data, nil
-}
diff --git a/secloud/api_kms_ext.go b/secloud/api_kms_ext.go
deleted file mode 100644
index ec05ca0..0000000
--- a/secloud/api_kms_ext.go
+++ /dev/null
@@ -1,181 +0,0 @@
-package secloud
-
-import (
-	"context"
-	"encoding/json"
-	"net/url"
-	"strings"
-
-	"github.com/antihax/optional"
-)
-
-// Linger please
-var (
-	_ context.Context
-)
-
-type KmsApiExtService service
-
-/*
-KmsApiExtService - GenerateKeyPairWithKEK
-*/
-
-type GenerateKeyPairWithKEKOpts struct {
-	KekIndex optional.Int
-}
-
-type GenerateKeyPairWithKEKRespData struct {
-	IpxIndex int    `json:"ipx_index"`
-	SignPkey string `json:"sign_pkey"`
-	SignSkey string `json:"sign_skey"`
-	EncPkey  string `json:"enc_pkey"`
-	EncSkey  string `json:"enc_skey"`
-}
-
-func (a *KmsApiExtService) GenerateKeyPairWithKEK(ctx context.Context,
-	localVarOptionals *GenerateKeyPairWithKEKOpts) (*GenerateKeyPairWithKEKRespData, error) {
-	var (
-		localVarHttpMethod = strings.ToUpper("Get")
-		localVarPostBody   interface{}
-		localVarFileName   string
-		localVarFileBytes  []byte
-	)
-
-	// create path and map variables
-	localVarPath := a.client.cfg.BasePath + "/kms/generateKeyPairWithKEK"
-
-	localVarHeaderParams := make(map[string]string)
-	localVarQueryParams := url.Values{}
-	localVarFormParams := url.Values{}
-
-	if localVarOptionals != nil && localVarOptionals.KekIndex.IsSet() {
-		localVarQueryParams.Add("kekIndex", parameterToString(localVarOptionals.KekIndex.Value(), ""))
-	}
-
-	// to determine the Content-Type header
-	localVarHttpContentTypes := []string{"application/json", "multipart/form-data"}
-
-	// set Content-Type header
-	localVarHttpContentType := selectHeaderContentType(localVarHttpContentTypes)
-	if localVarHttpContentType != "" {
-		localVarHeaderParams["Content-Type"] = localVarHttpContentType
-	}
-
-	// to determine the Accept header
-	localVarHttpHeaderAccepts := []string{"application/json"}
-
-	// set Accept header
-	localVarHttpHeaderAccept := selectHeaderAccept(localVarHttpHeaderAccepts)
-	if localVarHttpHeaderAccept != "" {
-		localVarHeaderParams["Accept"] = localVarHttpHeaderAccept
-	}
-	r, err := a.client.prepareRequest(ctx, localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes)
-	if err != nil {
-		return nil, err
-	}
-
-	localVarHttpResponse, err := a.client.callAPI(r)
-	if err != nil || localVarHttpResponse == nil {
-		return nil, err
-	}
-
-	data := GenerateKeyPairWithKEKRespData{}
-	_, err = NewAPIResponse(localVarHttpResponse, &data)
-	if err != nil {
-		return nil, err
-	}
-	return &data, nil
-}
-
-/*
-KmsApiExtService - ImportKeyPairWithKEK
-*/
-
-type ImportKeyPairWithKEKOpts struct {
-	DeviceUrl optional.String
-	KekIndex  optional.Int
-	IpxIndex  optional.Int
-	SignPkey  optional.String
-	SignSkey  optional.String
-	EncPkey   optional.String
-	EncSkey   optional.String
-}
-
-type ImportKeyPairWithKEKRespData struct {
-	Id int `json:"id"`
-}
-
-func (a *KmsApiExtService) ImportKeyPairWithKEK(ctx context.Context,
-	localVarOptionals *ImportKeyPairWithKEKOpts) (*ImportKeyPairWithKEKRespData, error) {
-	var (
-		localVarHttpMethod = strings.ToUpper("Post")
-		localVarPostBody   interface{}
-		localVarFileName   string
-		localVarFileBytes  []byte
-	)
-
-	// create path and map variables
-	localVarPath := a.client.cfg.BasePath + "/kms/importKeyPairWithKEK"
-
-	localVarHeaderParams := make(map[string]string)
-	localVarQueryParams := url.Values{}
-	localVarFormParams := url.Values{}
-	localBodyMap := make(map[string]interface{})
-
-	if localVarOptionals != nil && localVarOptionals.DeviceUrl.IsSet() {
-		localBodyMap["deviceUrl"] = localVarOptionals.DeviceUrl.Value()
-	}
-	if localVarOptionals != nil && localVarOptionals.KekIndex.IsSet() {
-		localBodyMap["kekIndex"] = localVarOptionals.KekIndex.Value()
-	}
-	if localVarOptionals != nil && localVarOptionals.IpxIndex.IsSet() {
-		localBodyMap["ipxIndex"] = localVarOptionals.IpxIndex.Value()
-	}
-	if localVarOptionals != nil && localVarOptionals.SignPkey.IsSet() {
-		localBodyMap["signPkey"] = parameterToString(localVarOptionals.SignPkey.Value(), "")
-	}
-	if localVarOptionals != nil && localVarOptionals.SignSkey.IsSet() {
-		localBodyMap["signSkey"] = parameterToString(localVarOptionals.SignSkey.Value(), "")
-	}
-	if localVarOptionals != nil && localVarOptionals.EncPkey.IsSet() {
-		localBodyMap["encPkey"] = parameterToString(localVarOptionals.EncPkey.Value(), "")
-	}
-	if localVarOptionals != nil && localVarOptionals.EncSkey.IsSet() {
-		localBodyMap["encSkey"] = parameterToString(localVarOptionals.EncSkey.Value(), "")
-	}
-	localVarPostBody, _ = json.Marshal(localBodyMap)
-
-	// to determine the Content-Type header
-	localVarHttpContentTypes := []string{"application/json", "multipart/form-data"}
-
-	// set Content-Type header
-	localVarHttpContentType := selectHeaderContentType(localVarHttpContentTypes)
-	if localVarHttpContentType != "" {
-		localVarHeaderParams["Content-Type"] = localVarHttpContentType
-	}
-
-	// to determine the Accept header
-	localVarHttpHeaderAccepts := []string{"application/json"}
-
-	// set Accept header
-	localVarHttpHeaderAccept := selectHeaderAccept(localVarHttpHeaderAccepts)
-	if localVarHttpHeaderAccept != "" {
-		localVarHeaderParams["Accept"] = localVarHttpHeaderAccept
-	}
-	r, err := a.client.prepareRequest(ctx, localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes)
-	if err != nil {
-		return nil, err
-	}
-
-	localVarHttpResponse, err := a.client.callAPI(r)
-	if err != nil || localVarHttpResponse == nil {
-		return nil, err
-	}
-
-	data := ImportKeyPairWithKEKRespData{}
-	_, err = NewAPIResponse(localVarHttpResponse, &data)
-	if err != nil {
-		return nil, err
-	}
-	return &data, nil
-}
diff --git a/secloud/api_kms_test.go b/secloud/api_kms_test.go
deleted file mode 100644
index a94b56d..0000000
--- a/secloud/api_kms_test.go
+++ /dev/null
@@ -1,55 +0,0 @@
-package secloud
-
-import (
-	"context"
-	"fmt"
-	"os"
-	"testing"
-
-	"github.com/antihax/optional"
-)
-
-var client *APIClient
-var accessToken string
-
-func setup() {
-	client = NewAPIClient(NewConfiguration("http://localhost:8080"))
-	authOpts := &AuthOpts{
-		ClientId:     optional.NewString("pingduoduo"),
-		ClientSecret: optional.NewString("123"),
-	}
-	data, err := client.AuthApi.Token(context.Background(), authOpts)
-	if err != nil {
-		os.Exit(1)
-	}
-	accessToken = data.AccessToken
-}
-
-func TestGenerateKeyPair(t *testing.T) {
-	data, err := client.KmsApi.GenerateKeyPair(
-		context.WithValue(context.Background(), ContextAccessToken, accessToken),
-		nil)
-	if err != nil {
-		t.Error(err)
-	}
-	t.Logf("pkey: %s\nskey: %s\n", data.Pkey, data.Skey)
-}
-
-func TestGenerateWorkingKey(t *testing.T) {
-	data, err := client.KmsApi.GenerateWorkingKey(
-		context.WithValue(context.Background(), ContextAccessToken, accessToken),
-		nil)
-	if err != nil {
-		t.Error(err)
-	}
-	t.Logf("EncKey: %s\nCode: %s", data.EncKey, data.Code)
-}
-
-func TestMain(m *testing.M) {
-
-	setup()
-	fmt.Println(accessToken)
-	code := m.Run()
-
-	os.Exit(code)
-}
diff --git a/secloud/auth.go b/secloud/auth.go
new file mode 100644
index 0000000..85bc733
--- /dev/null
+++ b/secloud/auth.go
@@ -0,0 +1,39 @@
+package secloud
+
+import (
+	"github.com/astaxie/beego/validation"
+)
+
+type AuthService struct {
+	Base *BaseService
+}
+
+func NewAuthService() *AuthService {
+	return &AuthService{
+		Base: BaseSvc,
+	}
+}
+
+func (as *AuthService) Token(appKey string, appSecret string) (string, error) {
+	valid := validation.Validation{}
+	valid.MinSize(appKey, 1, "appKey").Message("请输入合法的AppKey")
+	valid.MinSize(appSecret, 1, "appSecret").Message("请输入合法的AppSecret")
+	if valid.HasErrors() {
+		return "", handleValidationErrors(valid.Errors)
+	}
+
+	var ret TokenResp
+	_, err := as.Base.C.R().
+		SetHeader("Content-Type", "application/json").
+		SetQueryParams(map[string]string{
+			"clientId":     appKey,
+			"clientSecret": appSecret,
+		}).
+		SetResult(&ret).
+		Get("/auth/token")
+	if err != nil {
+		return "", err
+	}
+
+	return ret.Data.AccessToken, nil
+}
diff --git a/secloud/base.go b/secloud/base.go
new file mode 100644
index 0000000..ff2480c
--- /dev/null
+++ b/secloud/base.go
@@ -0,0 +1,24 @@
+package secloud
+
+import (
+	"crypto/tls"
+	"github.com/go-resty/resty/v2"
+	"time"
+)
+
+var BaseSvc *BaseService
+
+func init() {
+	c := resty.New().
+		SetRetryCount(3).
+		SetTimeout(60 * time.Second).
+		SetTLSClientConfig(&tls.Config{InsecureSkipVerify: false})
+
+	BaseSvc = &BaseService{
+		C: c,
+	}
+}
+
+type BaseService struct {
+	C *resty.Client
+}
diff --git a/secloud/cipher.go b/secloud/cipher.go
new file mode 100644
index 0000000..43ee2bf
--- /dev/null
+++ b/secloud/cipher.go
@@ -0,0 +1,85 @@
+package secloud
+
+import (
+	"github.com/astaxie/beego/validation"
+)
+
+type CipherService struct {
+	Base *BaseService
+}
+
+func NewCipherService() *CipherService {
+	return &CipherService{
+		Base: BaseSvc,
+	}
+}
+
+func (cs *CipherService) Encrypt(token string, keyId string, data string) (*EncryptRespData, error) {
+	valid := validation.Validation{}
+	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
+	valid.Length(keyId, 4, "keyId").Message("keyId长度为4位")
+	if valid.HasErrors() {
+		return nil, handleValidationErrors(valid.Errors)
+	}
+
+	var ret EncryptResp
+	_, err := cs.Base.C.R().
+		SetHeader("Authorization", "Bearer "+token).
+		SetBody(map[string]interface{}{
+			"keyId": keyId,
+			"data":  data,
+		}).
+		SetResult(&ret).
+		Post("/cipher/encrypt")
+	if err != nil {
+		return nil, err
+	}
+
+	return ret.Data, nil
+}
+
+func (cs *CipherService) Decrypt(token string, data string) (*DecryptRespData, error) {
+	valid := validation.Validation{}
+	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
+	valid.MinSize(data, 1, "data").Message("请输入合法的data数据！")
+	if valid.HasErrors() {
+		return nil, handleValidationErrors(valid.Errors)
+	}
+
+	var ret DecryptResp
+	_, err := cs.Base.C.R().
+		SetHeader("Authorization", "Bearer "+token).
+		SetBody(map[string]interface{}{
+			"encData": data,
+		}).
+		SetResult(&ret).
+		Post("/cipher/decrypt")
+	if err != nil {
+		return nil, err
+	}
+
+	return ret.Data, nil
+}
+
+func (cs *CipherService) Random(token string, len int) (*RandomRespData, error) {
+	valid := validation.Validation{}
+	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
+	valid.Min(len, 1, "len").Message("请输入合法的随机长度！")
+	if valid.HasErrors() {
+		return nil, handleValidationErrors(valid.Errors)
+	}
+
+	var ret RandomResp
+	_, err := cs.Base.C.R().
+		SetHeader("Authorization", "Bearer "+token).
+		SetBody(map[string]interface{}{
+			"len": len,
+		}).
+		SetResult(&ret).
+		Post("/cipher/random")
+	if err != nil {
+		return nil, err
+	}
+
+	return ret.Data, nil
+}
diff --git a/secloud/client.go b/secloud/client.go
index 81c690b..5b895c0 100644
--- a/secloud/client.go
+++ b/secloud/client.go
@@ -1,477 +1,24 @@
-/*
- * Secloud Open API
- *
- * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
- *
- * API version: 1.2.0
- * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
- */
-
 package secloud
 
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"encoding/xml"
-	"errors"
-	"fmt"
-	"io"
-	"mime/multipart"
-	"net/http"
-	"net/url"
-	"os"
-	"path/filepath"
-	"reflect"
-	"regexp"
-	"strconv"
-	"strings"
-	"time"
-	"unicode/utf8"
-)
-
-var (
-	jsonCheck = regexp.MustCompile("(?i:[application|text]/json)")
-	xmlCheck  = regexp.MustCompile("(?i:[application|text]/xml)")
-)
-
-// APIClient manages communication with the Secloud Open API API v1.2.0
-// In most cases there should be only one, shared, APIClient.
-type APIClient struct {
-	cfg    *Configuration
-	common service // Reuse a single struct instead of allocating one for each service on the heap.
-
-	// API Services
-	AuthApi   *AuthApiService
-	KmsApi    *KmsApiService
-	KmsExtApi *KmsApiExtService
-	CipherApi *CipherApiService
-}
-
-type service struct {
-	client *APIClient
-}
-
-// NewAPIClient creates a new API client. Requires a userAgent string describing your application.
-// optionally a custom http.Client to allow for advanced features such as caching.
-func NewAPIClient(cfg *Configuration) *APIClient {
-	if cfg.HTTPClient == nil {
-		cfg.HTTPClient = http.DefaultClient
-	}
-
-	c := &APIClient{}
-	c.cfg = cfg
-	c.common.client = c
-
-	// API Services
-	c.AuthApi = (*AuthApiService)(&c.common)
-	c.KmsApi = (*KmsApiService)(&c.common)
-	c.KmsExtApi = (*KmsApiExtService)(&c.common)
-	c.CipherApi = (*CipherApiService)(&c.common)
-
-	return c
-}
-
-func atoi(in string) (int, error) {
-	return strconv.Atoi(in)
-}
-
-// selectHeaderContentType select a content type from the available list.
-func selectHeaderContentType(contentTypes []string) string {
-	if len(contentTypes) == 0 {
-		return ""
-	}
-	if contains(contentTypes, "application/json") {
-		return "application/json"
-	}
-	return contentTypes[0] // use the first content type specified in 'consumes'
-}
-
-// selectHeaderAccept join all accept types and return
-func selectHeaderAccept(accepts []string) string {
-	if len(accepts) == 0 {
-		return ""
-	}
-
-	if contains(accepts, "application/json") {
-		return "application/json"
-	}
-
-	return strings.Join(accepts, ",")
-}
-
-// contains is a case insenstive match, finding needle in a haystack
-func contains(haystack []string, needle string) bool {
-	for _, a := range haystack {
-		if strings.EqualFold(a, needle) {
-			return true
-		}
-	}
-	return false
-}
-
-// Verify optional parameters are of the correct type.
-func typeCheckParameter(obj interface{}, expected string, name string) error {
-	// Make sure there is an object.
-	if obj == nil {
-		return nil
-	}
-
-	// Check the type is as expected.
-	if reflect.TypeOf(obj).String() != expected {
-		return fmt.Errorf("expected %s to be of type %s but received %s", name, expected, reflect.TypeOf(obj).String())
-	}
-	return nil
-}
-
-// parameterToString convert interface{} parameters to string, using a delimiter if format is provided.
-func parameterToString(obj interface{}, collectionFormat string) string {
-	var delimiter string
-
-	switch collectionFormat {
-	case "pipes":
-		delimiter = "|"
-	case "ssv":
-		delimiter = " "
-	case "tsv":
-		delimiter = "\t"
-	case "csv":
-		delimiter = ","
-	}
-
-	if reflect.TypeOf(obj).Kind() == reflect.Slice {
-		return strings.Trim(strings.Replace(fmt.Sprint(obj), " ", delimiter, -1), "[]")
-	}
-
-	return fmt.Sprintf("%v", obj)
-}
-
-// callAPI do the request.
-func (c *APIClient) callAPI(request *http.Request) (r *http.Response, err error) {
-	canRetry := func() bool {
-		if r != nil && r.StatusCode == 502 {
-			return true
-		}
-
-		return err != nil && strings.Contains(strings.ToLower(err.Error()), "502 bad gateway")
-	}
-
-	n := 3
-	for i := 0; i < n; i++ {
-		r, err = c.cfg.HTTPClient.Do(request)
-		if i+1 >= n || !canRetry() {
-			return
-		}
-
-		if err == nil && r != nil && r.Body != nil {
-			r.Body.Close()
-		}
-
-		time.Sleep(time.Duration(i+1) * time.Second)
-	}
-	return
-}
-
-// Change base path to allow switching to mocks
-func (c *APIClient) ChangeBasePath(path string) {
-	c.cfg.BasePath = path
-}
-
-// prepareRequest build the request
-func (c *APIClient) prepareRequest(
-	ctx context.Context,
-	path string, method string,
-	postBody interface{},
-	headerParams map[string]string,
-	queryParams url.Values,
-	formParams url.Values,
-	fileName string,
-	fileBytes []byte) (localVarRequest *http.Request, err error) {
-
-	var body *bytes.Buffer
-
-	// Detect postBody type and post.
-	if postBody != nil {
-		contentType := headerParams["Content-Type"]
-		if contentType == "" {
-			contentType = detectContentType(postBody)
-			headerParams["Content-Type"] = contentType
-		}
-
-		body, err = setBody(postBody, contentType)
-		if err != nil {
-			return nil, err
-		}
-	}
-
-	// add form parameters and file if available.
-	if len(formParams) > 0 || (len(fileBytes) > 0 && fileName != "") {
-		if body != nil {
-			return nil, errors.New("cannot specify postBody and multipart form at the same time")
-		}
-		body = &bytes.Buffer{}
-		w := multipart.NewWriter(body)
-
-		for k, v := range formParams {
-			for _, iv := range v {
-				if strings.HasPrefix(k, "@") { // file
-					err = addFile(w, k[1:], iv)
-					if err != nil {
-						return nil, err
-					}
-				} else { // form value
-					w.WriteField(k, iv)
-				}
-			}
-		}
-		if len(fileBytes) > 0 && fileName != "" {
-			w.Boundary()
-			//_, fileNm := filepath.Split(fileName)
-			part, err := w.CreateFormFile("file", filepath.Base(fileName))
-			if err != nil {
-				return nil, err
-			}
-			_, err = part.Write(fileBytes)
-			if err != nil {
-				return nil, err
-			}
-			// Set the Boundary in the Content-Type
-			headerParams["Content-Type"] = w.FormDataContentType()
-		}
-
-		// Set Content-Length
-		headerParams["Content-Length"] = fmt.Sprintf("%d", body.Len())
-		w.Close()
-	}
-
-	// Setup path and query parameters
-	url, err := url.Parse(path)
-	if err != nil {
-		return nil, err
-	}
-
-	// Adding Query Param
-	query := url.Query()
-	for k, v := range queryParams {
-		for _, iv := range v {
-			query.Add(k, iv)
-		}
-	}
-
-	// Encode the parameters.
-	url.RawQuery = query.Encode()
-
-	// Generate a new request
-	if body != nil {
-		localVarRequest, err = http.NewRequest(method, url.String(), body)
-	} else {
-		localVarRequest, err = http.NewRequest(method, url.String(), nil)
-	}
-	if err != nil {
-		return nil, err
-	}
-
-	// add header parameters, if any
-	if len(headerParams) > 0 {
-		headers := http.Header{}
-		for h, v := range headerParams {
-			headers.Set(h, v)
-		}
-		localVarRequest.Header = headers
-	}
-
-	// Override request host, if applicable
-	if c.cfg.Host != "" {
-		localVarRequest.Host = c.cfg.Host
-	}
-
-	// Add the user agent to the request.
-	localVarRequest.Header.Add("User-Agent", c.cfg.UserAgent)
-
-	if ctx != nil {
-		// add context to the request
-		localVarRequest = localVarRequest.WithContext(ctx)
-
-		// Walk through any authentication.
-
-		// Basic HTTP Authentication
-		if auth, ok := ctx.Value(ContextBasicAuth).(BasicAuth); ok {
-			localVarRequest.SetBasicAuth(auth.UserName, auth.Password)
-		}
-
-		// AccessToken Authentication
-		if auth, ok := ctx.Value(ContextAccessToken).(string); ok {
-			localVarRequest.Header.Add("Authorization", "Bearer "+auth)
-		}
-	}
-
-	for header, value := range c.cfg.DefaultHeader {
-		localVarRequest.Header.Add(header, value)
-	}
-
-	return localVarRequest, nil
+type SecClientConfig struct {
+	ServerUrl string
 }
 
-func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err error) {
-	if strings.Contains(contentType, "application/xml") {
-		if err = xml.Unmarshal(b, v); err != nil {
-			return err
-		}
-		return nil
-	} else if strings.Contains(contentType, "application/json") {
-		if err = json.Unmarshal(b, v); err != nil {
-			return err
-		}
-		return nil
-	}
-	return errors.New("undefined response type")
+type SecClient struct {
+	Config    *SecClientConfig
+	AuthApi   *AuthService
+	CipherApi *CipherService
+	KmsApi    *KmsService
 }
 
-// Add a file to the multipart request
-func addFile(w *multipart.Writer, fieldName, path string) error {
-	file, err := os.Open(path)
-	if err != nil {
-		return err
-	}
-	defer file.Close()
+func NewSecClient(config *SecClientConfig) *SecClient {
+	cfg := verifyAndStandardizeConfig(config)
+	setBaseUrl(cfg.ServerUrl)
 
