From d5267dede1f83fd84b858d936af04f65e98dbb20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=AD=90=E9=93=AD?= Date: Wed, 5 Mar 2025 15:18:57 +0800 Subject: [PATCH] cmb --- configs/config.yaml | 3 +- internal/conf/conf.pb.go | 53 ++++++++++++++++++++++++++++-------- internal/conf/conf.proto | 3 ++ internal/pkg/cmb/sm2.go | 16 ++++------- internal/pkg/cmb/sm2_test.go | 14 +++------- internal/service/cmb_mock.go | 4 ++- 6 files changed, 58 insertions(+), 35 deletions(-) diff --git a/configs/config.yaml b/configs/config.yaml index 8c7502f..86061d9 100644 --- a/configs/config.yaml +++ b/configs/config.yaml @@ -49,8 +49,7 @@ wechat: cmb: sm2Prk: "" # 私钥 非对称加解密算法SM2 公钥长度为65字节,私钥长度为32字节。非对称密钥是基于国密推荐的椭圆曲线生成的,国密推荐曲线sm2p256v1 sm2Puk: "" # 公钥,给到招行密钥 - sm4Key: "" # 对称加解密算法SM4 SM4/CBC/PKCS5Padding,密钥长度为16字节,明文长度不做要求,IV长度为16字节。 - cmbSm2Puk: "" + cmbSm2Puk: "" # 招行公钥 mid: "d6fdd78b6fd13a808818286b9cad9687" aid: "5efaa21263b94f669a1c90ed0279df20" notifyUrl: "https://gateway.dev.cdlsxd.cn/ymt/jd/v1/notify" diff --git a/internal/conf/conf.pb.go b/internal/conf/conf.pb.go index d6add70..e427c5d 100644 --- a/internal/conf/conf.pb.go +++ b/internal/conf/conf.pb.go @@ -422,6 +422,9 @@ type Cmb struct { Mid string `protobuf:"bytes,1,opt,name=mid,proto3" json:"mid,omitempty"` Aid string `protobuf:"bytes,2,opt,name=aid,proto3" json:"aid,omitempty"` + Sm2Prk string `protobuf:"bytes,4,opt,name=sm2Prk,proto3" json:"sm2Prk,omitempty"` + Sm2Puk string `protobuf:"bytes,5,opt,name=sm2Puk,proto3" json:"sm2Puk,omitempty"` + CmbSm2Puk string `protobuf:"bytes,6,opt,name=cmbSm2Puk,proto3" json:"cmbSm2Puk,omitempty"` NotifyUrl string `protobuf:"bytes,3,opt,name=notifyUrl,proto3" json:"notifyUrl,omitempty"` } @@ -471,6 +474,27 @@ func (x *Cmb) GetAid() string { return "" } +func (x *Cmb) GetSm2Prk() string { + if x != nil { + return x.Sm2Prk + } + return "" +} + +func (x *Cmb) GetSm2Puk() string { + if x != nil { + return x.Sm2Puk + } + return "" +} + +func (x *Cmb) GetCmbSm2Puk() string { + if x != nil { + return x.CmbSm2Puk + } + return "" +} + func (x *Cmb) GetNotifyUrl() string { if x != nil { return x.NotifyUrl @@ -924,18 +948,23 @@ var file_conf_conf_proto_rawDesc = []byte{ 0x0a, 0x1a, 0x6d, 0x63, 0x68, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x6d, 0x63, 0x68, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x22, 0x47, - 0x0a, 0x03, 0x43, 0x6d, 0x62, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6d, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x61, 0x69, 0x64, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x61, 0x69, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x6f, 0x74, - 0x69, 0x66, 0x79, 0x55, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x6f, - 0x74, 0x69, 0x66, 0x79, 0x55, 0x72, 0x6c, 0x22, 0x3a, 0x0a, 0x04, 0x4c, 0x6f, 0x67, 0x73, 0x12, - 0x1a, 0x0a, 0x08, 0x62, 0x75, 0x73, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x08, 0x62, 0x75, 0x73, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x61, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x61, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x42, 0x17, 0x5a, 0x15, 0x76, 0x6f, 0x75, 0x63, 0x68, 0x65, 0x72, 0x2f, 0x63, - 0x70, 0x6e, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x3b, 0x63, 0x6f, 0x6e, 0x66, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x74, 