-
Notifications
You must be signed in to change notification settings - Fork 1
/
signer.go
112 lines (98 loc) · 2.58 KB
/
signer.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
package aksk
import (
"encoding/hex"
"github.com/czyt/aksk/internal/builderPool"
"github.com/czyt/aksk/internal/hasher"
)
type SignGenerator struct {
requestUrl string
httpVerb string
contentType string
unixTimeStamp string
secretKey []byte
content []byte
hashHelper hasher.AkSKHashHelper
}
type Opt func(generator *SignGenerator)
func WithRequestUrl(requestUrl string) Opt {
return func(generator *SignGenerator) {
generator.requestUrl = requestUrl
}
}
func WithHttpVerb(httpVerb string) Opt {
return func(generator *SignGenerator) {
generator.httpVerb = httpVerb
}
}
func WithContent(content []byte) Opt {
return func(generator *SignGenerator) {
generator.content = content
}
}
func WithContentType(contentType string) Opt {
return func(generator *SignGenerator) {
generator.contentType = contentType
}
}
func WithUnixTimeStamp(unixTimeStamp string) Opt {
return func(generator *SignGenerator) {
generator.unixTimeStamp = unixTimeStamp
}
}
func New(secretKey []byte, hashHelper hasher.AkSKHashHelper, options ...Opt) *SignGenerator {
signer := &SignGenerator{
secretKey: secretKey,
hashHelper: hashHelper,
}
for _, option := range options {
option(signer)
}
return signer
}
func (g *SignGenerator) GetSignContent() (string, error) {
// SignGenerator
//
// Authorization = AuthorizationHeader + " " + AccessKeyId + ":" + Signature;
//
// Signature = Base64( HashMethod( UTF-8-Encoding-Of(YourAccessKey), UTF-8-Encoding-Of( StringToSign ) ) );
//
// StringToSign = HTTP-Verb + "\n" +
// Content-MD5 + "\n" +
// Content-Type + "\n" +
// UnixTimeStamp + "\n" +
// requestURL;
//
// /*
if g.hashHelper == nil {
return "", ErrHashHelperNotSet
}
builder := builderPool.New()
defer builderPool.Release(builder)
builder.WriteString(g.httpVerb)
builder.WriteString("\n")
hash := hasher.Md5Hash(g.content)
contentMd5 := hex.EncodeToString(hash)
builder.WriteString(contentMd5)
builder.WriteString("\n")
builder.WriteString(g.contentType)
builder.WriteString("\n")
builder.WriteString(g.unixTimeStamp)
builder.WriteString("\n")
builder.WriteString(g.requestUrl)
return builder.String(), nil
}
func (g *SignGenerator) Calculate() ([]byte, error) {
content, err := g.GetSignContent()
if err != nil {
return nil, err
}
sign := g.hashHelper.HashWithKey([]byte(content), g.secretKey)
return sign, nil
}
func (g *SignGenerator) CheckSignValid(targetSign []byte) (bool, error) {
content, err := g.GetSignContent()
if err != nil {
return false, err
}
return g.hashHelper.VerifyHash([]byte(content), g.secretKey, targetSign), nil
}