sas

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2022 License: Apache-2.0 Imports: 27 Imported by: 0

README

认证系统对接sdk使用说明

1.sdk配置初始化

    //address:设置sas认证系统请求地址,可以是http/rpc地址
    //ConfOption 设置var-http/rpc配置节点名;设置网络请求类型http/rpc
    sas.InitConfig("address",...ConfOption)

    //例如:
    func init(){
        sas.InitConfig("sas_v1_debug", sas.WithRPCName("rpctet"), sas.WithRPCReq())
    }

2. sdk对象说明

2.1 sdk对象初始化
    //euid:认证系哦配置用户编号
    //clientOption:签名/加密等规则配置option
    sas.NewSasClient(euid string, opts ...clientOption) (*sasClient, error)

    //clientOption 说明:
    //WithKeyValue 设置签名串的键值连接符,不设置默认为空
    sas.WithKeyValue(keyValue string) clientOption

    //WithChain 设置签名串每组键值之间的连接符,不设置默认为空
    sas.WithChain(chain string) clientOption

    //WithSortAll 设置签名参数排序方式-all-密钥和数据都要参与排序(只有通过WithSecretName设置密钥key名称,如果不设置密钥字段名默认为:secert)
    sas.WithSortAll() clientOption 

    //WithSortData 设置签名参数排序方式-data-仅数据参与排序
    sas.WithSortData(field ...string) clientOption 

    //WithSortStatic 设置签名参数排序方式-static--指定字段参与排序(如果调用该方法,但是没有设置fields值,将会按照data排序方式,对所有参数进行排序)
    sas.WithSortStatic(fields ...string) clientOption 

    //WithSecretName 设置密钥键名(默认为空) 字段排序方式为:all,密钥也需要加入原串排序时,必须设置密钥key名称;如果不设置,默认:secert
    sas.WithSecretName(sertName, sertKeyValue string) clientOption 

    //WithSertModeTail 设置签名串密钥尾部拼接方式;chain:密钥与参数串的链接符,可为空
    sas.WithSertModeTail(chain ...string) clientOption 

    //WithSertModeHead 设置签名串密钥头部拼接方式;chain:密钥与参数串的链接符,可为空
    sas.WithSertModeHead(chain ...string) clientOption 

    //WithSertModeTailNadHead 设置签名串密钥头尾部拼接方式;chain:密钥与参数串的链接符,可为空
    sas.WithSertModeTailAndHead(chain ...string) clientOption 

    //WithUIDAlias 重新设置用户编号的字段名;不设置,默认:euid
    sas.WithUIDAlias(name string) clientOption 

    //WithTimestampAlias 设置时间戳的字段名;不设置,默认:timestamp
    sas.WithTimestampAlias(name string) clientOption 

    //WithSignAlias 设置sign的字段名;不设置,默认:sign
    sas.WithSignAlias(name string) clientOption 

    //WithEncryptName 设置参数中需要加密的字段
    sas.WithEncryptName(name ...string) clientOption 

    //WithDynamicKeyName 设置动态密钥字段名;不设置,默认:secret_id
    sas.WithDynamicKeyName(name string) clientOption
2.2 sasSDK签名方法说明

现在支持的签名方式包括:md5, rsa, hmac, sha1, sha256, sha512
业务方不用设置公共参数, sdk会根据配置自动添加字段信息, 公共参数包括:timestamp, sign, euid

    //初始化认证对象
    client,err := sas.NewSasClient("euid_111", 
        sas.WithKeyValue("x"),  //设置键值之间的连接符:x
        sas.WithChain("v"),    //设置键值对参数之间的连接符:v
        sas.WithUIDAlias("uid_xyz"), //设置euid别名为:uid_xyz
        sas.WithSertModeTailAndHead(),  //签名串密钥拼接方式为头尾都拼接,并且没有设置链接符号
        sas.WithSignAlias("newsign"),  //设置签名字段名:newsign
        sas.WithTimestampAlias("newtimestamp"),  //设置时间戳字段名:newtimestamp
        sas.WithSecretName("&&&&", "@@"))    //设置密钥的名称:&&&&  并且设置密钥串和名称链接符:@@

    input := types.XMap{
        "order_no":"123456",
        "amount":100,
    }
    //sign:数字签名字符串;
    //data:完整的请求参数(包含:timestamp, sign, euid等公共参数和业务参数input已经全部合并在其中)
    //err :异常信息
    sign, data, err := client.HmacSign(input)

    //sign:数字签名字符串;
    //data:完整的请求参数(包含:timestamp, sign, euid等公共参数和业务参数input已经全部合并在其中)
    //err :异常信息
    sign, data, err := client.MD5Sign(input)

    //sign:数字签名字符串;
    //data:完整的请求参数(包含:timestamp, sign, euid等公共参数和业务参数input已经全部合并在其中)
    //err :异常信息
    sign, data, err := client.Sha1Sign(input)

    //sign:数字签名字符串;
    //data:完整的请求参数(包含:timestamp, sign, euid等公共参数和业务参数input已经全部合并在其中)
    //err :异常信息
    sign, data, err := client.Sha256Sign(input)