0x65, 0x53, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x22, 0x95, + 0x01, 0x0a, 0x03, 0x43, 0x6d, 0x62, 0x12, 0x10, 0x0a, 0x03, 0x6d, 0x69, 0x64, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x6d, 0x69, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x61, 0x69, 0x64, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x61, 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6d, + 0x32, 0x50, 0x72, 0x6b, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6d, 0x32, 0x50, + 0x72, 0x6b, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6d, 0x32, 0x50, 0x75, 0x6b, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x06, 0x73, 0x6d, 0x32, 0x50, 0x75, 0x6b, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x6d, + 0x62, 0x53, 0x6d, 0x32, 0x50, 0x75, 0x6b, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x63, + 0x6d, 0x62, 0x53, 0x6d, 0x32, 0x50, 0x75, 0x6b, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x6f, 0x74, 0x69, + 0x66, 0x79, 0x55, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x6f, 0x74, + 0x69, 0x66, 0x79, 0x55, 0x72, 0x6c, 0x22, 0x3a, 0x0a, 0x04, 0x4c, 0x6f, 0x67, 0x73, 0x12, 0x1a, + 0x0a, 0x08, 0x62, 0x75, 0x73, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x62, 0x75, 0x73, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x61, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x42, 0x17, 0x5a, 0x15, 0x76, 0x6f, 0x75, 0x63, 0x68, 0x65, 0x72, 0x2f, 0x63, 0x70, + 0x6e, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x3b, 0x63, 0x6f, 0x6e, 0x66, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( diff --git a/internal/conf/conf.proto b/internal/conf/conf.proto index 3a33ae8..d3a5977 100644 --- a/internal/conf/conf.proto +++ b/internal/conf/conf.proto @@ -73,6 +73,9 @@ message Wechat { message Cmb { string mid = 1; string aid = 2; + string sm2Prk = 4; + string sm2Puk = 5; + string cmbSm2Puk = 6; string notifyUrl = 3; } diff --git a/internal/pkg/cmb/sm2.go b/internal/pkg/cmb/sm2.go index 45d8564..ee18f65 100644 --- a/internal/pkg/cmb/sm2.go +++ b/internal/pkg/cmb/sm2.go @@ -43,12 +43,11 @@ func publicKeyToString(publicKey *sm2.PublicKey) string { return hex.EncodeToString(publicKeyBytes) } -func encrypt(sopPublicKey, inputJson string) (string, error) { - data, _ := base64.StdEncoding.DecodeString(inputJson) +func encrypt(sopPublicKey, input string) (string, error) { sm4Key := GenerateSM4Key() iv := GetSM4IV() - encryptedBody, err := sm4.CBCEncrypt(sm4Key, iv, Padding(data, 1)) + encryptedBody, err := sm4.CBCEncrypt(sm4Key, iv, Padding([]byte(input), 1)) keyAndIv := AssemblingByteArray(sm4Key, iv) @@ -67,13 +66,8 @@ func encrypt(sopPublicKey, inputJson string) (string, error) { return fmt.Sprintf("%s|%s", base64.StdEncoding.EncodeToString([]byte(kvTmp)), base64.StdEncoding.EncodeToString(encryptedBody)), nil } -func decrypt(privateKey, inputJson string) (string, error) { - data, err := base64.StdEncoding.DecodeString(inputJson) - if err != nil { - return "", err - } - - tmpDataArr := strings.Split(string(data), "|") +func decrypt(privateKey, input string) (string, error) { + tmpDataArr := strings.Split(input, "|") if len(tmpDataArr) != 2 { return "", fmt.Errorf("数据格式错误") } @@ -121,9 +115,11 @@ func sign(privateKey, input string) (string, error) { SetData([]byte(input)). Sign(). ToString() + if