猿问

使用 golang 和 JS 生成时授权字符串不相同

我在使用 Golang 为 API 访问生成正确的授权字符串时遇到问题。我尝试使用 JS,字符串可以使用,而来自 golang 的字符串不能用于身份验证。你能帮我检查一下有什么不同并纠正我吗?这是我的 golang 代码:


func generateSalt(dataToSign string) string {

    token := hmac.New(sha256.New, []byte("secret"))

    token.Write([]byte(dataToSign))

    macSum := token.Sum(nil)

    return base64.StdEncoding.EncodeToString(macSum)

}


func main() {

    date = "Wed, 25 May 2022 09:16:45 GMT"

    uri := "groups"

    url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)

    dataToSign := fmt.Sprintf(`(request-target): get %s%vhost: %s%vdate: %s`, "/v2/groups", "\r\n", "api-worldcheck.refinitiv.com", "\r\n", date)

    log.Printf("dateToSign: %s", dataToSign)

    hmac := generateSalt(dataToSign)

    authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)

    log.Printf("authorization: %s", authorization)

}

golang 的结果是 dZzRZfa0yVZsTWof+qEz5VhsFyV83b6DDKXzG9pp/yk=


JS上的代码


function generateAuthHeader(dataToSign){

    var hash = CryptoJS.HmacSHA256(dataToSign,environment["api-secret"]);

    return hash.toString(CryptoJS.enc.Base64); 

}


var date = "Wed, 25 May 2022 09:16:45 GMT";


var dataToSign = "(request-target): get " + environment["gateway-url"] + "groups\n" +

        "host: " + environment["gateway-host"] + "\n" +

        "date: " + date;

        console.log("date", date)

        console.log({dataToSign})

var hmac = generateAuthHeader(dataToSign);

var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";

        console.log({authorisation})

结果为 nx5uyMlq4kOxY1fD5OpoLE6UGI+f5p3OUy+l6G8+oxc=


慕莱坞森
浏览 107回答 1
1回答

UYOU

这两个片段都有不同的数据要签名。JS 有一些使用的环境变量可能不同。我从 Go 代码中获取了这些值。Go 代码:Go 游乐场示例// You can edit this code!// Click here and start typing.package mainimport (&nbsp; &nbsp; "crypto/hmac"&nbsp; &nbsp; "crypto/sha256"&nbsp; &nbsp; "encoding/base64"&nbsp; &nbsp; "fmt"&nbsp; &nbsp; "log")func generateSalt(dataToSign string) string {&nbsp; &nbsp; token := hmac.New(sha256.New, []byte("secret"))&nbsp; &nbsp; token.Write([]byte(dataToSign))&nbsp; &nbsp; macSum := token.Sum(nil)&nbsp; &nbsp; return base64.StdEncoding.EncodeToString(macSum)}func main() {&nbsp; &nbsp; date := "Wed, 25 May 2022 09:16:45 GMT"&nbsp; &nbsp; uri := "groups"&nbsp; &nbsp; url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)&nbsp; &nbsp; host := "api-worldcheck.refinitiv.com"&nbsp; &nbsp; dataToSign := fmt.Sprintf("(request-target): get %s\nhost: %s\ndate: %s", url, host, date)&nbsp; &nbsp; log.Printf("dateToSign: %s", dataToSign)&nbsp; &nbsp; hmac := generateSalt(dataToSign)&nbsp; &nbsp; authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)&nbsp; &nbsp; log.Printf("authorization: %s", authorization)}JS代码:function generateAuthHeader(dataToSign){&nbsp; &nbsp; var hash = CryptoJS.HmacSHA256(dataToSign, "secret");&nbsp; &nbsp; return hash.toString(CryptoJS.enc.Base64);&nbsp;}var date = "Wed, 25 May 2022 09:16:45 GMT";var url = "https://api-worldcheck.refinitiv.com/v2/";var host = "api-worldcheck.refinitiv.com";var apiKey = "api-key";var dataToSign = "(request-target): get " + url + "groups\n" +&nbsp; &nbsp; &nbsp; &nbsp; "host: " + host + "\n" +&nbsp; &nbsp; &nbsp; &nbsp; "date: " + date;console.log("date", date)console.log("dataToSign", dataToSign)var hmac = generateAuthHeader(dataToSign);var authorisation = "Signature keyId=\"" + apiKey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";console.log(authorisation);<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>两者都有签名为pZjwRvunAPwUs7tFdbFtY6xOLjbpKUYMpnb
随时随地看视频慕课网APP

相关分类

Go
我要回答