move sign method to utils

aliyun · Jul 30, 2024 · 93d480d · 93d480d
1 parent 521f688
commit 93d480d
Show file tree

Hide file tree

Showing 9 changed files with 103 additions and 8 deletions.
diff --git a/sdk/auth/signers/algorithms.go b/sdk/auth/signers/algorithms.go
@@ -24,6 +24,7 @@ import (
 	"encoding/base64"
 )
 
+// Deprecated: use utils.ShaHmac1() instead of
 func ShaHmac1(source, secret string) string {
 	key := []byte(secret)
 	hmac := hmac.New(sha1.New, key)
@@ -33,6 +34,7 @@ func ShaHmac1(source, secret string) string {
 	return signedString
 }
 
+// Deprecated: use utils.Sha256WithRsa() instead of
 func Sha256WithRsa(source, secret string) string {
 	// block, _ := pem.Decode([]byte(secret))
 	decodeString, err := base64.StdEncoding.DecodeString(secret)

diff --git a/sdk/auth/signers/signer_access_key.go b/sdk/auth/signers/signer_access_key.go
@@ -16,6 +16,7 @@ package signers
 
 import (
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/utils"
 )
 
 type AccessKeySigner struct {
@@ -50,5 +51,5 @@ func (signer *AccessKeySigner) GetAccessKeyId() (accessKeyId string, err error)
 
 func (signer *AccessKeySigner) Sign(stringToSign, secretSuffix string) string {
 	secret := signer.credential.AccessKeySecret + secretSuffix
-	return ShaHmac1(stringToSign, secret)
+	return utils.ShaHmac1(stringToSign, secret)
 }
diff --git a/sdk/auth/signers/signer_ecs_ram_role.go b/sdk/auth/signers/signer_ecs_ram_role.go
@@ -24,6 +24,7 @@ import (
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/utils"
 	jmespath "github.com/jmespath/go-jmespath"
 )
 
@@ -89,7 +90,7 @@ func (signer *EcsRamRoleSigner) GetExtraParam() map[string]string {
 
 func (signer *EcsRamRoleSigner) Sign(stringToSign, secretSuffix string) string {
 	secret := signer.sessionCredential.AccessKeySecret + secretSuffix
-	return ShaHmac1(stringToSign, secret)
+	return utils.ShaHmac1(stringToSign, secret)
 }
 
 func (signer *EcsRamRoleSigner) buildCommonRequest() (request *requests.CommonRequest, err error) {

diff --git a/sdk/auth/signers/signer_key_pair.go b/sdk/auth/signers/signer_key_pair.go
@@ -24,6 +24,7 @@ import (
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/errors"
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/utils"
 	jmespath "github.com/jmespath/go-jmespath"
 )
 
@@ -98,7 +99,7 @@ func (signer *SignerKeyPair) GetExtraParam() map[string]string {
 
 func (signer *SignerKeyPair) Sign(stringToSign, secretSuffix string) string {
 	secret := signer.sessionCredential.AccessKeySecret + secretSuffix
-	return ShaHmac1(stringToSign, secret)
+	return utils.ShaHmac1(stringToSign, secret)
 }
 
 func (signer *SignerKeyPair) buildCommonRequest() (request *requests.CommonRequest, err error) {

diff --git a/sdk/auth/signers/signer_ram_role_arn.go b/sdk/auth/signers/signer_ram_role_arn.go
@@ -25,6 +25,7 @@ import (
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/errors"
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/requests"
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/responses"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/utils"
 	jmespath "github.com/jmespath/go-jmespath"
 )
 
