使用 golang 和 JS 生成时授权字符串不相同
Authorization string is not same when generate with golang and JS
我在使用 Golang 为 API 访问生成正确的授权字符串时遇到问题。我尝试使用 JS,字符串可以使用,而来自 golang 的字符串不能用于身份验证。你能帮我检查一下有什么不同并纠正我吗?
这是我的 golang 代码:
func generateSalt(dataToSign string) string {
token := hmac.New(sha256.New, []byte("secret"))
token.Write([]byte(dataToSign))
macSum := token.Sum(nil)
return base64.StdEncoding.EncodeToString(macSum)
}
func main() {
date = "Wed, 25 May 2022 09:16:45 GMT"
uri := "groups"
url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)
dataToSign := fmt.Sprintf(`(request-target): get %s%vhost: %s%vdate: %s`, "/v2/groups", "\r\n", "api-worldcheck.refinitiv.com", "\r\n", date)
log.Printf("dateToSign: %s", dataToSign)
hmac := generateSalt(dataToSign)
authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)
log.Printf("authorization: %s", authorization)
}
golang的结果是dZzRZfa0yVZsTWof+qEz5VhsFyV83b6DDKXzG9pp/yk=
JS上的代码
function generateAuthHeader(dataToSign){
var hash = CryptoJS.HmacSHA256(dataToSign,environment["api-secret"]);
return hash.toString(CryptoJS.enc.Base64);
}
var date = "Wed, 25 May 2022 09:16:45 GMT";
var dataToSign = "(request-target): get " + environment["gateway-url"] + "groups\n" +
"host: " + environment["gateway-host"] + "\n" +
"date: " + date;
console.log("date", date)
console.log({dataToSign})
var hmac = generateAuthHeader(dataToSign);
var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";
console.log({authorisation})
结果为nx5uyMlq4kOxY1fD5OpoLE6UGI+f5p3OUy+l6G8+oxc=
两个片段都有不同的数据要签名。 JS 有一些使用的环境变量可能不同。我从 Go 代码中获取了这些值。
// You can edit this code!
// Click here and start typing.
package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"fmt"
"log"
)
func generateSalt(dataToSign string) string {
token := hmac.New(sha256.New, []byte("secret"))
token.Write([]byte(dataToSign))
macSum := token.Sum(nil)
return base64.StdEncoding.EncodeToString(macSum)
}
func main() {
date := "Wed, 25 May 2022 09:16:45 GMT"
uri := "groups"
url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)
host := "api-worldcheck.refinitiv.com"
dataToSign := fmt.Sprintf("(request-target): get %s\nhost: %s\ndate: %s", url, host, date)
log.Printf("dateToSign: %s", dataToSign)
hmac := generateSalt(dataToSign)
authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)
log.Printf("authorization: %s", authorization)
}
JS代码:
function generateAuthHeader(dataToSign){
var hash = CryptoJS.HmacSHA256(dataToSign, "secret");
return hash.toString(CryptoJS.enc.Base64);
}
var date = "Wed, 25 May 2022 09:16:45 GMT";
var url = "https://api-worldcheck.refinitiv.com/v2/";
var host = "api-worldcheck.refinitiv.com";
var apiKey = "api-key";
var dataToSign = "(request-target): get " + url + "groups\n" +
"host: " + host + "\n" +
"date: " + date;
console.log("date", date)
console.log("dataToSign", dataToSign)
var hmac = generateAuthHeader(dataToSign);
var authorisation = "Signature keyId=\"" + apiKey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";
console.log(authorisation);
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>
两者的签名都是pZjwRvunAPwUs7tFdbFtY6xOLjbpKUYMpnb
我在使用 Golang 为 API 访问生成正确的授权字符串时遇到问题。我尝试使用 JS,字符串可以使用,而来自 golang 的字符串不能用于身份验证。你能帮我检查一下有什么不同并纠正我吗? 这是我的 golang 代码:
func generateSalt(dataToSign string) string {
token := hmac.New(sha256.New, []byte("secret"))
token.Write([]byte(dataToSign))
macSum := token.Sum(nil)
return base64.StdEncoding.EncodeToString(macSum)
}
func main() {
date = "Wed, 25 May 2022 09:16:45 GMT"
uri := "groups"
url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)
dataToSign := fmt.Sprintf(`(request-target): get %s%vhost: %s%vdate: %s`, "/v2/groups", "\r\n", "api-worldcheck.refinitiv.com", "\r\n", date)
log.Printf("dateToSign: %s", dataToSign)
hmac := generateSalt(dataToSign)
authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)
log.Printf("authorization: %s", authorization)
}
golang的结果是dZzRZfa0yVZsTWof+qEz5VhsFyV83b6DDKXzG9pp/yk=
JS上的代码
function generateAuthHeader(dataToSign){
var hash = CryptoJS.HmacSHA256(dataToSign,environment["api-secret"]);
return hash.toString(CryptoJS.enc.Base64);
}
var date = "Wed, 25 May 2022 09:16:45 GMT";
var dataToSign = "(request-target): get " + environment["gateway-url"] + "groups\n" +
"host: " + environment["gateway-host"] + "\n" +
"date: " + date;
console.log("date", date)
console.log({dataToSign})
var hmac = generateAuthHeader(dataToSign);
var authorisation = "Signature keyId=\"" + environment["api-key"] + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";
console.log({authorisation})
结果为nx5uyMlq4kOxY1fD5OpoLE6UGI+f5p3OUy+l6G8+oxc=
两个片段都有不同的数据要签名。 JS 有一些使用的环境变量可能不同。我从 Go 代码中获取了这些值。
// You can edit this code!
// Click here and start typing.
package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"fmt"
"log"
)
func generateSalt(dataToSign string) string {
token := hmac.New(sha256.New, []byte("secret"))
token.Write([]byte(dataToSign))
macSum := token.Sum(nil)
return base64.StdEncoding.EncodeToString(macSum)
}
func main() {
date := "Wed, 25 May 2022 09:16:45 GMT"
uri := "groups"
url := fmt.Sprintf("https://api-worldcheck.refinitiv.com/v2/%s", uri)
host := "api-worldcheck.refinitiv.com"
dataToSign := fmt.Sprintf("(request-target): get %s\nhost: %s\ndate: %s", url, host, date)
log.Printf("dateToSign: %s", dataToSign)
hmac := generateSalt(dataToSign)
authorization := fmt.Sprintf(`Signature keyId="%s",algorithm="hmac-sha256",headers="(request-target) host date",signature="%s"`, "api-key", hmac)
log.Printf("authorization: %s", authorization)
}
JS代码:
function generateAuthHeader(dataToSign){
var hash = CryptoJS.HmacSHA256(dataToSign, "secret");
return hash.toString(CryptoJS.enc.Base64);
}
var date = "Wed, 25 May 2022 09:16:45 GMT";
var url = "https://api-worldcheck.refinitiv.com/v2/";
var host = "api-worldcheck.refinitiv.com";
var apiKey = "api-key";
var dataToSign = "(request-target): get " + url + "groups\n" +
"host: " + host + "\n" +
"date: " + date;
console.log("date", date)
console.log("dataToSign", dataToSign)
var hmac = generateAuthHeader(dataToSign);
var authorisation = "Signature keyId=\"" + apiKey + "\",algorithm=\"hmac-sha256\",headers=\"(request-target) host date\",signature=\"" + hmac + "\"";
console.log(authorisation);
<script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js"></script>
两者的签名都是pZjwRvunAPwUs7tFdbFtY6xOLjbpKUYMpnb