添加报文加解密

66d904c4 · dliangx · 1879ee47 · 66d904c4 · 66d904c4 · 66d904c4
Commit 66d904c4 authored Sep 25, 2024 by dliangx
Expand all Show whitespace changes
Inline Side-by-side

Showing with 99 additions and 13 deletions

go.mod
+1 -0

go.sum
+0 -0

handler/auth.go
+8 -5

handler/pay_result.go
+8 -6

model/http_body.go
+78 -2

nltconst/crypt.go
+4 -0

No files found.
--- a/go.mod
+++ b/go.mod
@@ -5,6 +5,7 @@ go 1.22.5
 require (
 	github.com/cloudwego/hertz v0.9.3
 	github.com/go-sql-driver/mysql v1.8.1
+	github.com/tjfoc/gmsm v1.4.1
 )

 require (

--- a/go.sum
+++ b/go.sum
--- a/handler/auth.go
+++ b/handler/auth.go
@@ -14,15 +14,17 @@ import (

 func Auth(ctx context.Context, c *app.RequestContext) {
 	var err error
+	var creq model.CryptHttpBodyReq[string]
 	var req model.HttpBodyReq[model.AuthReq]
 	var resp model.HttpBodyResp[model.AuthResp]
 	err = c.BindAndValidate(&req)
+	req = model.VerifyAndDecrypt[model.AuthReq](creq)
 	fmt.Println(req)
 	if err != nil {
 		resp.Head.Code = nltconst.PARAM_ERROR
 		resp.Head.ServiceTime = nltconst.GetNowTime()
 		resp.Head.ServiceSn = req.Head.ServiceSn
-		c.JSON(consts.StatusOK, resp)
+		c.JSON(consts.StatusOK, model.EncryptAndSign(resp))
 		return
 	}
 	rows, err := db.DB.Query("select farm_name from loan_orderinfo where id_num = ?", &req.Request.IdNo)
@@ -31,7 +33,7 @@ func Auth(ctx context.Context, c *app.RequestContext) {
 		resp.Head.Code = nltconst.SYS_ERROR
 		resp.Head.ServiceTime = nltconst.GetNowTime()
 		resp.Head.ServiceSn = req.Head.ServiceSn
-		c.JSON(consts.StatusOK, resp)
+		c.JSON(consts.StatusOK, model.EncryptAndSign(resp))
 		return
 	}

@@ -47,7 +49,7 @@ func Auth(ctx context.Context, c *app.RequestContext) {
 		resp.Head.Code = string(nltconst.PERSON_INFO_NO_MATCH)
 		resp.Head.ServiceTime = nltconst.GetNowTime()
 		resp.Head.ServiceSn = req.Head.ServiceSn
-		c.JSON(consts.StatusOK, resp)
+		c.JSON(consts.StatusOK, model.EncryptAndSign(resp))
 		return
 	}

@@ -57,7 +59,7 @@ func Auth(ctx context.Context, c *app.RequestContext) {
 		resp.Head.Code = nltconst.SYS_ERROR
 		resp.Head.ServiceTime = nltconst.GetNowTime()
 		resp.Head.ServiceSn = req.Head.ServiceSn
-		c.JSON(consts.StatusOK, resp)
+		c.JSON(consts.StatusOK, model.EncryptAndSign(resp))
 		return
 	}

@@ -65,6 +67,7 @@ func Auth(ctx context.Context, c *app.RequestContext) {
 	resp.Head.ServiceTime = nltconst.GetNowTime()
 	resp.Head.ServiceSn = req.Head.ServiceSn
 	resp.Response.DirectURL = nltconst.DURL + "?param=" + req.Request.DuebillNoOrg
-	c.JSON(consts.StatusOK, resp)
+
+	c.JSON(consts.StatusOK, model.EncryptAndSign(resp))
 	return
 }
--- a/handler/pay_result.go
+++ b/handler/pay_result.go
@@ -14,13 +14,15 @@ import (

 func QueryPayResult(ctx context.Context, c *app.RequestContext) {
 	var err error
+	var creq model.CryptHttpBodyReq[string]
 	var req model.HttpBodyReq[model.PayResultReq]
 	var resp model.HttpBodyResp[model.PayResultResp]
-	err = c.BindAndValidate(&req)
+	err = c.BindAndValidate(&creq)
+	req = model.VerifyAndDecrypt[model.PayResultReq](creq)
 	if err != nil {
 		resp.Head.Code = nltconst.PARAM_ERROR
 		resp.Head.ServiceTime = nltconst.GetNowTime()
-		c.JSON(consts.StatusOK, resp)
+		c.JSON(consts.StatusOK, model.EncryptAndSign(resp))
 		return
 	}