-	part, err := w.CreateFormFile(fieldName, filepath.Base(path))
-	if err != nil {
-		return err
+	return &SecClient{
+		Config:    cfg,
+		AuthApi:   NewAuthService(),
+		CipherApi: NewCipherService(),
+		KmsApi:    NewKmsService(),
 	}
-	_, err = io.Copy(part, file)
-
-	return err
-}
-
-// Prevent trying to import "fmt"
-func reportError(format string, a ...interface{}) error {
-	return fmt.Errorf(format, a...)
-}
-
-// Set request body from an interface{}
-func setBody(body interface{}, contentType string) (bodyBuf *bytes.Buffer, err error) {
-	if bodyBuf == nil {
-		bodyBuf = &bytes.Buffer{}
-	}
-
-	if reader, ok := body.(io.Reader); ok {
-		_, err = bodyBuf.ReadFrom(reader)
-	} else if b, ok := body.([]byte); ok {
-		_, err = bodyBuf.Write(b)
-	} else if s, ok := body.(string); ok {
-		_, err = bodyBuf.WriteString(s)
-	} else if s, ok := body.(*string); ok {
-		_, err = bodyBuf.WriteString(*s)
-	} else if jsonCheck.MatchString(contentType) {
-		err = json.NewEncoder(bodyBuf).Encode(body)
-	} else if xmlCheck.MatchString(contentType) {
-		xml.NewEncoder(bodyBuf).Encode(body)
-	}
-
-	if err != nil {
-		return nil, err
-	}
-
-	if bodyBuf.Len() == 0 {
-		err = fmt.Errorf("invalid body type %s", contentType)
-		return nil, err
-	}
-	return bodyBuf, nil
-}
-
-// detectContentType method is used to figure out `Request.Body` content type for request header
-func detectContentType(body interface{}) string {
-	contentType := "text/plain; charset=utf-8"
-	kind := reflect.TypeOf(body).Kind()
-
-	switch kind {
-	case reflect.Struct, reflect.Map, reflect.Ptr:
-		contentType = "application/json; charset=utf-8"
-	case reflect.String:
-		contentType = "text/plain; charset=utf-8"
-	default:
-		if b, ok := body.([]byte); ok {
-			contentType = http.DetectContentType(b)
-		} else if kind == reflect.Slice {
-			contentType = "application/json; charset=utf-8"
-		}
-	}
-
-	return contentType
-}
-
-// Ripped from https://github.com/gregjones/httpcache/blob/master/httpcache.go
-type cacheControl map[string]string
-
-func parseCacheControl(headers http.Header) cacheControl {
-	cc := cacheControl{}
-	ccHeader := headers.Get("Cache-Control")
-	for _, part := range strings.Split(ccHeader, ",") {
-		part = strings.Trim(part, " ")
-		if part == "" {
-			continue
-		}
-		if strings.ContainsRune(part, '=') {
-			keyval := strings.Split(part, "=")
-			cc[strings.Trim(keyval[0], " ")] = strings.Trim(keyval[1], ",")
-		} else {
-			cc[part] = ""
-		}
-	}
-	return cc
-}
-
-// CacheExpires helper function to determine remaining time before repeating a request.
-func CacheExpires(r *http.Response) time.Time {
-	// Figure out when the cache expires.
-	var expires time.Time
-	now, err := time.Parse(time.RFC1123, r.Header.Get("date"))
-	if err != nil {
-		return time.Now()
-	}
-	respCacheControl := parseCacheControl(r.Header)
-
-	if maxAge, ok := respCacheControl["max-age"]; ok {
-		lifetime, err := time.ParseDuration(maxAge + "s")
-		if err != nil {
-			expires = now
-		}
-		expires = now.Add(lifetime)
-	} else {
-		expiresHeader := r.Header.Get("Expires")
-		if expiresHeader != "" {
-			expires, err = time.Parse(time.RFC1123, expiresHeader)
-			if err != nil {
-				expires = now
-			}
-		}
-	}
-	return expires
-}
-
-func strlen(s string) int {
-	return utf8.RuneCountInString(s)
-}
-
-// GenericSwaggerError Provides access to the body, error and model on returned errors.
-type GenericSwaggerError struct {
-	body  []byte
-	error string
-	model interface{}
-}
-
-// Error returns non-empty string if there was an error.
-func (e GenericSwaggerError) Error() string {
-	return e.error
-}
-
-// Body returns the raw bytes of the response
-func (e GenericSwaggerError) Body() []byte {
-	return e.body
-}
-
-// Model returns the unpacked model of the error
-func (e GenericSwaggerError) Model() interface{} {
-	return e.model
 }
diff --git a/secloud/common.go b/secloud/common.go
new file mode 100644
index 0000000..1deaaa5
--- /dev/null
+++ b/secloud/common.go
@@ -0,0 +1,98 @@
+package secloud
+
+type TokenResp struct {
+	Code int           `json:"code"`
+	Msg  string        `json:"msg"`
+	Data TokenRespData `json:"data"`
+}
+
+type TokenRespData struct {
+	AccessToken string `json:"access_token"`
+	ExpiresIn   int    `json:"expires_in"`
+}
+
+type GenerateKeyPairResp struct {
+	Code int                      `json:"code"`
+	Msg  string                   `json:"msg"`
+	Data *GenerateKeyPairRespData `json:"data"`
+}
+
+type GenerateKeyPairRespData struct {
+	Pkey string `json:"pkey"`
+	Skey string `json:"skey"`
+}
+
+type GenerateWorkingKeyResp struct {
+	Code int                         `json:"code"`
+	Msg  string                      `json:"msg"`
+	Data *GenerateWorkingKeyRespData `json:"data"`
+}
+
+type GenerateWorkingKeyRespData struct {
+	Code   string `json:"code"`
+	EncKey string `json:"enc_key"`
+}
+
+type GenerateKeyPairWithKEKResp struct {
+	Code int                             `json:"code"`
+	Msg  string                          `json:"msg"`
+	Data *GenerateKeyPairWithKEKRespData `json:"data"`
+}
+
+type GenerateKeyPairWithKEKRespData struct {
+	IpxIndex int    `json:"ipx_index"`
+	EncPkey  string `json:"enc_pkey"`
+	EncSkey  string `json:"enc_skey"`
+	SignPkey string `json:"sign_pkey"`
+	SignSkey string `json:"sign_skey"`
+}
+
+type ImportKeyPairWithKEKArgs struct {
+	DeviceUrl string `json:"deviceUrl"`
+	IpxIndex  int    `json:"ipxIndex"`
+	KekIndex  int    `json:"kekIndex"`
+	EncPkey   string `json:"encPkey"`
+	EncSkey   string `json:"encSkey"`
+	SignPkey  string `json:"signPkey"`
+	SignSkey  string `json:"signSkey"`
+}
+
+type ImportKeyPairWithKEKResp struct {
+	Code int                           `json:"code"`
+	Msg  string                        `json:"msg"`
+	Data *ImportKeyPairWithKEKRespData `json:"data"`
+}
+
+type ImportKeyPairWithKEKRespData struct {
+	ID int `json:"id"`
+}
+
+type EncryptResp struct {
+	Code int              `json:"code"`
+	Msg  string           `json:"msg"`
+	Data *EncryptRespData `json:"data"`
+}
+
+type EncryptRespData struct {
+	EncData string `json:"enc_data"`
+}
+
+type DecryptResp struct {
+	Code int              `json:"code"`
+	Msg  string           `json:"msg"`
+	Data *DecryptRespData `json:"data"`
+}
+
+type DecryptRespData struct {
+	Data string `json:"data"`
+}
+
+type RandomResp struct {
+	Code int             `json:"code"`
+	Msg  string          `json:"msg"`
+	Data *RandomRespData `json:"data"`
+}
+
+type RandomRespData struct {
+	Data string `json:"data"`
+}
diff --git a/secloud/configuration.go b/secloud/configuration.go
deleted file mode 100644
index 7310854..0000000
--- a/secloud/configuration.go
+++ /dev/null
@@ -1,72 +0,0 @@
-/*
- * Secloud Open API
- *
- * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
- *
- * API version: 5.3.2
- * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
- */
-
-package secloud
-
-import (
-	"net/http"
-)
-
-// contextKeys are used to identify the type of value in the context.
-// Since these are string, it is possible to get a short description of the
-// context key for logging and debugging using key.String().
-
-type contextKey string
-
-func (c contextKey) String() string {
-	return "auth " + string(c)
-}
-
-var (
-	// ContextOAuth2 takes a oauth2.TokenSource as authentication for the request.
-	ContextOAuth2 = contextKey("token")
-
-	// ContextBasicAuth takes BasicAuth as authentication for the request.
-	ContextBasicAuth = contextKey("basic")
-
-	// ContextAccessToken takes a string oauth2 access token as authentication for the request.
-	ContextAccessToken = contextKey("accesstoken")
-
-	// ContextAPIKey takes an APIKey as authentication for the request
-	ContextAPIKey = contextKey("apikey")
-)
-
-// BasicAuth provides basic http authentication to a request passed via context using ContextBasicAuth
-type BasicAuth struct {
-	UserName string `json:"userName,omitempty"`
-	Password string `json:"password,omitempty"`
-}
-
-// APIKey provides API key based authentication to a request passed via context using ContextAPIKey
-type APIKey struct {
-	Key    string
-	Prefix string
-}
-
-type Configuration struct {
-	BasePath      string            `json:"basePath,omitempty"`
-	Host          string            `json:"host,omitempty"`
-	Scheme        string            `json:"scheme,omitempty"`
-	DefaultHeader map[string]string `json:"defaultHeader,omitempty"`
-	UserAgent     string            `json:"userAgent,omitempty"`
-	HTTPClient    *http.Client
-}
-
-func NewConfiguration(basePath string) *Configuration {
-	cfg := &Configuration{
-		BasePath:      basePath,
-		DefaultHeader: make(map[string]string),
-		UserAgent:     "Swagger-Codegen/1.0.0/go",
-	}
-	return cfg
-}
-
-func (c *Configuration) AddDefaultHeader(key string, value string) {
-	c.DefaultHeader[key] = value
-}
diff --git a/secloud/error.go b/secloud/error.go
new file mode 100644
index 0000000..a3c9db8
--- /dev/null
+++ b/secloud/error.go
@@ -0,0 +1,14 @@
+package secloud
+
+import (
+	"errors"
+	"github.com/astaxie/beego/validation"
+)
+
+func handleValidationErrors(e []*validation.Error) error {
+	errStr := ""
+	for i := 0; i < len(e); i++ {
+		errStr = errStr + e[i].String() + "\n "
+	}
+	return errors.New(errStr)
+}
diff --git a/secloud/kms.go b/secloud/kms.go
new file mode 100644
index 0000000..8912a1d
--- /dev/null
+++ b/secloud/kms.go
@@ -0,0 +1,104 @@
+package secloud
+
+import (
+	"github.com/astaxie/beego/validation"
+	"strconv"
+)
+
+type KmsService struct {
+	Base *BaseService
+}
+
+func NewKmsService() *KmsService {
+	return &KmsService{
+		Base: BaseSvc,
+	}
+}
+
+func (ks *KmsService) GenerateKeyPair(token string) (*GenerateKeyPairRespData, error) {
+	valid := validation.Validation{}
+	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
+	if valid.HasErrors() {
+		return nil, handleValidationErrors(valid.Errors)
+	}
+
+	var ret GenerateKeyPairResp
+	_, err := ks.Base.C.R().
+		SetHeader("Authorization", "Bearer "+token).
+		SetResult(&ret).
+		Get("/kms/generateKeyPair")
+	if err != nil {
+		return nil, err
+	}
+
+	return ret.Data, nil
+}
+
+func (ks *KmsService) GenerateWorkingKey(token string) (*GenerateWorkingKeyRespData, error) {
+	valid := validation.Validation{}
+	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
+	if valid.HasErrors() {
+		return nil, handleValidationErrors(valid.Errors)
+	}
+
+	var ret GenerateWorkingKeyResp
+	_, err := ks.Base.C.R().
+		SetHeader("Authorization", "Bearer "+token).
+		SetResult(&ret).
+		Get("/kms/generateWorkingKey")
+	if err != nil {
+		return nil, err
+	}
+
+	return ret.Data, nil
+}
+
+func (ks *KmsService) GenerateKeyPairWithKEK(token string, kekIndex int) (*GenerateKeyPairWithKEKRespData, error) {
+	valid := validation.Validation{}
+	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
+	valid.Min(kekIndex, 1, "kekIndex").Message("请输入合法的kekIndex！")
+	if valid.HasErrors() {
+		return nil, handleValidationErrors(valid.Errors)
+	}
+
+	var ret GenerateKeyPairWithKEKResp
+	_, err := ks.Base.C.R().
+		SetHeader("Authorization", "Bearer "+token).
+		SetQueryParams(map[string]string{
+			"kekIndex": strconv.Itoa(kekIndex),
+		}).
+		SetResult(&ret).
+		Get("/kms/generateKeyPairWithKEK")
+	if err != nil {
+		return nil, err
+	}
+
+	return ret.Data, nil
+}
+
+func (ks *KmsService) ImportKeyPairWithKEK(token string, args *ImportKeyPairWithKEKArgs) (*ImportKeyPairWithKEKRespData, error) {
+	valid := validation.Validation{}
+	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
+	valid.MinSize(args.DeviceUrl, 1, "deviceUrl").Message("请输入合法的deviceUrl！")
+	valid.Min(args.KekIndex, 1, "kekIndex").Message("请输入合法的kekIndex！")
+	valid.Min(args.IpxIndex, 1, "ipxIndex").Message("请输入合法的ipxIndex！")
+	valid.MinSize(args.EncPkey, 1, "encPkey").Message("请输入合法的encPkey！")
+	valid.MinSize(args.EncSkey, 1, "encSkey").Message("请输入合法的encSkey！")
+	valid.MinSize(args.SignPkey, 1, "signPkey").Message("请输入合法的signPkey！")
+	valid.MinSize(args.SignSkey, 1, "signSkey").Message("请输入合法的signSkey！")
+	if valid.HasErrors() {
+		return nil, handleValidationErrors(valid.Errors)
+	}
+
+	var ret ImportKeyPairWithKEKResp
+	_, err := ks.Base.C.R().
+		SetHeader("Authorization", "Bearer "+token).
+		SetBody(args).
+		SetResult(&ret).
+		Post("/kms/importKeyPairWithKEK")
+	if err != nil {
+		return nil, err
+	}
+
+	return ret.Data, nil
+}
diff --git a/secloud/response.go b/secloud/response.go
deleted file mode 100644
index 86b8e5d..0000000
--- a/secloud/response.go
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Secloud Open API
- *
- * No description provided (generated by Swagger Codegen https://github.com/swagger-api/swagger-codegen)
- *
- * API version: 5.3.2
- * Generated by: Swagger Codegen (https://github.com/swagger-api/swagger-codegen.git)
- */
-
-package secloud
-
-import (
-	"encoding/json"
-	"io"
-	"net/http"
-)
-
-type APIResponse struct {
-	Message string      `json:"msg,omitempty"`
-	Code    int         `json:"code,omitempty"`
-	Data    interface{} `json:"data"`
-}
-
-func NewAPIResponse(r *http.Response, d interface{}) (*APIResponse, error) {
-	localVarBody, err := io.ReadAll(r.Body)
-	r.Body.Close()
-	if err != nil {
-		return nil, err
-	}
-
-	if r.StatusCode >= 300 {
-		newErr := GenericSwaggerError{
-			body:  localVarBody,
-			error: r.Status,
-		}
-
-		return nil, newErr
-	}
-	response := APIResponse{}
-	err = json.Unmarshal(localVarBody, &response)
-	if err != nil {
-		return nil, err
-	}
-
-	if response.Code != 200 {
-		newErr := GenericSwaggerError{
-			body:  localVarBody,
-			error: response.Message,
-		}
-
-		return nil, newErr
-	}
-
-	data, err := json.Marshal(response.Data)
-	if err != nil {
-		return nil, err
-	}
-
-	err = json.Unmarshal(data, d)
-	if err != nil {
-		return nil, err
-	}
-
-	response.Data = d
-
-	return &response, nil
-}
diff --git a/secloud/util.go b/secloud/util.go
new file mode 100644
index 0000000..9a2de4d
--- /dev/null
+++ b/secloud/util.go
@@ -0,0 +1,21 @@
+package secloud
+
+import (
+	"strings"
+)
+
+func verifyAndStandardizeConfig(raw *SecClientConfig) *SecClientConfig {
+	cfg := &SecClientConfig{}
+
+	if !strings.Contains(raw.ServerUrl, "http://") {
+		cfg.ServerUrl = "http://" + raw.ServerUrl
+	} else {
+		cfg.ServerUrl = raw.ServerUrl
+	}
+
+	return cfg
+}
+
+func setBaseUrl(url string) {
+	BaseSvc.C.SetBaseURL(url)
+}
diff --git a/test/test.go b/test/test.go
new file mode 100644
index 0000000..af82c75
--- /dev/null
+++ b/test/test.go
@@ -0,0 +1,32 @@
+package main
+
+import (
+	"fmt"
+	"gitee.com/wx-rdc/secloud-sdk-go/secloud"
+)
+
+func main() {
+	c := secloud.NewSecClient(&secloud.SecClientConfig{ServerUrl: "http://192.168.1.19:8080"})
+	token, _ := c.AuthApi.Token("pingduoduo", "123")
+	encData, _ := c.CipherApi.Encrypt(token, "asd2", "123")
+	fmt.Println(encData)
+	raw, _ := c.CipherApi.Decrypt(token, encData.EncData)
+	fmt.Println(raw)
+	ran, _ := c.CipherApi.Random(token, 16)
+	fmt.Println(ran)
+	wk, _ := c.KmsApi.GenerateWorkingKey(token)
+	fmt.Println(wk)
+	kp, _ := c.KmsApi.GenerateKeyPairWithKEK(token, 1)
+	fmt.Println(kp)
+
+	args := &secloud.ImportKeyPairWithKEKArgs{
+		DeviceUrl: "http://sec-device-security-8100:8100",
+		IpxIndex:  kp.IpxIndex,
+		KekIndex:  1,
+		EncPkey:   kp.EncPkey,
+		EncSkey:   kp.EncSkey,
+		SignPkey:  kp.SignPkey,
+		SignSkey:  kp.SignSkey,
+	}
+	fmt.Println(c.KmsApi.ImportKeyPairWithKEK(token, args))
+}
-- 
Gitee


From ef0dc4093c88f170ca3c542a48f82bd1cba5df54 Mon Sep 17 00:00:00 2001
From: chen_yuteng <chenyt@jnsec.net>
Date: Thu, 23 Mar 2023 16:03:17 +0800
Subject: [PATCH 02/24] Fix: api fmt

---
 .idea/modules.xml        |  8 +++++
 .idea/secloud-sdk-go.iml |  9 +++++
 .idea/vcs.xml            |  6 ++++
 .idea/workspace.xml      | 19 +++++++++++
 go.mod                   |  1 +
 go.sum                   |  2 ++
 secloud/auth.go          | 25 +++++++++-----
 secloud/cipher.go        | 60 ++++++++++++++++++++++++---------
 secloud/common.go        | 20 ++++-------
 secloud/kms.go           | 73 ++++++++++++++++++++++++++++++----------
 test/test.go             | 51 +++++++++++++---------------
 11 files changed, 191 insertions(+), 83 deletions(-)
 create mode 100644 .idea/modules.xml
 create mode 100644 .idea/secloud-sdk-go.iml
 create mode 100644 .idea/vcs.xml

diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..723b1af
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/secloud-sdk-go.iml" filepath="$PROJECT_DIR$/.idea/secloud-sdk-go.iml" />
+    </modules>
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/secloud-sdk-go.iml b/.idea/secloud-sdk-go.iml
new file mode 100644
index 0000000..5e764c4
--- /dev/null
+++ b/.idea/secloud-sdk-go.iml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="Go" enabled="true" />
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..94a25f7
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$" vcs="Git" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index 669901d..4a490aa 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -6,6 +6,13 @@
   <component name="ChangeListManager">
     <list default="true" id="ea7f0651-8fd4-4965-8355-8665a550ec1c" name="Changes" comment="">
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/go.mod" beforeDir="false" afterPath="$PROJECT_DIR$/go.mod" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/go.sum" beforeDir="false" afterPath="$PROJECT_DIR$/go.sum" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/secloud/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/auth.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/secloud/cipher.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/cipher.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/secloud/common.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/common.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/secloud/kms.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/kms.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/test/test.go" beforeDir="false" afterPath="$PROJECT_DIR$/test/test.go" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
@@ -22,6 +29,7 @@
   <component name="GOROOT" url="file:///usr/local/go" />
   <component name="Git.Settings">
     <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
+    <option name="RESET_MODE" value="HARD" />
   </component>
   <component name="MarkdownSettingsMigration">
     <option name="stateVersion" value="1" />
@@ -87,6 +95,17 @@
   <component name="TypeScriptGeneratedFilesManager">
     <option name="version" value="3" />
   </component>
+  <component name="Vcs.Log.Tabs.Properties">
+    <option name="TAB_STATES">
+      <map>
+        <entry key="MAIN">
+          <value>
+            <State />
+          </value>
+        </entry>
+      </map>
+    </option>
+  </component>
   <component name="VgoProject">
     <settings-migrated>true</settings-migrated>
   </component>
diff --git a/go.mod b/go.mod
index d4a6547..e82da25 100644
--- a/go.mod
+++ b/go.mod
@@ -8,6 +8,7 @@ require (
 )
 
 require (
+	github.com/antihax/optional v1.0.0 // indirect
 	github.com/shiena/ansicolor v0.0.0-20151119151921-a422bbe96644 // indirect
 	golang.org/x/net v0.0.0-20211029224645-99673261e6eb // indirect
 )
diff --git a/go.sum b/go.sum
index 6c62619..a331432 100644
--- a/go.sum
+++ b/go.sum
@@ -6,6 +6,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alicebob/gopher-json v0.0.0-20180125190556-5a6b3ba71ee6/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc=
 github.com/alicebob/miniredis v2.5.0+incompatible/go.mod h1:8HZjEj4yU0dwhYHky+DxYx+6BMjkBbe5ONFIF1MXffk=
+github.com/antihax/optional v1.0.0 h1:xK2lYat7ZLaVVcIuj82J8kIro4V6kDe0AUDFboUCwcg=
+github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/astaxie/beego v1.12.3 h1:SAQkdD2ePye+v8Gn1r4X6IKZM1wd28EyUOVQ3PDSOOQ=
 github.com/astaxie/beego v1.12.3/go.mod h1:p3qIm0Ryx7zeBHLljmd7omloyca1s4yu1a8kM1FkpIA=
 github.com/beego/goyaml2 v0.0.0-20130207012346-5545475820dd/go.mod h1:1b+Y/CofkYwXMUU0OhQqGvsY2Bvgr4j6jfT699wyZKQ=
diff --git a/secloud/auth.go b/secloud/auth.go
index 85bc733..2380b87 100644
--- a/secloud/auth.go
+++ b/secloud/auth.go
@@ -1,6 +1,8 @@
 package secloud
 
 import (
+	"github.com/antihax/optional"
+	"github.com/astaxie/beego/context"
 	"github.com/astaxie/beego/validation"
 )
 
@@ -14,26 +16,31 @@ func NewAuthService() *AuthService {
 	}
 }
 
-func (as *AuthService) Token(appKey string, appSecret string) (string, error) {
+type AuthOpts struct {
+	ClientId     optional.String
+	ClientSecret optional.String
+}
+
+func (as *AuthService) Token(ctx context.Context, authOpts *AuthOpts) (*AuthRespData, error) {
 	valid := validation.Validation{}
-	valid.MinSize(appKey, 1, "appKey").Message("请输入合法的AppKey")
-	valid.MinSize(appSecret, 1, "appSecret").Message("请输入合法的AppSecret")
+	valid.MinSize(authOpts.ClientId.Value(), 1, "appKey").Message("请输入合法的AppKey")
+	valid.MinSize(authOpts.ClientSecret.Value(), 1, "appSecret").Message("请输入合法的AppSecret")
 	if valid.HasErrors() {
-		return "", handleValidationErrors(valid.Errors)
+		return nil, handleValidationErrors(valid.Errors)
 	}
 
-	var ret TokenResp
+	var ret AuthResp
 	_, err := as.Base.C.R().
 		SetHeader("Content-Type", "application/json").
 		SetQueryParams(map[string]string{
-			"clientId":     appKey,
-			"clientSecret": appSecret,
+			"clientId":     authOpts.ClientId.Value(),
+			"clientSecret": authOpts.ClientSecret.Value(),
 		}).
 		SetResult(&ret).
 		Get("/auth/token")
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 
-	return ret.Data.AccessToken, nil
+	return ret.Data, nil
 }
diff --git a/secloud/cipher.go b/secloud/cipher.go
index 43ee2bf..bc6dc7d 100644
--- a/secloud/cipher.go
+++ b/secloud/cipher.go
@@ -1,6 +1,9 @@
 package secloud
 
 import (
+	"context"
+	"errors"
+	"github.com/antihax/optional"
 	"github.com/astaxie/beego/validation"
 )
 
@@ -14,20 +17,37 @@ func NewCipherService() *CipherService {
 	}
 }
 
-func (cs *CipherService) Encrypt(token string, keyId string, data string) (*EncryptRespData, error) {
+type EncryptOpts struct {
+	KeyId optional.String
+	Data  optional.String
+}
+
+type DecryptOpts struct {
+	EncData optional.String
+}
+
+type RandomOpts struct {
+	Len optional.Int
+}
+
+func (cs *CipherService) Encrypt(ctx context.Context, opts *EncryptOpts) (*EncryptRespData, error) {
+	if ctx.Value(AccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
 	valid := validation.Validation{}
-	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
-	valid.Length(keyId, 4, "keyId").Message("keyId长度为4位")
+	valid.MinSize(ctx.Value(AccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.Length(opts.KeyId.Value(), 4, "keyId").Message("keyId长度为4位")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
 	}
 
 	var ret EncryptResp
 	_, err := cs.Base.C.R().
-		SetHeader("Authorization", "Bearer "+token).
+		SetHeader("Authorization", "Bearer "+ctx.Value(AccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"keyId": keyId,
-			"data":  data,
+			"keyId": opts.KeyId.Value(),
+			"data":  opts.Data.Value(),
 		}).
 		SetResult(&ret).
 		Post("/cipher/encrypt")
@@ -38,19 +58,23 @@ func (cs *CipherService) Encrypt(token string, keyId string, data string) (*Encr
 	return ret.Data, nil
 }
 
-func (cs *CipherService) Decrypt(token string, data string) (*DecryptRespData, error) {
+func (cs *CipherService) Decrypt(ctx context.Context, opts *DecryptOpts) (*DecryptRespData, error) {
+	if ctx.Value(AccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
 	valid := validation.Validation{}
-	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
-	valid.MinSize(data, 1, "data").Message("请输入合法的data数据！")
+	valid.MinSize(ctx.Value(AccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(opts.EncData.Value(), 1, "data").Message("请输入合法的data数据！")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
 	}
 
 	var ret DecryptResp
 	_, err := cs.Base.C.R().
-		SetHeader("Authorization", "Bearer "+token).
+		SetHeader("Authorization", "Bearer "+ctx.Value(AccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"encData": data,
+			"encData": opts.EncData.Value(),
 		}).
 		SetResult(&ret).
 		Post("/cipher/decrypt")
@@ -61,19 +85,23 @@ func (cs *CipherService) Decrypt(token string, data string) (*DecryptRespData, e
 	return ret.Data, nil
 }
 
-func (cs *CipherService) Random(token string, len int) (*RandomRespData, error) {
+func (cs *CipherService) Random(ctx context.Context, opts *RandomOpts) (*RandomRespData, error) {
+	if ctx.Value(AccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
 	valid := validation.Validation{}
-	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
-	valid.Min(len, 1, "len").Message("请输入合法的随机长度！")
+	valid.MinSize(ctx.Value(AccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.Min(opts.Len.Value(), 1, "len").Message("请输入合法的随机长度！")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
 	}
 
 	var ret RandomResp
 	_, err := cs.Base.C.R().
-		SetHeader("Authorization", "Bearer "+token).
+		SetHeader("Authorization", "Bearer "+ctx.Value(AccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"len": len,
+			"len": opts.Len.Value(),
 		}).
 		SetResult(&ret).
 		Post("/cipher/random")
diff --git a/secloud/common.go b/secloud/common.go
index 1deaaa5..51d6526 100644
--- a/secloud/common.go
+++ b/secloud/common.go
@@ -1,12 +1,16 @@
 package secloud
 
-type TokenResp struct {
+const (
+	AccessToken = "accessToken"
+)
+
+type AuthResp struct {
 	Code int           `json:"code"`
 	Msg  string        `json:"msg"`
-	Data TokenRespData `json:"data"`
+	Data *AuthRespData `json:"data"`
 }
 
-type TokenRespData struct {
+type AuthRespData struct {
 	AccessToken string `json:"access_token"`
 	ExpiresIn   int    `json:"expires_in"`
 }
@@ -47,16 +51,6 @@ type GenerateKeyPairWithKEKRespData struct {
 	SignSkey string `json:"sign_skey"`
 }
 
-type ImportKeyPairWithKEKArgs struct {
-	DeviceUrl string `json:"deviceUrl"`
-	IpxIndex  int    `json:"ipxIndex"`
-	KekIndex  int    `json:"kekIndex"`
-	EncPkey   string `json:"encPkey"`
-	EncSkey   string `json:"encSkey"`
-	SignPkey  string `json:"signPkey"`
-	SignSkey  string `json:"signSkey"`
-}
-
 type ImportKeyPairWithKEKResp struct {
 	Code int                           `json:"code"`
 	Msg  string                        `json:"msg"`
diff --git a/secloud/kms.go b/secloud/kms.go
index 8912a1d..72b2c15 100644
--- a/secloud/kms.go
+++ b/secloud/kms.go
@@ -1,6 +1,9 @@
 package secloud
 
 import (
+	"context"
+	"errors"
+	"github.com/antihax/optional"
 	"github.com/astaxie/beego/validation"
 	"strconv"
 )
@@ -15,16 +18,36 @@ func NewKmsService() *KmsService {
 	}
 }
 
-func (ks *KmsService) GenerateKeyPair(token string) (*GenerateKeyPairRespData, error) {
+type GenerateKeyPairOpts struct {
+}
+
+type GenerateWorkingKeyOpts struct {
+}
+
+type ImportKeyPairWithKEKOpts struct {
+	DeviceUrl optional.String
+	IpxIndex  optional.Int
+	KekIndex  optional.Int
+	EncPkey   optional.String
+	EncSkey   optional.String
+	SignPkey  optional.String
+	SignSkey  optional.String
+}
+
+func (ks *KmsService) GenerateKeyPair(ctx context.Context, opts *GenerateKeyPairOpts) (*GenerateKeyPairRespData, error) {
+	if ctx.Value(AccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
 	valid := validation.Validation{}
-	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
+	valid.MinSize(ctx.Value(AccessToken).(string), 1, "token").Message("请输入正确的token！")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
 	}
 
 	var ret GenerateKeyPairResp
 	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+token).
+		SetHeader("Authorization", "Bearer "+ctx.Value(AccessToken).(string)).
 		SetResult(&ret).
 		Get("/kms/generateKeyPair")
 	if err != nil {
@@ -34,16 +57,20 @@ func (ks *KmsService) GenerateKeyPair(token string) (*GenerateKeyPairRespData, e
 	return ret.Data, nil
 }
 
-func (ks *KmsService) GenerateWorkingKey(token string) (*GenerateWorkingKeyRespData, error) {
+func (ks *KmsService) GenerateWorkingKey(ctx context.Context, opts *GenerateWorkingKeyOpts) (*GenerateWorkingKeyRespData, error) {
+	if ctx.Value(AccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
 	valid := validation.Validation{}
-	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
+	valid.MinSize(ctx.Value(AccessToken).(string), 1, "token").Message("请输入正确的token！")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
 	}
 
 	var ret GenerateWorkingKeyResp
 	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+token).
+		SetHeader("Authorization", "Bearer "+ctx.Value(AccessToken).(string)).
 		SetResult(&ret).
 		Get("/kms/generateWorkingKey")
 	if err != nil {
@@ -76,24 +103,36 @@ func (ks *KmsService) GenerateKeyPairWithKEK(token string, kekIndex int) (*Gener
 	return ret.Data, nil
 }
 
-func (ks *KmsService) ImportKeyPairWithKEK(token string, args *ImportKeyPairWithKEKArgs) (*ImportKeyPairWithKEKRespData, error) {
+func (ks *KmsService) ImportKeyPairWithKEK(ctx context.Context, opts *ImportKeyPairWithKEKOpts) (*ImportKeyPairWithKEKRespData, error) {
+	if ctx.Value(AccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
 	valid := validation.Validation{}
-	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
-	valid.MinSize(args.DeviceUrl, 1, "deviceUrl").Message("请输入合法的deviceUrl！")
-	valid.Min(args.KekIndex, 1, "kekIndex").Message("请输入合法的kekIndex！")
-	valid.Min(args.IpxIndex, 1, "ipxIndex").Message("请输入合法的ipxIndex！")
-	valid.MinSize(args.EncPkey, 1, "encPkey").Message("请输入合法的encPkey！")
-	valid.MinSize(args.EncSkey, 1, "encSkey").Message("请输入合法的encSkey！")
-	valid.MinSize(args.SignPkey, 1, "signPkey").Message("请输入合法的signPkey！")
-	valid.MinSize(args.SignSkey, 1, "signSkey").Message("请输入合法的signSkey！")
+	valid.MinSize(ctx.Value(AccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(opts.DeviceUrl.Value(), 1, "deviceUrl").Message("请输入合法的deviceUrl！")
+	valid.Min(opts.KekIndex.Value(), 1, "kekIndex").Message("请输入合法的kekIndex！")
+	valid.Min(opts.IpxIndex.Value(), 1, "ipxIndex").Message("请输入合法的ipxIndex！")
+	valid.MinSize(opts.EncPkey.Value(), 1, "encPkey").Message("请输入合法的encPkey！")
+	valid.MinSize(opts.EncSkey.Value(), 1, "encSkey").Message("请输入合法的encSkey！")
+	valid.MinSize(opts.SignPkey.Value(), 1, "signPkey").Message("请输入合法的signPkey！")
+	valid.MinSize(opts.SignSkey.Value(), 1, "signSkey").Message("请输入合法的signSkey！")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
 	}
 
 	var ret ImportKeyPairWithKEKResp
 	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+token).
-		SetBody(args).
+		SetHeader("Authorization", "Bearer "+ctx.Value(AccessToken).(string)).
+		SetBody(map[string]interface{}{
+			"deviceUrl": opts.DeviceUrl.Value(),
+			"kekIndex":  opts.KekIndex.Value(),
+			"ipxIndex":  opts.IpxIndex.Value(),
+			"encPkey":   opts.EncPkey.Value(),
+			"encSkey":   opts.EncSkey.Value(),
+			"signPkey":  opts.SignPkey.Value(),
+			"signSkey":  opts.SignSkey.Value(),
+		}).
 		SetResult(&ret).
 		Post("/kms/importKeyPairWithKEK")
 	if err != nil {
diff --git a/test/test.go b/test/test.go
index af82c75..9b9be43 100644
--- a/test/test.go
+++ b/test/test.go
@@ -1,32 +1,27 @@
 package main
 
