package internal import ( "context" "crypto" "crypto/rand" "crypto/rsa" "crypto/sha256" "crypto/x509" "encoding/base64" "encoding/pem" "fmt" "gitea.cdlsxd.cn/sdk/plugin/proto" "gitea.cdlsxd.cn/sdk/plugin/utils" "net/http" "net/url" "plugins/alipay_cpn/internal/po" "plugins/utils/request" "strings" ) func req(config *Config, req *po.Param) (url.Values, error) { var strToBeSigned strings.Builder uv := url.Values{} kvRows := utils.SortStructJsonTag(req) for _, kv := range kvRows { if kv.Key == "sign" { continue } if kv.Value == "" { continue } uv.Set(kv.Key, kv.Value) strToBeSigned.WriteString(fmt.Sprintf("%s=%s&", kv.Key, kv.Value)) } s := strings.TrimRight(strToBeSigned.String(), "&") sign, err := Sign(s, []byte(utils.NewPrivate().Build(config.Prk))) if err != nil { return nil, proto.ErrorSignFail(err.Error()) } uv.Set("sign", sign) return uv, nil } func Post(ctx context.Context, uv url.Values) ([]byte, http.Header, error) { headers := map[string]string{ "Content-Type": "application/x-www-form-urlencoded", } respBody, respHeader, err := request.Post(ctx, baseUri+"?"+uv.Encode(), nil, request.WithHeaders(headers)) if err != nil { return nil, nil, proto.ErrorRequestFail(err.Error()) } return respBody, respHeader, nil } func Sign(data string, privateKeyPEM []byte) (string, error) { block, _ := pem.Decode(privateKeyPEM) if block == nil { return "", proto.ErrorSignFail("failed to parse PEM block containing the private key") } privyKey, err := x509.ParsePKCS8PrivateKey(block.Bytes) if err != nil { return "", proto.ErrorSignFail(fmt.Sprintf("failed to parse DER encoded private key: %v", err)) } hashed := sha256.Sum256([]byte(data)) signature, err := rsa.SignPKCS1v15(rand.Reader, privyKey.(*rsa.PrivateKey), crypto.SHA256, hashed[:]) if err != nil { return "", proto.ErrorSignFail(fmt.Sprintf("failed to sign:%v", err)) } return base64.StdEncoding.EncodeToString(signature), nil } func Verify(n *po.Notify, publicKeyPEM string) (bool, error) { var strToBeSigned strings.Builder uv := url.Values{} kvRows := utils.SortStructJsonTag(n) for _, kv := range kvRows { if kv.Key == "sign" { continue } if kv.Key == "sign_type" { continue } if kv.Value == "" { continue } uv.Set(kv.Key, kv.Value) strToBeSigned.WriteString(fmt.Sprintf("%s=%s&", kv.Key, kv.Value)) } s := strings.TrimRight(strToBeSigned.String(), "&") b, err := check(s, n.Sign, []byte(utils.NewPublic().Build(publicKeyPEM))) if err != nil { return false, proto.ErrorSignFail(err.Error()) } return b, nil } func check(data, signature string, publicKeyPEM []byte) (bool, error) { block, _ := pem.Decode(publicKeyPEM) if block == nil { return false, fmt.Errorf("failed to parse DER encoded public key") } pubKey, err := x509.ParsePKIXPublicKey(block.Bytes) if err != nil { return false, fmt.Errorf("failed to parse DER encoded public key: %v", err) } rsaPubKey, ok := pubKey.(*rsa.PublicKey) if !ok { return false, fmt.Errorf("failed to parse DER encoded public key: %v", err) } hashed := sha256.Sum256([]byte(data)) sig, err := base64.StdEncoding.DecodeString(signature) if err != nil { return false, fmt.Errorf("failed to decode signature: %v", err) } err = rsa.VerifyPKCS1v15(rsaPubKey, crypto.SHA256, hashed[:], sig) if err != nil { fmt.Println("signature verification error:", err) return false, nil } return true, nil }