aa

2021-08-17 15:59:20 +08:00
parent 2c262f51c5
commit 4330eed046
3 changed files with 94 additions and 50 deletions
--- a/platformapi/dingdingapi/callback.go
+++ b/platformapi/dingdingapi/callback.go
@@ -4,11 +4,13 @@ import (
 	"bytes"
 	"crypto/aes"
 	"crypto/cipher"
+	"crypto/rand"
 	"crypto/sha1"
 	"encoding/base64"
 	"encoding/binary"
 	"errors"
 	"fmt"
+	r "math/rand"
 	"sort"
 	"strings"
 	"time"
@@ -60,7 +62,7 @@ func (a *API) SetCallbackToken(token string) {
 	a.callbackToken = token
 }

-func (a *API) SetCallbackAESKey(b []byte) {
+func (a *API) SetCallbackAESKey(b string) {
 	a.locker.RLock()
 	defer a.locker.RUnlock()
 	a.callbackAESKey = b
@@ -72,21 +74,24 @@ func (a *API) GetCallbackToken() string {
 	return a.callbackToken
 }

-func (a *API) GetCallbackAESKey() []byte {
+func (a *API) GetCallbackAESKey() string {
 	a.locker.RLock()
 	defer a.locker.RUnlock()
 	return a.callbackAESKey
 }

 func (a *API) PackCallbackResult(result string) (response *CallbackResponse) {
-	encryptedResult, err := a.Encrypt(result)
+	timestamp := utils.Int64ToStr(time.Now().Unix())
+	nonce := utils.GetUUID()
+	encryptedResult, sign, err := a.Encrypt(result, timestamp, nonce)
 	if err == nil {
 		response = &CallbackResponse{
-			Encrypt:   encryptedResult,
-			Timestamp: utils.Int64ToStr(time.Now().Unix()),
-			Nonce:     utils.GetUUID(),
+			Encrypt:      encryptedResult,
+			Timestamp:    timestamp,
+			Nonce:        nonce,
+			MsgSignature: sign,
 		}
-		response.MsgSignature = a.calculateCallbackSign(utils.Struct2MapByJson(response))
+		//response.MsgSignature = a.calculateCallbackSign(utils.Struct2MapByJson(response))
 	}
 	return response
 }
@@ -104,16 +109,17 @@ func (a *API) calculateCallbackSign(data map[string]interface{}) (sign string) {
 	return fmt.Sprintf("%x", sha1.Sum([]byte(strings.Join(strList, ""))))
 }

-func (a *API) Encrypt(msg string) (encryptedMsg string, err error) {
-	aesKey := a.GetCallbackAESKey()
-	buf := bytes.NewBuffer(nil)
-	buf.WriteString(utils.GetUUID()[:16])
-	binary.Write(buf, binary.BigEndian, int32(len(msg)))
-	buf.WriteString(msg)
-	buf.WriteString(a.corpID)
-	binResult, err := utils.AESCBCEncpryt(buf.Bytes(), aesKey, aesKey[:16])
-	encryptedMsg = base64.StdEncoding.EncodeToString(binResult)
-	return encryptedMsg, err
+func (a *API) Encrypt(msg, timestamp, nonce string) (encryptedMsg, sign string, err error) {
+	//aesKey := a.GetCallbackAESKey()
+	//buf := bytes.NewBuffer(nil)
+	//buf.WriteString(utils.GetUUID()[:16])
+	//binary.Write(buf, binary.BigEndian, int32(len(msg)))
+	//buf.WriteString(msg)
+	//buf.WriteString(a.corpID)
+	//binResult, err := utils.AESCBCEncpryt(buf.Bytes(), []byte(aesKey), []byte(aesKey[:16]))
+	//encryptedMsg = base64.StdEncoding.EncodeToString(binResult)
+	c := NewDingTalkCrypto(a.GetCallbackToken(), string(a.GetCallbackAESKey()), a.GetAppID())
+	return c.GetEncryptMsg(msg, timestamp, nonce)
 }

 func (a *API) Decrypt(sign, timestr, nonce, msg string) (decryptedMsg string, err error) {
@@ -138,7 +144,8 @@ func (a *API) RegisterCallback(callbackTagList []string, token, aesKey, urlStr s
 	// oldCallbackToken := a.callbackToken
 	// oldCallbackAESKey := a.callbackAESKey
 	a.callbackToken = token
-	a.callbackAESKey, _ = base64.StdEncoding.DecodeString(aesKey + "=")
+	data, _ := base64.StdEncoding.DecodeString(aesKey + "=")
+	a.callbackAESKey = string(data)
 	a.locker.Unlock()

