使用 golang 和 JS 生成时授权字符串不相同

这两个片段都有不同的数据要签名。JS 有一些使用的环境变量可能不同。我从 Go 代码中获取了这些值。Go 代码：Go 游乐场示例// You can edit this code!// Click here and start typing.package mainimport (    "crypto/hmac"    "crypto/sha256"    "encoding/base64"    "fmt"    "log")func generateSalt(dataToSign string) string {    token := hmac.New(sha256.New, []byte("secret"))    token.Write([]byte(dataToSign))    macSum := token.Sum(nil)    return base64.StdEncoding.EncodeToString(macSum)}func main() {    date := "Wed, 25 May 2022 09:16:45 GMT"    uri := "groups"    url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)    host := "api-worldcheck.refinitiv.com"    dataToSign := fmt.Sprintf("(request-target): get %s\nhost: %s\ndate: %s", url, host, date)    log.Printf("dateToSign: %s", dataToSign)    hmac := generateSalt(dataToSign)    authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)    log.Printf("authorization: %s", authorization)}JS代码：function generateAuthHeader(dataToSign){    var hash = CryptoJS.HmacSHA256(dataToSign, "secret");    return hash.toString(CryptoJS.enc.Base64); }var date = "Wed, 25 May 2022 09:16:45 GMT";var url = "https://api-worldcheck.refinitiv.com/v2/";var host = "api-worldcheck.refinitiv.com";var apiKey = "api-key";var dataToSign = "(request-target): get " + url + "groups\n" +        "host: " + host + "\n" +        "date: " + date;console.log("date", date)console.log("dataToSign", dataToSign)var hmac = generateAuthHeader(dataToSign);var authorisation = "Signature keyId=\"" + apiKey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";console.log(authorisation);<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>两者都有签名为pZjwRvunAPwUs7tFdbFtY6xOLjbpKUYMpnb

使用 golang 和 JS 生成时授权字符串不相同

1回答