-import (
-	"fmt"
-	"gitee.com/wx-rdc/secloud-sdk-go/secloud"
-)
-
 func main() {
-	c := secloud.NewSecClient(&secloud.SecClientConfig{ServerUrl: "http://192.168.1.19:8080"})
-	token, _ := c.AuthApi.Token("pingduoduo", "123")
-	encData, _ := c.CipherApi.Encrypt(token, "asd2", "123")
-	fmt.Println(encData)
-	raw, _ := c.CipherApi.Decrypt(token, encData.EncData)
-	fmt.Println(raw)
-	ran, _ := c.CipherApi.Random(token, 16)
-	fmt.Println(ran)
-	wk, _ := c.KmsApi.GenerateWorkingKey(token)
-	fmt.Println(wk)
-	kp, _ := c.KmsApi.GenerateKeyPairWithKEK(token, 1)
-	fmt.Println(kp)
-
-	args := &secloud.ImportKeyPairWithKEKArgs{
-		DeviceUrl: "http://sec-device-security-8100:8100",
-		IpxIndex:  kp.IpxIndex,
-		KekIndex:  1,
-		EncPkey:   kp.EncPkey,
-		EncSkey:   kp.EncSkey,
-		SignPkey:  kp.SignPkey,
-		SignSkey:  kp.SignSkey,
-	}
-	fmt.Println(c.KmsApi.ImportKeyPairWithKEK(token, args))
+	//c := secloud.NewSecClient(&secloud.SecClientConfig{ServerUrl: "http://192.168.1.19:8080"})
+	//token, _ := c.AuthApi.Token()
+	//encData, _ := c.CipherApi.Encrypt(token, "asd2", "123")
+	//fmt.Println(encData)
+	//raw, _ := c.CipherApi.Decrypt(token, encData.EncData)
+	//fmt.Println(raw)
+	//ran, _ := c.CipherApi.Random(token, 16)
+	//fmt.Println(ran)
+	//wk, _ := c.KmsApi.GenerateWorkingKey(token)
+	//fmt.Println(wk)
+	//kp, _ := c.KmsApi.GenerateKeyPairWithKEK(token, 1)
+	//fmt.Println(kp)
+	//
+	//args := &secloud.ImportKeyPairWithKEKOpts{
+	//	DeviceUrl: "http://sec-device-security-8100:8100",
+	//	IpxIndex:  kp.IpxIndex,
+	//	KekIndex:  1,
+	//	EncPkey:   kp.EncPkey,
+	//	EncSkey:   kp.EncSkey,
+	//	SignPkey:  kp.SignPkey,
+	//	SignSkey:  kp.SignSkey,
+	//}
+	//fmt.Println(c.KmsApi.ImportKeyPairWithKEK(token, args))
 }
-- 
Gitee


From e6bc52f28a8dfeef44a7e3ea595133a21167ce6b Mon Sep 17 00:00:00 2001
From: chen_yuteng <chenyt@jnsec.net>
Date: Thu, 23 Mar 2023 16:06:24 +0800
Subject: [PATCH 03/24] Fix: api fmt

---
 secloud/client.go | 14 +++++++++-----
 secloud/util.go   |  4 ++--
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/secloud/client.go b/secloud/client.go
index 5b895c0..a6f0cd2 100644
--- a/secloud/client.go
+++ b/secloud/client.go
@@ -1,24 +1,28 @@
 package secloud
 
-type SecClientConfig struct {
+type ClientConfig struct {
 	ServerUrl string
 }
 
-type SecClient struct {
-	Config    *SecClientConfig
+type Client struct {
+	Config    *ClientConfig
 	AuthApi   *AuthService
 	CipherApi *CipherService
 	KmsApi    *KmsService
 }
 
-func NewSecClient(config *SecClientConfig) *SecClient {
+func NewAPIClient(config *ClientConfig) *Client {
 	cfg := verifyAndStandardizeConfig(config)
 	setBaseUrl(cfg.ServerUrl)
 
-	return &SecClient{
+	return &Client{
 		Config:    cfg,
 		AuthApi:   NewAuthService(),
 		CipherApi: NewCipherService(),
 		KmsApi:    NewKmsService(),
 	}
 }
+
+func NewConfiguration(url string) *ClientConfig {
+	return &ClientConfig{ServerUrl: url}
+}
diff --git a/secloud/util.go b/secloud/util.go
index 9a2de4d..1b3c492 100644
--- a/secloud/util.go
+++ b/secloud/util.go
@@ -4,8 +4,8 @@ import (
 	"strings"
 )
 
-func verifyAndStandardizeConfig(raw *SecClientConfig) *SecClientConfig {
-	cfg := &SecClientConfig{}
+func verifyAndStandardizeConfig(raw *ClientConfig) *ClientConfig {
+	cfg := &ClientConfig{}
 
 	if !strings.Contains(raw.ServerUrl, "http://") {
 		cfg.ServerUrl = "http://" + raw.ServerUrl
-- 
Gitee


From 8015a41445a4fec3ef47d2527342fdf267def823 Mon Sep 17 00:00:00 2001
From: chen_yuteng <chenyt@jnsec.net>
Date: Thu, 23 Mar 2023 16:08:10 +0800
Subject: [PATCH 04/24] Fix: api fmt

---
 .idea/workspace.xml | 11 +----------
 secloud/auth.go     |  2 +-
 2 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index 4a490aa..db8a466 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,16 +4,7 @@
     <option name="autoReloadType" value="ALL" />
   </component>
   <component name="ChangeListManager">
-    <list default="true" id="ea7f0651-8fd4-4965-8355-8665a550ec1c" name="Changes" comment="">
-      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/go.mod" beforeDir="false" afterPath="$PROJECT_DIR$/go.mod" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/go.sum" beforeDir="false" afterPath="$PROJECT_DIR$/go.sum" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/secloud/auth.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/auth.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/secloud/cipher.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/cipher.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/secloud/common.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/common.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/secloud/kms.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/kms.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/test/test.go" beforeDir="false" afterPath="$PROJECT_DIR$/test/test.go" afterDir="false" />
-    </list>
+    <list default="true" id="ea7f0651-8fd4-4965-8355-8665a550ec1c" name="Changes" comment="" />
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
     <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
diff --git a/secloud/auth.go b/secloud/auth.go
index 2380b87..e883f54 100644
--- a/secloud/auth.go
+++ b/secloud/auth.go
@@ -1,8 +1,8 @@
 package secloud
 
 import (
+	"context"
 	"github.com/antihax/optional"
-	"github.com/astaxie/beego/context"
 	"github.com/astaxie/beego/validation"
 )
 
-- 
Gitee


From 45e6aaa82d6f0b5b07534877d72e06b2ea84ffb9 Mon Sep 17 00:00:00 2001
From: chen_yuteng <chenyt@jnsec.net>
Date: Thu, 23 Mar 2023 16:20:19 +0800
Subject: [PATCH 05/24] Fix: api fmt

---
 .idea/workspace.xml |  9 ++++-
 secloud/cipher.go   | 18 ++++-----
 secloud/client.go   |  2 +
 secloud/common.go   |  2 +-
 secloud/kms.go      | 86 +++------------------------------------
 secloud/kms_ext.go  | 99 +++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 125 insertions(+), 91 deletions(-)
 create mode 100644 secloud/kms_ext.go

diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index db8a466..7c2288c 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -4,7 +4,14 @@
     <option name="autoReloadType" value="ALL" />
   </component>
   <component name="ChangeListManager">
-    <list default="true" id="ea7f0651-8fd4-4965-8355-8665a550ec1c" name="Changes" comment="" />
+    <list default="true" id="ea7f0651-8fd4-4965-8355-8665a550ec1c" name="Changes" comment="">
+      <change afterPath="$PROJECT_DIR$/secloud/kms_ext.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/secloud/cipher.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/cipher.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/secloud/client.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/client.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/secloud/common.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/common.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/secloud/kms.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/kms.go" afterDir="false" />
+    </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
     <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
diff --git a/secloud/cipher.go b/secloud/cipher.go
index bc6dc7d..124d952 100644
--- a/secloud/cipher.go
+++ b/secloud/cipher.go
@@ -31,12 +31,12 @@ type RandomOpts struct {
 }
 
 func (cs *CipherService) Encrypt(ctx context.Context, opts *EncryptOpts) (*EncryptRespData, error) {
-	if ctx.Value(AccessToken) == nil {
+	if ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(AccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
 	valid.Length(opts.KeyId.Value(), 4, "keyId").Message("keyId长度为4位")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
@@ -44,7 +44,7 @@ func (cs *CipherService) Encrypt(ctx context.Context, opts *EncryptOpts) (*Encry
 
 	var ret EncryptResp
 	_, err := cs.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(AccessToken).(string)).
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"keyId": opts.KeyId.Value(),
 			"data":  opts.Data.Value(),
@@ -59,12 +59,12 @@ func (cs *CipherService) Encrypt(ctx context.Context, opts *EncryptOpts) (*Encry
 }
 
 func (cs *CipherService) Decrypt(ctx context.Context, opts *DecryptOpts) (*DecryptRespData, error) {
-	if ctx.Value(AccessToken) == nil {
+	if ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(AccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
 	valid.MinSize(opts.EncData.Value(), 1, "data").Message("请输入合法的data数据！")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
@@ -72,7 +72,7 @@ func (cs *CipherService) Decrypt(ctx context.Context, opts *DecryptOpts) (*Decry
 
 	var ret DecryptResp
 	_, err := cs.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(AccessToken).(string)).
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"encData": opts.EncData.Value(),
 		}).
@@ -86,12 +86,12 @@ func (cs *CipherService) Decrypt(ctx context.Context, opts *DecryptOpts) (*Decry
 }
 
 func (cs *CipherService) Random(ctx context.Context, opts *RandomOpts) (*RandomRespData, error) {
-	if ctx.Value(AccessToken) == nil {
+	if ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(AccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
 	valid.Min(opts.Len.Value(), 1, "len").Message("请输入合法的随机长度！")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
@@ -99,7 +99,7 @@ func (cs *CipherService) Random(ctx context.Context, opts *RandomOpts) (*RandomR
 
 	var ret RandomResp
 	_, err := cs.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(AccessToken).(string)).
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"len": opts.Len.Value(),
 		}).
diff --git a/secloud/client.go b/secloud/client.go
index a6f0cd2..4738cd0 100644
--- a/secloud/client.go
+++ b/secloud/client.go
@@ -9,6 +9,7 @@ type Client struct {
 	AuthApi   *AuthService
 	CipherApi *CipherService
 	KmsApi    *KmsService
+	KmsExtApi *KmsExtService
 }
 
 func NewAPIClient(config *ClientConfig) *Client {
@@ -20,6 +21,7 @@ func NewAPIClient(config *ClientConfig) *Client {
 		AuthApi:   NewAuthService(),
 		CipherApi: NewCipherService(),
 		KmsApi:    NewKmsService(),
+		KmsExtApi: NewKmsExtService(),
 	}
 }
 
diff --git a/secloud/common.go b/secloud/common.go
index 51d6526..6499246 100644
--- a/secloud/common.go
+++ b/secloud/common.go
@@ -1,7 +1,7 @@
 package secloud
 
 const (
-	AccessToken = "accessToken"
+	ContextAccessToken = "accessToken"
 )
 
 type AuthResp struct {
diff --git a/secloud/kms.go b/secloud/kms.go
index 72b2c15..261d586 100644
--- a/secloud/kms.go
+++ b/secloud/kms.go
@@ -3,9 +3,7 @@ package secloud
 import (
 	"context"
 	"errors"
-	"github.com/antihax/optional"
 	"github.com/astaxie/beego/validation"
-	"strconv"
 )
 
 type KmsService struct {
@@ -24,30 +22,20 @@ type GenerateKeyPairOpts struct {
 type GenerateWorkingKeyOpts struct {
 }
 
-type ImportKeyPairWithKEKOpts struct {
-	DeviceUrl optional.String
-	IpxIndex  optional.Int
-	KekIndex  optional.Int
-	EncPkey   optional.String
-	EncSkey   optional.String
-	SignPkey  optional.String
-	SignSkey  optional.String
-}
-
 func (ks *KmsService) GenerateKeyPair(ctx context.Context, opts *GenerateKeyPairOpts) (*GenerateKeyPairRespData, error) {
-	if ctx.Value(AccessToken) == nil {
+	if ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(AccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
 	}
 
 	var ret GenerateKeyPairResp
 	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(AccessToken).(string)).
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
 		SetResult(&ret).
 		Get("/kms/generateKeyPair")
 	if err != nil {
@@ -58,19 +46,19 @@ func (ks *KmsService) GenerateKeyPair(ctx context.Context, opts *GenerateKeyPair
 }
 
 func (ks *KmsService) GenerateWorkingKey(ctx context.Context, opts *GenerateWorkingKeyOpts) (*GenerateWorkingKeyRespData, error) {
-	if ctx.Value(AccessToken) == nil {
+	if ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(AccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
 	}
 
 	var ret GenerateWorkingKeyResp
 	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(AccessToken).(string)).
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
 		SetResult(&ret).
 		Get("/kms/generateWorkingKey")
 	if err != nil {
@@ -79,65 +67,3 @@ func (ks *KmsService) GenerateWorkingKey(ctx context.Context, opts *GenerateWork
 
 	return ret.Data, nil
 }
-
-func (ks *KmsService) GenerateKeyPairWithKEK(token string, kekIndex int) (*GenerateKeyPairWithKEKRespData, error) {
-	valid := validation.Validation{}
-	valid.MinSize(token, 1, "token").Message("请输入正确的token！")
-	valid.Min(kekIndex, 1, "kekIndex").Message("请输入合法的kekIndex！")
-	if valid.HasErrors() {
-		return nil, handleValidationErrors(valid.Errors)
-	}
-
-	var ret GenerateKeyPairWithKEKResp
-	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+token).
-		SetQueryParams(map[string]string{
-			"kekIndex": strconv.Itoa(kekIndex),
-		}).
-		SetResult(&ret).
-		Get("/kms/generateKeyPairWithKEK")
-	if err != nil {
-		return nil, err
-	}
-
-	return ret.Data, nil
-}
-
-func (ks *KmsService) ImportKeyPairWithKEK(ctx context.Context, opts *ImportKeyPairWithKEKOpts) (*ImportKeyPairWithKEKRespData, error) {
-	if ctx.Value(AccessToken) == nil {
-		return nil, errors.New("token为空！")
-	}
-
-	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(AccessToken).(string), 1, "token").Message("请输入正确的token！")
-	valid.MinSize(opts.DeviceUrl.Value(), 1, "deviceUrl").Message("请输入合法的deviceUrl！")
-	valid.Min(opts.KekIndex.Value(), 1, "kekIndex").Message("请输入合法的kekIndex！")
-	valid.Min(opts.IpxIndex.Value(), 1, "ipxIndex").Message("请输入合法的ipxIndex！")
-	valid.MinSize(opts.EncPkey.Value(), 1, "encPkey").Message("请输入合法的encPkey！")
-	valid.MinSize(opts.EncSkey.Value(), 1, "encSkey").Message("请输入合法的encSkey！")
-	valid.MinSize(opts.SignPkey.Value(), 1, "signPkey").Message("请输入合法的signPkey！")
-	valid.MinSize(opts.SignSkey.Value(), 1, "signSkey").Message("请输入合法的signSkey！")
-	if valid.HasErrors() {
-		return nil, handleValidationErrors(valid.Errors)
-	}
-
-	var ret ImportKeyPairWithKEKResp
-	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(AccessToken).(string)).
-		SetBody(map[string]interface{}{
-			"deviceUrl": opts.DeviceUrl.Value(),
-			"kekIndex":  opts.KekIndex.Value(),
-			"ipxIndex":  opts.IpxIndex.Value(),
-			"encPkey":   opts.EncPkey.Value(),
-			"encSkey":   opts.EncSkey.Value(),
-			"signPkey":  opts.SignPkey.Value(),
-			"signSkey":  opts.SignSkey.Value(),
-		}).
-		SetResult(&ret).
-		Post("/kms/importKeyPairWithKEK")
-	if err != nil {
-		return nil, err
-	}
-
-	return ret.Data, nil
-}
diff --git a/secloud/kms_ext.go b/secloud/kms_ext.go
new file mode 100644
index 0000000..f9772f2
--- /dev/null
+++ b/secloud/kms_ext.go
@@ -0,0 +1,99 @@
+package secloud
+
+import (
+	"context"
+	"errors"
+	"github.com/antihax/optional"
+	"github.com/astaxie/beego/validation"
+	"strconv"
+)
+
+type KmsExtService struct {
+	Base *BaseService
+}
+
+func NewKmsExtService() *KmsExtService {
+	return &KmsExtService{
+		Base: BaseSvc,
+	}
+}
+
+type GenerateKeyPairWithKEKOpts struct {
+	KekIndex optional.Int
+}
+
+type ImportKeyPairWithKEKOpts struct {
+	DeviceUrl optional.String
+	IpxIndex  optional.Int
+	KekIndex  optional.Int
+	EncPkey   optional.String
+	EncSkey   optional.String
+	SignPkey  optional.String
+	SignSkey  optional.String
+}
+
+func (kes *KmsExtService) GenerateKeyPairWithKEK(ctx context.Context, opts *GenerateKeyPairWithKEKOpts) (*GenerateKeyPairWithKEKRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
+	valid := validation.Validation{}
+	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.Min(opts.KekIndex.Value(), 1, "kekIndex").Message("请输入合法的kekIndex！")
+	if valid.HasErrors() {
+		return nil, handleValidationErrors(valid.Errors)
+	}
+
+	var ret GenerateKeyPairWithKEKResp
+	_, err := kes.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+		SetQueryParams(map[string]string{
+			"kekIndex": strconv.Itoa(opts.KekIndex.Value()),
+		}).
+		SetResult(&ret).
+		Get("/kms/generateKeyPairWithKEK")
+	if err != nil {
+		return nil, err
+	}
+
+	return ret.Data, nil
+}
+
+func (kes *KmsExtService) ImportKeyPairWithKEK(ctx context.Context, opts *ImportKeyPairWithKEKOpts) (*ImportKeyPairWithKEKRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
+	valid := validation.Validation{}
+	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(opts.DeviceUrl.Value(), 1, "deviceUrl").Message("请输入合法的deviceUrl！")
+	valid.Min(opts.KekIndex.Value(), 1, "kekIndex").Message("请输入合法的kekIndex！")
+	valid.Min(opts.IpxIndex.Value(), 1, "ipxIndex").Message("请输入合法的ipxIndex！")
+	valid.MinSize(opts.EncPkey.Value(), 1, "encPkey").Message("请输入合法的encPkey！")
+	valid.MinSize(opts.EncSkey.Value(), 1, "encSkey").Message("请输入合法的encSkey！")
+	valid.MinSize(opts.SignPkey.Value(), 1, "signPkey").Message("请输入合法的signPkey！")
+	valid.MinSize(opts.SignSkey.Value(), 1, "signSkey").Message("请输入合法的signSkey！")
+	if valid.HasErrors() {
+		return nil, handleValidationErrors(valid.Errors)
+	}
+
+	var ret ImportKeyPairWithKEKResp
+	_, err := kes.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+		SetBody(map[string]interface{}{
+			"deviceUrl": opts.DeviceUrl.Value(),
+			"kekIndex":  opts.KekIndex.Value(),
+			"ipxIndex":  opts.IpxIndex.Value(),
+			"encPkey":   opts.EncPkey.Value(),
+			"encSkey":   opts.EncSkey.Value(),
+			"signPkey":  opts.SignPkey.Value(),
+			"signSkey":  opts.SignSkey.Value(),
+		}).
+		SetResult(&ret).
+		Post("/kms/importKeyPairWithKEK")
+	if err != nil {
+		return nil, err
+	}
+
+	return ret.Data, nil
+}
-- 
Gitee


From 490b4d2ca494ef039d68ce8eea119a5d73faf245 Mon Sep 17 00:00:00 2001
From: chen_yuteng <chenyt@jnsec.net>
Date: Thu, 23 Mar 2023 16:21:52 +0800
Subject: [PATCH 06/24] Fix: api fmt

---
 .idea/workspace.xml | 4 ----
 secloud/common.go   | 2 +-
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index 7c2288c..a91c247 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -5,12 +5,8 @@
   </component>
   <component name="ChangeListManager">
     <list default="true" id="ea7f0651-8fd4-4965-8355-8665a550ec1c" name="Changes" comment="">
-      <change afterPath="$PROJECT_DIR$/secloud/kms_ext.go" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/secloud/cipher.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/cipher.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/secloud/client.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/client.go" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/secloud/common.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/common.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/secloud/kms.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/kms.go" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
diff --git a/secloud/common.go b/secloud/common.go
index 6499246..a09ae64 100644
--- a/secloud/common.go
+++ b/secloud/common.go
@@ -58,7 +58,7 @@ type ImportKeyPairWithKEKResp struct {
 }
 
 type ImportKeyPairWithKEKRespData struct {
-	ID int `json:"id"`
+	Id int `json:"id"`
 }
 
 type EncryptResp struct {
-- 
Gitee


From 80dee13c89777614ac9f4cafce9246134e989826 Mon Sep 17 00:00:00 2001
From: chen_yuteng <chenyt@jnsec.net>
Date: Thu, 23 Mar 2023 16:45:40 +0800
Subject: [PATCH 07/24] Add: comment

---
 .idea/workspace.xml |  1 -
 secloud/auth.go     |  1 +
 secloud/client.go   |  2 ++
 test/test.go        | 27 ---------------------------
 4 files changed, 3 insertions(+), 28 deletions(-)
 delete mode 100644 test/test.go

diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index a91c247..9dc2708 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -6,7 +6,6 @@
   <component name="ChangeListManager">
     <list default="true" id="ea7f0651-8fd4-4965-8355-8665a550ec1c" name="Changes" comment="">
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/secloud/common.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/common.go" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
diff --git a/secloud/auth.go b/secloud/auth.go
index e883f54..68aa385 100644
--- a/secloud/auth.go
+++ b/secloud/auth.go
@@ -21,6 +21,7 @@ type AuthOpts struct {
 	ClientSecret optional.String
 }
 
+// Token this func returns auth data, including accessToken and expires deadline
 func (as *AuthService) Token(ctx context.Context, authOpts *AuthOpts) (*AuthRespData, error) {
 	valid := validation.Validation{}
 	valid.MinSize(authOpts.ClientId.Value(), 1, "appKey").Message("请输入合法的AppKey")
diff --git a/secloud/client.go b/secloud/client.go
index 4738cd0..f95f73a 100644
--- a/secloud/client.go
+++ b/secloud/client.go
@@ -12,6 +12,7 @@ type Client struct {
 	KmsExtApi *KmsExtService
 }
 
+// NewAPIClient returns a client to call apis, ClientConfig contains ServerUrl
 func NewAPIClient(config *ClientConfig) *Client {
 	cfg := verifyAndStandardizeConfig(config)
 	setBaseUrl(cfg.ServerUrl)
@@ -25,6 +26,7 @@ func NewAPIClient(config *ClientConfig) *Client {
 	}
 }
 
+// NewConfiguration returns a config that contains ServerUrl
 func NewConfiguration(url string) *ClientConfig {
 	return &ClientConfig{ServerUrl: url}
 }
diff --git a/test/test.go b/test/test.go
deleted file mode 100644
index 9b9be43..0000000
--- a/test/test.go
+++ /dev/null
@@ -1,27 +0,0 @@
-package main
-
-func main() {
-	//c := secloud.NewSecClient(&secloud.SecClientConfig{ServerUrl: "http://192.168.1.19:8080"})
-	//token, _ := c.AuthApi.Token()
-	//encData, _ := c.CipherApi.Encrypt(token, "asd2", "123")
-	//fmt.Println(encData)
-	//raw, _ := c.CipherApi.Decrypt(token, encData.EncData)
-	//fmt.Println(raw)
-	//ran, _ := c.CipherApi.Random(token, 16)
-	//fmt.Println(ran)
-	//wk, _ := c.KmsApi.GenerateWorkingKey(token)
-	//fmt.Println(wk)
-	//kp, _ := c.KmsApi.GenerateKeyPairWithKEK(token, 1)
-	//fmt.Println(kp)
-	//
-	//args := &secloud.ImportKeyPairWithKEKOpts{
-	//	DeviceUrl: "http://sec-device-security-8100:8100",
-	//	IpxIndex:  kp.IpxIndex,
-	//	KekIndex:  1,
-	//	EncPkey:   kp.EncPkey,
-	//	EncSkey:   kp.EncSkey,
-	//	SignPkey:  kp.SignPkey,
-	//	SignSkey:  kp.SignSkey,
-	//}
-	//fmt.Println(c.KmsApi.ImportKeyPairWithKEK(token, args))
-}
-- 
Gitee


From 170992246251c8c8d267b42438573bdb6113e54e Mon Sep 17 00:00:00 2001
From: ChenYT <634024776@qq.com>
Date: Fri, 7 Apr 2023 14:31:04 +0800
Subject: [PATCH 08/24] Feature: re

---
 .idea/workspace.xml |  17 +++-
 secloud/client.go   |   2 -
 secloud/common.go   |  85 ++++++++++--------
 secloud/kms.go      | 204 +++++++++++++++++++++++++++++++++++++++-----
 secloud/kms_ext.go  |  99 ---------------------
 5 files changed, 249 insertions(+), 158 deletions(-)
 delete mode 100644 secloud/kms_ext.go

diff --git a/.idea/workspace.xml b/.idea/workspace.xml
index 9dc2708..73f2965 100644
--- a/.idea/workspace.xml
+++ b/.idea/workspace.xml
@@ -5,7 +5,12 @@
   </component>
   <component name="ChangeListManager">
     <list default="true" id="ea7f0651-8fd4-4965-8355-8665a550ec1c" name="Changes" comment="">
+      <change afterPath="$PROJECT_DIR$/main.go" afterDir="false" />
       <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/secloud/client.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/client.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/secloud/common.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/common.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/secloud/kms.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/kms.go" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/secloud/kms_ext.go" beforeDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
@@ -58,7 +63,16 @@
       <recent name="$PROJECT_DIR$/secloud/client" />
     </key>
   </component>
-  <component name="RunManager" selected="Go Build.go build gitee.com/wx-rdc/secloud-sdk-go/test">
+  <component name="RunManager" selected="Go Build.go build gitee.com/wx-rdc/secloud-sdk-go">
+    <configuration name="go build gitee.com/wx-rdc/secloud-sdk-go" type="GoApplicationRunConfiguration" factoryName="Go Application" temporary="true" nameIsGenerated="true">
+      <module name="secloud-sdk-go" />
+      <working_directory value="$PROJECT_DIR$" />
+      <kind value="PACKAGE" />
+      <package value="gitee.com/wx-rdc/secloud-sdk-go" />
+      <directory value="$PROJECT_DIR$" />
+      <filePath value="$PROJECT_DIR$/main.go" />
+      <method v="2" />
+    </configuration>
     <configuration name="go build gitee.com/wx-rdc/secloud-sdk-go/test" type="GoApplicationRunConfiguration" factoryName="Go Application" temporary="true" nameIsGenerated="true">
       <module name="secloud-sdk-go" />
       <working_directory value="$PROJECT_DIR$" />
@@ -79,6 +93,7 @@
     </configuration>
     <recent_temporary>
       <list>
+        <item itemvalue="Go Build.go build gitee.com/wx-rdc/secloud-sdk-go" />
         <item itemvalue="Go Build.go build gitee.com/wx-rdc/secloud-sdk-go/test" />
         <item itemvalue="Go Build.go build secloud-sdk-go/test" />
       </list>
diff --git a/secloud/client.go b/secloud/client.go
index f95f73a..4c82b14 100644
--- a/secloud/client.go
+++ b/secloud/client.go
@@ -9,7 +9,6 @@ type Client struct {
 	AuthApi   *AuthService
 	CipherApi *CipherService
 	KmsApi    *KmsService
-	KmsExtApi *KmsExtService
 }
 
 // NewAPIClient returns a client to call apis, ClientConfig contains ServerUrl
@@ -22,7 +21,6 @@ func NewAPIClient(config *ClientConfig) *Client {
 		AuthApi:   NewAuthService(),
 		CipherApi: NewCipherService(),
 		KmsApi:    NewKmsService(),
-		KmsExtApi: NewKmsExtService(),
 	}
 }
 
diff --git a/secloud/common.go b/secloud/common.go
index a09ae64..dd5c453 100644
--- a/secloud/common.go
+++ b/secloud/common.go
@@ -26,41 +26,6 @@ type GenerateKeyPairRespData struct {
 	Skey string `json:"skey"`
 }
 