 	if len(callbackTagList) > 0 { // 为0做测试用
@@ -171,7 +178,8 @@ func (a *API) UpdateCallback(callbackTagList []string, token, aesKey, urlStr str
 	oldCallbackToken := a.callbackToken
 	oldCallbackAESKey := a.callbackAESKey
 	a.callbackToken = token
-	a.callbackAESKey, _ = base64.StdEncoding.DecodeString(aesKey + "=")
+	data, _ := base64.StdEncoding.DecodeString(aesKey + "=")
+	a.callbackAESKey = string(data)
 	a.locker.Unlock()

 	if len(callbackTagList) > 0 { // 为0做测试用
@@ -228,9 +236,6 @@ func (a *API) GetCallbackMsg(formMap map[string]interface{}, bodyData []byte) (m
 }

 func NewDingTalkCrypto(token, encodingAESKey, suiteKey string) *DingTalkCrypto {
-	encodingAESKey = "EjTgnEa377fEcgzlQUbcgTzxPNznRjpOuSPgQAwv9aA"
-	token = "ITKIL2FeFHZa48fEK9g3dbJ1DOww7shOrIZ2f"
-	suiteKey = "ding7iu9cptairtcls0c"
 	bkey, _ := base64.StdEncoding.DecodeString(encodingAESKey + "=")
 	block, _ := aes.NewCipher(bkey)
 	c := &DingTalkCrypto{
@@ -242,6 +247,7 @@ func NewDingTalkCrypto(token, encodingAESKey, suiteKey string) *DingTalkCrypto {
 	}
 	return c
 }
+
 func (c *DingTalkCrypto) GetDecryptMsg(signature, timestamp, nonce, secretMsg string) (string, error) {
 	if !c.VerificationSignature(c.Token, timestamp, nonce, secretMsg, signature) {
 		return "", errors.New("ERROR: 签名不匹配")
@@ -253,11 +259,6 @@ func (c *DingTalkCrypto) GetDecryptMsg(signature, timestamp, nonce, secretMsg st
 	if len(decode) < aes.BlockSize {
 		return "", errors.New("ERROR: 密文太短")
 	}
-	fmt.Println("c", c)
-	fmt.Println("c.Block", c.Block)
-	fmt.Println("c.BKey", c.BKey)
-	fmt.Println("c.c.Block.BlockSize()", c.Block.BlockSize())
-	fmt.Println("c.BKey[:c.Block.BlockSize()]", c.BKey[:c.Block.BlockSize()])
 	blockMode := cipher.NewCBCDecrypter(c.Block, c.BKey[:c.Block.BlockSize()])
 	plantText := make([]byte, len(decode))
 	blockMode.CryptBlocks(plantText, decode)
@@ -271,6 +272,22 @@ func (c *DingTalkCrypto) GetDecryptMsg(signature, timestamp, nonce, secretMsg st
 	return string(plantText[:size]), nil
 }

+func (c *DingTalkCrypto) GetEncryptMsg(msg, timestamp, nonce string) (string, string, error) {
+	size := make([]byte, 4)
+	binary.BigEndian.PutUint32(size, uint32(len(msg)))
+	msg = randomString(16) + string(size) + msg + c.SuiteKey
+	plantText := pkCS7Padding([]byte(msg), c.Block.BlockSize())
+	if len(plantText)%aes.BlockSize != 0 {
+		return "", "", errors.New("ERROR: 消息体size不为16的倍数")
+	}
+	blockMode := cipher.NewCBCEncrypter(c.Block, c.BKey[:c.Block.BlockSize()])
+	chipherText := make([]byte, len(plantText))
+	blockMode.CryptBlocks(chipherText, plantText)
+	outMsg := base64.StdEncoding.EncodeToString(chipherText)
+	signature := c.CreateSignature(c.Token, timestamp, nonce, string(outMsg))
+	return string(outMsg), signature, nil
+}
+
 // 数据签名
 func (c *DingTalkCrypto) CreateSignature(token, timestamp, nonce, msg string) string {
 	params := make([]string, 0)
@@ -307,3 +324,30 @@ func pkCS7Padding(ciphertext []byte, blockSize int) []byte {
 	padtext := bytes.Repeat([]byte{byte(padding)}, padding)
 	return append(ciphertext, padtext...)
 }
+
+// 随机字符串
+func randomString(n int, alphabets ...byte) string {
+	const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
+	var bytes = make([]byte, n)
+	var randby bool
+	if num, err := rand.Read(bytes); num != n || err != nil {
+		r.Seed(time.Now().UnixNano())
+		randby = true
+	}
+	for i, b := range bytes {
+		if len(alphabets) == 0 {
+			if randby {
+				bytes[i] = alphanum[r.Intn(len(alphanum))]
+			} else {
+				bytes[i] = alphanum[b%byte(len(alphanum))]
+			}
+		} else {
+			if randby {
+				bytes[i] = alphabets[r.Intn(len(alphabets))]
+			} else {
+				bytes[i] = alphabets[b%byte(len(alphabets))]
+			}
+		}
+	}
+	return string(bytes)
+}
--- a/platformapi/dingdingapi/callback_test.go
+++ b/platformapi/dingdingapi/callback_test.go
@@ -2,26 +2,24 @@ package dingdingapi

