添加对方的公钥

c92d6aa7 · dliangx · 3f041f35 · c92d6aa7 · c92d6aa7
Commit c92d6aa7 authored Sep 29, 2024 by dliangx
Show whitespace changes
Inline Side-by-side

Showing with 37 additions and 10 deletions

model/http_body.go
+36 -10

nltconst/crypt.go
+1 -0

No files found.
--- a/model/http_body.go
+++ b/model/http_body.go
@@ -2,6 +2,8 @@ package model

 import (
 	"crypto/rand"
+	"encoding/base64"
+	"encoding/hex"
 	"encoding/json"
 	"errors"
 	"log"
@@ -12,13 +14,13 @@ import (
 )

 type CryptHttpBodyReq struct {
-	Request   HttpBodyReq[[]byte]
-	Signature []byte
+	Request   HttpBodyReq[string]
+	Signature string
 }

 type CryptHttpBodyResp struct {
-	Response  HttpBodyResp[[]byte]
-	Signature []byte
+	Response  HttpBodyResp[string]
+	Signature string
 }

 type HttpBodyReq[T any] struct {
@@ -47,7 +49,13 @@ func EncryptAndSign[T any](resp HttpBodyResp[T]) (CryptHttpBodyResp, error) {
 	privateKeyBytes, _ := sm2.GenerateKey(strings.NewReader(nltconst.SM2_PRIVATE_KEY))

 	// 对应的公钥
-	publicKey := &privateKeyBytes.PublicKey
+	publicKeyBytes, err := hex.DecodeString(nltconst.BANK_PUBLIC_KEY)
+	if err != nil {
+		log.Println(err.Error())
+		return cresp, err
+	}
+
+	publicKey := sm2.Decompress(publicKeyBytes)
 	body, err := json.Marshal(resp.Response)
 	if err != nil {
 		log.Println(err.Error())
@@ -59,7 +67,7 @@ func EncryptAndSign[T any](resp HttpBodyResp[T]) (CryptHttpBodyResp, error) {
 		return cresp, err
 	}
 	cresp.Response.Head = resp.Head
-	cresp.Response.Response = ciphertext
+	cresp.Response.Response = base64.RawStdEncoding.EncodeToString(ciphertext)

 	jsonResp, err := json.Marshal(resp)
 	if err != nil {
@@ -77,22 +85,40 @@ func EncryptAndSign[T any](resp HttpBodyResp[T]) (CryptHttpBodyResp, error) {
 		log.Println(err)
 		return cresp, err
 	}
-	cresp.Signature = signature
+
+	cresp.Signature = base64.RawStdEncoding.EncodeToString(signature)
 	return cresp, err
 }

 func VerifyAndDecrypt[T any](creq CryptHttpBodyReq) (HttpBodyReq[T], error) {
 	var req HttpBodyReq[T]
 	privateKeyBytes, _ := sm2.GenerateKey(strings.NewReader(nltconst.SM2_PRIVATE_KEY))
-	signature := creq.Signature
+
+	// 对应的公钥
+	publicKeyBytes, err := hex.DecodeString(nltconst.BANK_PUBLIC_KEY)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	publicKey := sm2.Decompress(publicKeyBytes)
+
+	signature, err := base64.RawStdEncoding.DecodeString(creq.Signature)
+	if err != nil {
+		log.Println(err)
+		return req, err
+	}
 	r, s, err := sm2.SignDataToSignDigit(signature)
 	if err != nil {
 		log.Println(err)
 		return req, err
 	}
 	uid := []byte("tk")
-	if sm2.Sm2Verify(&privateKeyBytes.PublicKey, creq.Signature, uid, r, s) {
-		tx, err := sm2.Decrypt(privateKeyBytes, creq.Request.Request, sm2.C1C2C3)
+	if sm2.Sm2Verify(publicKey, signature, uid, r, s) {
+		body, err := base64.RawStdEncoding.DecodeString(creq.Request.Request)
+		if err != nil {
+			log.Println(err)
+			return req, errors.New("解密错误")
+		}
+		tx, err := sm2.Decrypt(privateKeyBytes, body, sm2.C1C2C3)
 		if err != nil {
 			log.Println(err)
 			return req, errors.New("解密错误")

--- a/nltconst/crypt.go
+++ b/nltconst/crypt.go
@@ -2,3 +2,4 @@ package nltconst

 const SM2_PUBLIC_KEY = "A7CD09260A67113F988F530154AD6A70B2A4DD3E00BD27BB124E7E7051FC0C97E7AC3C5A6CB6C9BB459BEF252761AD1AE727718498CA3130D67CFC84F9B1BB1F"
 const SM2_PRIVATE_KEY = "BF6CA99BC05A05C8B4F916A8C6187E5A68207A7B7D89ACC7F478B7E3AFA29454"
+const BANK_PUBLIC_KEY = "0429a440e2fd06f3f0ce3c2fab61a8d1e0b13a1d78d75bac0447ce44cfa263de3525f30c5d8dc9f65120a3d5d09c0692b0e4361cb7a1894d68a6da22b0796b02b0"