err != nil { return "", err } + return base64.StdEncoding.EncodeToString([]byte(signData)), nil } diff --git a/internal/pkg/cmb/sm2_test.go b/internal/pkg/cmb/sm2_test.go index 674018d..725bce9 100644 --- a/internal/pkg/cmb/sm2_test.go +++ b/internal/pkg/cmb/sm2_test.go @@ -1,7 +1,6 @@ package cmb import ( - "encoding/base64" "testing" ) @@ -19,16 +18,14 @@ func TestGenerateSm2Key(t *testing.T) { func TestEncrypt(t *testing.T) { pukKey := "04a702106cf530dc981e44cd515b394747cfd6bb059247696b188b25281ea4278fe7c6e34a83680110eec71becd31f5db14abc671e5d8e67ce7ca3c6b3adc86674" content := `{"name":"zhangxx","phoneNo":"137xxxxxxxx"}` - base64Content := base64.StdEncoding.EncodeToString([]byte(content)) - xx, err := encrypt(pukKey, base64Content) + xx, err := encrypt(pukKey, content) t.Log(xx, err) } func TestDecrypt(t *testing.T) { priKey := "9450c673cf801164435b9c164ac1404e87997245bc6f323fde22015875a03f6e" content := "BHeko/ZYFzQOJn6Q3y46X1AjNz8Nh5fq1FfMuWebh+TangLnlK5iFqePCst4rjG/FKJInijiKO2Qq18sJULlMEEgri05s+bHHDKM+Y+73crAbCnIhHbZxUjt8A0cq2rKjzkl8bxW33dU18uuiTEAmsAvKvmZgE6zJ1eDyjFWefHEIFJaKCNY2cTQOInt|8UYFZFTkx0DovPhaWCbdBkAqbgGmegT14F5gwXLJ6G1uWdYNvX+i5QWAYUGtd8u9" - base64Content := base64.StdEncoding.EncodeToString([]byte(content)) - xx, err := decrypt(priKey, base64Content) + xx, err := decrypt(priKey, content) t.Log(xx, err) } @@ -37,17 +34,15 @@ func TestEncryptDecrypt(t *testing.T) { pukKey := "0479c4d66ffc74d5e0ff667d53da72f63f2c091cf4ee5fc3cc53142bc104dd68ffe332cf1151ce07e0cc62d64c9c7c3b5c94b161668d281691cab2424013eadfb2" content := `{"name":"zhangxx","phoneNo":"137xxxxxxxx"}` - base64EncryptContent := base64.StdEncoding.EncodeToString([]byte(content)) - xx, err := encrypt(pukKey, base64EncryptContent) + xx, err := encrypt(pukKey, content) if err != nil { t.Log(err) return } t.Log(xx) - base64DecryptContent := base64.StdEncoding.EncodeToString([]byte(xx)) - aa, err := decrypt(priKey, base64DecryptContent) + aa, err := decrypt(priKey, xx) if err != nil { t.Log(err) return @@ -68,7 +63,6 @@ func TestVerify(t *testing.T) { pukKey := "04838f74275e6f4f2373d4e6e974ac790c10ab6f9c17e273cf0c84848c6838979c158315932e36f0b9444442f145e4671b1ee5d43d5d63913a70d4d0d52cc3c0d6" content := "accessToken.json?aid=9dad6d3900ec3ffabd80e46522a10ead&cmbKeyAlias=SM2_CMBLIFE&date=20250305115032&encryptBody=BHeko/ZYFzQOJn6Q3y46X1AjNz8Nh5fq1FfMuWebh+TangLnlK5iFqePCst4rjG/FKJInijiKO2Qq18sJULlMEEgri05s+bHHDKM+Y+73crAbCnIhHbZxUjt8A0cq2rKjzkl8bxW33dU18uuiTEAmsAvKvmZgE6zJ1eDyjFWefHEIFJaKCNY2cTQOInt|8UYFZFTkx0DovPhaWCbdBkAqbgGmegT14F5gwXLJ6G1uWdYNvX+i5QWAYUGtd8u9&keyAlias=CO_PUB_KEY_SM2&mid=f806c259d86e3b9aa956c98d475b6af7&random=286d97b1d8ed4bbf822b004470c92ae8" - signDataBase64 := "MEUCIAg1zxnKG+X8t/hlwEoyL/T33iKgle09S6bfb3eZh/FqAiEAxtK5TdGAo+JpK7JmL15tT4nlQyrUzC14flu0Tq+9Svo=" xx, err := verify(pukKey, content, signDataBase64) diff --git a/internal/service/cmb_mock.go b/internal/service/cmb_mock.go index c5ce010..f56ba58 100644 --- a/internal/service/cmb_mock.go +++ b/internal/service/cmb_mock.go @@ -7,11 +7,13 @@ import ( func (s *VoucherService) CmbOrderMock(ctx http.Context) error { - var req v1.CmbOrderReply + var req v1.CmbOrderRequest if err := ctx.BindForm(&req); err != nil { return err } + //bizJson := req.String() + reply := &v1.CmbRequest{} return ctx.JSON(200, reply)