-
Notifications
You must be signed in to change notification settings - Fork 3
/
sign.go
130 lines (113 loc) · 2.9 KB
/
sign.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
package crypto
import (
"crypto"
"crypto/hmac"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"fmt"
)
// Signer 签名
type Signer interface {
Sign(mess, timestamp, data string) (string, error)
}
// SignVerifier 验签
type SignVerifier interface {
Verify(mess, timestamp, data, sign string) (bool, error)
}
// NewHmacSigner 新建 HMAC 签名
func NewHmacSigner(appKey string) (Signer, error) {
return &hmacSigner{
appKey: appKey,
}, nil
}
// NewHmacSignVerifier 新建 HMAC 验签
func NewHmacSignVerifier(appKey string) (SignVerifier, error) {
return &hmacSigner{
appKey: appKey,
}, nil
}
type hmacSigner struct {
appKey string
}
// Sign 实现签名方法
func (h *hmacSigner) Sign(mess, timestamp, data string) (string, error) {
plaintext := fmt.Sprintf("data=%s&mess=%s×tamp=%s&key=%s", data, mess, timestamp, h.appKey)
sign := hmac.New(sha256.New, []byte(h.appKey))
_, err := sign.Write([]byte(plaintext))
if err != nil {
return "", err
}
return hex.EncodeToString(sign.Sum(nil)), nil
}
// Verify 实现验证方法
func (r *hmacSigner) Verify(mess, timestamp, data string, sign string) (bool, error) {
dest, err := r.Sign(mess, timestamp, data)
if err != nil {
return false, err
}
return dest == sign, nil
}
type rsaSigner struct {
priv *rsa.PrivateKey
appKey string
}
// NewRsaSigner 新建 RSA 签名
func NewRsaSigner(privateKey, appkey string) (Signer, error) {
priv, err := loadPrivateKey([]byte(privateKey))
if err != nil {
return nil, err
}
return &rsaSigner{
appKey: appkey,
priv: priv,
}, nil
}
func (r *rsaSigner) Sign(mess, timestamp, data string) (string, error) {
b := []byte(fmt.Sprintf("data=%s&mess=%s×tamp=%s&key=%s", data, mess, timestamp, string(r.appKey)))
hash := sha256.New()
_, err := hash.Write(b)
if err != nil {
return "", err
}
rsaSign, err := rsa.SignPKCS1v15(rand.Reader, r.priv, crypto.SHA256, hash.Sum(nil))
if err != nil {
return "", err
}
return base64.StdEncoding.EncodeToString(rsaSign), nil
}
// NewRsaSignVerifier 新建 RSA 签名验证
func NewRsaSignVerifier(publicKey, appKey string) (SignVerifier, error) {
pubKey, err := loadPublicKey([]byte(publicKey))
if err != nil {
return nil, err
}
return &rsaSignVerifier{
pubKey: pubKey,
appKey: appKey,
}, nil
}
type rsaSignVerifier struct {
pubKey *rsa.PublicKey
appKey string
}
// Verify 实现验证方法
func (r *rsaSignVerifier) Verify(mess, timestamp, data string, sign string) (bool, error) {
b, err := base64.StdEncoding.DecodeString(sign)
if err != nil {
return false, err
}
bt := []byte(fmt.Sprintf("data=%s&mess=%s×tamp=%s&key=%s", data, mess, timestamp, string(r.appKey)))
hash := sha256.New()
_, err = hash.Write(bt)
if err != nil {
return false, err
}
err = rsa.VerifyPKCS1v15(r.pubKey, crypto.SHA256, hash.Sum(nil), b)
if err != nil && err != rsa.ErrVerification {
return false, err
}
return err == nil, nil
}