@@ -109,7 +110,7 @@ func (signer *RamRoleArnSigner) GetExtraParam() map[string]string {
 
 func (signer *RamRoleArnSigner) Sign(stringToSign, secretSuffix string) string {
 	secret := signer.sessionCredential.AccessKeySecret + secretSuffix
-	return ShaHmac1(stringToSign, secret)
+	return utils.ShaHmac1(stringToSign, secret)
 }
 
 func (signer *RamRoleArnSigner) buildCommonRequest() (request *requests.CommonRequest, err error) {

diff --git a/sdk/auth/signers/signer_sts_token.go b/sdk/auth/signers/signer_sts_token.go
@@ -16,6 +16,7 @@ package signers
 
 import (
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/utils"
 )
 
 type StsTokenSigner struct {
@@ -50,5 +51,5 @@ func (signer *StsTokenSigner) GetExtraParam() map[string]string {
 
 func (signer *StsTokenSigner) Sign(stringToSign, secretSuffix string) string {
 	secret := signer.credential.AccessKeySecret + secretSuffix
-	return ShaHmac1(stringToSign, secret)
+	return utils.ShaHmac1(stringToSign, secret)
 }
diff --git a/sdk/auth/signers/signer_v2.go b/sdk/auth/signers/signer_v2.go
@@ -16,6 +16,7 @@ package signers
 
 import (
 	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials"
+	"github.com/aliyun/alibaba-cloud-sdk-go/sdk/utils"
 )
 
 type SignerV2 struct {
@@ -50,5 +51,5 @@ func (signer *SignerV2) GetAccessKeyId() (accessKeyId string, err error) {
 
 func (signer *SignerV2) Sign(stringToSign, secretSuffix string) string {
 	secret := signer.credential.PrivateKey
-	return Sha256WithRsa(stringToSign, secret)
+	return utils.Sha256WithRsa(stringToSign, secret)
 }
diff --git a/sdk/utils/utils.go b/sdk/utils/utils.go
@@ -16,11 +16,17 @@ package utils
 
