|
|
@@ -2,6 +2,7 @@ package rpc
|
|
|
|
|
|
import (
|
|
|
"context"
|
|
|
+ "crypto"
|
|
|
"crypto/hmac"
|
|
|
"crypto/rand"
|
|
|
"crypto/rsa"
|
|
|
@@ -34,19 +35,12 @@ type DefaultRpcClient struct {
|
|
|
}
|
|
|
|
|
|
func (d *DefaultRpcClient) WrapSign(request interface{}, doHandler func(ctx context.Context, req interface{}) error) {
|
|
|
- nonce, err := d.generateNonceStr(16)
|
|
|
- if err != nil {
|
|
|
- utils.FileLog.Error("生成随机串nonce失败:%v", err)
|
|
|
- return
|
|
|
- }
|
|
|
- //时间戳
|
|
|
- timestamp := time.Now().UnixMilli()
|
|
|
reqStr, err := json.Marshal(request)
|
|
|
if err != nil {
|
|
|
utils.FileLog.Error("序列化请求失败:%v", err)
|
|
|
return
|
|
|
}
|
|
|
- sign, _ := d.signature(string(reqStr), nonce, timestamp)
|
|
|
+ sign, _ := d.signature(string(reqStr), 16)
|
|
|
ctx := metadata.NewOutgoingContext(context.Background(), metadata.Pairs(
|
|
|
"nonce", nonce,
|
|
|
"timestamp", fmt.Sprintf("%d", timestamp),
|
|
|
@@ -95,47 +89,49 @@ func (d *DefaultRpcClient) generateNonceStr(length int) (string, error) {
|
|
|
return string(result), nil
|
|
|
}
|
|
|
|
|
|
-func (d *DefaultRpcClient) signature(encryptData string, nonceStr string, timestamp int64) (sign string, err error) {
|
|
|
- key := []byte("secret-hmac-key") // 秘钥应该保密
|
|
|
- mac := hmac.New(sha256.New, key)
|
|
|
- mac.Write([]byte(encryptData))
|
|
|
- mac.Write([]byte(nonceStr)) // 在计算签名时加入随机字符串
|
|
|
- mac.Write([]byte(fmt.Sprintf("%d", timestamp))) // 在计算签名时加入时间戳
|
|
|
- return hex.EncodeToString(mac.Sum(nil)), nil
|
|
|
-}
|
|
|
-
|
|
|
type encryptedRequest struct {
|
|
|
- Ciphertext []byte `json:"ciphertext"`
|
|
|
- Nonce string `json:"nonce"` // 添加随机字符串
|
|
|
- Timestamp int64 `json:"timestamp"` // 添加时间戳
|
|
|
+ Message []byte `json:"ciphertext"`
|
|
|
+ Nonce string `json:"nonce"` // 添加随机字符串
|
|
|
+ Timestamp int64 `json:"timestamp"` // 添加时间戳
|
|
|
}
|
|
|
|
|
|
-func (d *DefaultRpcClient) EncryptRequest(req interface{}, nonceStr string) (encodedData string, err error) {
|
|
|
+func (d *DefaultRpcClient) signature(req interface{}, nonceLen int) (encodedData string, err error) {
|
|
|
+ nonceStr, err := d.generateNonceStr(nonceLen)
|
|
|
+ if err != nil {
|
|
|
+ utils.FileLog.Error("随机字符串生成失败: %v", err)
|
|
|
+ return
|
|
|
+ }
|
|
|
message := req.(proto.Message)
|
|
|
reqData, _ := anypb.New(message)
|
|
|
reqBytes, _ := proto.Marshal(reqData)
|
|
|
- // 使用公钥加密
|
|
|
- var pubKey *rsa.PublicKey
|
|
|
- pubKey, err = d.parseRSAPublicKeyFromPEM([]byte("-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1234567890abcdefg==\n-----END PUBLIC KEY-----"))
|
|
|
+ // 构建加密后的数据结构
|
|
|
+ encryptedStruct := encryptedRequest{
|
|
|
+ Message: reqBytes,
|
|
|
+ Nonce: nonceStr, // 添加随机字符串
|
|
|
+ Timestamp: time.Now().UnixMilli(), // 添加时间戳
|
|
|
+ }
|
|
|
+ entryData, err := json.Marshal(encryptedStruct)
|
|
|
+ if err != nil {
|
|
|
+ utils.FileLog.Error("序列化加密后的数据失败: %v", err)
|
|
|
+ return
|
|
|
+ }
|
|
|
+ fmt.Println(entryData)
|
|
|
+ // 使用私钥加密
|
|
|
+ var privateKey *rsa.PrivateKey
|
|
|