-type GenerateWorkingKeyResp struct {
-	Code int                         `json:"code"`
-	Msg  string                      `json:"msg"`
-	Data *GenerateWorkingKeyRespData `json:"data"`
-}
-
-type GenerateWorkingKeyRespData struct {
-	Code   string `json:"code"`
-	EncKey string `json:"enc_key"`
-}
-
-type GenerateKeyPairWithKEKResp struct {
-	Code int                             `json:"code"`
-	Msg  string                          `json:"msg"`
-	Data *GenerateKeyPairWithKEKRespData `json:"data"`
-}
-
-type GenerateKeyPairWithKEKRespData struct {
-	IpxIndex int    `json:"ipx_index"`
-	EncPkey  string `json:"enc_pkey"`
-	EncSkey  string `json:"enc_skey"`
-	SignPkey string `json:"sign_pkey"`
-	SignSkey string `json:"sign_skey"`
-}
-
-type ImportKeyPairWithKEKResp struct {
-	Code int                           `json:"code"`
-	Msg  string                        `json:"msg"`
-	Data *ImportKeyPairWithKEKRespData `json:"data"`
-}
-
-type ImportKeyPairWithKEKRespData struct {
-	Id int `json:"id"`
-}
-
 type EncryptResp struct {
 	Code int              `json:"code"`
 	Msg  string           `json:"msg"`
@@ -90,3 +55,53 @@ type RandomResp struct {
 type RandomRespData struct {
 	Data string `json:"data"`
 }
+
+type GenerateKeyResp struct {
+	Code int                  `json:"code"`
+	Msg  string               `json:"msg"`
+	Data *GenerateKeyRespData `json:"data"`
+}
+
+type GenerateKeyRespData struct {
+	EncKey string `json:"enc_key"`
+}
+
+type ImportKeyPairRespData struct {
+	ID int `json:"id"`
+}
+
+type ImportKeyPairResp struct {
+	Code int                    `json:"code"`
+	Msg  string                 `json:"msg"`
+	Data *ImportKeyPairRespData `json:"data"`
+}
+
+type ImportKeyRespData struct {
+	Handle string `json:"handle"`
+}
+
+type ImportKeyResp struct {
+	Code int                `json:"code"`
+	Msg  string             `json:"msg"`
+	Data *ImportKeyRespData `json:"data"`
+}
+
+type DestroyKeyRespData struct {
+	Result int `json:"result"`
+}
+
+type DestroyKeyResp struct {
+	Code int                 `json:"code"`
+	Msg  string              `json:"msg"`
+	Data *DestroyKeyRespData `json:"data"`
+}
+
+type ExportPublicKeyRespData struct {
+	Pkey string `json:"pkey"`
+}
+
+type ExportPublicKeyResp struct {
+	Code int                      `json:"code"`
+	Msg  string                   `json:"msg"`
+	Data *ExportPublicKeyRespData `json:"data"`
+}
diff --git a/secloud/kms.go b/secloud/kms.go
index 261d586..5f12b30 100644
--- a/secloud/kms.go
+++ b/secloud/kms.go
@@ -3,7 +3,7 @@ package secloud
 import (
 	"context"
 	"errors"
-	"github.com/astaxie/beego/validation"
+	"github.com/antihax/optional"
 )
 
 type KmsService struct {
@@ -16,28 +16,151 @@ func NewKmsService() *KmsService {
 	}
 }
 
+type GenerateKeyOpts struct {
+	GenKeyType optional.String `json:"genKeyType"`
+	IpxIndex   optional.Int    `json:"ipxIndex"`
+	KekIndex   optional.Int    `json:"kekIndex"`
+	KeyType    optional.String `json:"keyType"`
+	Mode       optional.String `json:"mode"`
+	PoolId     optional.Int64  `json:"poolId"`
+	PublicKey  optional.String `json:"publicKey"`
+}
+
 type GenerateKeyPairOpts struct {
+	ExportType optional.String `json:"exportType"`
+	GenKeyType optional.String `json:"genKeyType"`
+	IpxIndex   optional.Int    `json:"ipxIndex"`
+	KekIndex   optional.Int    `json:"kekIndex"`
+	KeyType    optional.String `json:"keyType"`
+	Mode       optional.String `json:"mode"`
+	PoolId     optional.Int64  `json:"poolId"`
+	PublicKey  optional.String `json:"publicKey"`
 }
 
-type GenerateWorkingKeyOpts struct {
+type ImportKeyPairOpts struct {
+	PoolId      optional.Int64  `json:"poolId"`
+	Mode        optional.String `json:"mode"`
+	KeyType     optional.String `json:"keyType"`
+	IpxIndex    optional.Int    `json:"ipxIndex"`
+	KekIndex    optional.Int    `json:"kekIndex"`
+	TargetType  optional.String `json:"targetType"`
+	TargetIndex optional.Int    `json:"targetIndex"`
+	SignPkey    optional.String `json:"signPkey"`
+	SignSkey    optional.String `json:"signSkey"`
+	EncPkey     optional.String `json:"encPkey"`
+	EncSkey     optional.String `json:"encSkey"`
 }
 
-func (ks *KmsService) GenerateKeyPair(ctx context.Context, opts *GenerateKeyPairOpts) (*GenerateKeyPairRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
-		return nil, errors.New("token为空！")
+type ImportKeyOpts struct {
+	EncKey   optional.String `json:"encKey"`
+	PoolId   optional.Int64  `json:"poolId"`
+	Mode     optional.String `json:"mode"`
+	KeyType  optional.String `json:"keyType"`
+	KeyCode  optional.String `json:"keyCode"`
+	IpxIndex optional.Int    `json:"ipxIndex"`
+	KekIndex optional.Int    `json:"kekIndex"`
+}
+
+type DestroyKeyOpts struct {
+	Handle optional.String `json:"handle"`
+	PoolId optional.Int64  `json:"poolId"`
+}
+
+type ExportPublicKeyOpts struct {
+	IpxIndex optional.Int    `json:"ipxIndex"`
+	KeyType  optional.String `json:"keyType"`
+	Mode     optional.String `json:"mode"`
+	PoolId   optional.Int64  `json:"poolId"`
+}
+
+func (ks *KmsService) GenerateKey(ctx context.Context, opts *GenerateKeyOpts) (*GenerateKeyRespData, error) {
+	if opts.Mode.Value() == "KEK" && !opts.KekIndex.IsSet() {
+		return nil, errors.New("使用kek类型时必须指定kekIndex！")
+	}
+	if opts.Mode.Value() == "EPK" && !opts.PublicKey.IsSet() {
+		return nil, errors.New("使用epk类型时必须指定publicKey！")
+	}
+	if opts.Mode.Value() == "IPK" && (!opts.KeyType.IsSet() || !opts.IpxIndex.IsSet()) {
+		return nil, errors.New("使用ipk类型时必须指定keyType和ipxIndex！")
+	}
+
+	var ret GenerateKeyResp
+	_, err := ks.Base.C.R().
+		SetBody(map[string]interface{}{
+			"genKeyType": opts.GenKeyType.Value(),
+			"ipxIndex":   opts.IpxIndex.Value(),
+			"kekIndex":   opts.KekIndex.Value(),
+			"keyType":    opts.KeyType.Value(),
+			"mode":       opts.Mode.Value(),
+			"poolId":     opts.PoolId.Value(),
+			"publicKey":  opts.PublicKey.Value(),
+		}).
+		SetResult(&ret).
+		Post("/inner/kms/generateKey")
+	if err != nil {
+		return nil, err
 	}
 
-	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
-	if valid.HasErrors() {
-		return nil, handleValidationErrors(valid.Errors)
+	return ret.Data, nil
+}
+
+func (ks *KmsService) GenerateKeyPair(ctx context.Context, opts *GenerateKeyPairOpts) (*GenerateKeyPairRespData, error) {
+	if opts.Mode.Value() == "KEK" && !opts.KekIndex.IsSet() {
+		return nil, errors.New("使用kek类型时必须指定kekIndex！")
+	}
+	if opts.Mode.Value() == "EPK" && !opts.PublicKey.IsSet() {
+		return nil, errors.New("使用epk类型时必须指定publicKey！")
+	}
+	if opts.Mode.Value() == "IPK" && (!opts.KeyType.IsSet() || !opts.IpxIndex.IsSet()) {
+		return nil, errors.New("使用ipk类型时必须指定keyType和ipxIndex！")
 	}
 
 	var ret GenerateKeyPairResp
 	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+		SetBody(map[string]interface{}{
+			"exportType": opts.ExportType.Value(),
+			"genKeyType": opts.GenKeyType.Value(),
+			"ipxIndex":   opts.IpxIndex.Value(),
+			"kekIndex":   opts.KekIndex.Value(),
+			"keyType":    opts.KeyType.Value(),
+			"mode":       opts.Mode.Value(),
+			"poolId":     opts.PoolId.Value(),
+			"publicKey":  opts.PublicKey.Value(),
+		}).
 		SetResult(&ret).
-		Get("/kms/generateKeyPair")
+		Post("/inner/kms/generateKeyPair")
+	if err != nil {
+		return nil, err
+	}
+	
+	return ret.Data, nil
+}
+
+func (ks *KmsService) ImportKeyPair(ctx context.Context, opts *ImportKeyPairOpts) (*ImportKeyPairRespData, error) {
+	if opts.Mode.Value() == "KEK" && !opts.KekIndex.IsSet() {
+		return nil, errors.New("使用kek类型时必须指定kekIndex！")
+	}
+	if opts.Mode.Value() == "ISK" && (!opts.KeyType.IsSet() || !opts.IpxIndex.IsSet()) {
+		return nil, errors.New("使用isk类型时必须指定keyType和ipxIndex！")
+	}
+
+	var ret ImportKeyPairResp
+	_, err := ks.Base.C.R().
+		SetBody(map[string]interface{}{
+			"poolId":      opts.PoolId.Value(),
+			"mode":        opts.Mode.Value(),
+			"keyType":     opts.KeyType.Value(),
+			"ipxIndex":    opts.IpxIndex.Value(),
+			"kekIndex":    opts.KekIndex.Value(),
+			"targetType":  opts.TargetType.Value(),
+			"targetIndex": opts.TargetIndex.Value(),
+			"signPkey":    opts.SignPkey.Value(),
+			"signSkey":    opts.SignSkey.Value(),
+			"encPkey":     opts.EncPkey.Value(),
+			"encSkey":     opts.EncSkey.Value(),
+		}).
+		SetResult(&ret).
+		Post("/inner/kms/importKeyPair")
 	if err != nil {
 		return nil, err
 	}
@@ -45,22 +168,61 @@ func (ks *KmsService) GenerateKeyPair(ctx context.Context, opts *GenerateKeyPair
 	return ret.Data, nil
 }
 
-func (ks *KmsService) GenerateWorkingKey(ctx context.Context, opts *GenerateWorkingKeyOpts) (*GenerateWorkingKeyRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
-		return nil, errors.New("token为空！")
+func (ks *KmsService) ImportKey(ctx context.Context, opts *ImportKeyOpts) (*ImportKeyRespData, error) {
+	if opts.Mode.Value() == "KEK" && !opts.KekIndex.IsSet() {
+		return nil, errors.New("使用kek类型时必须指定kekIndex！")
+	}
+	if opts.Mode.Value() == "ISK" && (!opts.KeyType.IsSet() || !opts.IpxIndex.IsSet()) {
+		return nil, errors.New("使用isk类型时必须指定keyType和ipxIndex！")
 	}
 
-	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
-	if valid.HasErrors() {
-		return nil, handleValidationErrors(valid.Errors)
+	var ret ImportKeyResp
+	_, err := ks.Base.C.R().
+		SetBody(map[string]interface{}{
+			"encKey":   opts.EncKey.Value(),
+			"poolId":   opts.PoolId.Value(),
+			"mode":     opts.Mode.Value(),
+			"keyType":  opts.KeyType.Value(),
+			"keyCode":  opts.KeyCode.Value(),
+			"ipxIndex": opts.IpxIndex.Value(),
+			"kekIndex": opts.KekIndex.Value(),
+		}).
+		SetResult(&ret).
+		Post("/inner/kms/importKey")
+	if err != nil {
+		return nil, err
 	}
 
-	var ret GenerateWorkingKeyResp
+	return ret.Data, nil
+}
+
+func (ks *KmsService) DestroyKey(ctx context.Context, opts *DestroyKeyOpts) (*DestroyKeyRespData, error) {
+	var ret DestroyKeyResp
+	_, err := ks.Base.C.R().
+		SetBody(map[string]interface{}{
+			"handle": opts.Handle.Value(),
+			"poolId": opts.PoolId.Value(),
+		}).
+		SetResult(&ret).
+		Post("/inner/kms/destroyKey")
+	if err != nil {
+		return nil, err
+	}
+
+	return ret.Data, nil
+}
+
+func (ks *KmsService) ExportPublicKey(ctx context.Context, opts *ExportPublicKeyOpts) (*ExportPublicKeyRespData, error) {
+	var ret ExportPublicKeyResp
 	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+		SetBody(map[string]interface{}{
+			"ipxIndex": opts.IpxIndex.Value(),
+			"keyType":  opts.KeyType.Value(),
+			"mode":     opts.Mode.Value(),
+			"poolId":   opts.PoolId.Value(),
+		}).
 		SetResult(&ret).
-		Get("/kms/generateWorkingKey")
+		Post("/inner/kms/exportPublicKey")
 	if err != nil {
 		return nil, err
 	}
diff --git a/secloud/kms_ext.go b/secloud/kms_ext.go
deleted file mode 100644
index f9772f2..0000000
--- a/secloud/kms_ext.go
+++ /dev/null
@@ -1,99 +0,0 @@
-package secloud
-
-import (
-	"context"
-	"errors"
-	"github.com/antihax/optional"
-	"github.com/astaxie/beego/validation"
-	"strconv"
-)
-
-type KmsExtService struct {
-	Base *BaseService
-}
-
-func NewKmsExtService() *KmsExtService {
-	return &KmsExtService{
-		Base: BaseSvc,
-	}
-}
-
-type GenerateKeyPairWithKEKOpts struct {
-	KekIndex optional.Int
-}
-
-type ImportKeyPairWithKEKOpts struct {
-	DeviceUrl optional.String
-	IpxIndex  optional.Int
-	KekIndex  optional.Int
-	EncPkey   optional.String
-	EncSkey   optional.String
-	SignPkey  optional.String
-	SignSkey  optional.String
-}
-
-func (kes *KmsExtService) GenerateKeyPairWithKEK(ctx context.Context, opts *GenerateKeyPairWithKEKOpts) (*GenerateKeyPairWithKEKRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
-		return nil, errors.New("token为空！")
-	}
-
-	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
-	valid.Min(opts.KekIndex.Value(), 1, "kekIndex").Message("请输入合法的kekIndex！")
-	if valid.HasErrors() {
-		return nil, handleValidationErrors(valid.Errors)
-	}
-
-	var ret GenerateKeyPairWithKEKResp
-	_, err := kes.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
-		SetQueryParams(map[string]string{
-			"kekIndex": strconv.Itoa(opts.KekIndex.Value()),
-		}).
-		SetResult(&ret).
-		Get("/kms/generateKeyPairWithKEK")
-	if err != nil {
-		return nil, err
-	}
-
-	return ret.Data, nil
-}
-
-func (kes *KmsExtService) ImportKeyPairWithKEK(ctx context.Context, opts *ImportKeyPairWithKEKOpts) (*ImportKeyPairWithKEKRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
-		return nil, errors.New("token为空！")
-	}
-
-	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
-	valid.MinSize(opts.DeviceUrl.Value(), 1, "deviceUrl").Message("请输入合法的deviceUrl！")
-	valid.Min(opts.KekIndex.Value(), 1, "kekIndex").Message("请输入合法的kekIndex！")
-	valid.Min(opts.IpxIndex.Value(), 1, "ipxIndex").Message("请输入合法的ipxIndex！")
-	valid.MinSize(opts.EncPkey.Value(), 1, "encPkey").Message("请输入合法的encPkey！")
-	valid.MinSize(opts.EncSkey.Value(), 1, "encSkey").Message("请输入合法的encSkey！")
-	valid.MinSize(opts.SignPkey.Value(), 1, "signPkey").Message("请输入合法的signPkey！")
-	valid.MinSize(opts.SignSkey.Value(), 1, "signSkey").Message("请输入合法的signSkey！")
-	if valid.HasErrors() {
-		return nil, handleValidationErrors(valid.Errors)
-	}
-
-	var ret ImportKeyPairWithKEKResp
-	_, err := kes.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
-		SetBody(map[string]interface{}{
-			"deviceUrl": opts.DeviceUrl.Value(),
-			"kekIndex":  opts.KekIndex.Value(),
-			"ipxIndex":  opts.IpxIndex.Value(),
-			"encPkey":   opts.EncPkey.Value(),
-			"encSkey":   opts.EncSkey.Value(),
-			"signPkey":  opts.SignPkey.Value(),
-			"signSkey":  opts.SignSkey.Value(),
-		}).
-		SetResult(&ret).
-		Post("/kms/importKeyPairWithKEK")
-	if err != nil {
-		return nil, err
-	}
-
-	return ret.Data, nil
-}
-- 
Gitee


From c3adf3b6bcd5baffaa0f9569e4953d1e7bdea19e Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Fri, 7 Apr 2023 15:13:55 +0800
Subject: [PATCH 09/24] gitignore

---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..485dee6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.idea
-- 
Gitee


From 0b6b0c9e3e2f75864b9dec8d7b00aa01b91ebb15 Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Fri, 7 Apr 2023 15:15:10 +0800
Subject: [PATCH 10/24] gitignore

---
 .idea/modules.xml        |   8 ---
 .idea/secloud-sdk-go.iml |   9 ---
 .idea/vcs.xml            |   6 --
 .idea/workspace.xml      | 120 ---------------------------------------
 4 files changed, 143 deletions(-)
 delete mode 100644 .idea/modules.xml
 delete mode 100644 .idea/secloud-sdk-go.iml
 delete mode 100644 .idea/vcs.xml
 delete mode 100644 .idea/workspace.xml

diff --git a/.idea/modules.xml b/.idea/modules.xml
deleted file mode 100644
index 723b1af..0000000
--- a/.idea/modules.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/secloud-sdk-go.iml" filepath="$PROJECT_DIR$/.idea/secloud-sdk-go.iml" />
-    </modules>
-  </component>
-</project>
\ No newline at end of file
diff --git a/.idea/secloud-sdk-go.iml b/.idea/secloud-sdk-go.iml
deleted file mode 100644
index 5e764c4..0000000
--- a/.idea/secloud-sdk-go.iml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="WEB_MODULE" version="4">
-  <component name="Go" enabled="true" />
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$" />
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-</module>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
deleted file mode 100644
index 94a25f7..0000000
--- a/.idea/vcs.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="$PROJECT_DIR$" vcs="Git" />
-  </component>
-</project>
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
deleted file mode 100644
index 73f2965..0000000
--- a/.idea/workspace.xml
+++ /dev/null
@@ -1,120 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="AutoImportSettings">
-    <option name="autoReloadType" value="ALL" />
-  </component>
-  <component name="ChangeListManager">
-    <list default="true" id="ea7f0651-8fd4-4965-8355-8665a550ec1c" name="Changes" comment="">
-      <change afterPath="$PROJECT_DIR$/main.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/secloud/client.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/client.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/secloud/common.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/common.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/secloud/kms.go" beforeDir="false" afterPath="$PROJECT_DIR$/secloud/kms.go" afterDir="false" />
-      <change beforePath="$PROJECT_DIR$/secloud/kms_ext.go" beforeDir="false" />
-    </list>
-    <option name="SHOW_DIALOG" value="false" />
-    <option name="HIGHLIGHT_CONFLICTS" value="true" />
-    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
-    <option name="LAST_RESOLUTION" value="IGNORE" />
-  </component>
-  <component name="FileTemplateManagerImpl">
-    <option name="RECENT_TEMPLATES">
-      <list>
-        <option value="Go File" />
-      </list>
-    </option>
-  </component>
-  <component name="GOROOT" url="file:///usr/local/go" />
-  <component name="Git.Settings">
-    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
-    <option name="RESET_MODE" value="HARD" />
-  </component>
-  <component name="MarkdownSettingsMigration">
-    <option name="stateVersion" value="1" />
-  </component>
-  <component name="ProjectId" id="2NLt1P8u8wxukAVFBPK9DNiEQOy" />
-  <component name="ProjectLevelVcsManager" settingsEditedManually="true" />
-  <component name="ProjectViewState">
-    <option name="hideEmptyMiddlePackages" value="true" />
-    <option name="showLibraryContents" value="true" />
-  </component>
-  <component name="PropertiesComponent">{
-  &quot;keyToString&quot;: {
-    &quot;DefaultGoTemplateProperty&quot;: &quot;Go File&quot;,
-    &quot;RunOnceActivity.OpenProjectViewOnStart&quot;: &quot;true&quot;,
-    &quot;RunOnceActivity.ShowReadmeOnStart&quot;: &quot;true&quot;,
-    &quot;RunOnceActivity.go.format.on.save.advertiser.fired&quot;: &quot;true&quot;,
-    &quot;RunOnceActivity.go.formatter.settings.were.checked&quot;: &quot;true&quot;,
-    &quot;RunOnceActivity.go.migrated.go.modules.settings&quot;: &quot;true&quot;,
-    &quot;RunOnceActivity.go.modules.go.list.on.any.changes.was.set&quot;: &quot;true&quot;,
-    &quot;RunOnceActivity.go.watchers.conflict.with.on.save.actions.check.performed&quot;: &quot;true&quot;,
-    &quot;WebServerToolWindowFactoryState&quot;: &quot;false&quot;,
-    &quot;go.import.settings.migrated&quot;: &quot;true&quot;,
-    &quot;last_opened_file_path&quot;: &quot;/home/jnsec-backend/Desktop/secloud-sdk-go&quot;
-  }
-}</component>
-  <component name="RecentsManager">
-    <key name="CopyFile.RECENT_KEYS">
-      <recent name="$PROJECT_DIR$" />
-    </key>
-    <key name="MoveFile.RECENT_KEYS">
-      <recent name="$PROJECT_DIR$/secloud" />
-      <recent name="$PROJECT_DIR$/secloud/auth" />
-      <recent name="$PROJECT_DIR$/secloud/client" />
-    </key>
-  </component>
-  <component name="RunManager" selected="Go Build.go build gitee.com/wx-rdc/secloud-sdk-go">
-    <configuration name="go build gitee.com/wx-rdc/secloud-sdk-go" type="GoApplicationRunConfiguration" factoryName="Go Application" temporary="true" nameIsGenerated="true">
-      <module name="secloud-sdk-go" />
-      <working_directory value="$PROJECT_DIR$" />
-      <kind value="PACKAGE" />
-      <package value="gitee.com/wx-rdc/secloud-sdk-go" />
-      <directory value="$PROJECT_DIR$" />
-      <filePath value="$PROJECT_DIR$/main.go" />
-      <method v="2" />
-    </configuration>
-    <configuration name="go build gitee.com/wx-rdc/secloud-sdk-go/test" type="GoApplicationRunConfiguration" factoryName="Go Application" temporary="true" nameIsGenerated="true">
-      <module name="secloud-sdk-go" />
-      <working_directory value="$PROJECT_DIR$" />
-      <kind value="PACKAGE" />
-      <package value="gitee.com/wx-rdc/secloud-sdk-go/test" />
-      <directory value="$PROJECT_DIR$" />
-      <filePath value="$PROJECT_DIR$/test/test.go" />
-      <method v="2" />
-    </configuration>
-    <configuration name="go build secloud-sdk-go/test" type="GoApplicationRunConfiguration" factoryName="Go Application" temporary="true" nameIsGenerated="true">
-      <module name="secloud-sdk-go" />
-      <working_directory value="$PROJECT_DIR$" />
-      <kind value="PACKAGE" />
-      <package value="secloud-sdk-go/test" />
-      <directory value="$PROJECT_DIR$" />
-      <filePath value="$PROJECT_DIR$/test/test.go" />
-      <method v="2" />
-    </configuration>
-    <recent_temporary>
-      <list>
-        <item itemvalue="Go Build.go build gitee.com/wx-rdc/secloud-sdk-go" />
-        <item itemvalue="Go Build.go build gitee.com/wx-rdc/secloud-sdk-go/test" />
-        <item itemvalue="Go Build.go build secloud-sdk-go/test" />
-      </list>
-    </recent_temporary>
-  </component>
-  <component name="SpellCheckerSettings" RuntimeDictionaries="0" Folders="0" CustomDictionaries="0" DefaultDictionary="application-level" UseSingleDictionary="true" transferred="true" />
-  <component name="TypeScriptGeneratedFilesManager">
-    <option name="version" value="3" />
-  </component>
-  <component name="Vcs.Log.Tabs.Properties">
-    <option name="TAB_STATES">
-      <map>
-        <entry key="MAIN">
-          <value>
-            <State />
-          </value>
-        </entry>
-      </map>
-    </option>
-  </component>
-  <component name="VgoProject">
-    <settings-migrated>true</settings-migrated>
-  </component>
-</project>
\ No newline at end of file
-- 
Gitee


From 45445af7156a468af42a55e460ce88ec95e86af4 Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Wed, 12 Apr 2023 16:53:52 +0800
Subject: [PATCH 11/24] Feature: import kek

---
 secloud/common.go | 10 ++++++++++
 secloud/kms.go    | 42 +++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/secloud/common.go b/secloud/common.go
index dd5c453..d2d3ff5 100644
--- a/secloud/common.go
+++ b/secloud/common.go
@@ -105,3 +105,13 @@ type ExportPublicKeyResp struct {
 	Msg  string                   `json:"msg"`
 	Data *ExportPublicKeyRespData `json:"data"`
 }
+
+type ImportKEKRespData struct {
+	Index int `json:"index"`
+}
+
+type ImportKEKResp struct {
+	Code int                `json:"code"`
+	Msg  string             `json:"msg"`
+	Data *ImportKEKRespData `json:"data"`
+}
diff --git a/secloud/kms.go b/secloud/kms.go
index 5f12b30..ce43473 100644
--- a/secloud/kms.go
+++ b/secloud/kms.go
@@ -61,6 +61,17 @@ type ImportKeyOpts struct {
 	KekIndex optional.Int    `json:"kekIndex"`
 }
 
+type ImportKEKOpts struct {
+	EncKey      optional.String `json:"encKey"`
+	PoolId      optional.Int64  `json:"poolId"`
+	Mode        optional.String `json:"mode"`
+	KeyType     optional.String `json:"keyType"`
+	KeyCode     optional.String `json:"keyCode"`
+	IpxIndex    optional.Int    `json:"ipxIndex"`
+	KekIndex    optional.Int    `json:"kekIndex"`
+	TargetIndex optional.Int    `json:"targetIndex"`
+}
+
 type DestroyKeyOpts struct {
 	Handle optional.String `json:"handle"`
 	PoolId optional.Int64  `json:"poolId"`
@@ -132,7 +143,7 @@ func (ks *KmsService) GenerateKeyPair(ctx context.Context, opts *GenerateKeyPair
 	if err != nil {
 		return nil, err
 	}
-	
+
 	return ret.Data, nil
 }
 
@@ -196,6 +207,35 @@ func (ks *KmsService) ImportKey(ctx context.Context, opts *ImportKeyOpts) (*Impo
 	return ret.Data, nil
 }
 
+func (ks *KmsService) ImportKEK(ctx context.Context, opts *ImportKEKOpts) (*ImportKEKRespData, error) {
+	if opts.Mode.Value() == "KEK" && !opts.KekIndex.IsSet() {
+		return nil, errors.New("使用kek类型时必须指定kekIndex！")
+	}
+	if opts.Mode.Value() == "ISK" && (!opts.KeyType.IsSet() || !opts.IpxIndex.IsSet()) {
+		return nil, errors.New("使用isk类型时必须指定keyType和ipxIndex！")
+	}
+
+	var ret ImportKEKResp
+	_, err := ks.Base.C.R().
+		SetBody(map[string]interface{}{
+			"encKey":      opts.EncKey.Value(),
+			"poolId":      opts.PoolId.Value(),
+			"mode":        opts.Mode.Value(),
+			"keyType":     opts.KeyType.Value(),
+			"keyCode":     opts.KeyCode.Value(),
+			"ipxIndex":    opts.IpxIndex.Value(),
+			"kekIndex":    opts.KekIndex.Value(),
+			"targetIndex": opts.TargetIndex.Value(),
+		}).
+		SetResult(&ret).
+		Post("/inner/kms/importKEK")
+	if err != nil {
+		return nil, err
+	}
+
+	return ret.Data, nil
+}
+
 func (ks *KmsService) DestroyKey(ctx context.Context, opts *DestroyKeyOpts) (*DestroyKeyRespData, error) {
 	var ret DestroyKeyResp
 	_, err := ks.Base.C.R().
-- 
Gitee


From f77c43e55f529b34c954d34e57e1404130931888 Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Thu, 13 Apr 2023 17:19:18 +0800
Subject: [PATCH 12/24] Bugfix: err judge