 import (
 	"testing"
-
-	"git.rosy.net.cn/baseapi"
 )

 func TestCrypt(t *testing.T) {
-	api.RegisterCallback(nil, "token", "M3Z1b1FIXjlAWW84bEVxNENHSlZOUFJEbkAlRUZQXnE", "")
-	encryptedMsg, err := api.Encrypt("hello")
-	decryptedMsg, err := api.Decrypt(encryptedMsg)
-	t.Log(encryptedMsg, decryptedMsg, err)
+	//api.RegisterCallback(nil, "token", "M3Z1b1FIXjlAWW84bEVxNENHSlZOUFJEbkAlRUZQXnE", "")
+	//encryptedMsg, err := api.Encrypt("hello")
+	//decryptedMsg, err := api.Decrypt(encryptedMsg)
+	//t.Log(encryptedMsg, decryptedMsg, err)
 }

 func TestDecrypt(t *testing.T) {
-	api.RegisterCallback(nil, "j9JMGyaZs&vxqt&S", "VFFjTnZrZDJZZmZHJksxeTlxcnp5aG42WmRCbXl3REE", "")
-	encryptedMsg := "L+CkLbztRNz104HWXbFJInfrUuleuB7Q/Il1bgkMA4Ovy6OgObmL9o7smUTxzdNMRFrnjPSJ5Hmfzrsn3a1QVAWgRGJhPrc9mQcbb2rtNu9M0x9o+4xGKAWkb18Roqp4"
-	decryptedMsg, err := api.Decrypt(encryptedMsg)
-	if err != nil {
-		t.Fatal(err)
-	} else {
-		baseapi.SugarLogger.Debugf("decryptedMsg:%s\n", decryptedMsg)
-	}
+	//api.RegisterCallback(nil, "j9JMGyaZs&vxqt&S", "VFFjTnZrZDJZZmZHJksxeTlxcnp5aG42WmRCbXl3REE", "")
+	//encryptedMsg := "L+CkLbztRNz104HWXbFJInfrUuleuB7Q/Il1bgkMA4Ovy6OgObmL9o7smUTxzdNMRFrnjPSJ5Hmfzrsn3a1QVAWgRGJhPrc9mQcbb2rtNu9M0x9o+4xGKAWkb18Roqp4"
+	//decryptedMsg, err := api.Decrypt(encryptedMsg)
+	//if err != nil {
+	//	t.Fatal(err)
+	//} else {
+	//	baseapi.SugarLogger.Debugf("decryptedMsg:%s\n", decryptedMsg)
+	//}
 }

 func TestPackCallbackResult(t *testing.T) {
--- a/platformapi/dingdingapi/dingdingapi.go
+++ b/platformapi/dingdingapi/dingdingapi.go
@@ -42,25 +42,27 @@ type API struct {
 	locker  sync.RWMutex

 	callbackToken  string
-	callbackAESKey []byte
+	callbackAESKey string
 }

 func New(corpID, appID, secret string, config ...*platformapi.APIConfig) *API {
-	return NewWithAgentID(0, corpID, appID, secret, config...)
+	return NewWithAgentID(0, corpID, appID, secret, "", "", config...)
 }

-func NewWithAgentID(agentID int64, corpID, appID, secret string, config ...*platformapi.APIConfig) *API {
+func NewWithAgentID(agentID int64, corpID, appID, secret, callbackToken, callbackAESKey string, config ...*platformapi.APIConfig) *API {
 	curConfig := platformapi.DefAPIConfig
 	if len(config) > 0 {
 		curConfig = *config[0]
 	}
 	return &API{
-		agentID: agentID,
-		corpID:  corpID,
-		appID:   appID,
-		secret:  secret,
-		client:  &http.Client{Timeout: curConfig.ClientTimeout},
-		config:  &curConfig,
+		agentID:        agentID,
+		corpID:         corpID,
+		appID:          appID,
+		secret:         secret,
+		callbackToken:  callbackToken,
+		callbackAESKey: callbackAESKey,
+		client:         &http.Client{Timeout: curConfig.ClientTimeout},
+		config:         &curConfig,
 	}
 }