+ privateKey, err = d.parsePrivateKeyFromPEM([]byte("-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEA0Gh3c2fki27yLKMUPUqZhDa0vGRp01ca5Rbpd6RoZURIA4Ti\n1k/zf2jW0tJ1OUnkBiBtcfZ4d+6gPr1kdsdpxSjlV1PQfzaMtZg0ZKiHTw4xhJ+P\n/XCzIPJaUKAwKqb8U0gsXfZVcF0OEwWAgNxLzMhPlTiSAWaRUOumOHNexSRzG9UR\ny+v/UIVkuDXFwzb1aly93S0Elp7cDPQA0FCLqiwofnNdPTJ1BiXa1OO8UFXuV16H\nw0JeYdl+GWUf8Q4uTKUesclnBkLgOUaXSJQqfNwqSBj39H4vRTBKX1eiqhCwt3/l\nwBEpWW8YHkfEssclh0x2xf0714e/H3BuwLwdWwIDAQABAoIBAQCyQvkRfKcvYOnC\npoc0We/v+D8l+ZnPTO1TUQLH9JfbLsmOQQcqG18C9zDxSVU9eGeTmf8jgJfQtgrZ\nP3SEaNOe8fkhdi6b8ZPv7E28X67FPzW55CXsuY5uuv3ngu1QPl8L+WsBwCeaoe3c\n9VLSZhxsAFaaI7Y3fn0Dw1z9YimI47ZSHra1xo9JM9EZybVYi8HaIoame9fs+TaK\nulr5nDjuRqPFhvVGpa/+S0S75ArW4VKrWp97cQ3D1xw2Fz0jP3eHndCErTYhj8MB\n10AFCndNKEIrwMPN5M426TbBLJY0vcIPYg0v4lSzwwAhYnNNmxMmroRLnD22ohdf\n687g52vRAoGBAOy6iiJxqW1mLNDKtwANI2XJBnoHbh8lPR3ZYlNybLeR49dFC7Qw\n5pv//rMybvWNG8obacQ0GiLXmlaajXFrpL9K+7qkg4W1VvjCvUo/Qk7He/sLOiXW\n/HuAOKZOhuLBoOzbDjDBHYy+eXDjzgqCrHpnI0wZ8uLahSUeTNSSgiNjAoGBAOFf\nuLnIMeV5kaNssvz+2iZ2W3aEW90fgNz8gy3VwzEarEGo7nalcq9vODwFHQNlZuE5\nBdzYXWE8Fjn/yJLipPxGXzPvGyZP4qUKgN8Mek39RJqvV3Mgtt0WG6IZpo0E0by0\nTmThlI0xJzi4Px01ip6fdhlJJPPC+yFayLzqtIupAoGBAJf7DtIcPNUSgvUtIB31\nUWN4kyLnAEkYpEs0lA7U6H1WOXusRV5TAsrmqEOtvlUBWfUAcn/Xn2v9FYZCRUqq\n/CMf5csm8ZV3HbYpeFNhl5VyNuOuio9encxAPp5uzeRowYMvA8ZDRVBlvRu/9TkE\nOe1/p8ak5i3EczSoZlUXFlvXAoGBANx5N80G+0jx1Hd7Lt4wslhOEMuwT+3Rk86b\nd/iu1XSEE19oU1/eGoNk2i5dEjTwTeSmVAXn4/HrRhMXFrAa6Cui7B9yGa0xGRc7\nXzbUjhEdYq+wOGx35GwD5KR/U19BB60C9m3Z/+jf3O6vz45TgngKpw21cGDGrcXD\nefzV3imBAoGAI3Md0ap1zmLVpM8NLCA9JxPPQiQAq0VmCGrEjeEk+sVn09lkESdb\nVDiu0VNGfWKsY+7hUC1qjBQ1ZCR4NFkwD6QwBsovrni6rK3f/4qRRmP8ORK9ASIi\nKw8stl7KvZdCltTobaVPFA90s+zgUsr9W6Q+gUPv2I/rmFWqpbJRARc=\n-----END RSA PRIVATE KEY-----\n"))
|
|
|
if err != nil {
|
|
|
- utils.FileLog.Error("公钥解析失败: %v", err)
|
|
|
+ utils.FileLog.Error("私钥解析失败: %v", err)
|
|
|
return
|
|
|
}
|
|
|
var encryptedData []byte
|
|
|
+ hash := sha256.Sum256(entryData)
|
|
|
// RSA加密
|
|
|
- encryptedData, err = rsa.EncryptOAEP(sha256.New(), rand.Reader, pubKey, reqBytes, nil)
|
|
|
+ encryptedData, err = rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA256, hash[:])
|
|
|
if err != nil {
|
|
|
utils.FileLog.Error("RSA加密失败: %v", err)
|
|
|
return
|
|
|
}
|
|
|
|
|
|
- // 构建加密后的数据结构
|
|
|
- encryptedStruct := encryptedRequest{
|
|
|
- Ciphertext: encryptedData,
|
|
|
- Nonce: nonceStr, // 添加随机字符串
|
|
|
- Timestamp: time.Now().UnixNano(), // 添加时间戳
|
|
|
- }
|
|
|
-
|
|
|
// 序列化加密后的数据
|
|
|
encryptedData, err = json.Marshal(encryptedStruct)
|
|
|
if err != nil {
|
|
|
@@ -148,7 +144,7 @@ func (d *DefaultRpcClient) EncryptRequest(req interface{}, nonceStr string) (enc
|
|
|
}
|
|
|
|
|
|
// 解析RSA公钥
|
|
|
-func (d *DefaultRpcClient) parseRSAPublicKeyFromPEM(pemBytes []byte) (pubKey *rsa.PublicKey, err error) {
|
|
|
+func (d *DefaultRpcClient) parsePrivateKeyFromPEM(pemBytes []byte) (privateKey *rsa.PrivateKey, err error) {
|
|
|
block, _ := pem.Decode(pemBytes)
|
|
|
if block == nil {
|
|
|
utils.FileLog.Error("公钥解析失败")
|
|
|
@@ -159,7 +155,7 @@ func (d *DefaultRpcClient) parseRSAPublicKeyFromPEM(pemBytes []byte) (pubKey *rs
|
|
|
return nil, err
|
|
|
}
|
|
|
|
|
|
- pubKey, ok := pubInterface.(*rsa.PublicKey)
|
|
|
+ privateKey, ok := pubInterface.(*rsa.PrivateKey)
|
|
|
if !ok {
|
|
|
return nil, errors.New("RSA公钥格式错误")
|
|
|
}
|
kobe6258