---
 secloud/cipher.go | 12 ++++++++++++
 secloud/kms.go    | 28 ++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/secloud/cipher.go b/secloud/cipher.go
index 124d952..01832b5 100644
--- a/secloud/cipher.go
+++ b/secloud/cipher.go
@@ -55,6 +55,10 @@ func (cs *CipherService) Encrypt(ctx context.Context, opts *EncryptOpts) (*Encry
 		return nil, err
 	}
 
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
 	return ret.Data, nil
 }
 
@@ -82,6 +86,10 @@ func (cs *CipherService) Decrypt(ctx context.Context, opts *DecryptOpts) (*Decry
 		return nil, err
 	}
 
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
 	return ret.Data, nil
 }
 
@@ -109,5 +117,9 @@ func (cs *CipherService) Random(ctx context.Context, opts *RandomOpts) (*RandomR
 		return nil, err
 	}
 
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
 	return ret.Data, nil
 }
diff --git a/secloud/kms.go b/secloud/kms.go
index ce43473..001c9ee 100644
--- a/secloud/kms.go
+++ b/secloud/kms.go
@@ -112,6 +112,10 @@ func (ks *KmsService) GenerateKey(ctx context.Context, opts *GenerateKeyOpts) (*
 		return nil, err
 	}
 
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
 	return ret.Data, nil
 }
 
@@ -144,6 +148,10 @@ func (ks *KmsService) GenerateKeyPair(ctx context.Context, opts *GenerateKeyPair
 		return nil, err
 	}
 
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
 	return ret.Data, nil
 }
 
@@ -176,6 +184,10 @@ func (ks *KmsService) ImportKeyPair(ctx context.Context, opts *ImportKeyPairOpts
 		return nil, err
 	}
 
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
 	return ret.Data, nil
 }
 
@@ -204,6 +216,10 @@ func (ks *KmsService) ImportKey(ctx context.Context, opts *ImportKeyOpts) (*Impo
 		return nil, err
 	}
 
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
 	return ret.Data, nil
 }
 
@@ -233,6 +249,10 @@ func (ks *KmsService) ImportKEK(ctx context.Context, opts *ImportKEKOpts) (*Impo
 		return nil, err
 	}
 
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
 	return ret.Data, nil
 }
 
@@ -249,6 +269,10 @@ func (ks *KmsService) DestroyKey(ctx context.Context, opts *DestroyKeyOpts) (*De
 		return nil, err
 	}
 
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
 	return ret.Data, nil
 }
 
@@ -267,5 +291,9 @@ func (ks *KmsService) ExportPublicKey(ctx context.Context, opts *ExportPublicKey
 		return nil, err
 	}
 
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
 	return ret.Data, nil
 }
-- 
Gitee


From 11b4b9df50c114616080363fdec21f18be0eb5c0 Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Tue, 18 Apr 2023 17:18:01 +0800
Subject: [PATCH 13/24] Bugfix: decrypt

---
 go.mod            | 2 +-
 secloud/cipher.go | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index e82da25..08446e2 100644
--- a/go.mod
+++ b/go.mod
@@ -3,12 +3,12 @@ module gitee.com/wx-rdc/secloud-sdk-go
 go 1.18
 
 require (
+	github.com/antihax/optional v1.0.0
 	github.com/astaxie/beego v1.12.3
 	github.com/go-resty/resty/v2 v2.7.0
 )
 
 require (
-	github.com/antihax/optional v1.0.0 // indirect
 	github.com/shiena/ansicolor v0.0.0-20151119151921-a422bbe96644 // indirect
 	golang.org/x/net v0.0.0-20211029224645-99673261e6eb // indirect
 )
diff --git a/secloud/cipher.go b/secloud/cipher.go
index 01832b5..d26ccd5 100644
--- a/secloud/cipher.go
+++ b/secloud/cipher.go
@@ -23,6 +23,7 @@ type EncryptOpts struct {
 }
 
 type DecryptOpts struct {
+	KeyId   optional.String
 	EncData optional.String
 }
 
@@ -69,6 +70,7 @@ func (cs *CipherService) Decrypt(ctx context.Context, opts *DecryptOpts) (*Decry
 
 	valid := validation.Validation{}
 	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(opts.EncData.Value(), 1, "data").Message("请输入合法的keyId数据！")
 	valid.MinSize(opts.EncData.Value(), 1, "data").Message("请输入合法的data数据！")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
@@ -78,6 +80,7 @@ func (cs *CipherService) Decrypt(ctx context.Context, opts *DecryptOpts) (*Decry
 	_, err := cs.Base.C.R().
 		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
+			"keyId":   opts.KeyId.Value(),
 			"encData": opts.EncData.Value(),
 		}).
 		SetResult(&ret).
-- 
Gitee


From db1b2da2709720d94a40bfc6f68ac150f42566a6 Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Thu, 20 Apr 2023 09:11:27 +0800
Subject: [PATCH 14/24] Fix: err

---
 secloud/auth.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/secloud/auth.go b/secloud/auth.go
index 68aa385..43d41ea 100644
--- a/secloud/auth.go
+++ b/secloud/auth.go
@@ -2,6 +2,7 @@ package secloud
 
 import (
 	"context"
+	"errors"
 	"github.com/antihax/optional"
 	"github.com/astaxie/beego/validation"
 )
@@ -43,5 +44,9 @@ func (as *AuthService) Token(ctx context.Context, authOpts *AuthOpts) (*AuthResp
 		return nil, err
 	}
 
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
 	return ret.Data, nil
 }
-- 
Gitee


From 01f3bf859d66e93d9982644852872faba067e996 Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Sun, 23 Apr 2023 15:00:02 +0800
Subject: [PATCH 15/24] Feature: sdm

---
 secloud/client.go |   2 +
 secloud/common.go |  58 +++++++++++++++++++
 secloud/sdm.go    | 144 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 204 insertions(+)
 create mode 100644 secloud/sdm.go

diff --git a/secloud/client.go b/secloud/client.go
index 4c82b14..c5e29ae 100644
--- a/secloud/client.go
+++ b/secloud/client.go
@@ -9,6 +9,7 @@ type Client struct {
 	AuthApi   *AuthService
 	CipherApi *CipherService
 	KmsApi    *KmsService
+	SdmApi    *SdmService
 }
 
 // NewAPIClient returns a client to call apis, ClientConfig contains ServerUrl
@@ -21,6 +22,7 @@ func NewAPIClient(config *ClientConfig) *Client {
 		AuthApi:   NewAuthService(),
 		CipherApi: NewCipherService(),
 		KmsApi:    NewKmsService(),
+		SdmApi:    NewSdmService(),
 	}
 }
 
diff --git a/secloud/common.go b/secloud/common.go
index d2d3ff5..e89a0e2 100644
--- a/secloud/common.go
+++ b/secloud/common.go
@@ -115,3 +115,61 @@ type ImportKEKResp struct {
 	Msg  string             `json:"msg"`
 	Data *ImportKEKRespData `json:"data"`
 }
+
+type AddDeviceRespData struct {
+	ID string `json:"id"`
+}
+
+type AddDeviceResp struct {
+	Code int                `json:"code"`
+	Msg  string             `json:"msg"`
+	Data *AddDeviceRespData `json:"data"`
+}
+
+type ListDevicesRespDataItem struct {
+	ID     string `json:"id"`
+	Name   string `json:"name"`
+	Port   string `json:"port"`
+	State  string `json:"state"`
+	Status string `json:"status"`
+}
+
+type ListDevicesRespData struct {
+	Lists []ListDevicesRespDataItem `json:"lists"`
+}
+
+type ListDevicesResp struct {
+	Code int                  `json:"code"`
+	Msg  string               `json:"msg"`
+	Data *ListDevicesRespData `json:"data"`
+}
+
+type RemoveDeviceRespData struct {
+	Ret bool `json:"ret"`
+}
+
+type RemoveDeviceResp struct {
+	Code int                   `json:"code"`
+	Msg  string                `json:"msg"`
+	Data *RemoveDeviceRespData `json:"data"`
+}
+
+type StartDeviceRespData struct {
+	Ret bool `json:"ret"`
+}
+
+type StartDeviceResp struct {
+	Code int                  `json:"code"`
+	Msg  string               `json:"msg"`
+	Data *StartDeviceRespData `json:"data"`
+}
+
+type StopDeviceRespData struct {
+	Ret bool `json:"ret"`
+}
+
+type StopDeviceResp struct {
+	Code int                 `json:"code"`
+	Msg  string              `json:"msg"`
+	Data *StopDeviceRespData `json:"data"`
+}
diff --git a/secloud/sdm.go b/secloud/sdm.go
new file mode 100644
index 0000000..e08a06f
--- /dev/null
+++ b/secloud/sdm.go
@@ -0,0 +1,144 @@
+package secloud
+
+import (
+	"context"
+	"errors"
+	"github.com/antihax/optional"
+)
+
+type SdmService struct {
+	Base *BaseService
+}
+
+func NewSdmService() *SdmService {
+	return &SdmService{
+		Base: BaseSvc,
+	}
+}
+
+type AddDeviceOpts struct {
+	Name optional.String
+	Port optional.Int
+}
+
+type ListDevicesOpts struct {
+	Name optional.String
+}
+
+type RemoveDeviceOpts struct {
+	Name optional.String
+	ID   optional.String
+}
+
+type StartDeviceOpts struct {
+	Name optional.String
+	ID   optional.String
+}
+
+type StopDeviceOpts struct {
+	Name optional.String
+	ID   optional.String
+}
+
+func (ss *SdmService) AddDevice(ctx context.Context, opts *AddDeviceOpts) (*AddDeviceRespData, error) {
+	var ret AddDeviceResp
+	_, err := ss.Base.C.R().
+		SetBody(map[string]interface{}{
+			"name": opts.Name.Value(),
+			"port": opts.Port.Value(),
+		}).
+		SetResult(&ret).
+		Post("/inner/sdm/addDevice")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
+
+func (ss *SdmService) ListDevices(ctx context.Context, opts *ListDevicesOpts) (*ListDevicesRespData, error) {
+	var ret ListDevicesResp
+
+	_, err := ss.Base.C.R().
+		SetBody(map[string]interface{}{
+			"name": opts.Name.Value(),
+		}).
+		SetResult(&ret).
+		Post("/inner/sdm/listDevices")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
+
+func (ss *SdmService) RemoveDevice(ctx context.Context, opts *RemoveDeviceOpts) (*RemoveDeviceRespData, error) {
+	var ret RemoveDeviceResp
+
+	_, err := ss.Base.C.R().
+		SetBody(map[string]interface{}{
+			"name": opts.Name.Value(),
+			"id":   opts.ID.Value(),
+		}).
+		SetResult(&ret).
+		Post("/inner/sdm/removeDevice")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
+
+func (ss *SdmService) StartDevice(ctx context.Context, opts *StartDeviceOpts) (*StartDeviceRespData, error) {
+	var ret StartDeviceResp
+
+	_, err := ss.Base.C.R().
+		SetBody(map[string]interface{}{
+			"name": opts.Name.Value(),
+			"id":   opts.ID.Value(),
+		}).
+		SetResult(&ret).
+		Post("/inner/sdm/startDevice")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
+
+func (ss *SdmService) StopDevice(ctx context.Context, opts *StopDeviceOpts) (*StopDeviceRespData, error) {
+	var ret StopDeviceResp
+
+	_, err := ss.Base.C.R().
+		SetBody(map[string]interface{}{
+			"name": opts.Name.Value(),
+			"id":   opts.ID.Value(),
+		}).
+		SetResult(&ret).
+		Post("/inner/sdm/stopDevice")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
-- 
Gitee


From 962e9ef2770485d182be07811699d2de6adf7e00 Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Wed, 10 May 2023 10:21:40 +0800
Subject: [PATCH 16/24] Feature: autotest

---
 secloud/autotest.go | 49 +++++++++++++++++++++++++++++++++++++++++++++
 secloud/client.go   | 22 +++++++++++---------
 secloud/common.go   | 10 +++++++++
 3 files changed, 71 insertions(+), 10 deletions(-)
 create mode 100644 secloud/autotest.go

diff --git a/secloud/autotest.go b/secloud/autotest.go
new file mode 100644
index 0000000..5edddec
--- /dev/null
+++ b/secloud/autotest.go
@@ -0,0 +1,49 @@
+package secloud
+
+import (
+	"context"
+	"errors"
+	"github.com/antihax/optional"
+)
+
+type AutoTestService struct {
+	Base *BaseService
+}
+
+func NewAutoTestService() *AutoTestService {
+	return &AutoTestService{
+		Base: BaseSvc,
+	}
+}
+
+type StartAutoTestOpts struct {
+	GoHost      optional.String `json:"goHost"`
+	GatewayHost optional.String `json:"gatewayHost"`
+}
+
+func (ats *AutoTestService) StartAutoTest(ctx context.Context, opts *StartAutoTestOpts) (*StartAutoTestRespData, error) {
+	if !opts.GoHost.IsSet() {
+		return nil, errors.New("请输入正确的dashboard-service地址")
+	}
+	if !opts.GatewayHost.IsSet() {
+		return nil, errors.New("请输入正确的gateway地址")
+	}
+
+	var ret StartAutoTestResp
+	_, err := ats.Base.C.R().
+		SetBody(map[string]interface{}{
+			"goHost":      opts.GoHost.Value(),
+			"gatewayHost": opts.GatewayHost.Value(),
+		}).
+		SetResult(&ret).
+		Post("/autotest/auto")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
diff --git a/secloud/client.go b/secloud/client.go
index c5e29ae..b462243 100644
--- a/secloud/client.go
+++ b/secloud/client.go
@@ -5,11 +5,12 @@ type ClientConfig struct {
 }
 
 type Client struct {
-	Config    *ClientConfig
-	AuthApi   *AuthService
-	CipherApi *CipherService
-	KmsApi    *KmsService
-	SdmApi    *SdmService
+	Config      *ClientConfig
+	AuthApi     *AuthService
+	CipherApi   *CipherService
+	KmsApi      *KmsService
+	SdmApi      *SdmService
+	AutoTestApi *AutoTestService
 }
 
 // NewAPIClient returns a client to call apis, ClientConfig contains ServerUrl
@@ -18,11 +19,12 @@ func NewAPIClient(config *ClientConfig) *Client {
 	setBaseUrl(cfg.ServerUrl)
 
 	return &Client{
-		Config:    cfg,
-		AuthApi:   NewAuthService(),
-		CipherApi: NewCipherService(),
-		KmsApi:    NewKmsService(),
-		SdmApi:    NewSdmService(),
+		Config:      cfg,
+		AuthApi:     NewAuthService(),
+		CipherApi:   NewCipherService(),
+		KmsApi:      NewKmsService(),
+		SdmApi:      NewSdmService(),
+		AutoTestApi: NewAutoTestService(),
 	}
 }
 
diff --git a/secloud/common.go b/secloud/common.go
index e89a0e2..b366f5e 100644
--- a/secloud/common.go
+++ b/secloud/common.go
@@ -173,3 +173,13 @@ type StopDeviceResp struct {
 	Msg  string              `json:"msg"`
 	Data *StopDeviceRespData `json:"data"`
 }
+
+type StartAutoTestResp struct {
+	Code int                    `json:"code"`
+	Msg  string                 `json:"msg"`
+	Data *StartAutoTestRespData `json:"data"`
+}
+
+type StartAutoTestRespData struct {
+	Uuid string `json:"uuid"`
+}
-- 
Gitee


From 6c2a9e177dcb512ed6123552c2d7dcfdf87e1c1b Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Thu, 25 May 2023 14:13:15 +0800
Subject: [PATCH 17/24] Feature: sign/verify

---
 secloud/cipher.go | 84 ++++++++++++++++++++++++++++++++++++++++++++++-
 secloud/common.go | 20 +++++++++++
 2 files changed, 103 insertions(+), 1 deletion(-)

diff --git a/secloud/cipher.go b/secloud/cipher.go
index d26ccd5..03e8ef4 100644
--- a/secloud/cipher.go
+++ b/secloud/cipher.go
@@ -27,6 +27,18 @@ type DecryptOpts struct {
 	EncData optional.String
 }
 
+type SignOpts struct {
+	RootKeyId optional.String
+	Data      optional.String
+}
+
+type VerifyOpts struct {
+	Mode      optional.String
+	RootKeyId optional.Int64
+	Data      optional.String
+	Sig       optional.String
+}
+
 type RandomOpts struct {
 	Len optional.Int
 }
@@ -70,7 +82,7 @@ func (cs *CipherService) Decrypt(ctx context.Context, opts *DecryptOpts) (*Decry
 
 	valid := validation.Validation{}
 	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
-	valid.MinSize(opts.EncData.Value(), 1, "data").Message("请输入合法的keyId数据！")
+	valid.MinSize(opts.EncData.Value(), 1, "keyId").Message("请输入合法的keyId数据！")
 	valid.MinSize(opts.EncData.Value(), 1, "data").Message("请输入合法的data数据！")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
@@ -96,6 +108,76 @@ func (cs *CipherService) Decrypt(ctx context.Context, opts *DecryptOpts) (*Decry
 	return ret.Data, nil
 }
 
+func (cs *CipherService) Sign(ctx context.Context, opts *SignOpts) (*SignRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
+	valid := validation.Validation{}
+	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(opts.RootKeyId.Value(), 1, "rootKeyId").Message("请输入合法的用户密钥！")
+	valid.MinSize(opts.Data.Value(), 1, "data").Message("请输入合法的数据！")
+	if valid.HasErrors() {
+		return nil, handleValidationErrors(valid.Errors)
+	}
+
+	var ret SignResp
+	_, err := cs.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+		SetBody(map[string]interface{}{
+			"rootKeyId": opts.RootKeyId.Value(),
+			"data":      opts.Data.Value(),
+		}).
+		SetResult(&ret).
+		Post("/cipher/sign")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
+
+func (cs *CipherService) Verify(ctx context.Context, opts *VerifyOpts) (*VerifyRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
+	valid := validation.Validation{}
+	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(opts.Mode.Value(), 1, "rootKeyId").Message("请输入合法的mode！")
+	valid.MinSize(opts.RootKeyId.Value(), 1, "rootKeyId").Message("请输入合法的用户密钥！")
+	valid.MinSize(opts.Data.Value(), 1, "data").Message("请输入合法的数据！")
+	valid.MinSize(opts.Sig.Value(), 1, "data").Message("请输入合法的验证数据！")
+	if valid.HasErrors() {
+		return nil, handleValidationErrors(valid.Errors)
+	}
+
+	var ret VerifyResp
+	_, err := cs.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+		SetBody(map[string]interface{}{
+			"mode":      opts.Mode.Value(),
+			"rootKeyId": opts.RootKeyId.Value(),
+			"data":      opts.Data.Value(),
+			"sig":       opts.Sig.Value(),
+		}).
+		SetResult(&ret).
+		Post("/cipher/verify")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
+
 func (cs *CipherService) Random(ctx context.Context, opts *RandomOpts) (*RandomRespData, error) {
 	if ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
diff --git a/secloud/common.go b/secloud/common.go
index b366f5e..de3b9e3 100644
--- a/secloud/common.go
+++ b/secloud/common.go
@@ -183,3 +183,23 @@ type StartAutoTestResp struct {
 type StartAutoTestRespData struct {
 	Uuid string `json:"uuid"`
 }
+
+type SignResp struct {
+	Code int           `json:"code"`
+	Msg  string        `json:"msg"`
+	Data *SignRespData `json:"data"`
+}
+
+type SignRespData struct {
+	Sig string `json:"sig"`
+}
+
+type VerifyResp struct {
+	Code int             `json:"code"`
+	Msg  string          `json:"msg"`
+	Data *VerifyRespData `json:"data"`
+}
+
+type VerifyRespData struct {
+	Verify bool `json:"verify"`
+}
-- 
Gitee


From f7fe1dfa24af3d267bd6cb21bb83a3fb0491d765 Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Thu, 25 May 2023 14:50:22 +0800
Subject: [PATCH 18/24] Feature: hmacSum/Check

---
 secloud/cipher.go | 80 +++++++++++++++++++++++++++++++++++++++++++++--
 secloud/common.go | 20 ++++++++++++
 2 files changed, 98 insertions(+), 2 deletions(-)

diff --git a/secloud/cipher.go b/secloud/cipher.go
index 03e8ef4..dc6d7c1 100644
--- a/secloud/cipher.go
+++ b/secloud/cipher.go
@@ -39,6 +39,17 @@ type VerifyOpts struct {
 	Sig       optional.String
 }
 
+type HmacSumOpts struct {
+	KeyId optional.String
+	Data  optional.String
+}
+
+type HmacCheckOpts struct {
+	KeyId   optional.String
+	Data    optional.String
+	HmacSum optional.String
+}
+
 type RandomOpts struct {
 	Len optional.Int
 }
@@ -148,10 +159,10 @@ func (cs *CipherService) Verify(ctx context.Context, opts *VerifyOpts) (*VerifyR
 
 	valid := validation.Validation{}
 	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
-	valid.MinSize(opts.Mode.Value(), 1, "rootKeyId").Message("请输入合法的mode！")
+	valid.MinSize(opts.Mode.Value(), 1, "mode").Message("请输入合法的mode！")
 	valid.MinSize(opts.RootKeyId.Value(), 1, "rootKeyId").Message("请输入合法的用户密钥！")
 	valid.MinSize(opts.Data.Value(), 1, "data").Message("请输入合法的数据！")
-	valid.MinSize(opts.Sig.Value(), 1, "data").Message("请输入合法的验证数据！")
+	valid.MinSize(opts.Sig.Value(), 1, "sig").Message("请输入合法的验证数据！")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
 	}
@@ -178,6 +189,71 @@ func (cs *CipherService) Verify(ctx context.Context, opts *VerifyOpts) (*VerifyR
 	return ret.Data, nil
 }
 
+func (cs *CipherService) HmacSum(ctx context.Context, opts *HmacSumOpts) (*HmacSumRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
+	valid := validation.Validation{}
+	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.Length(opts.KeyId.Value(), 4, "keyId").Message("keyId长度为4位")
+	if valid.HasErrors() {
+		return nil, handleValidationErrors(valid.Errors)
+	}
+
+	var ret HmacSumResp
+	_, err := cs.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+		SetBody(map[string]interface{}{
+			"keyId": opts.KeyId.Value(),
+			"data":  opts.Data.Value(),
+		}).
+		SetResult(&ret).
+		Post("/cipher/hmacSum")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
+
+func (cs *CipherService) HmacCheck(ctx context.Context, opts *HmacCheckOpts) (*HmacCheckRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
+	valid := validation.Validation{}
+	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.Length(opts.KeyId.Value(), 4, "keyId").Message("keyId长度为4位")
+	if valid.HasErrors() {
+		return nil, handleValidationErrors(valid.Errors)
+	}
+
+	var ret HmacCheckResp
+	_, err := cs.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+		SetBody(map[string]interface{}{
+			"keyId":   opts.KeyId.Value(),
+			"data":    opts.Data.Value(),
+			"hmacSum": opts.HmacSum.Value(),
+		}).
+		SetResult(&ret).
+		Post("/cipher/hmacCheck")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
+
 func (cs *CipherService) Random(ctx context.Context, opts *RandomOpts) (*RandomRespData, error) {
 	if ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
diff --git a/secloud/common.go b/secloud/common.go
index de3b9e3..048e903 100644
--- a/secloud/common.go
+++ b/secloud/common.go
@@ -203,3 +203,23 @@ type VerifyResp struct {
 type VerifyRespData struct {
 	Verify bool `json:"verify"`
 }
+
+type HmacSumResp struct {
+	Code int              `json:"code"`
+	Msg  string           `json:"msg"`
+	Data *HmacSumRespData `json:"data"`
+}
+
+type HmacSumRespData struct {
+	HmacSum string `json:"hmacSum"`
+}
+
+type HmacCheckResp struct {
+	Code int                `json:"code"`
+	Msg  string             `json:"msg"`
+	Data *HmacCheckRespData `json:"data"`
+}
+
+type HmacCheckRespData struct {
+	Result bool `json:"result"`
+}
-- 
Gitee


From 37577ddccdc62763b4357f61f122881967cbe587 Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Mon, 29 May 2023 12:19:42 +0800
Subject: [PATCH 19/24] Feature: autotest resp total

---
 secloud/common.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/secloud/common.go b/secloud/common.go
index 048e903..352d8f7 100644
--- a/secloud/common.go
+++ b/secloud/common.go
@@ -181,7 +181,8 @@ type StartAutoTestResp struct {
 }
 
 type StartAutoTestRespData struct {
-	Uuid string `json:"uuid"`
+	Uuid  string `json:"uuid"`
+	Total int    `json:"total"`
 }
 
 type SignResp struct {
-- 
Gitee


From 99d01bc4652d58fdff48e2c8c326aa89b32d077e Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Wed, 14 Jun 2023 16:12:42 +0800
Subject: [PATCH 20/24] Feature: KMS

---
 secloud/autotest.go |  49 --------
 secloud/client.go   |  20 ++-
 secloud/common.go   | 211 ++++++++++++++++---------------
 secloud/kms.go      | 298 ++++++++++++++++++++++----------------------
 secloud/sdm.go      | 144 ---------------------
 5 files changed, 270 insertions(+), 452 deletions(-)
 delete mode 100644 secloud/autotest.go
 delete mode 100644 secloud/sdm.go

diff --git a/secloud/autotest.go b/secloud/autotest.go
deleted file mode 100644
index 5edddec..0000000
--- a/secloud/autotest.go
+++ /dev/null
@@ -1,49 +0,0 @@
-package secloud
-
-import (
-	"context"
-	"errors"
-	"github.com/antihax/optional"
-)
-
-type AutoTestService struct {
-	Base *BaseService
-}
-
-func NewAutoTestService() *AutoTestService {
-	return &AutoTestService{
-		Base: BaseSvc,
-	}
-}
-
-type StartAutoTestOpts struct {
-	GoHost      optional.String `json:"goHost"`
-	GatewayHost optional.String `json:"gatewayHost"`
-}
-
-func (ats *AutoTestService) StartAutoTest(ctx context.Context, opts *StartAutoTestOpts) (*StartAutoTestRespData, error) {
-	if !opts.GoHost.IsSet() {
-		return nil, errors.New("请输入正确的dashboard-service地址")
-	}
-	if !opts.GatewayHost.IsSet() {
-		return nil, errors.New("请输入正确的gateway地址")
-	}
-
-	var ret StartAutoTestResp
-	_, err := ats.Base.C.R().
-		SetBody(map[string]interface{}{
-			"goHost":      opts.GoHost.Value(),
-			"gatewayHost": opts.GatewayHost.Value(),
-		}).
-		SetResult(&ret).
-		Post("/autotest/auto")
-	if err != nil {
-		return nil, err
-	}
-
-	if ret.Code != 200 {
-		return nil, errors.New(ret.Msg)
-	}
-
-	return ret.Data, nil
-}
diff --git a/secloud/client.go b/secloud/client.go
index b462243..4c82b14 100644
--- a/secloud/client.go
+++ b/secloud/client.go
@@ -5,12 +5,10 @@ type ClientConfig struct {
 }
 
 type Client struct {
-	Config      *ClientConfig
-	AuthApi     *AuthService
-	CipherApi   *CipherService
-	KmsApi      *KmsService
-	SdmApi      *SdmService
-	AutoTestApi *AutoTestService
+	Config    *ClientConfig
+	AuthApi   *AuthService
+	CipherApi *CipherService
+	KmsApi    *KmsService
 }
 
 // NewAPIClient returns a client to call apis, ClientConfig contains ServerUrl
@@ -19,12 +17,10 @@ func NewAPIClient(config *ClientConfig) *Client {
 	setBaseUrl(cfg.ServerUrl)
 
 	return &Client{
-		Config:      cfg,
-		AuthApi:     NewAuthService(),
-		CipherApi:   NewCipherService(),
-		KmsApi:      NewKmsService(),
-		SdmApi:      NewSdmService(),
-		AutoTestApi: NewAutoTestService(),
+		Config:    cfg,
+		AuthApi:   NewAuthService(),
+		CipherApi: NewCipherService(),
+		KmsApi:    NewKmsService(),
 	}
 }
 
diff --git a/secloud/common.go b/secloud/common.go
index 352d8f7..c4d1a29 100644
--- a/secloud/common.go
+++ b/secloud/common.go
@@ -15,17 +15,93 @@ type AuthRespData struct {
 	ExpiresIn   int    `json:"expires_in"`
 }
 