@@ -34,7 +36,7 @@ func QueryPayResult(ctx context.Context, c *app.RequestContext) {
 		resp.Head.Code = nltconst.SYS_ERROR
 		resp.Head.ServiceTime = nltconst.GetNowTime()
 		resp.Head.ServiceSn = req.Head.ServiceSn
-		c.JSON(consts.StatusOK, resp)
+		c.JSON(consts.StatusOK, model.EncryptAndSign(resp))
 		return
 	}
 	var count int
@@ -51,7 +53,7 @@ func QueryPayResult(ctx context.Context, c *app.RequestContext) {
 		resp.Head.Code = nltconst.NODATA
 		resp.Head.ServiceTime = nltconst.GetNowTime()
 		resp.Head.ServiceSn = req.Head.ServiceSn
-		c.JSON(consts.StatusOK, resp)
+		c.JSON(consts.StatusOK, model.EncryptAndSign(resp))
 		return
 	}

@@ -61,14 +63,14 @@ func QueryPayResult(ctx context.Context, c *app.RequestContext) {
 		resp.Head.Code = nltconst.SYS_ERROR
 		resp.Head.ServiceTime = nltconst.GetNowTime()
 		resp.Head.ServiceSn = req.Head.ServiceSn
-		c.JSON(consts.StatusOK, resp)
+		c.JSON(consts.StatusOK, model.EncryptAndSign(resp))
 		return
 	}
 	resp.Head.Code = string(nltconst.SUCCESS)
 	resp.Head.ServiceTime = nltconst.GetNowTime()
 	resp.Head.ServiceSn = req.Head.ServiceSn

-	c.JSON(consts.StatusOK, resp)
+	c.JSON(consts.StatusOK, model.EncryptAndSign(resp))
 	return

 }
--- a/model/http_body.go
+++ b/model/http_body.go
 package model

+import (
+	"crypto/rand"
+	"encoding/json"
+	"log"
+	"strings"
+
+	"github.com/tjfoc/gmsm/sm2"
+	"nlt.com/pf/nltconst"
+)
+
+type CryptHttpBodyReq[T any] struct {
+	Request   HttpBodyReq[T]
+	Signature string
+}
+
+type CryptHttpBodyResp[T any] struct {
+	Response  HttpBodyResp[T]
+	Signature string
+}
+
 type HttpBodyReq[T any] struct {
 	Head    ReqHead `json:"head"`
-	Request T       `json:"request"`
+	Request T       `json:"body"`
 }

 type HttpBodyResp[T any] struct {
 	Head     RespHead `json:"head"`
-	Response T        `json:"reponse"`
+	Response T        `json:"body"`
 }

 type ReqHead struct {
@@ -20,3 +40,59 @@ type RespHead struct {
 	ServiceTime string `json:"serviceTime"`
 	ServiceSn   string `json:"serviceSn"`
 }
+
+func EncryptAndSign[T any](resp HttpBodyResp[T]) CryptHttpBodyResp[string] {
+	var cresp CryptHttpBodyResp[string]
+	privateKeyBytes, _ := sm2.GenerateKey(strings.NewReader(nltconst.SM2_PRIVATE_KEY))
+
+	// 对应的公钥
+	publicKey := &privateKeyBytes.PublicKey
+	body, err := json.Marshal(resp.Response)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	ciphertext, err := sm2.Encrypt(publicKey, body, rand.Reader, sm2.C1C2C3)
+	if err != nil {
+		log.Println(err)
+	}
+	cresp.Response.Head = resp.Head
+	cresp.Response.Response = string(ciphertext)
+
+	response, err := json.Marshal(resp)
+	uid := []byte("tk")
+	r, s, err := sm2.Sm2Sign(privateKeyBytes, response, uid, rand.Reader)
+	if err != nil {
+		log.Println(err)
+	}
+	rBytes := r.Bytes()
+	sBytes := s.Bytes()
+
+	signature := append(rBytes, sBytes...)
+	cresp.Signature = string(signature)
+	return cresp
+}
+
+func VerifyAndDecrypt[T any](creq CryptHttpBodyReq[string]) HttpBodyReq[T] {
+	var req HttpBodyReq[T]
+	privateKeyBytes, _ := sm2.GenerateKey(strings.NewReader(nltconst.SM2_PRIVATE_KEY))
+	signature := creq.Signature
+	r, s, err := sm2.SignDataToSignDigit([]byte(signature))
+	if err != nil {
+		log.Println(err)
+	}
+	uid := []byte("tk")
+	if sm2.Sm2Verify(&privateKeyBytes.PublicKey, []byte(creq.Request.Request), uid, r, s) {
+		tx, err := sm2.Decrypt(privateKeyBytes, []byte(creq.Request.Request), sm2.C1C2C3)
+		if err != nil {
+			log.Println(err)
+		}
+		req.Head = creq.Request.Head
+		err = json.Unmarshal(tx, req.Request)
+		if err != nil {
+			log.Println(err)
+		}
+		return req
+	}
+
+	return req
+}
--- a/nltconst/crypt.go
+++ b/nltconst/crypt.go
+package nltconst
+
+const SM2_PUBLIC_KEY = "A7CD09260A67113F988F530154AD6A70B2A4DD3E00BD27BB124E7E7051FC0C97E7AC3C5A6CB6C9BB459BEF252761AD1AE727718498CA3130D67CFC84F9B1BB1F"
+const SM2_PRIVATE_KEY = "BF6CA99BC05A05C8B4F916A8C6187E5A68207A7B7D89ACC7F478B7E3AFA29454"