生成的授权字符串在使用Golang和JS时不一致。

huangapple go评论96阅读模式
英文:

Authorization string is not same when generate with golang and JS

问题

我有问题,关于使用Golang生成正确的API访问授权字符串。我尝试使用JS,字符串可以正常使用,而来自Golang的字符串无法用于身份验证。你能帮我检查一下有什么不同并纠正我吗?

这是我的Golang代码:

func generateSalt(dataToSign string) string {
    token := hmac.New(sha256.New, []byte("secret"))
    token.Write([]byte(dataToSign))
    macSum := token.Sum(nil)
    return base64.StdEncoding.EncodeToString(macSum)
}

func main() {
    date := "Wed, 25 May 2022 09:16:45 GMT"
    uri := "groups"
    url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)
    dataToSign := fmt.Sprintf(`(request-target): get %s%vhost: %s%vdate: %s`, "/v2/groups", "\r\n", "api-worldcheck.refinitiv.com", "\r\n", date)
    log.Printf("dateToSign: %s", dataToSign)
    hmac := generateSalt(dataToSign)
    authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)
    log.Printf("authorization: %s", authorization)
}

Golang的结果是dZzRZfa0yVZsTWof+qEz5VhsFyV83b6DDKXzG9pp/yk=

JS的代码:

function generateAuthHeader(dataToSign){
    var hash = CryptoJS.HmacSHA256(dataToSign,environment["api-secret"]);
    return hash.toString(CryptoJS.enc.Base64); 
}

var date = "Wed, 25 May 2022 09:16:45 GMT";

var dataToSign = "(request-target): get " + environment["gateway-url"] + "groups\n" +
        "host: " + environment["gateway-host"] + "\n" +
        "date: " + date;
        console.log("date", date)
        console.log({dataToSign})
var hmac = generateAuthHeader(dataToSign);
var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";
        console.log({authorisation})

结果是nx5uyMlq4kOxY1fD5OpoLE6UGI+f5p3OUy+l6G8+oxc=

英文:

I have problem with Golang to generate the correct the correct Authorization string for API access. I try with JS and the string is okay to use while the string from golang can not be used for authentication. Can you help me check what is the different and correct me?
Here is my golang code:

func generateSalt(dataToSign string) string {
	token := hmac.New(sha256.New, []byte("secret"))
	token.Write([]byte(dataToSign))
	macSum := token.Sum(nil)
	return base64.StdEncoding.EncodeToString(macSum)
}

func main() {
    date = "Wed, 25 May 2022 09:16:45 GMT"
	uri := "groups"
	url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)
	dataToSign := fmt.Sprintf(`(request-target): get %s%vhost: %s%vdate: %s`, "/v2/groups", "\r\n", "api-worldcheck.refinitiv.com", "\r\n", date)
	log.Printf("dateToSign: %s", dataToSign)
	hmac := generateSalt(dataToSign)
	authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)
	log.Printf("authorization: %s", authorization)
}

The result from golang is dZzRZfa0yVZsTWof+qEz5VhsFyV83b6DDKXzG9pp/yk=

The code on JS

function generateAuthHeader(dataToSign){
    var hash = CryptoJS.HmacSHA256(dataToSign,environment["api-secret"]);
    return hash.toString(CryptoJS.enc.Base64); 
}

var date = "Wed, 25 May 2022 09:16:45 GMT";

var dataToSign = "(request-target): get " + environment["gateway-url"] + "groups\n" +
        "host: " + environment["gateway-host"] + "\n" +
        "date: " + date;
        console.log("date", date)
        console.log({dataToSign})
var hmac = generateAuthHeader(dataToSign);
var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";
        console.log({authorisation})

The result is nx5uyMlq4kOxY1fD5OpoLE6UGI+f5p3OUy+l6G8+oxc=

答案1

得分: 1

这两个代码片段有不同的数据需要签名。JS代码中使用了一些环境变量,可能会有所不同。我已经从Go代码中获取了这些值。

Go代码:Go Playground示例

// You can edit this code!
// Click here and start typing.
package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/base64"
	"fmt"
	"log"
)

func generateSalt(dataToSign string) string {
	token := hmac.New(sha256.New, []byte("secret"))
	token.Write([]byte(dataToSign))
	macSum := token.Sum(nil)
	return base64.StdEncoding.EncodeToString(macSum)
}

func main() {
	date := "Wed, 25 May 2022 09:16:45 GMT"
	uri := "groups"
	url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)
	host := "api-worldcheck.refinitiv.com"
	dataToSign := fmt.Sprintf("(request-target): get %s\nhost: %s\ndate: %s", url, host, date)
	log.Printf("dateToSign: %s", dataToSign)
	hmac := generateSalt(dataToSign)
	authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)
	log.Printf("authorization: %s", authorization)
}