-type GenerateKeyPairResp struct {
-	Code int                      `json:"code"`
-	Msg  string                   `json:"msg"`
-	Data *GenerateKeyPairRespData `json:"data"`
+/*
+   kms
+*/
+
+type GenerateWorkingKeyResp struct {
+	Code int                         `json:"code"`
+	Msg  string                      `json:"msg"`
+	Data *GenerateWorkingKeyRespData `json:"data"`
+}
+
+type GenerateWorkingKeyRespData struct {
+	BgTaskId string `json:"bgTaskId"`
+}
+
+type DistributeKeysResp struct {
+	Code int                     `json:"code"`
+	Msg  string                  `json:"msg"`
+	Data *DistributeKeysRespData `json:"data"`
+}
+
+type DistributeKeysRespData struct {
+	KeyId  string `json:"keyId"`
+	EncKey string `json:"encKey"`
+}
+
+type UpdateSecretResp struct {
+	Code int                   `json:"code"`
+	Msg  string                `json:"msg"`
+	Data *UpdateSecretRespData `json:"data"`
+}
+
+type UpdateSecretRespData struct{}
+
+type ArchiveKeyResp struct {
+	Code int                 `json:"code"`
+	Msg  string              `json:"msg"`
+	Data *ArchiveKeyRespData `json:"data"`
+}
+
+type ArchiveKeyRespData struct{}
+
+type DestroyKeyResp struct {
+	Code int                 `json:"code"`
+	Msg  string              `json:"msg"`
+	Data *DestroyKeyRespData `json:"data"`
+}
+
+type DestroyKeyRespData struct{}
+
+type BackupResp struct {
+	Code int             `json:"code"`
+	Msg  string          `json:"msg"`
+	Data *BackupRespData `json:"data"`
 }
 
-type GenerateKeyPairRespData struct {
-	Pkey string `json:"pkey"`
-	Skey string `json:"skey"`
+type BackupRespData struct{}
+
+type RecoverResp struct {
+	Code int              `json:"code"`
+	Msg  string           `json:"msg"`
+	Data *RecoverRespData `json:"data"`
 }
 
+type RecoverRespData struct{}
+
+type ImportKeyResp struct {
+	Code int                `json:"code"`
+	Msg  string             `json:"msg"`
+	Data *ImportKeyRespData `json:"data"`
+}
+
+type ImportKeyRespData struct {
+	Handle string `json:"handle"`
+}
+
+type DestroyHandleResp struct {
+	Code int                    `json:"code"`
+	Msg  string                 `json:"msg"`
+	Data *DestroyHandleRespData `json:"data"`
+}
+
+type DestroyHandleRespData struct{}
+
+/*
+   cipher
+*/
+
 type EncryptResp struct {
 	Code int              `json:"code"`
 	Msg  string           `json:"msg"`
@@ -56,65 +132,49 @@ type RandomRespData struct {
 	Data string `json:"data"`
 }
 
-type GenerateKeyResp struct {
-	Code int                  `json:"code"`
-	Msg  string               `json:"msg"`
-	Data *GenerateKeyRespData `json:"data"`
-}
-
-type GenerateKeyRespData struct {
-	EncKey string `json:"enc_key"`
-}
-
-type ImportKeyPairRespData struct {
-	ID int `json:"id"`
-}
-
-type ImportKeyPairResp struct {
-	Code int                    `json:"code"`
-	Msg  string                 `json:"msg"`
-	Data *ImportKeyPairRespData `json:"data"`
+type SignResp struct {
+	Code int           `json:"code"`
+	Msg  string        `json:"msg"`
+	Data *SignRespData `json:"data"`
 }
 
-type ImportKeyRespData struct {
-	Handle string `json:"handle"`
+type SignRespData struct {
+	Sig string `json:"sig"`
 }
 
-type ImportKeyResp struct {
-	Code int                `json:"code"`
-	Msg  string             `json:"msg"`
-	Data *ImportKeyRespData `json:"data"`
+type VerifyResp struct {
+	Code int             `json:"code"`
+	Msg  string          `json:"msg"`
+	Data *VerifyRespData `json:"data"`
 }
 
-type DestroyKeyRespData struct {
-	Result int `json:"result"`
+type VerifyRespData struct {
+	Verify bool `json:"verify"`
 }
 
-type DestroyKeyResp struct {
-	Code int                 `json:"code"`
-	Msg  string              `json:"msg"`
-	Data *DestroyKeyRespData `json:"data"`
+type HmacSumResp struct {
+	Code int              `json:"code"`
+	Msg  string           `json:"msg"`
+	Data *HmacSumRespData `json:"data"`
 }
 
-type ExportPublicKeyRespData struct {
-	Pkey string `json:"pkey"`
+type HmacSumRespData struct {
+	HmacSum string `json:"hmacSum"`
 }
 
-type ExportPublicKeyResp struct {
-	Code int                      `json:"code"`
-	Msg  string                   `json:"msg"`
-	Data *ExportPublicKeyRespData `json:"data"`
+type HmacCheckResp struct {
+	Code int                `json:"code"`
+	Msg  string             `json:"msg"`
+	Data *HmacCheckRespData `json:"data"`
 }
 
-type ImportKEKRespData struct {
-	Index int `json:"index"`
+type HmacCheckRespData struct {
+	Result bool `json:"result"`
 }
 
-type ImportKEKResp struct {
-	Code int                `json:"code"`
-	Msg  string             `json:"msg"`
-	Data *ImportKEKRespData `json:"data"`
-}
+/*
+	sdm
+*/
 
 type AddDeviceRespData struct {
 	ID string `json:"id"`
@@ -173,54 +233,3 @@ type StopDeviceResp struct {
 	Msg  string              `json:"msg"`
 	Data *StopDeviceRespData `json:"data"`
 }
-
-type StartAutoTestResp struct {
-	Code int                    `json:"code"`
-	Msg  string                 `json:"msg"`
-	Data *StartAutoTestRespData `json:"data"`
-}
-
-type StartAutoTestRespData struct {
-	Uuid  string `json:"uuid"`
-	Total int    `json:"total"`
-}
-
-type SignResp struct {
-	Code int           `json:"code"`
-	Msg  string        `json:"msg"`
-	Data *SignRespData `json:"data"`
-}
-
-type SignRespData struct {
-	Sig string `json:"sig"`
-}
-
-type VerifyResp struct {
-	Code int             `json:"code"`
-	Msg  string          `json:"msg"`
-	Data *VerifyRespData `json:"data"`
-}
-
-type VerifyRespData struct {
-	Verify bool `json:"verify"`
-}
-
-type HmacSumResp struct {
-	Code int              `json:"code"`
-	Msg  string           `json:"msg"`
-	Data *HmacSumRespData `json:"data"`
-}
-
-type HmacSumRespData struct {
-	HmacSum string `json:"hmacSum"`
-}
-
-type HmacCheckResp struct {
-	Code int                `json:"code"`
-	Msg  string             `json:"msg"`
-	Data *HmacCheckRespData `json:"data"`
-}
-
-type HmacCheckRespData struct {
-	Result bool `json:"result"`
-}
diff --git a/secloud/kms.go b/secloud/kms.go
index 001c9ee..cf57734 100644
--- a/secloud/kms.go
+++ b/secloud/kms.go
@@ -16,98 +16,67 @@ func NewKmsService() *KmsService {
 	}
 }
 
-type GenerateKeyOpts struct {
-	GenKeyType optional.String `json:"genKeyType"`
-	IpxIndex   optional.Int    `json:"ipxIndex"`
-	KekIndex   optional.Int    `json:"kekIndex"`
-	KeyType    optional.String `json:"keyType"`
-	Mode       optional.String `json:"mode"`
-	PoolId     optional.Int64  `json:"poolId"`
-	PublicKey  optional.String `json:"publicKey"`
+type GenerateWorkingKeyOpts struct {
+	GenerateAlgo optional.String `json:"generateAlgo"`
+	GenerateType optional.String `json:"generateType"`
+	KeyType      optional.String `json:"keyType"`
+	EpkName      optional.String `json:"epkName"`
+	Count        optional.Int    `json:"count"`
 }
 
-type GenerateKeyPairOpts struct {
-	ExportType optional.String `json:"exportType"`
-	GenKeyType optional.String `json:"genKeyType"`
-	IpxIndex   optional.Int    `json:"ipxIndex"`
-	KekIndex   optional.Int    `json:"kekIndex"`
-	KeyType    optional.String `json:"keyType"`
-	Mode       optional.String `json:"mode"`
-	PoolId     optional.Int64  `json:"poolId"`
-	PublicKey  optional.String `json:"publicKey"`
+type DistributeKeysOpts struct {
+	GenerateType optional.String `json:"generateType"`
+	InvokeCount  optional.Int    `json:"invokeCount"`
 }
 
-type ImportKeyPairOpts struct {
-	PoolId      optional.Int64  `json:"poolId"`
-	Mode        optional.String `json:"mode"`
-	KeyType     optional.String `json:"keyType"`
-	IpxIndex    optional.Int    `json:"ipxIndex"`
-	KekIndex    optional.Int    `json:"kekIndex"`
-	TargetType  optional.String `json:"targetType"`
-	TargetIndex optional.Int    `json:"targetIndex"`
-	SignPkey    optional.String `json:"signPkey"`
-	SignSkey    optional.String `json:"signSkey"`
-	EncPkey     optional.String `json:"encPkey"`
-	EncSkey     optional.String `json:"encSkey"`
+type UpdateSecretOpts struct {
+	KeyId   optional.String `json:"keyId"`
+	KeyType optional.String `json:"keyType"`
+	EpkName optional.String `json:"epkName"`
 }
 
-type ImportKeyOpts struct {
-	EncKey   optional.String `json:"encKey"`
-	PoolId   optional.Int64  `json:"poolId"`
-	Mode     optional.String `json:"mode"`
-	KeyType  optional.String `json:"keyType"`
-	KeyCode  optional.String `json:"keyCode"`
-	IpxIndex optional.Int    `json:"ipxIndex"`
-	KekIndex optional.Int    `json:"kekIndex"`
+type ArchiveKeyOpts struct {
+	KeyId         optional.String `json:"keyId"`
+	ArchiveReason optional.String `json:"archiveReason"`
 }
 
-type ImportKEKOpts struct {
-	EncKey      optional.String `json:"encKey"`
-	PoolId      optional.Int64  `json:"poolId"`
-	Mode        optional.String `json:"mode"`
-	KeyType     optional.String `json:"keyType"`
-	KeyCode     optional.String `json:"keyCode"`
-	IpxIndex    optional.Int    `json:"ipxIndex"`
-	KekIndex    optional.Int    `json:"kekIndex"`
-	TargetIndex optional.Int    `json:"targetIndex"`
+type DestroyKeyOpts struct {
+	KeyId optional.String `json:"keyId"`
 }
 
-type DestroyKeyOpts struct {
-	Handle optional.String `json:"handle"`
-	PoolId optional.Int64  `json:"poolId"`
+type ImportKeyOpts struct {
+	Mode   optional.String `json:"mode"`
+	Secret optional.String `json:"secret"`
+	KeyId  optional.String `json:"keyId"`
 }
 
-type ExportPublicKeyOpts struct {
-	IpxIndex optional.Int    `json:"ipxIndex"`
-	KeyType  optional.String `json:"keyType"`
-	Mode     optional.String `json:"mode"`
-	PoolId   optional.Int64  `json:"poolId"`
+type DestroyHandleOpts struct {
+	Handle optional.String `json:"handle"`
 }
 
-func (ks *KmsService) GenerateKey(ctx context.Context, opts *GenerateKeyOpts) (*GenerateKeyRespData, error) {
-	if opts.Mode.Value() == "KEK" && !opts.KekIndex.IsSet() {
-		return nil, errors.New("使用kek类型时必须指定kekIndex！")
+func (ks *KmsService) GenerateWorkingKey(ctx context.Context, opts *GenerateWorkingKeyOpts) (*GenerateWorkingKeyRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
 	}
-	if opts.Mode.Value() == "EPK" && !opts.PublicKey.IsSet() {
-		return nil, errors.New("使用epk类型时必须指定publicKey！")
+	if opts.GenerateType.Value() == "EPK" && !opts.EpkName.IsSet() {
+		return nil, errors.New("使用epk类型时必须指定epkName！")
 	}
-	if opts.Mode.Value() == "IPK" && (!opts.KeyType.IsSet() || !opts.IpxIndex.IsSet()) {
-		return nil, errors.New("使用ipk类型时必须指定keyType和ipxIndex！")
+	if opts.GenerateType.Value() == "IPK" && !opts.KeyType.IsSet() {
+		return nil, errors.New("使用ipk类型时必须指定keyType！")
 	}
 
-	var ret GenerateKeyResp
+	var ret GenerateWorkingKeyResp
 	_, err := ks.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"genKeyType": opts.GenKeyType.Value(),
-			"ipxIndex":   opts.IpxIndex.Value(),
-			"kekIndex":   opts.KekIndex.Value(),
-			"keyType":    opts.KeyType.Value(),
-			"mode":       opts.Mode.Value(),
-			"poolId":     opts.PoolId.Value(),
-			"publicKey":  opts.PublicKey.Value(),
+			"generateAlgo": opts.GenerateAlgo.Value(),
+			"generateType": opts.GenerateType.Value(),
+			"keyType":      opts.KeyType.Value(),
+			"epkName":      opts.EpkName.Value(),
+			"count":        opts.Count.Value(),
 		}).
 		SetResult(&ret).
-		Post("/inner/kms/generateKey")
+		Post("/kms/generate")
 	if err != nil {
 		return nil, err
 	}
@@ -119,31 +88,26 @@ func (ks *KmsService) GenerateKey(ctx context.Context, opts *GenerateKeyOpts) (*
 	return ret.Data, nil
 }
 
-func (ks *KmsService) GenerateKeyPair(ctx context.Context, opts *GenerateKeyPairOpts) (*GenerateKeyPairRespData, error) {
-	if opts.Mode.Value() == "KEK" && !opts.KekIndex.IsSet() {
-		return nil, errors.New("使用kek类型时必须指定kekIndex！")
+func (ks *KmsService) DistributeKeys(ctx context.Context, opts *DistributeKeysOpts) (*DistributeKeysRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
 	}
-	if opts.Mode.Value() == "EPK" && !opts.PublicKey.IsSet() {
-		return nil, errors.New("使用epk类型时必须指定publicKey！")
+	if !opts.GenerateType.IsSet() {
+		return nil, errors.New("生成类型不得为空！")
 	}
-	if opts.Mode.Value() == "IPK" && (!opts.KeyType.IsSet() || !opts.IpxIndex.IsSet()) {
-		return nil, errors.New("使用ipk类型时必须指定keyType和ipxIndex！")
+	if !opts.InvokeCount.IsSet() {
+		return nil, errors.New("领用数量不得小于1！")
 	}
 
-	var ret GenerateKeyPairResp
+	var ret DistributeKeysResp
 	_, err := ks.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"exportType": opts.ExportType.Value(),
-			"genKeyType": opts.GenKeyType.Value(),
-			"ipxIndex":   opts.IpxIndex.Value(),
-			"kekIndex":   opts.KekIndex.Value(),
-			"keyType":    opts.KeyType.Value(),
-			"mode":       opts.Mode.Value(),
-			"poolId":     opts.PoolId.Value(),
-			"publicKey":  opts.PublicKey.Value(),
+			"generateType": opts.GenerateType.Value(),
+			"invokeCount":  opts.InvokeCount.Value(),
 		}).
 		SetResult(&ret).
-		Post("/inner/kms/generateKeyPair")
+		Post("/kms/distributeKeys")
 	if err != nil {
 		return nil, err
 	}
@@ -155,31 +119,24 @@ func (ks *KmsService) GenerateKeyPair(ctx context.Context, opts *GenerateKeyPair
 	return ret.Data, nil
 }
 
-func (ks *KmsService) ImportKeyPair(ctx context.Context, opts *ImportKeyPairOpts) (*ImportKeyPairRespData, error) {
-	if opts.Mode.Value() == "KEK" && !opts.KekIndex.IsSet() {
-		return nil, errors.New("使用kek类型时必须指定kekIndex！")
+func (ks *KmsService) UpdateSecret(ctx context.Context, opts *UpdateSecretOpts) (*UpdateSecretRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
 	}
-	if opts.Mode.Value() == "ISK" && (!opts.KeyType.IsSet() || !opts.IpxIndex.IsSet()) {
-		return nil, errors.New("使用isk类型时必须指定keyType和ipxIndex！")
+	if !opts.KeyId.IsSet() {
+		return nil, errors.New("keyId不能为空！")
 	}
 
-	var ret ImportKeyPairResp
+	var ret UpdateSecretResp
 	_, err := ks.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"poolId":      opts.PoolId.Value(),
-			"mode":        opts.Mode.Value(),
-			"keyType":     opts.KeyType.Value(),
-			"ipxIndex":    opts.IpxIndex.Value(),
-			"kekIndex":    opts.KekIndex.Value(),
-			"targetType":  opts.TargetType.Value(),
-			"targetIndex": opts.TargetIndex.Value(),
-			"signPkey":    opts.SignPkey.Value(),
-			"signSkey":    opts.SignSkey.Value(),
-			"encPkey":     opts.EncPkey.Value(),
-			"encSkey":     opts.EncSkey.Value(),
+			"keyId":   opts.KeyId.Value(),
+			"keyType": opts.KeyType.Value(),
+			"epkName": opts.EpkName.Value(),
 		}).
 		SetResult(&ret).
-		Post("/inner/kms/importKeyPair")
+		Post("/kms/updateSecret")
 	if err != nil {
 		return nil, err
 	}
@@ -191,27 +148,23 @@ func (ks *KmsService) ImportKeyPair(ctx context.Context, opts *ImportKeyPairOpts
 	return ret.Data, nil
 }
 
-func (ks *KmsService) ImportKey(ctx context.Context, opts *ImportKeyOpts) (*ImportKeyRespData, error) {
-	if opts.Mode.Value() == "KEK" && !opts.KekIndex.IsSet() {
-		return nil, errors.New("使用kek类型时必须指定kekIndex！")
+func (ks *KmsService) ArchiveKey(ctx context.Context, opts *ArchiveKeyOpts) (*ArchiveKeyRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
 	}
-	if opts.Mode.Value() == "ISK" && (!opts.KeyType.IsSet() || !opts.IpxIndex.IsSet()) {
-		return nil, errors.New("使用isk类型时必须指定keyType和ipxIndex！")
+	if !opts.KeyId.IsSet() {
+		return nil, errors.New("keyId不能为空！")
 	}
 
-	var ret ImportKeyResp
+	var ret ArchiveKeyResp
 	_, err := ks.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"encKey":   opts.EncKey.Value(),
-			"poolId":   opts.PoolId.Value(),
-			"mode":     opts.Mode.Value(),
-			"keyType":  opts.KeyType.Value(),
-			"keyCode":  opts.KeyCode.Value(),
-			"ipxIndex": opts.IpxIndex.Value(),
-			"kekIndex": opts.KekIndex.Value(),
+			"keyId":         opts.KeyId.Value(),
+			"archiveReason": opts.ArchiveReason.Value(),
 		}).
 		SetResult(&ret).
-		Post("/inner/kms/importKey")
+		Post("/kms/archiveKey")
 	if err != nil {
 		return nil, err
 	}
@@ -223,28 +176,22 @@ func (ks *KmsService) ImportKey(ctx context.Context, opts *ImportKeyOpts) (*Impo
 	return ret.Data, nil
 }
 
-func (ks *KmsService) ImportKEK(ctx context.Context, opts *ImportKEKOpts) (*ImportKEKRespData, error) {
-	if opts.Mode.Value() == "KEK" && !opts.KekIndex.IsSet() {
-		return nil, errors.New("使用kek类型时必须指定kekIndex！")
+func (ks *KmsService) DestroyKey(ctx context.Context, opts *DestroyKeyOpts) (*DestroyKeyRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
 	}
-	if opts.Mode.Value() == "ISK" && (!opts.KeyType.IsSet() || !opts.IpxIndex.IsSet()) {
-		return nil, errors.New("使用isk类型时必须指定keyType和ipxIndex！")
+	if !opts.KeyId.IsSet() {
+		return nil, errors.New("keyId不能为空！")
 	}
 
-	var ret ImportKEKResp
+	var ret DestroyKeyResp
 	_, err := ks.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"encKey":      opts.EncKey.Value(),
-			"poolId":      opts.PoolId.Value(),
-			"mode":        opts.Mode.Value(),
-			"keyType":     opts.KeyType.Value(),
-			"keyCode":     opts.KeyCode.Value(),
-			"ipxIndex":    opts.IpxIndex.Value(),
-			"kekIndex":    opts.KekIndex.Value(),
-			"targetIndex": opts.TargetIndex.Value(),
+			"keyId": opts.KeyId.Value(),
 		}).
 		SetResult(&ret).
-		Post("/inner/kms/importKEK")
+		Post("/kms/destroyKey")
 	if err != nil {
 		return nil, err
 	}
@@ -256,15 +203,69 @@ func (ks *KmsService) ImportKEK(ctx context.Context, opts *ImportKEKOpts) (*Impo
 	return ret.Data, nil
 }
 
-func (ks *KmsService) DestroyKey(ctx context.Context, opts *DestroyKeyOpts) (*DestroyKeyRespData, error) {
-	var ret DestroyKeyResp
+func (ks *KmsService) Backup(ctx context.Context) (*BackupRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
+	var ret BackupResp
 	_, err := ks.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+		SetResult(&ret).
+		Post("/kms/backup")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
+
+func (ks *KmsService) Recover(ctx context.Context) (*RecoverRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+
+	var ret RecoverResp
+	_, err := ks.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+		SetResult(&ret).
+		Post("/kms/recover")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
+
+func (ks *KmsService) ImportKey(ctx context.Context, opts *ImportKeyOpts) (*ImportKeyRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+	if !opts.Mode.IsSet() {
+		return nil, errors.New("导入模式不能为空！")
+	}
+	if !opts.KeyId.IsSet() && !opts.Secret.IsSet() {
+		return nil, errors.New("keyId和secret不能同时为空！")
+	}
+
+	var ret ImportKeyResp
+	_, err := ks.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"handle": opts.Handle.Value(),
-			"poolId": opts.PoolId.Value(),
+			"mode":   opts.Mode.Value(),
+			"keyId":  opts.KeyId.Value(),
+			"secret": opts.Secret.Value(),
 		}).
 		SetResult(&ret).
-		Post("/inner/kms/destroyKey")
+		Post("/kms/importKey")
 	if err != nil {
 		return nil, err
 	}
@@ -276,17 +277,22 @@ func (ks *KmsService) DestroyKey(ctx context.Context, opts *DestroyKeyOpts) (*De
 	return ret.Data, nil
 }
 
-func (ks *KmsService) ExportPublicKey(ctx context.Context, opts *ExportPublicKeyOpts) (*ExportPublicKeyRespData, error) {
-	var ret ExportPublicKeyResp
+func (ks *KmsService) DestroyHandle(ctx context.Context, opts *DestroyHandleOpts) (*DestroyHandleRespData, error) {
+	if ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+	if !opts.Handle.IsSet() {
+		return nil, errors.New("句柄不能为空！")
+	}
+
+	var ret DestroyHandleResp
 	_, err := ks.Base.C.R().
+		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"ipxIndex": opts.IpxIndex.Value(),
-			"keyType":  opts.KeyType.Value(),
-			"mode":     opts.Mode.Value(),
-			"poolId":   opts.PoolId.Value(),
+			"handle": opts.Handle.Value(),
 		}).
 		SetResult(&ret).
-		Post("/inner/kms/exportPublicKey")
+		Post("/kms/destroyHandle")
 	if err != nil {
 		return nil, err
 	}
diff --git a/secloud/sdm.go b/secloud/sdm.go
deleted file mode 100644
index e08a06f..0000000
--- a/secloud/sdm.go
+++ /dev/null
@@ -1,144 +0,0 @@
-package secloud
-
-import (
-	"context"
-	"errors"
-	"github.com/antihax/optional"
-)
-
-type SdmService struct {
-	Base *BaseService
-}
-
-func NewSdmService() *SdmService {
-	return &SdmService{
-		Base: BaseSvc,
-	}
-}
-
-type AddDeviceOpts struct {
-	Name optional.String
-	Port optional.Int
-}
-
-type ListDevicesOpts struct {
-	Name optional.String
-}
-
-type RemoveDeviceOpts struct {
-	Name optional.String
-	ID   optional.String
-}
-
-type StartDeviceOpts struct {
-	Name optional.String
-	ID   optional.String
-}
-
-type StopDeviceOpts struct {
-	Name optional.String
-	ID   optional.String
-}
-
-func (ss *SdmService) AddDevice(ctx context.Context, opts *AddDeviceOpts) (*AddDeviceRespData, error) {
-	var ret AddDeviceResp
-	_, err := ss.Base.C.R().
-		SetBody(map[string]interface{}{
-			"name": opts.Name.Value(),
-			"port": opts.Port.Value(),
-		}).
-		SetResult(&ret).
-		Post("/inner/sdm/addDevice")
-	if err != nil {
-		return nil, err
-	}
-
-	if ret.Code != 200 {
-		return nil, errors.New(ret.Msg)
-	}
-
-	return ret.Data, nil
-}
-
-func (ss *SdmService) ListDevices(ctx context.Context, opts *ListDevicesOpts) (*ListDevicesRespData, error) {
-	var ret ListDevicesResp
-
-	_, err := ss.Base.C.R().
-		SetBody(map[string]interface{}{
-			"name": opts.Name.Value(),
-		}).
-		SetResult(&ret).
-		Post("/inner/sdm/listDevices")
-	if err != nil {
-		return nil, err
-	}
-
-	if ret.Code != 200 {
-		return nil, errors.New(ret.Msg)
-	}
-
-	return ret.Data, nil
-}
-
-func (ss *SdmService) RemoveDevice(ctx context.Context, opts *RemoveDeviceOpts) (*RemoveDeviceRespData, error) {
-	var ret RemoveDeviceResp
-
-	_, err := ss.Base.C.R().
-		SetBody(map[string]interface{}{
-			"name": opts.Name.Value(),
-			"id":   opts.ID.Value(),
-		}).
-		SetResult(&ret).
-		Post("/inner/sdm/removeDevice")
-	if err != nil {
-		return nil, err
-	}
-
-	if ret.Code != 200 {
-		return nil, errors.New(ret.Msg)
-	}
-
-	return ret.Data, nil
-}
-
-func (ss *SdmService) StartDevice(ctx context.Context, opts *StartDeviceOpts) (*StartDeviceRespData, error) {
-	var ret StartDeviceResp
-
-	_, err := ss.Base.C.R().
-		SetBody(map[string]interface{}{
-			"name": opts.Name.Value(),
-			"id":   opts.ID.Value(),
-		}).
-		SetResult(&ret).
-		Post("/inner/sdm/startDevice")
-	if err != nil {
-		return nil, err
-	}
-
-	if ret.Code != 200 {
-		return nil, errors.New(ret.Msg)
-	}
-
-	return ret.Data, nil
-}
-
-func (ss *SdmService) StopDevice(ctx context.Context, opts *StopDeviceOpts) (*StopDeviceRespData, error) {
-	var ret StopDeviceResp
-
-	_, err := ss.Base.C.R().
-		SetBody(map[string]interface{}{
-			"name": opts.Name.Value(),
-			"id":   opts.ID.Value(),
-		}).
-		SetResult(&ret).
-		Post("/inner/sdm/stopDevice")
-	if err != nil {
-		return nil, err
-	}
-
-	if ret.Code != 200 {
-		return nil, errors.New(ret.Msg)
-	}
-
-	return ret.Data, nil
-}
-- 
Gitee


From fa2aca145ff4d5313e70fde1b628d3f169ae867e Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Thu, 15 Jun 2023 10:58:28 +0800
Subject: [PATCH 21/24] Feature: kms

---
 secloud/auth.go   | 18 +++++++----
 secloud/base.go   |  6 ++--
 secloud/cipher.go | 80 +++++++++++++++++++++++----------------------
 secloud/client.go | 17 +++++-----
 secloud/common.go |  6 ++--
 secloud/kms.go    | 82 ++++++++++++++++++++++++-----------------------
 test.go           | 74 ++++++++++++++++++++++++++++++++++++++++++
 7 files changed, 183 insertions(+), 100 deletions(-)
 create mode 100644 test.go

diff --git a/secloud/auth.go b/secloud/auth.go
index 43d41ea..5b0fcea 100644
--- a/secloud/auth.go
+++ b/secloud/auth.go
@@ -7,12 +7,12 @@ import (
 	"github.com/astaxie/beego/validation"
 )
 
-type AuthService struct {
-	Base *BaseService
+type AuthEntrance struct {
+	Base *BaseClient
 }
 
-func NewAuthService() *AuthService {
-	return &AuthService{
+func NewAuthEntrance() *AuthEntrance {
+	return &AuthEntrance{
 		Base: BaseSvc,
 	}
 }
@@ -23,7 +23,7 @@ type AuthOpts struct {
 }
 
 // Token this func returns auth data, including accessToken and expires deadline
-func (as *AuthService) Token(ctx context.Context, authOpts *AuthOpts) (*AuthRespData, error) {
+func (ae *AuthEntrance) Token(authOpts *AuthOpts) (*AuthClient, error) {
 	valid := validation.Validation{}
 	valid.MinSize(authOpts.ClientId.Value(), 1, "appKey").Message("请输入合法的AppKey")
 	valid.MinSize(authOpts.ClientSecret.Value(), 1, "appSecret").Message("请输入合法的AppSecret")
@@ -32,7 +32,7 @@ func (as *AuthService) Token(ctx context.Context, authOpts *AuthOpts) (*AuthResp
 	}
 
 	var ret AuthResp
-	_, err := as.Base.C.R().
+	_, err := ae.Base.C.R().
 		SetHeader("Content-Type", "application/json").
 		SetQueryParams(map[string]string{
 			"clientId":     authOpts.ClientId.Value(),
@@ -48,5 +48,9 @@ func (as *AuthService) Token(ctx context.Context, authOpts *AuthOpts) (*AuthResp
 		return nil, errors.New(ret.Msg)
 	}
 