 import (
 	"bytes"
+	"crypto"
+	"crypto/hmac"
 	"crypto/md5"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha1"
+	"crypto/x509"
 	"encoding/base64"
 	"encoding/hex"
 	"fmt"
-	"math/rand"
+	mathrand "math/rand"
 	"net/url"
 	"reflect"
 	"runtime"
@@ -46,7 +52,7 @@ func GetNonce() (uuidHex string) {
 	routineId := getGID()
 	currentTime := time.Now().UnixNano() / 1e6
 	seq := atomic.AddInt64(&seqId, 1)
-	randNum := rand.Int63()
+	randNum := mathrand.Int63()
 	msg := fmt.Sprintf("%d-%d-%d-%d-%d", processStartTime, routineId, currentTime, seq, randNum)
 	h := md5.New()
 	h.Write([]byte(msg))
@@ -106,3 +112,35 @@ func InitStructWithDefaultTag(bean interface{}) {
 		}
 	}
 }
+
+func ShaHmac1(source, secret string) string {
+	key := []byte(secret)
+	hmac := hmac.New(sha1.New, key)
+	hmac.Write([]byte(source))
+	signedBytes := hmac.Sum(nil)
+	signedString := base64.StdEncoding.EncodeToString(signedBytes)
+	return signedString
+}
+
+func Sha256WithRsa(source, secret string) string {
+	// block, _ := pem.Decode([]byte(secret))
+	decodeString, err := base64.StdEncoding.DecodeString(secret)
+	if err != nil {
+		panic(err)
+	}
+	private, err := x509.ParsePKCS8PrivateKey(decodeString)
+	if err != nil {
+		panic(err)
+	}
+
+	h := crypto.Hash.New(crypto.SHA256)
+	h.Write([]byte(source))
+	hashed := h.Sum(nil)
+	signature, err := rsa.SignPKCS1v15(rand.Reader, private.(*rsa.PrivateKey),
+		crypto.SHA256, hashed)
+	if err != nil {
+		panic(err)
+	}
+
+	return base64.StdEncoding.EncodeToString(signature)
+}
diff --git a/sdk/utils/utils_test.go b/sdk/utils/utils_test.go
@@ -61,3 +61,52 @@ func TestGetUrlFormedMap(t *testing.T) {
 	s2 := GetUrlFormedMap(m)
 	assert.Equal(t, "key=value&key2=http%3A%2F%2Fdomain%2F%3Fkey%3Dvalue%26key2%3Dvalue2", s2)
 }
+
+func TestShaHmac1(t *testing.T) {
+	result := ShaHmac1("source", "secret")
+	assert.Equal(t, "Jv4yi8SobFhg5t1C7nWLbhBSFZQ=", result)
+
+	assert.Equal(t, "CqCYIa39h9SSWuXnTz8F5hh9UPA=", ShaHmac1("中文", "secret"))
+}
+
+func TestSha256WithRsa(t *testing.T) {
+	secret := `
+MIICeQIBADANBgkqhkiG9w0BAQEFAASCAmMwggJfAgEAAoGBAOJC+2WXtkXZ+6sa
+3+qJp4mDOsiZb3BghHT9nVbjTeaw4hsZWHYxQ6l6XDmTg4twPB59LOGAlAjYrT31
+3pdwEawnmdf6zyF93Zvxxpy7lO2HoxYKSjbtXO4I0pcq3WTnw2xlbhqHvrcuWwt+
+FqH9akzcnwHjc03siZBzt/dwDL3vAgMBAAECgYEAzwgZPqFuUEYgaTVDFDl2ynYA
+kNMMzBgUu3Pgx0Nf4amSitdLQYLcdbQXtTtMT4eYCxHgwkpDqkCRbLOQRKNwFo0I
+oaCuhjZlxWcKil4z4Zb/zB7gkeuXPOVUjFSS3FogsRWMtnNAMgR/yJRlbcg/Puqk
+Magt/yDk+7cJCe6H96ECQQDxMT4S+tVP9nOw//QT39Dk+kWe/YVEhnWnCMZmGlEq
+1gnN6qpUi68ts6b3BVgrDPrPN6wm/Z9vpcKNeWpIvxXRAkEA8CcT2UEUwDGRKAUu
+WVPJqdAJjpjc072eRF5g792NyO+TAF6thBlDKNslRvFQDB6ymLsjfy8JYCnGbbSb
+WqbHvwJBAIs7KeI6+jiWxGJA3t06LpSABQCqyOut0u0Bm8YFGyXnOPGtrXXwzMdN
+Fe0zIJp5e69zK+W2Mvt4bL7OgBROeoECQQDsE+4uLw0gFln0tosmovhmp60NcfX7
+bLbtzL2MbwbXlbOztF7ssgzUWAHgKI6hK3g0LhsqBuo3jzmSVO43giZvAkEA08Nm
+2TI9EvX6DfCVfPOiKZM+Pijh0xLN4Dn8qUgt3Tcew/vfj4WA2ZV6qiJqL01vMsHc
+vftlY0Hs1vNXcaBgEA==`
+	result := Sha256WithRsa("source", secret)
+	assert.Equal(t, "UNyJPD27jjSNl70b02E/DUtgtNESdtAuxbNBZTlksk1t/GYjiQNRlFIubp/EGKcWsqs7p5SFKnNiSRqWG3A51VmJFBXXtyW1nwLC9xY/MbUj6JVWNYCuLkPWM942O+GAk7N+G8ZQZt7ib2MhruDAUmv1lLN26lDaCPBX2MJQJCo=", result)
+
+	assert.Equal(t, "CKE0osxUnFFH+oYP3Q427saucBuignE+Mrni63G9w46yZFtVoXFOu5lNiNCnUtaPNpGmBf9X5oGCY+otqPf7bP93nB59rfdteQs0sS65PWH9yjH8RwYCWGCbuyRul/0qIv/nYYGzkLON1C1Vx9Z4Yep6llYuJang5RIXrAkQLmQ=", Sha256WithRsa("中文", secret))
+}
+
+func TestSha256WithRsa_DecodeString_Error(t *testing.T) {
+	defer func() { // 进行异常捕捉
+		err := recover()
+		assert.NotNil(t, err)
+		assert.Equal(t, "illegal base64 data at input byte 0", err.(error).Error())
+	}()
+	secret := `==`
+	Sha256WithRsa("source", secret)
+}
+
+func TestSha256WithRsa_ParsePKCS8PrivateKey_Error(t *testing.T) {
+	defer func() { // 进行异常捕捉
+		err := recover()
+		assert.NotNil(t, err)
+		assert.Equal(t, "asn1: structure error: length too large", err.(error).Error())
+	}()
+	secret := `Jv4yi8SobFhg5t1C7nWLbhBSFZQ=`
+	Sha256WithRsa("source", secret)
+}