JS代码:

<!-- begin snippet: js hide: false console: true babel: false -->

<!-- language: lang-js -->
function generateAuthHeader(dataToSign) {
  var hash = CryptoJS.HmacSHA256(dataToSign, "secret");
  return hash.toString(CryptoJS.enc.Base64);
}

var date = "Wed, 25 May 2022 09:16:45 GMT";
var url = "https://api-worldcheck.refinitiv.com/v2/";
var host = "api-worldcheck.refinitiv.com";
var apiKey = "api-key";

var dataToSign =
  "(request-target): get " +
  url +
  "groups\n" +
  "host: " +
  host +
  "\n" +
  "date: " +
  date;
console.log("date", date);
console.log("dataToSign", dataToSign);
var hmac = generateAuthHeader(dataToSign);
var authorisation =
  'Signature keyId="' +
  apiKey +
  '",algorithm="hmac-sha256",headers="(request-target) host date",signature="' +
  hmac +
  '"';
console.log(authorisation);

<!-- language: lang-html -->
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>

<!-- end snippet -->

两者的签名都是pZjwRvunAPwUs7tFdbFtY6xOLjbpKUYMpnb

英文:

Both the snippets have different data to sign. The JS has some env vars that are used which might be different. I have taken those values from the Go code.

Go code: Go Playground example

// You can edit this code!
// Click here and start typing.
package main

import (
	&quot;crypto/hmac&quot;
	&quot;crypto/sha256&quot;
	&quot;encoding/base64&quot;
	&quot;fmt&quot;
	&quot;log&quot;
)

func generateSalt(dataToSign string) string {
	token := hmac.New(sha256.New, []byte(&quot;secret&quot;))
	token.Write([]byte(dataToSign))
	macSum := token.Sum(nil)
	return base64.StdEncoding.EncodeToString(macSum)
}

func main() {
	date := &quot;Wed, 25 May 2022 09:16:45 GMT&quot;
	uri := &quot;groups&quot;
	url := fmt.Sprintf(&quot;https://api-worldcheck.refinitiv.com/v2/%s&quot;, uri)
	host := &quot;api-worldcheck.refinitiv.com&quot;
	dataToSign := fmt.Sprintf(&quot;(request-target): get %s\nhost: %s\ndate: %s&quot;, url, host, date)
	log.Printf(&quot;dateToSign: %s&quot;, dataToSign)
	hmac := generateSalt(dataToSign)
	authorization := fmt.Sprintf(`Signature keyId=&quot;%s&quot;,algorithm=&quot;hmac-sha256&quot;,headers=&quot;(request-target) host date&quot;,signature=&quot;%s&quot;`, &quot;api-key&quot;, hmac)
	log.Printf(&quot;authorization: %s&quot;, authorization)
}

JS Code:

<!-- begin snippet: js hide: false console: true babel: false -->

<!-- language: lang-js -->

function generateAuthHeader(dataToSign){
    var hash = CryptoJS.HmacSHA256(dataToSign, &quot;secret&quot;);
    return hash.toString(CryptoJS.enc.Base64); 
}

var date = &quot;Wed, 25 May 2022 09:16:45 GMT&quot;;
var url = &quot;https://api-worldcheck.refinitiv.com/v2/&quot;;
var host = &quot;api-worldcheck.refinitiv.com&quot;;
var apiKey = &quot;api-key&quot;;

var dataToSign = &quot;(request-target): get &quot; + url + &quot;groups\n&quot; +
        &quot;host: &quot; + host + &quot;\n&quot; +
        &quot;date: &quot; + date;
console.log(&quot;date&quot;, date)
console.log(&quot;dataToSign&quot;, dataToSign)
var hmac = generateAuthHeader(dataToSign);
var authorisation = &quot;Signature keyId=\&quot;&quot; + apiKey + &quot;\&quot;,algorithm=\&quot;hmac-sha256\&quot;,headers=\&quot;(request-target) host date\&quot;,signature=\&quot;&quot; + hmac + &quot;\&quot;&quot;;
console.log(authorisation);

<!-- language: lang-html -->

&lt;script src=&quot;https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js&quot;&gt;&lt;/script&gt;

<!-- end snippet -->

Both have the signature as pZjwRvunAPwUs7tFdbFtY6xOLjbpKUYMpnb

huangapple
  • 本文由 发表于 2022年5月25日 17:56:48
  • 转载请务必保留本文链接:https://go.coder-hub.com/72375503.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定