-	return ret.Data, nil
+	ctx := context.WithValue(context.Background(), ContextAccessToken, ret.Data.AccessToken)
+	return &AuthClient{
+		CipherClient: NewCipherClient(ctx),
+		KmsClient:    NewKmsClient(ctx),
+	}, nil
 }
diff --git a/secloud/base.go b/secloud/base.go
index ff2480c..a038cde 100644
--- a/secloud/base.go
+++ b/secloud/base.go
@@ -6,7 +6,7 @@ import (
 	"time"
 )
 
-var BaseSvc *BaseService
+var BaseSvc *BaseClient
 
 func init() {
 	c := resty.New().
@@ -14,11 +14,11 @@ func init() {
 		SetTimeout(60 * time.Second).
 		SetTLSClientConfig(&tls.Config{InsecureSkipVerify: false})
 
-	BaseSvc = &BaseService{
+	BaseSvc = &BaseClient{
 		C: c,
 	}
 }
 
-type BaseService struct {
+type BaseClient struct {
 	C *resty.Client
 }
diff --git a/secloud/cipher.go b/secloud/cipher.go
index dc6d7c1..e409c24 100644
--- a/secloud/cipher.go
+++ b/secloud/cipher.go
@@ -7,13 +7,15 @@ import (
 	"github.com/astaxie/beego/validation"
 )
 
-type CipherService struct {
-	Base *BaseService
+type CipherClient struct {
+	Base *BaseClient
+	ctx  context.Context
 }
 
-func NewCipherService() *CipherService {
-	return &CipherService{
+func NewCipherClient(ctx context.Context) *CipherClient {
+	return &CipherClient{
 		Base: BaseSvc,
+		ctx:  ctx,
 	}
 }
 
@@ -54,21 +56,21 @@ type RandomOpts struct {
 	Len optional.Int
 }
 
-func (cs *CipherService) Encrypt(ctx context.Context, opts *EncryptOpts) (*EncryptRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (cc *CipherClient) Encrypt(opts *EncryptOpts) (*EncryptRespData, error) {
+	if cc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
 	valid.Length(opts.KeyId.Value(), 4, "keyId").Message("keyId长度为4位")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
 	}
 
 	var ret EncryptResp
-	_, err := cs.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := cc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"keyId": opts.KeyId.Value(),
 			"data":  opts.Data.Value(),
@@ -86,13 +88,13 @@ func (cs *CipherService) Encrypt(ctx context.Context, opts *EncryptOpts) (*Encry
 	return ret.Data, nil
 }
 
-func (cs *CipherService) Decrypt(ctx context.Context, opts *DecryptOpts) (*DecryptRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (cc *CipherClient) Decrypt(opts *DecryptOpts) (*DecryptRespData, error) {
+	if cc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
 	valid.MinSize(opts.EncData.Value(), 1, "keyId").Message("请输入合法的keyId数据！")
 	valid.MinSize(opts.EncData.Value(), 1, "data").Message("请输入合法的data数据！")
 	if valid.HasErrors() {
@@ -100,8 +102,8 @@ func (cs *CipherService) Decrypt(ctx context.Context, opts *DecryptOpts) (*Decry
 	}
 
 	var ret DecryptResp
-	_, err := cs.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := cc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"keyId":   opts.KeyId.Value(),
 			"encData": opts.EncData.Value(),
@@ -119,13 +121,13 @@ func (cs *CipherService) Decrypt(ctx context.Context, opts *DecryptOpts) (*Decry
 	return ret.Data, nil
 }
 
-func (cs *CipherService) Sign(ctx context.Context, opts *SignOpts) (*SignRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (cc *CipherClient) Sign(opts *SignOpts) (*SignRespData, error) {
+	if cc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
 	valid.MinSize(opts.RootKeyId.Value(), 1, "rootKeyId").Message("请输入合法的用户密钥！")
 	valid.MinSize(opts.Data.Value(), 1, "data").Message("请输入合法的数据！")
 	if valid.HasErrors() {
@@ -133,8 +135,8 @@ func (cs *CipherService) Sign(ctx context.Context, opts *SignOpts) (*SignRespDat
 	}
 
 	var ret SignResp
-	_, err := cs.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := cc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"rootKeyId": opts.RootKeyId.Value(),
 			"data":      opts.Data.Value(),
@@ -152,13 +154,13 @@ func (cs *CipherService) Sign(ctx context.Context, opts *SignOpts) (*SignRespDat
 	return ret.Data, nil
 }
 
-func (cs *CipherService) Verify(ctx context.Context, opts *VerifyOpts) (*VerifyRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (cc *CipherClient) Verify(opts *VerifyOpts) (*VerifyRespData, error) {
+	if cc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
 	valid.MinSize(opts.Mode.Value(), 1, "mode").Message("请输入合法的mode！")
 	valid.MinSize(opts.RootKeyId.Value(), 1, "rootKeyId").Message("请输入合法的用户密钥！")
 	valid.MinSize(opts.Data.Value(), 1, "data").Message("请输入合法的数据！")
@@ -168,8 +170,8 @@ func (cs *CipherService) Verify(ctx context.Context, opts *VerifyOpts) (*VerifyR
 	}
 
 	var ret VerifyResp
-	_, err := cs.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := cc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"mode":      opts.Mode.Value(),
 			"rootKeyId": opts.RootKeyId.Value(),
@@ -189,21 +191,21 @@ func (cs *CipherService) Verify(ctx context.Context, opts *VerifyOpts) (*VerifyR
 	return ret.Data, nil
 }
 
-func (cs *CipherService) HmacSum(ctx context.Context, opts *HmacSumOpts) (*HmacSumRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (cc *CipherClient) HmacSum(opts *HmacSumOpts) (*HmacSumRespData, error) {
+	if cc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
 	valid.Length(opts.KeyId.Value(), 4, "keyId").Message("keyId长度为4位")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
 	}
 
 	var ret HmacSumResp
-	_, err := cs.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := cc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"keyId": opts.KeyId.Value(),
 			"data":  opts.Data.Value(),
@@ -221,21 +223,21 @@ func (cs *CipherService) HmacSum(ctx context.Context, opts *HmacSumOpts) (*HmacS
 	return ret.Data, nil
 }
 
-func (cs *CipherService) HmacCheck(ctx context.Context, opts *HmacCheckOpts) (*HmacCheckRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (cc *CipherClient) HmacCheck(opts *HmacCheckOpts) (*HmacCheckRespData, error) {
+	if cc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
 	valid.Length(opts.KeyId.Value(), 4, "keyId").Message("keyId长度为4位")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
 	}
 
 	var ret HmacCheckResp
-	_, err := cs.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := cc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"keyId":   opts.KeyId.Value(),
 			"data":    opts.Data.Value(),
@@ -254,21 +256,21 @@ func (cs *CipherService) HmacCheck(ctx context.Context, opts *HmacCheckOpts) (*H
 	return ret.Data, nil
 }
 
-func (cs *CipherService) Random(ctx context.Context, opts *RandomOpts) (*RandomRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (cc *CipherClient) Random(opts *RandomOpts) (*RandomRespData, error) {
+	if cc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	valid := validation.Validation{}
-	valid.MinSize(ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
+	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
 	valid.Min(opts.Len.Value(), 1, "len").Message("请输入合法的随机长度！")
 	if valid.HasErrors() {
 		return nil, handleValidationErrors(valid.Errors)
 	}
 
 	var ret RandomResp
-	_, err := cs.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := cc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"len": opts.Len.Value(),
 		}).
diff --git a/secloud/client.go b/secloud/client.go
index 4c82b14..4ca16fe 100644
--- a/secloud/client.go
+++ b/secloud/client.go
@@ -5,10 +5,13 @@ type ClientConfig struct {
 }
 
 type Client struct {
-	Config    *ClientConfig
-	AuthApi   *AuthService
-	CipherApi *CipherService
-	KmsApi    *KmsService
+	Config       *ClientConfig
+	AuthEntrance *AuthEntrance
+}
+
+type AuthClient struct {
+	CipherClient *CipherClient
+	KmsClient    *KmsClient
 }
 
 // NewAPIClient returns a client to call apis, ClientConfig contains ServerUrl
@@ -17,10 +20,8 @@ func NewAPIClient(config *ClientConfig) *Client {
 	setBaseUrl(cfg.ServerUrl)
 
 	return &Client{
-		Config:    cfg,
-		AuthApi:   NewAuthService(),
-		CipherApi: NewCipherService(),
-		KmsApi:    NewKmsService(),
+		Config:       cfg,
+		AuthEntrance: NewAuthEntrance(),
 	}
 }
 
diff --git a/secloud/common.go b/secloud/common.go
index c4d1a29..948c734 100644
--- a/secloud/common.go
+++ b/secloud/common.go
@@ -30,9 +30,9 @@ type GenerateWorkingKeyRespData struct {
 }
 
 type DistributeKeysResp struct {
-	Code int                     `json:"code"`
-	Msg  string                  `json:"msg"`
-	Data *DistributeKeysRespData `json:"data"`
+	Code int                      `json:"code"`
+	Msg  string                   `json:"msg"`
+	Data []DistributeKeysRespData `json:"data"`
 }
 
 type DistributeKeysRespData struct {
diff --git a/secloud/kms.go b/secloud/kms.go
index cf57734..e1ded04 100644
--- a/secloud/kms.go
+++ b/secloud/kms.go
@@ -6,13 +6,15 @@ import (
 	"github.com/antihax/optional"
 )
 
-type KmsService struct {
-	Base *BaseService
+type KmsClient struct {
+	Base *BaseClient
+	ctx  context.Context
 }
 
-func NewKmsService() *KmsService {
-	return &KmsService{
+func NewKmsClient(ctx context.Context) *KmsClient {
+	return &KmsClient{
 		Base: BaseSvc,
+		ctx:  ctx,
 	}
 }
 
@@ -54,8 +56,8 @@ type DestroyHandleOpts struct {
 	Handle optional.String `json:"handle"`
 }
 
-func (ks *KmsService) GenerateWorkingKey(ctx context.Context, opts *GenerateWorkingKeyOpts) (*GenerateWorkingKeyRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (kc *KmsClient) GenerateWorkingKey(opts *GenerateWorkingKeyOpts) (*GenerateWorkingKeyRespData, error) {
+	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 	if opts.GenerateType.Value() == "EPK" && !opts.EpkName.IsSet() {
@@ -66,8 +68,8 @@ func (ks *KmsService) GenerateWorkingKey(ctx context.Context, opts *GenerateWork
 	}
 
 	var ret GenerateWorkingKeyResp
-	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := kc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"generateAlgo": opts.GenerateAlgo.Value(),
 			"generateType": opts.GenerateType.Value(),
@@ -88,8 +90,8 @@ func (ks *KmsService) GenerateWorkingKey(ctx context.Context, opts *GenerateWork
 	return ret.Data, nil
 }
 
-func (ks *KmsService) DistributeKeys(ctx context.Context, opts *DistributeKeysOpts) (*DistributeKeysRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (kc *KmsClient) DistributeKeys(opts *DistributeKeysOpts) ([]DistributeKeysRespData, error) {
+	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 	if !opts.GenerateType.IsSet() {
@@ -100,8 +102,8 @@ func (ks *KmsService) DistributeKeys(ctx context.Context, opts *DistributeKeysOp
 	}
 
 	var ret DistributeKeysResp
-	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := kc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"generateType": opts.GenerateType.Value(),
 			"invokeCount":  opts.InvokeCount.Value(),
@@ -119,8 +121,8 @@ func (ks *KmsService) DistributeKeys(ctx context.Context, opts *DistributeKeysOp
 	return ret.Data, nil
 }
 
-func (ks *KmsService) UpdateSecret(ctx context.Context, opts *UpdateSecretOpts) (*UpdateSecretRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (kc *KmsClient) UpdateSecret(opts *UpdateSecretOpts) (*UpdateSecretRespData, error) {
+	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 	if !opts.KeyId.IsSet() {
@@ -128,8 +130,8 @@ func (ks *KmsService) UpdateSecret(ctx context.Context, opts *UpdateSecretOpts)
 	}
 
 	var ret UpdateSecretResp
-	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := kc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"keyId":   opts.KeyId.Value(),
 			"keyType": opts.KeyType.Value(),
@@ -148,8 +150,8 @@ func (ks *KmsService) UpdateSecret(ctx context.Context, opts *UpdateSecretOpts)
 	return ret.Data, nil
 }
 
-func (ks *KmsService) ArchiveKey(ctx context.Context, opts *ArchiveKeyOpts) (*ArchiveKeyRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (kc *KmsClient) ArchiveKey(opts *ArchiveKeyOpts) (*ArchiveKeyRespData, error) {
+	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 	if !opts.KeyId.IsSet() {
@@ -157,8 +159,8 @@ func (ks *KmsService) ArchiveKey(ctx context.Context, opts *ArchiveKeyOpts) (*Ar
 	}
 
 	var ret ArchiveKeyResp
-	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := kc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"keyId":         opts.KeyId.Value(),
 			"archiveReason": opts.ArchiveReason.Value(),
@@ -176,8 +178,8 @@ func (ks *KmsService) ArchiveKey(ctx context.Context, opts *ArchiveKeyOpts) (*Ar
 	return ret.Data, nil
 }
 
-func (ks *KmsService) DestroyKey(ctx context.Context, opts *DestroyKeyOpts) (*DestroyKeyRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (kc *KmsClient) DestroyKey(opts *DestroyKeyOpts) (*DestroyKeyRespData, error) {
+	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 	if !opts.KeyId.IsSet() {
@@ -185,8 +187,8 @@ func (ks *KmsService) DestroyKey(ctx context.Context, opts *DestroyKeyOpts) (*De
 	}
 
 	var ret DestroyKeyResp
-	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := kc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"keyId": opts.KeyId.Value(),
 		}).
@@ -203,14 +205,14 @@ func (ks *KmsService) DestroyKey(ctx context.Context, opts *DestroyKeyOpts) (*De
 	return ret.Data, nil
 }
 
-func (ks *KmsService) Backup(ctx context.Context) (*BackupRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (kc *KmsClient) Backup() (*BackupRespData, error) {
+	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	var ret BackupResp
-	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := kc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetResult(&ret).
 		Post("/kms/backup")
 	if err != nil {
@@ -224,14 +226,14 @@ func (ks *KmsService) Backup(ctx context.Context) (*BackupRespData, error) {
 	return ret.Data, nil
 }
 
-func (ks *KmsService) Recover(ctx context.Context) (*RecoverRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (kc *KmsClient) Recover() (*RecoverRespData, error) {
+	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
 	var ret RecoverResp
-	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := kc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetResult(&ret).
 		Post("/kms/recover")
 	if err != nil {
@@ -245,8 +247,8 @@ func (ks *KmsService) Recover(ctx context.Context) (*RecoverRespData, error) {
 	return ret.Data, nil
 }
 
-func (ks *KmsService) ImportKey(ctx context.Context, opts *ImportKeyOpts) (*ImportKeyRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (kc *KmsClient) ImportKey(opts *ImportKeyOpts) (*ImportKeyRespData, error) {
+	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 	if !opts.Mode.IsSet() {
@@ -257,8 +259,8 @@ func (ks *KmsService) ImportKey(ctx context.Context, opts *ImportKeyOpts) (*Impo
 	}
 
 	var ret ImportKeyResp
-	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := kc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"mode":   opts.Mode.Value(),
 			"keyId":  opts.KeyId.Value(),
@@ -277,8 +279,8 @@ func (ks *KmsService) ImportKey(ctx context.Context, opts *ImportKeyOpts) (*Impo
 	return ret.Data, nil
 }
 
-func (ks *KmsService) DestroyHandle(ctx context.Context, opts *DestroyHandleOpts) (*DestroyHandleRespData, error) {
-	if ctx.Value(ContextAccessToken) == nil {
+func (kc *KmsClient) DestroyHandle(opts *DestroyHandleOpts) (*DestroyHandleRespData, error) {
+	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 	if !opts.Handle.IsSet() {
@@ -286,8 +288,8 @@ func (ks *KmsService) DestroyHandle(ctx context.Context, opts *DestroyHandleOpts
 	}
 
 	var ret DestroyHandleResp
-	_, err := ks.Base.C.R().
-		SetHeader("Authorization", "Bearer "+ctx.Value(ContextAccessToken).(string)).
+	_, err := kc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
 			"handle": opts.Handle.Value(),
 		}).
diff --git a/test.go b/test.go
new file mode 100644
index 0000000..770b852
--- /dev/null
+++ b/test.go
@@ -0,0 +1,74 @@
+package main
+
+import (
+	"gitee.com/wx-rdc/secloud-sdk-go/secloud"
+	"github.com/antihax/optional"
+	"log"
+)
+
+func main() {
+	c := secloud.NewAPIClient(secloud.NewConfiguration("http://kun-gateway:8080"))
+	ac, err := c.AuthEntrance.Token(&secloud.AuthOpts{
+		ClientId:     optional.NewString("7190f17d-7b5e-4a07-8f5c-e391d371ae14"),
+		ClientSecret: optional.NewString("34eecd75-a51a-455e-ae18-1bbfb7a6c50b"),
+	})
+	if err != nil {
+		log.Fatalf("Get AuthClient Fail: %s", err)
+	}
+	log.Printf("Get AuthClient Successfully!")
+
+	bgTaskId, err := ac.KmsClient.GenerateWorkingKey(&secloud.GenerateWorkingKeyOpts{
+		GenerateAlgo: optional.NewString("SM4"),
+		GenerateType: optional.NewString("KEK"),
+		KeyType:      optional.NewString("SM4"),
+		Count:        optional.NewInt(1),
+	})
+	if err != nil {
+		log.Fatalf("Generate Working Key Fail: %s", err)
+	}
+	log.Printf("Generate Working Key Successfully! BgTask ID is: %s", bgTaskId.BgTaskId)
+
+	dks, err := ac.KmsClient.DistributeKeys(&secloud.DistributeKeysOpts{
+		GenerateType: optional.NewString("KEK"),
+		InvokeCount:  optional.NewInt(1),
+	})
+	if err != nil {
+		log.Fatalf("Distribute Keys Fail: %s", err)
+	}
+	log.Printf("Distribute Keys Successfully! KeyID is: %s", dks[0].KeyId)
+
+	ik, err := ac.KmsClient.ImportKey(&secloud.ImportKeyOpts{
+		Mode:  optional.NewString("KEK"),
+		KeyId: optional.NewString(dks[0].KeyId),
+	})
+	if err != nil {
+		log.Fatalf("Import Key Fail: %s", err)
+	}
+	log.Printf("Import Key Successfully! Handle is: %s", ik.Handle)
+
+	enc, err := ac.CipherClient.Encrypt(&secloud.EncryptOpts{
+		KeyId: optional.NewString(dks[0].KeyId),
+		Data:  optional.NewString("123456789"),
+	})
+	if err != nil {
+		log.Fatalf("Encrypt Data Fail: %s", enc.EncData)
+	}
+	log.Printf("Encrypt Data Successfully! EncData is: %s", enc.EncData)
+
+	raw, err := ac.CipherClient.Decrypt(&secloud.DecryptOpts{
+		KeyId:   optional.NewString(dks[0].KeyId),
+		EncData: optional.NewString(enc.EncData),
+	})
+	if err != nil {
+		log.Fatalf("Decrypt Data Fail: %s", err)
+	}
+	log.Printf("Decrypt Successfully! Raw Data is: %s\n", raw.Data)
+
+	_, err = ac.KmsClient.DestroyHandle(&secloud.DestroyHandleOpts{
+		Handle: optional.NewString(ik.Handle),
+	})
+	if err != nil {
+		log.Fatalf("Destroy Handle Fail: %s", err)
+	}
+	log.Printf("Destroy Handle Successfully!")
+}
-- 
Gitee


From 405398d1b824da05968caeea8a31a1772846c95a Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Tue, 11 Jul 2023 10:58:46 +0800
Subject: [PATCH 22/24] Fix: RE

---
 secloud/cipher.go | 156 +++++++----------------------------
 secloud/common.go | 121 ++++++++++++++-------------
 secloud/kms.go    | 205 ++++++++++++++++++++++++++++++----------------
 test.go           |  43 +++++-----
 4 files changed, 246 insertions(+), 279 deletions(-)

diff --git a/secloud/cipher.go b/secloud/cipher.go
index e409c24..4a59939 100644
--- a/secloud/cipher.go
+++ b/secloud/cipher.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"errors"
 	"github.com/antihax/optional"
-	"github.com/astaxie/beego/validation"
 )
 
 type CipherClient struct {
@@ -20,25 +19,28 @@ func NewCipherClient(ctx context.Context) *CipherClient {
 }
 
 type EncryptOpts struct {
-	KeyId optional.String
-	Data  optional.String
+	SessionId optional.String
+	PlainText optional.String
+	Algorithm optional.String
 }
 
 type DecryptOpts struct {
-	KeyId   optional.String
-	EncData optional.String
+	SessionId  optional.String
+	CipherText optional.String
+	Algorithm  optional.String
 }
 
 type SignOpts struct {
-	RootKeyId optional.String
-	Data      optional.String
+	PlainText optional.String
+	Algorithm optional.String
 }
 
 type VerifyOpts struct {
-	Mode      optional.String
-	RootKeyId optional.Int64
-	Data      optional.String
-	Sig       optional.String
+	WorkMode  optional.String
+	Algorithm optional.String
+	PublicKey optional.String
+	PlainText optional.String
+	Signature optional.String
 }
 
 type HmacSumOpts struct {
@@ -53,7 +55,7 @@ type HmacCheckOpts struct {
 }
 
 type RandomOpts struct {
-	Len optional.Int
+	Length optional.Int
 }
 
 func (cc *CipherClient) Encrypt(opts *EncryptOpts) (*EncryptRespData, error) {
@@ -61,19 +63,13 @@ func (cc *CipherClient) Encrypt(opts *EncryptOpts) (*EncryptRespData, error) {
 		return nil, errors.New("token为空！")
 	}
 
-	valid := validation.Validation{}
-	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
-	valid.Length(opts.KeyId.Value(), 4, "keyId").Message("keyId长度为4位")
-	if valid.HasErrors() {
-		return nil, handleValidationErrors(valid.Errors)
-	}
-
 	var ret EncryptResp
 	_, err := cc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"keyId": opts.KeyId.Value(),
-			"data":  opts.Data.Value(),
+			"plain_text": opts.PlainText.Value(),
+			"session_id": opts.SessionId.Value(),
+			"algorithm":  opts.Algorithm.Value(),
 		}).
 		SetResult(&ret).
 		Post("/cipher/encrypt")
@@ -93,20 +89,13 @@ func (cc *CipherClient) Decrypt(opts *DecryptOpts) (*DecryptRespData, error) {
 		return nil, errors.New("token为空！")
 	}
 
-	valid := validation.Validation{}
-	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
-	valid.MinSize(opts.EncData.Value(), 1, "keyId").Message("请输入合法的keyId数据！")
-	valid.MinSize(opts.EncData.Value(), 1, "data").Message("请输入合法的data数据！")
-	if valid.HasErrors() {
-		return nil, handleValidationErrors(valid.Errors)
-	}
-
 	var ret DecryptResp
 	_, err := cc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"keyId":   opts.KeyId.Value(),
-			"encData": opts.EncData.Value(),
+			"cipher_text": opts.CipherText.Value(),
+			"session_id":  opts.SessionId.Value(),
+			"algorithm":   opts.Algorithm.Value(),
 		}).
 		SetResult(&ret).
 		Post("/cipher/decrypt")
@@ -126,20 +115,12 @@ func (cc *CipherClient) Sign(opts *SignOpts) (*SignRespData, error) {
 		return nil, errors.New("token为空！")
 	}
 
-	valid := validation.Validation{}
-	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
-	valid.MinSize(opts.RootKeyId.Value(), 1, "rootKeyId").Message("请输入合法的用户密钥！")
-	valid.MinSize(opts.Data.Value(), 1, "data").Message("请输入合法的数据！")
-	if valid.HasErrors() {
-		return nil, handleValidationErrors(valid.Errors)
-	}
-
 	var ret SignResp
 	_, err := cc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"rootKeyId": opts.RootKeyId.Value(),
-			"data":      opts.Data.Value(),
+			"plain_text": opts.PlainText.Value(),
+			"algorithm":  opts.Algorithm.Value(),
 		}).
 		SetResult(&ret).
 		Post("/cipher/sign")
@@ -159,24 +140,15 @@ func (cc *CipherClient) Verify(opts *VerifyOpts) (*VerifyRespData, error) {
 		return nil, errors.New("token为空！")
 	}
 
-	valid := validation.Validation{}
-	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
-	valid.MinSize(opts.Mode.Value(), 1, "mode").Message("请输入合法的mode！")
-	valid.MinSize(opts.RootKeyId.Value(), 1, "rootKeyId").Message("请输入合法的用户密钥！")
-	valid.MinSize(opts.Data.Value(), 1, "data").Message("请输入合法的数据！")
-	valid.MinSize(opts.Sig.Value(), 1, "sig").Message("请输入合法的验证数据！")
-	if valid.HasErrors() {
-		return nil, handleValidationErrors(valid.Errors)
-	}
-
 	var ret VerifyResp
 	_, err := cc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"mode":      opts.Mode.Value(),
-			"rootKeyId": opts.RootKeyId.Value(),
-			"data":      opts.Data.Value(),
-			"sig":       opts.Sig.Value(),
+			"work_mode":  opts.WorkMode.Value(),
+			"algorithm":  opts.Algorithm.Value(),
+			"public_key": opts.PublicKey.Value(),
+			"plain_text": opts.PlainText.Value(),
+			"signature":  opts.Signature.Value(),
 		}).
 		SetResult(&ret).
 		Post("/cipher/verify")
@@ -191,88 +163,16 @@ func (cc *CipherClient) Verify(opts *VerifyOpts) (*VerifyRespData, error) {
 	return ret.Data, nil
 }
 
-func (cc *CipherClient) HmacSum(opts *HmacSumOpts) (*HmacSumRespData, error) {
-	if cc.ctx.Value(ContextAccessToken) == nil {
-		return nil, errors.New("token为空！")
-	}
-
-	valid := validation.Validation{}
-	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
-	valid.Length(opts.KeyId.Value(), 4, "keyId").Message("keyId长度为4位")
-	if valid.HasErrors() {
-		return nil, handleValidationErrors(valid.Errors)
-	}
-
-	var ret HmacSumResp
-	_, err := cc.Base.C.R().
-		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
-		SetBody(map[string]interface{}{
-			"keyId": opts.KeyId.Value(),
-			"data":  opts.Data.Value(),
-		}).
-		SetResult(&ret).
-		Post("/cipher/hmacSum")
-	if err != nil {
-		return nil, err
-	}
-
-	if ret.Code != 200 {
-		return nil, errors.New(ret.Msg)
-	}
-
-	return ret.Data, nil
-}
-
-func (cc *CipherClient) HmacCheck(opts *HmacCheckOpts) (*HmacCheckRespData, error) {
-	if cc.ctx.Value(ContextAccessToken) == nil {
-		return nil, errors.New("token为空！")
-	}
-
-	valid := validation.Validation{}
-	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
-	valid.Length(opts.KeyId.Value(), 4, "keyId").Message("keyId长度为4位")
-	if valid.HasErrors() {
-		return nil, handleValidationErrors(valid.Errors)
-	}
-
-	var ret HmacCheckResp
-	_, err := cc.Base.C.R().
-		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
-		SetBody(map[string]interface{}{
-			"keyId":   opts.KeyId.Value(),
-			"data":    opts.Data.Value(),
-			"hmacSum": opts.HmacSum.Value(),
-		}).
-		SetResult(&ret).
-		Post("/cipher/hmacCheck")
-	if err != nil {
-		return nil, err
-	}
-
-	if ret.Code != 200 {
-		return nil, errors.New(ret.Msg)
-	}
-
-	return ret.Data, nil
-}
-
 func (cc *CipherClient) Random(opts *RandomOpts) (*RandomRespData, error) {
 	if cc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
 
