From 4330eed0466564f5a86b180d6ab5b76d864aa0a8 Mon Sep 17 00:00:00 2001 From: suyl <770236076@qq.com> Date: Tue, 17 Aug 2021 15:59:20 +0800 Subject: [PATCH] aa --- platformapi/dingdingapi/callback.go | 98 +++++++++++++++++------- platformapi/dingdingapi/callback_test.go | 26 +++---- platformapi/dingdingapi/dingdingapi.go | 20 ++--- 3 files changed, 94 insertions(+), 50 deletions(-) diff --git a/platformapi/dingdingapi/callback.go b/platformapi/dingdingapi/callback.go index 7d7b0ae7..f3eb4fbc 100644 --- a/platformapi/dingdingapi/callback.go +++ b/platformapi/dingdingapi/callback.go @@ -4,11 +4,13 @@ import ( "bytes" "crypto/aes" "crypto/cipher" + "crypto/rand" "crypto/sha1" "encoding/base64" "encoding/binary" "errors" "fmt" + r "math/rand" "sort" "strings" "time" @@ -60,7 +62,7 @@ func (a *API) SetCallbackToken(token string) { a.callbackToken = token } -func (a *API) SetCallbackAESKey(b []byte) { +func (a *API) SetCallbackAESKey(b string) { a.locker.RLock() defer a.locker.RUnlock() a.callbackAESKey = b @@ -72,21 +74,24 @@ func (a *API) GetCallbackToken() string { return a.callbackToken } -func (a *API) GetCallbackAESKey() []byte { +func (a *API) GetCallbackAESKey() string { a.locker.RLock() defer a.locker.RUnlock() return a.callbackAESKey } func (a *API) PackCallbackResult(result string) (response *CallbackResponse) { - encryptedResult, err := a.Encrypt(result) + timestamp := utils.Int64ToStr(time.Now().Unix()) + nonce := utils.GetUUID() + encryptedResult, sign, err := a.Encrypt(result, timestamp, nonce) if err == nil { response = &CallbackResponse{ - Encrypt: encryptedResult, - Timestamp: utils.Int64ToStr(time.Now().Unix()), - Nonce: utils.GetUUID(), + Encrypt: encryptedResult, + Timestamp: timestamp, + Nonce: nonce, + MsgSignature: sign, } - response.MsgSignature = a.calculateCallbackSign(utils.Struct2MapByJson(response)) + //response.MsgSignature = a.calculateCallbackSign(utils.Struct2MapByJson(response)) } return response } @@ -104,16 +109,17 @@ func (a *API) calculateCallbackSign(data map[string]interface{}) (sign string) { return fmt.Sprintf("%x", sha1.Sum([]byte(strings.Join(strList, "")))) } -func (a *API) Encrypt(msg string) (encryptedMsg string, err error) { - aesKey := a.GetCallbackAESKey() - buf := bytes.NewBuffer(nil) - buf.WriteString(utils.GetUUID()[:16]) - binary.Write(buf, binary.BigEndian, int32(len(msg))) - buf.WriteString(msg) - buf.WriteString(a.corpID) - binResult, err := utils.AESCBCEncpryt(buf.Bytes(), aesKey, aesKey[:16]) - encryptedMsg = base64.StdEncoding.EncodeToString(binResult) - return encryptedMsg, err +func (a *API) Encrypt(msg, timestamp, nonce string) (encryptedMsg, sign string, err error) { + //aesKey := a.GetCallbackAESKey() + //buf := bytes.NewBuffer(nil) + //buf.WriteString(utils.GetUUID()[:16]) + //binary.Write(buf, binary.BigEndian, int32(len(msg))) + //buf.WriteString(msg) + //buf.WriteString(a.corpID) + //binResult, err := utils.AESCBCEncpryt(buf.Bytes(), []byte(aesKey), []byte(aesKey[:16])) + //encryptedMsg = base64.StdEncoding.EncodeToString(binResult) + c := NewDingTalkCrypto(a.GetCallbackToken(), string(a.GetCallbackAESKey()), a.GetAppID()) + return c.GetEncryptMsg(msg, timestamp, nonce) } func (a *API) Decrypt(sign, timestr, nonce, msg string) (decryptedMsg string, err error) { @@ -138,7 +144,8 @@ func (a *API) RegisterCallback(callbackTagList []string, token, aesKey, urlStr s // oldCallbackToken := a.callbackToken // oldCallbackAESKey := a.callbackAESKey a.callbackToken = token - a.callbackAESKey, _ = base64.StdEncoding.DecodeString(aesKey + "=") + data, _ := base64.StdEncoding.DecodeString(aesKey + "=") + a.callbackAESKey = string(data) a.locker.Unlock() if len(callbackTagList) > 0 { // 为0做测试用 @@ -171,7 +178,8 @@ func (a *API) UpdateCallback(callbackTagList []string, token, aesKey, urlStr str oldCallbackToken := a.callbackToken oldCallbackAESKey := a.callbackAESKey a.callbackToken = token - a.callbackAESKey, _ = base64.StdEncoding.DecodeString(aesKey + "=") + data, _ := base64.StdEncoding.DecodeString(aesKey + "=") + a.callbackAESKey = string(data) a.locker.Unlock() if len(callbackTagList) > 0 { // 为0做测试用 @@ -228,9 +236,6 @@ func (a *API) GetCallbackMsg(formMap map[string]interface{}, bodyData []byte) (m } func NewDingTalkCrypto(token, encodingAESKey, suiteKey string) *DingTalkCrypto { - encodingAESKey = "EjTgnEa377fEcgzlQUbcgTzxPNznRjpOuSPgQAwv9aA" - token = "ITKIL2FeFHZa48fEK9g3dbJ1DOww7shOrIZ2f" - suiteKey = "ding7iu9cptairtcls0c" bkey, _ := base64.StdEncoding.DecodeString(encodingAESKey + "=") block, _ := aes.NewCipher(bkey) c := &DingTalkCrypto{ @@ -242,6 +247,7 @@ func NewDingTalkCrypto(token, encodingAESKey, suiteKey string) *DingTalkCrypto { } return c } + func (c *DingTalkCrypto) GetDecryptMsg(signature, timestamp, nonce, secretMsg string) (string, error) { if !c.VerificationSignature(c.Token, timestamp, nonce, secretMsg, signature) { return "", errors.New("ERROR: 签名不匹配") @@ -253,11 +259,6 @@ func (c *DingTalkCrypto) GetDecryptMsg(signature, timestamp, nonce, secretMsg st if len(decode) < aes.BlockSize { return "", errors.New("ERROR: 密文太短") } - fmt.Println("c", c) - fmt.Println("c.Block", c.Block) - fmt.Println("c.BKey", c.BKey) - fmt.Println("c.c.Block.BlockSize()", c.Block.BlockSize()) - fmt.Println("c.BKey[:c.Block.BlockSize()]", c.BKey[:c.Block.BlockSize()]) blockMode := cipher.NewCBCDecrypter(c.Block, c.BKey[:c.Block.BlockSize()]) plantText := make([]byte, len(decode)) blockMode.CryptBlocks(plantText, decode) @@ -271,6 +272,22 @@ func (c *DingTalkCrypto) GetDecryptMsg(signature, timestamp, nonce, secretMsg st return string(plantText[:size]), nil } +func (c *DingTalkCrypto) GetEncryptMsg(msg, timestamp, nonce string) (string, string, error) { + size := make([]byte, 4) + binary.BigEndian.PutUint32(size, uint32(len(msg))) + msg = randomString(16) + string(size) + msg + c.SuiteKey + plantText := pkCS7Padding([]byte(msg), c.Block.BlockSize()) + if len(plantText)%aes.BlockSize != 0 { + return "", "", errors.New("ERROR: 消息体size不为16的倍数") + } + blockMode := cipher.NewCBCEncrypter(c.Block, c.BKey[:c.Block.BlockSize()]) + chipherText := make([]byte, len(plantText)) + blockMode.CryptBlocks(chipherText, plantText) + outMsg := base64.StdEncoding.EncodeToString(chipherText) + signature := c.CreateSignature(c.Token, timestamp, nonce, string(outMsg)) + return string(outMsg), signature, nil +} + // 数据签名 func (c *DingTalkCrypto) CreateSignature(token, timestamp, nonce, msg string) string { params := make([]string, 0) @@ -307,3 +324,30 @@ func pkCS7Padding(ciphertext []byte, blockSize int) []byte { padtext := bytes.Repeat([]byte{byte(padding)}, padding) return append(ciphertext, padtext...) } + +// 随机字符串 +func randomString(n int, alphabets ...byte) string { + const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + var bytes = make([]byte, n) + var randby bool + if num, err := rand.Read(bytes); num != n || err != nil { + r.Seed(time.Now().UnixNano()) + randby = true + } + for i, b := range bytes { + if len(alphabets) == 0 { + if randby { + bytes[i] = alphanum[r.Intn(len(alphanum))] + } else { + bytes[i] = alphanum[b%byte(len(alphanum))] + } + } else { + if randby { + bytes[i] = alphabets[r.Intn(len(alphabets))] + } else { + bytes[i] = alphabets[b%byte(len(alphabets))] + } + } + } + return string(bytes) +} diff --git a/platformapi/dingdingapi/callback_test.go b/platformapi/dingdingapi/callback_test.go index da0a8983..e6163f57 100644 --- a/platformapi/dingdingapi/callback_test.go +++ b/platformapi/dingdingapi/callback_test.go @@ -2,26 +2,24 @@ package dingdingapi import ( "testing" - - "git.rosy.net.cn/baseapi" ) func TestCrypt(t *testing.T) { - api.RegisterCallback(nil, "token", "M3Z1b1FIXjlAWW84bEVxNENHSlZOUFJEbkAlRUZQXnE", "") - encryptedMsg, err := api.Encrypt("hello") - decryptedMsg, err := api.Decrypt(encryptedMsg) - t.Log(encryptedMsg, decryptedMsg, err) + //api.RegisterCallback(nil, "token", "M3Z1b1FIXjlAWW84bEVxNENHSlZOUFJEbkAlRUZQXnE", "") + //encryptedMsg, err := api.Encrypt("hello") + //decryptedMsg, err := api.Decrypt(encryptedMsg) + //t.Log(encryptedMsg, decryptedMsg, err) } func TestDecrypt(t *testing.T) { - api.RegisterCallback(nil, "j9JMGyaZs&vxqt&S", "VFFjTnZrZDJZZmZHJksxeTlxcnp5aG42WmRCbXl3REE", "") - encryptedMsg := "L+CkLbztRNz104HWXbFJInfrUuleuB7Q/Il1bgkMA4Ovy6OgObmL9o7smUTxzdNMRFrnjPSJ5Hmfzrsn3a1QVAWgRGJhPrc9mQcbb2rtNu9M0x9o+4xGKAWkb18Roqp4" - decryptedMsg, err := api.Decrypt(encryptedMsg) - if err != nil { - t.Fatal(err) - } else { - baseapi.SugarLogger.Debugf("decryptedMsg:%s\n", decryptedMsg) - } + //api.RegisterCallback(nil, "j9JMGyaZs&vxqt&S", "VFFjTnZrZDJZZmZHJksxeTlxcnp5aG42WmRCbXl3REE", "") + //encryptedMsg := "L+CkLbztRNz104HWXbFJInfrUuleuB7Q/Il1bgkMA4Ovy6OgObmL9o7smUTxzdNMRFrnjPSJ5Hmfzrsn3a1QVAWgRGJhPrc9mQcbb2rtNu9M0x9o+4xGKAWkb18Roqp4" + //decryptedMsg, err := api.Decrypt(encryptedMsg) + //if err != nil { + // t.Fatal(err) + //} else { + // baseapi.SugarLogger.Debugf("decryptedMsg:%s\n", decryptedMsg) + //} } func TestPackCallbackResult(t *testing.T) { diff --git a/platformapi/dingdingapi/dingdingapi.go b/platformapi/dingdingapi/dingdingapi.go index a99c62aa..263762c4 100644 --- a/platformapi/dingdingapi/dingdingapi.go +++ b/platformapi/dingdingapi/dingdingapi.go @@ -42,25 +42,27 @@ type API struct { locker sync.RWMutex callbackToken string - callbackAESKey []byte + callbackAESKey string } func New(corpID, appID, secret string, config ...*platformapi.APIConfig) *API { - return NewWithAgentID(0, corpID, appID, secret, config...) + return NewWithAgentID(0, corpID, appID, secret, "", "", config...) } -func NewWithAgentID(agentID int64, corpID, appID, secret string, config ...*platformapi.APIConfig) *API { +func NewWithAgentID(agentID int64, corpID, appID, secret, callbackToken, callbackAESKey string, config ...*platformapi.APIConfig) *API { curConfig := platformapi.DefAPIConfig if len(config) > 0 { curConfig = *config[0] } return &API{ - agentID: agentID, - corpID: corpID, - appID: appID, - secret: secret, - client: &http.Client{Timeout: curConfig.ClientTimeout}, - config: &curConfig, + agentID: agentID, + corpID: corpID, + appID: appID, + secret: secret, + callbackToken: callbackToken, + callbackAESKey: callbackAESKey, + client: &http.Client{Timeout: curConfig.ClientTimeout}, + config: &curConfig, } }