-	valid := validation.Validation{}
-	valid.MinSize(cc.ctx.Value(ContextAccessToken).(string), 1, "token").Message("请输入正确的token！")
-	valid.Min(opts.Len.Value(), 1, "len").Message("请输入合法的随机长度！")
-	if valid.HasErrors() {
-		return nil, handleValidationErrors(valid.Errors)
-	}
-
 	var ret RandomResp
 	_, err := cc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+cc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"len": opts.Len.Value(),
+			"length": opts.Length.Value(),
 		}).
 		SetResult(&ret).
 		Post("/cipher/random")
diff --git a/secloud/common.go b/secloud/common.go
index 948c734..6faefde 100644
--- a/secloud/common.go
+++ b/secloud/common.go
@@ -20,41 +20,56 @@ type AuthRespData struct {
 */
 
 type GenerateWorkingKeyResp struct {
-	Code int                         `json:"code"`
-	Msg  string                      `json:"msg"`
-	Data *GenerateWorkingKeyRespData `json:"data"`
+	Code int                  `json:"code"`
+	Msg  string               `json:"msg"`
+	Data *GenerateKeyRespData `json:"data"`
 }
 
-type GenerateWorkingKeyRespData struct {
-	BgTaskId string `json:"bgTaskId"`
+type GenerateKeyRespData struct {
+	BgTaskId int64 `json:"bgTask_id"`
 }
 
-type DistributeKeysResp struct {
-	Code int                      `json:"code"`
-	Msg  string                   `json:"msg"`
-	Data []DistributeKeysRespData `json:"data"`
+type QueryBgTaskResp struct {
+	Code int                  `json:"code"`
+	Msg  string               `json:"msg"`
+	Data *QueryBgTaskRespData `json:"data"`
 }
 
-type DistributeKeysRespData struct {
-	KeyId  string `json:"keyId"`
-	EncKey string `json:"encKey"`
+type QueryBgTaskRespData struct {
+	BgTaskId  int64  `json:"bgTaskId"`
+	TaskType  string `json:"taskType"`
+	Finish    bool   `json:"finish"`
+	TaskInfo  string `json:"taskInfo"`
+	Error     string `json:"error"`
+	CreatedBy string `json:"createdBy"`
+	CreatedAt string `json:"createdAt"`
 }
 
-type UpdateSecretResp struct {
-	Code int                   `json:"code"`
-	Msg  string                `json:"msg"`
-	Data *UpdateSecretRespData `json:"data"`
+type InvokeKeyResp struct {
+	Code int                 `json:"code"`
+	Msg  string              `json:"msg"`
+	Data []InvokeKeyRespData `json:"data"`
 }
 
-type UpdateSecretRespData struct{}
+type InvokeKeyRespData struct {
+	KeyId string `json:"key_id"`
+}
 
-type ArchiveKeyResp struct {
-	Code int                 `json:"code"`
-	Msg  string              `json:"msg"`
-	Data *ArchiveKeyRespData `json:"data"`
+type RenewKeyResp struct {
+	Code int               `json:"code"`
+	Msg  string            `json:"msg"`
+	Data *RenewKeyRespData `json:"data"`
+}
+
+type RenewKeyRespData struct{}
+
+type RevokeKeyResp struct {
+	Code int                `json:"code"`
+	Msg  string             `json:"msg"`
+	Data *RevokeKeyRespData `json:"data"`
 }
 
-type ArchiveKeyRespData struct{}
+type RevokeKeyRespData struct{}
 
 type DestroyKeyResp struct {
 	Code int                 `json:"code"`
@@ -80,23 +95,33 @@ type RecoverResp struct {
 
 type RecoverRespData struct{}
 
-type ImportKeyResp struct {
-	Code int                `json:"code"`
-	Msg  string             `json:"msg"`
-	Data *ImportKeyRespData `json:"data"`
+type OpenKeySessionResp struct {
+	Code int                     `json:"code"`
+	Msg  string                  `json:"msg"`
+	Data *OpenKeySessionRespData `json:"data"`
 }
 
-type ImportKeyRespData struct {
-	Handle string `json:"handle"`
+type OpenKeySessionRespData struct {
+	SessionId string `json:"session_id"`
 }
 
-type DestroyHandleResp struct {
-	Code int                    `json:"code"`
-	Msg  string                 `json:"msg"`
-	Data *DestroyHandleRespData `json:"data"`
+type CloseKeySessionResp struct {
+	Code int                      `json:"code"`
+	Msg  string                   `json:"msg"`
+	Data *CloseKeySessionRespData `json:"data"`
+}
+
+type CloseKeySessionRespData struct{}
+
+type ExportPublicKeyResp struct {
+	Code int                      `json:"code"`
+	Msg  string                   `json:"msg"`
+	Data *ExportPublicKeyRespData `json:"data"`
 }
 
-type DestroyHandleRespData struct{}
+type ExportPublicKeyRespData struct {
+	PublicKey string `json:"public_key"`
+}
 
 /*
    cipher
@@ -109,7 +134,7 @@ type EncryptResp struct {
 }
 
 type EncryptRespData struct {
-	EncData string `json:"enc_data"`
+	CipherText string `json:"cipher_text"`
 }
 
 type DecryptResp struct {
@@ -119,7 +144,7 @@ type DecryptResp struct {
 }
 
 type DecryptRespData struct {
-	Data string `json:"data"`
+	PlainText string `json:"plain_text"`
 }
 
 type RandomResp struct {
@@ -129,7 +154,7 @@ type RandomResp struct {
 }
 
 type RandomRespData struct {
-	Data string `json:"data"`
+	RandomText string `json:"random_text"`
 }
 
 type SignResp struct {
@@ -139,7 +164,7 @@ type SignResp struct {
 }
 
 type SignRespData struct {
-	Sig string `json:"sig"`
+	Signature string `json:"signature"`
 }
 
 type VerifyResp struct {
@@ -149,27 +174,7 @@ type VerifyResp struct {
 }
 
 type VerifyRespData struct {
-	Verify bool `json:"verify"`
-}
-
-type HmacSumResp struct {
-	Code int              `json:"code"`
-	Msg  string           `json:"msg"`
-	Data *HmacSumRespData `json:"data"`
-}
-
-type HmacSumRespData struct {
-	HmacSum string `json:"hmacSum"`
-}
-
-type HmacCheckResp struct {
-	Code int                `json:"code"`
-	Msg  string             `json:"msg"`
-	Data *HmacCheckRespData `json:"data"`
-}
-
-type HmacCheckRespData struct {
-	Result bool `json:"result"`
+	OK bool `json:"ok"`
 }
 
 /*
diff --git a/secloud/kms.go b/secloud/kms.go
index e1ded04..9afad28 100644
--- a/secloud/kms.go
+++ b/secloud/kms.go
@@ -18,67 +18,76 @@ func NewKmsClient(ctx context.Context) *KmsClient {
 	}
 }
 
-type GenerateWorkingKeyOpts struct {
-	GenerateAlgo optional.String `json:"generateAlgo"`
-	GenerateType optional.String `json:"generateType"`
-	KeyType      optional.String `json:"keyType"`
-	EpkName      optional.String `json:"epkName"`
-	Count        optional.Int    `json:"count"`
+type GenerateKeyOpts struct {
+	WorkMode     optional.String
+	Algorithm    optional.String
+	Count        optional.Int
+	KeyAlgorithm optional.String
+	EpkName      optional.String
 }
 
-type DistributeKeysOpts struct {
-	GenerateType optional.String `json:"generateType"`
-	InvokeCount  optional.Int    `json:"invokeCount"`
+type QueryBgTaskOpts struct {
+	BgTaskId optional.String
 }
 
-type UpdateSecretOpts struct {
-	KeyId   optional.String `json:"keyId"`
-	KeyType optional.String `json:"keyType"`
-	EpkName optional.String `json:"epkName"`
+type InvokeKeyOpts struct {
+	WorkMode optional.String
+	Count    optional.Int
 }
 
-type ArchiveKeyOpts struct {
-	KeyId         optional.String `json:"keyId"`
-	ArchiveReason optional.String `json:"archiveReason"`
+type RenewKeyOpts struct {
+	KeyId        optional.String
+	KeyAlgorithm optional.String
+	EpkName      optional.String
+}
+
+type RevokeKeyOpts struct {
+	KeyId   optional.String
+	Message optional.String
 }
 
 type DestroyKeyOpts struct {
-	KeyId optional.String `json:"keyId"`
+	KeyId optional.String
+}
+
+type OpenKeySessionOpts struct {
+	WorkMode  optional.String
+	Algorithm optional.String
+	KeyId     optional.String
 }
 
-type ImportKeyOpts struct {
-	Mode   optional.String `json:"mode"`
-	Secret optional.String `json:"secret"`
-	KeyId  optional.String `json:"keyId"`
+type CloseKeySessionOpts struct {
+	SessionId optional.String
 }
 
-type DestroyHandleOpts struct {
-	Handle optional.String `json:"handle"`
+type ExportPublicKeyOpts struct {
+	KeyUsage  optional.String
+	Algorithm optional.String
 }
 
-func (kc *KmsClient) GenerateWorkingKey(opts *GenerateWorkingKeyOpts) (*GenerateWorkingKeyRespData, error) {
+func (kc *KmsClient) GenerateKey(opts *GenerateKeyOpts) (*GenerateKeyRespData, error) {
 	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
-	if opts.GenerateType.Value() == "EPK" && !opts.EpkName.IsSet() {
+	if opts.WorkMode.Value() == "EPK" && !opts.EpkName.IsSet() {
 		return nil, errors.New("使用epk类型时必须指定epkName！")
 	}
-	if opts.GenerateType.Value() == "IPK" && !opts.KeyType.IsSet() {
-		return nil, errors.New("使用ipk类型时必须指定keyType！")
+	if opts.WorkMode.Value() == "IPK" && !opts.KeyAlgorithm.IsSet() {
+		return nil, errors.New("使用ipk类型时必须指定keyAlgorithm！")
 	}
 
 	var ret GenerateWorkingKeyResp
 	_, err := kc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"generateAlgo": opts.GenerateAlgo.Value(),
-			"generateType": opts.GenerateType.Value(),
-			"keyType":      opts.KeyType.Value(),
-			"epkName":      opts.EpkName.Value(),
-			"count":        opts.Count.Value(),
+			"work_mode":     opts.WorkMode.Value(),
+			"algorithm":     opts.Algorithm.Value(),
+			"count":         opts.Count.Value(),
+			"key_algorithm": opts.KeyAlgorithm.Value(),
+			"epk_name":      opts.EpkName.Value(),
 		}).
 		SetResult(&ret).
-		Post("/kms/generate")
+		Post("/kms/generateKey")
 	if err != nil {
 		return nil, err
 	}
@@ -90,26 +99,53 @@ func (kc *KmsClient) GenerateWorkingKey(opts *GenerateWorkingKeyOpts) (*Generate
 	return ret.Data, nil
 }
 
-func (kc *KmsClient) DistributeKeys(opts *DistributeKeysOpts) ([]DistributeKeysRespData, error) {
+func (kc *KmsClient) QueryBgTask(opts *QueryBgTaskOpts) (*QueryBgTaskRespData, error) {
 	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
-	if !opts.GenerateType.IsSet() {
-		return nil, errors.New("生成类型不得为空！")
+	if !opts.BgTaskId.IsSet() {
+		return nil, errors.New("请输入正确的后台任务ID！")
 	}
-	if !opts.InvokeCount.IsSet() {
+
+	var ret QueryBgTaskResp
+	_, err := kc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
+		SetBody(map[string]interface{}{
+			"bgTask_id": opts.BgTaskId.Value(),
+		}).
+		SetResult(&ret).
+		Post("/kms/queryBgTask")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
+
+func (kc *KmsClient) InvokeKey(opts *InvokeKeyOpts) ([]InvokeKeyRespData, error) {
+	if kc.ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+	if !opts.WorkMode.IsSet() {
+		return nil, errors.New("领用所属工作类型不得为空！")
+	}
+	if !opts.Count.IsSet() {
 		return nil, errors.New("领用数量不得小于1！")
 	}
 
-	var ret DistributeKeysResp
+	var ret InvokeKeyResp
 	_, err := kc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"generateType": opts.GenerateType.Value(),
-			"invokeCount":  opts.InvokeCount.Value(),
+			"work_mode": opts.WorkMode.Value(),
+			"count":     opts.Count.Value(),
 		}).
 		SetResult(&ret).
-		Post("/kms/distributeKeys")
+		Post("/kms/invokeKey")
 	if err != nil {
 		return nil, err
 	}
@@ -121,7 +157,7 @@ func (kc *KmsClient) DistributeKeys(opts *DistributeKeysOpts) ([]DistributeKeysR
 	return ret.Data, nil
 }
 
-func (kc *KmsClient) UpdateSecret(opts *UpdateSecretOpts) (*UpdateSecretRespData, error) {
+func (kc *KmsClient) RenewKey(opts *RenewKeyOpts) (*RenewKeyRespData, error) {
 	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
@@ -129,16 +165,16 @@ func (kc *KmsClient) UpdateSecret(opts *UpdateSecretOpts) (*UpdateSecretRespData
 		return nil, errors.New("keyId不能为空！")
 	}
 
-	var ret UpdateSecretResp
+	var ret RenewKeyResp
 	_, err := kc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"keyId":   opts.KeyId.Value(),
-			"keyType": opts.KeyType.Value(),
-			"epkName": opts.EpkName.Value(),
+			"key_id":        opts.KeyId.Value(),
+			"key_algorithm": opts.KeyAlgorithm.Value(),
+			"epk_name":      opts.EpkName.Value(),
 		}).
 		SetResult(&ret).
-		Post("/kms/updateSecret")
+		Post("/kms/renewKey")
 	if err != nil {
 		return nil, err
 	}
@@ -150,7 +186,7 @@ func (kc *KmsClient) UpdateSecret(opts *UpdateSecretOpts) (*UpdateSecretRespData
 	return ret.Data, nil
 }
 
-func (kc *KmsClient) ArchiveKey(opts *ArchiveKeyOpts) (*ArchiveKeyRespData, error) {
+func (kc *KmsClient) RevokeKey(opts *RevokeKeyOpts) (*RevokeKeyRespData, error) {
 	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
@@ -158,15 +194,15 @@ func (kc *KmsClient) ArchiveKey(opts *ArchiveKeyOpts) (*ArchiveKeyRespData, erro
 		return nil, errors.New("keyId不能为空！")
 	}
 
-	var ret ArchiveKeyResp
+	var ret RevokeKeyResp
 	_, err := kc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"keyId":         opts.KeyId.Value(),
-			"archiveReason": opts.ArchiveReason.Value(),
+			"key_id":  opts.KeyId.Value(),
+			"message": opts.Message.Value(),
 		}).
 		SetResult(&ret).
-		Post("/kms/archiveKey")
+		Post("/kms/revokeKey")
 	if err != nil {
 		return nil, err
 	}
@@ -190,7 +226,7 @@ func (kc *KmsClient) DestroyKey(opts *DestroyKeyOpts) (*DestroyKeyRespData, erro
 	_, err := kc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"keyId": opts.KeyId.Value(),
+			"key_id": opts.KeyId.Value(),
 		}).
 		SetResult(&ret).
 		Post("/kms/destroyKey")
@@ -205,7 +241,7 @@ func (kc *KmsClient) DestroyKey(opts *DestroyKeyOpts) (*DestroyKeyRespData, erro
 	return ret.Data, nil
 }
 
-func (kc *KmsClient) Backup() (*BackupRespData, error) {
+func (kc *KmsClient) BackupKey() (*BackupRespData, error) {
 	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
@@ -214,7 +250,7 @@ func (kc *KmsClient) Backup() (*BackupRespData, error) {
 	_, err := kc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetResult(&ret).
-		Post("/kms/backup")
+		Post("/kms/backupKey")
 	if err != nil {
 		return nil, err
 	}
@@ -226,7 +262,7 @@ func (kc *KmsClient) Backup() (*BackupRespData, error) {
 	return ret.Data, nil
 }
 
-func (kc *KmsClient) Recover() (*RecoverRespData, error) {
+func (kc *KmsClient) RecoverKey() (*RecoverRespData, error) {
 	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
@@ -235,7 +271,7 @@ func (kc *KmsClient) Recover() (*RecoverRespData, error) {
 	_, err := kc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetResult(&ret).
-		Post("/kms/recover")
+		Post("/kms/recoverKey")
 	if err != nil {
 		return nil, err
 	}
@@ -247,27 +283,51 @@ func (kc *KmsClient) Recover() (*RecoverRespData, error) {
 	return ret.Data, nil
 }
 
-func (kc *KmsClient) ImportKey(opts *ImportKeyOpts) (*ImportKeyRespData, error) {
+func (kc *KmsClient) OpenKeySession(opts *OpenKeySessionOpts) (*OpenKeySessionRespData, error) {
 	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
-	if !opts.Mode.IsSet() {
+	if !opts.WorkMode.IsSet() {
 		return nil, errors.New("导入模式不能为空！")
 	}
-	if !opts.KeyId.IsSet() && !opts.Secret.IsSet() {
-		return nil, errors.New("keyId和secret不能同时为空！")
+
+	var ret OpenKeySessionResp
+	_, err := kc.Base.C.R().
+		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
+		SetBody(map[string]interface{}{
+			"work_mode": opts.WorkMode.Value(),
+			"key_id":    opts.KeyId.Value(),
+			"algorithm": opts.Algorithm.Value(),
+		}).
+		SetResult(&ret).
+		Post("/kms/openKeySession")
+	if err != nil {
+		return nil, err
+	}
+
+	if ret.Code != 200 {
+		return nil, errors.New(ret.Msg)
+	}
+
+	return ret.Data, nil
+}
+
+func (kc *KmsClient) CloseKeySession(opts *CloseKeySessionOpts) (*CloseKeySessionRespData, error) {
+	if kc.ctx.Value(ContextAccessToken) == nil {
+		return nil, errors.New("token为空！")
+	}
+	if !opts.SessionId.IsSet() {
+		return nil, errors.New("会话ID不能为空！")
 	}
 
-	var ret ImportKeyResp
+	var ret CloseKeySessionResp
 	_, err := kc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"mode":   opts.Mode.Value(),
-			"keyId":  opts.KeyId.Value(),
-			"secret": opts.Secret.Value(),
+			"session_id": opts.SessionId.Value(),
 		}).
 		SetResult(&ret).
-		Post("/kms/importKey")
+		Post("/kms/closeKeySession")
 	if err != nil {
 		return nil, err
 	}
@@ -279,22 +339,23 @@ func (kc *KmsClient) ImportKey(opts *ImportKeyOpts) (*ImportKeyRespData, error)
 	return ret.Data, nil
 }
 
-func (kc *KmsClient) DestroyHandle(opts *DestroyHandleOpts) (*DestroyHandleRespData, error) {
+func (kc *KmsClient) ExportPublicKey(opts *ExportPublicKeyOpts) (*ExportPublicKeyRespData, error) {
 	if kc.ctx.Value(ContextAccessToken) == nil {
 		return nil, errors.New("token为空！")
 	}
-	if !opts.Handle.IsSet() {
-		return nil, errors.New("句柄不能为空！")
+	if !opts.Algorithm.IsSet() {
+		return nil, errors.New("导出算法不能为空！")
 	}
 
-	var ret DestroyHandleResp
+	var ret ExportPublicKeyResp
 	_, err := kc.Base.C.R().
 		SetHeader("Authorization", "Bearer "+kc.ctx.Value(ContextAccessToken).(string)).
 		SetBody(map[string]interface{}{
-			"handle": opts.Handle.Value(),
+			"key_usage": opts.KeyUsage.Value(),
+			"algorithm": opts.Algorithm.Value(),
 		}).
 		SetResult(&ret).
-		Post("/kms/destroyHandle")
+		Post("/kms/exportPublicKey")
 	if err != nil {
 		return nil, err
 	}
diff --git a/test.go b/test.go
index 770b852..068b845 100644
--- a/test.go
+++ b/test.go
@@ -17,55 +17,56 @@ func main() {
 	}
 	log.Printf("Get AuthClient Successfully!")
 
-	bgTaskId, err := ac.KmsClient.GenerateWorkingKey(&secloud.GenerateWorkingKeyOpts{
-		GenerateAlgo: optional.NewString("SM4"),
-		GenerateType: optional.NewString("KEK"),
-		KeyType:      optional.NewString("SM4"),
-		Count:        optional.NewInt(1),
+	bgTaskId, err := ac.KmsClient.GenerateKey(&secloud.GenerateKeyOpts{
+		WorkMode:  optional.NewString("KEK"),
+		Algorithm: optional.NewString("SM4"),
+		Count:     optional.NewInt(1),
 	})
 	if err != nil {
 		log.Fatalf("Generate Working Key Fail: %s", err)
 	}
 	log.Printf("Generate Working Key Successfully! BgTask ID is: %s", bgTaskId.BgTaskId)
 
-	dks, err := ac.KmsClient.DistributeKeys(&secloud.DistributeKeysOpts{
-		GenerateType: optional.NewString("KEK"),
-		InvokeCount:  optional.NewInt(1),
+	dks, err := ac.KmsClient.InvokeKey(&secloud.InvokeKeyOpts{
+		WorkMode: optional.NewString("KEK"),
+		Count:    optional.NewInt(1),
 	})
 	if err != nil {
 		log.Fatalf("Distribute Keys Fail: %s", err)
 	}
 	log.Printf("Distribute Keys Successfully! KeyID is: %s", dks[0].KeyId)
 
-	ik, err := ac.KmsClient.ImportKey(&secloud.ImportKeyOpts{
-		Mode:  optional.NewString("KEK"),
-		KeyId: optional.NewString(dks[0].KeyId),
+	ik, err := ac.KmsClient.OpenKeySession(&secloud.OpenKeySessionOpts{
+		WorkMode: optional.NewString("KEK"),
+		KeyId:    optional.NewString(dks[0].KeyId),
 	})
 	if err != nil {
 		log.Fatalf("Import Key Fail: %s", err)
 	}
-	log.Printf("Import Key Successfully! Handle is: %s", ik.Handle)
+	log.Printf("Import Key Successfully! SessionId is: %s", ik.SessionId)
 
 	enc, err := ac.CipherClient.Encrypt(&secloud.EncryptOpts{
-		KeyId: optional.NewString(dks[0].KeyId),
-		Data:  optional.NewString("123456789"),
+		SessionId: optional.NewString(ik.SessionId),
+		PlainText: optional.NewString("123"),
+		Algorithm: optional.NewString("Sm4Cbc"),
 	})
 	if err != nil {
-		log.Fatalf("Encrypt Data Fail: %s", enc.EncData)
+		log.Fatalf("Encrypt Data Fail")
 	}
-	log.Printf("Encrypt Data Successfully! EncData is: %s", enc.EncData)
+	log.Printf("Encrypt Data Successfully! EncData is: %s", enc.CipherText)
 
 	raw, err := ac.CipherClient.Decrypt(&secloud.DecryptOpts{
-		KeyId:   optional.NewString(dks[0].KeyId),
-		EncData: optional.NewString(enc.EncData),
+		SessionId:  optional.NewString(ik.SessionId),
+		CipherText: optional.NewString(enc.CipherText),
+		Algorithm:  optional.NewString("Sm4Cbc"),
 	})
 	if err != nil {
 		log.Fatalf("Decrypt Data Fail: %s", err)
 	}
-	log.Printf("Decrypt Successfully! Raw Data is: %s\n", raw.Data)
+	log.Printf("Decrypt Successfully! Raw Data is: %s\n", raw.PlainText)
 
-	_, err = ac.KmsClient.DestroyHandle(&secloud.DestroyHandleOpts{
-		Handle: optional.NewString(ik.Handle),
+	_, err = ac.KmsClient.CloseKeySession(&secloud.CloseKeySessionOpts{
+		SessionId: optional.NewString(ik.SessionId),
 	})
 	if err != nil {
 		log.Fatalf("Destroy Handle Fail: %s", err)
-- 
Gitee


From 940ef50cc2e029bc7d697df34ed6225023bc01a7 Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Tue, 11 Jul 2023 11:24:02 +0800
Subject: [PATCH 23/24] Fix: RE

---
 test.go | 41 +++++++++++++++++++++++++++++++++++------
 1 file changed, 35 insertions(+), 6 deletions(-)

diff --git a/test.go b/test.go
index 068b845..9697faa 100644
--- a/test.go
+++ b/test.go
@@ -7,10 +7,11 @@ import (
 )
 
 func main() {
+	log.Println("============================= Test Begin =============================")
 	c := secloud.NewAPIClient(secloud.NewConfiguration("http://kun-gateway:8080"))
 	ac, err := c.AuthEntrance.Token(&secloud.AuthOpts{
-		ClientId:     optional.NewString("7190f17d-7b5e-4a07-8f5c-e391d371ae14"),
-		ClientSecret: optional.NewString("34eecd75-a51a-455e-ae18-1bbfb7a6c50b"),
+		ClientId:     optional.NewString("jnS2JqPlNvXejehIhf"),
+		ClientSecret: optional.NewString("IflxU3uGCsLaXVpk"),
 	})
 	if err != nil {
 		log.Fatalf("Get AuthClient Fail: %s", err)
@@ -25,7 +26,7 @@ func main() {
 	if err != nil {
 		log.Fatalf("Generate Working Key Fail: %s", err)
 	}
-	log.Printf("Generate Working Key Successfully! BgTask ID is: %s", bgTaskId.BgTaskId)
+	log.Printf("Generate Key Successfully! BgTask ID is: %d", bgTaskId.BgTaskId)
 
 	dks, err := ac.KmsClient.InvokeKey(&secloud.InvokeKeyOpts{
 		WorkMode: optional.NewString("KEK"),
@@ -34,7 +35,7 @@ func main() {
 	if err != nil {
 		log.Fatalf("Distribute Keys Fail: %s", err)
 	}
-	log.Printf("Distribute Keys Successfully! KeyID is: %s", dks[0].KeyId)
+	log.Printf("Invoke Keys Successfully! KeyID is: %s", dks[0].KeyId)
 
 	ik, err := ac.KmsClient.OpenKeySession(&secloud.OpenKeySessionOpts{
 		WorkMode: optional.NewString("KEK"),
@@ -43,7 +44,7 @@ func main() {
 	if err != nil {
 		log.Fatalf("Import Key Fail: %s", err)
 	}
-	log.Printf("Import Key Successfully! SessionId is: %s", ik.SessionId)
+	log.Printf("Open Key Session Successfully! SessionId is: %s", ik.SessionId)
 
 	enc, err := ac.CipherClient.Encrypt(&secloud.EncryptOpts{
 		SessionId: optional.NewString(ik.SessionId),
@@ -71,5 +72,33 @@ func main() {
 	if err != nil {
 		log.Fatalf("Destroy Handle Fail: %s", err)
 	}
-	log.Printf("Destroy Handle Successfully!")
+	log.Printf("Close Key Session Successfully!")
+
+	vd, err := ac.CipherClient.Sign(&secloud.SignOpts{
+		PlainText: optional.NewString("1234"),
+		Algorithm: optional.NewString("SM2"),
+	})
+	if err != nil {
+		log.Fatalf("Sign Fail: %s", err)
+	}
+	log.Printf("Sign Successfully! Signature is %s", vd.Signature)
+
+	verify, err := ac.CipherClient.Verify(&secloud.VerifyOpts{
+		WorkMode:  optional.NewString("IPK"),
+		Algorithm: optional.NewString("SM2"),
+		PlainText: optional.NewString("1234"),
+		Signature: optional.NewString(vd.Signature),
+	})
+	if err != nil {
+		log.Fatalf("Verify Fail: %s", err)
+	}
+	log.Printf("Verify Successfully! result is %t", verify.OK)
+
+	_, err = ac.KmsClient.DestroyKey(&secloud.DestroyKeyOpts{
+		KeyId: optional.NewString(dks[0].KeyId),
+	})
+	if err != nil {
+		log.Fatalf("Destroy Key Fail: %s", err)
+	}
+	log.Printf("Destroy Key Successfully!")
 }
-- 
Gitee


From c640dbd8eb84b19dd2ae048b2b15abeac98dfb83 Mon Sep 17 00:00:00 2001
From: chenyuteng <chenyt@jnsec.net>
Date: Tue, 11 Jul 2023 11:43:39 +0800
Subject: [PATCH 24/24] Fix: RE

---
 test.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/test.go b/test.go
index 9697faa..49bc81b 100644
--- a/test.go
+++ b/test.go
@@ -4,6 +4,7 @@ import (
 	"gitee.com/wx-rdc/secloud-sdk-go/secloud"
 	"github.com/antihax/optional"
 	"log"
+	"strconv"
 )
 
 func main() {
@@ -28,6 +29,15 @@ func main() {
 	}
 	log.Printf("Generate Key Successfully! BgTask ID is: %d", bgTaskId.BgTaskId)
 
+	ret, err := ac.KmsClient.QueryBgTask(&secloud.QueryBgTaskOpts{
+		BgTaskId: optional.NewString(strconv.FormatInt(bgTaskId.BgTaskId, 10)),
+	})
+	if err != nil {
+		log.Fatalf("Query BgTask Fail: %s", err)
+	}
+	log.Printf("Query BgTask Sucessfully!")
+	log.Println(*ret)
+
 	dks, err := ac.KmsClient.InvokeKey(&secloud.InvokeKeyOpts{
 		WorkMode: optional.NewString("KEK"),
 		Count:    optional.NewInt(1),
-- 
Gitee