    //sign:数字签名字符串;
    //data:完整的请求参数(包含:timestamp, sign, euid等公共参数和业务参数input已经全部合并在其中)
    //err :异常信息
    sign, data, err := client.Sha512Sign(input)

    //rsa签名特别说明:由于rsa是非对称密钥,所有要使用该种签名方式,只有两种方案:
    //1.服务提供方提供私钥给业务方,这里会有密钥泄漏问题,存在一定风险;
    //2.使用两对rsa密钥,相互交换公钥;(安全,可靠性高--推荐)
    privateKey := "MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKcL8lPN75gPgGODNMv/7tPhBUA/i13GAcVJZSEWKggGGEyjCxgKBRocHjdM2sQ+D6QN68JjFNqSnFFgRFBv7aF6AVZsGBQadbrFYbuwjPqD+QIz5S8EJReSRRtzNy0FbngqETMTJf0K9egYS8RKfDWhG0BQipFrkK82S/PSO1OpAgMBAAECgYEAgNqlRWHQVHJ4rcpS2p2EI2oq+8FIhsArM3yHBrurFl9lNRB7iUKJZveTk0K0abYZqImYd2yodGWtMNRaPdXo7Wwjld/ta/r9YCEwCwki/D5VBGXYGhkEoBrc6p56P3y8K8XU9p+GCSIMgFFSuAFCLDjaUSECqBk5lOJG5Jdu1gECQQDJbqwd7Wa9ZMLOAShPFQQrRIHnomS3TSw3TXWezrO+KyvPIMHC6QJAojaWG6kGTI4lWSPxGuMa4NaZSl6Kiw/BAkEA1EyhUwQ6DeoOaYI1qRf2Vv9IUjvfhIdLf3F1rJnJffnaRL6+B8thf2/5U7SRmhIQGa5hsS90KTB7Kw1jUSk96QJAHM/FsqooTeLBsnGb8GPTKtUrt5QUz9sr/eUIc+Sg9Qx7wa6vyE9H0TLil+nw7UO5+UGc0HnGDiwmxdpLV4m4gQJAIQaGthZbPZzifxFNba+Xl7MAuiIsRD6TxRCOYLpPuPQsOzN89lNyKFPv8lCNse0LaiNReTHLnTi4gFsFzzNeOQJAIvbR4Jr8ig10vvjl+Myac0K3n9BxVZ0LwXUeBanTGqpJ73UBIUlpWNhugrqIB5/td+QNuoexenzKD+CFn+B28g=="
    //sign:数字签名字符串;
    //data:完整的请求参数(包含:timestamp, sign, euid等公共参数和业务参数input已经全部合并在其中)
    //err :异常信息
    sign, data, err := client.RSASign(input, privateKey)
2.3 sasSDK-Multi混合认证方式说明

该认证方式支持同时使用签名和数据加密联合认证
签名支持的方式:md5, hmac, sha1, sha256, sha512; (不支持RSA非对称密钥的签名, 会与加密逻辑冲突)
加密支持的方式:aes, des, rsa

//初始化认证对象
    client,err := sas.NewSasClient("euid_111", 
        sas.WithKeyValue("x"),  //设置键值之间的连接符:x
        sas.WithChain("v"),    //设置键值对参数之间的连接符:v
        sas.WithEncryptName("ident_no", "channel_no"), //设置需要加密的字段
        sas.WithUIDAlias("uid_xyz"), //设置euid别名为:uid_xyz
        sas.WithSertModeTailAndHead(),  //签名串密钥拼接方式为头尾都拼接,并且没有设置链接符号
        sas.WithSignAlias("newsign"),  //设置签名字段名:newsign
        sas.WithTimestampAlias("newtimestamp"),  //设置时间戳字段名:newtimestamp
        sas.WithSecretName("&&&&", "@@"))    //设置密钥的名称:&&&&  并且设置密钥串和名称链接符:@@

    input := types.XMap{
        "order_no":"123456",
        "amount":100,
        "ident_no":"taosy",
        "channel_no":"",
    }

    //sign:数字签名字符串;
    //data:完整的请求参数(包含:timestamp, sign, euid等公共参数和业务参数input已经全部合并在其中-ident_no和channel_no是密文)
    //err :异常信息
    sign, data, err := client.Multi(input, "md5", "rsa") 
    //根据配置"ident_no", "channel_no"字段会使用rsa进行加密后传输
2.4 sasSDK-Dynamic动态密钥混合认证方式说明

该方式由业务方实时随机生成密钥, 并通过该密钥对传输参数进行签名和加密, 并且该密钥会使用认证系统配置的rsa密钥进行加密后和参数一起传输给服务方
签名支持的方式:md5, hmac, sha1, sha256, sha512; (不支持RSA非对称密钥的签名)
加密支持的方式:aes, des; (不支持RSA非对称密钥的加密).
注: 使用des加密时, 随机密钥的长度必须为8; aes加密时, 随机密钥的长度最好是16/24/32的字符. 如果<16, 会使用0补位;

//初始化认证对象
    client,err := sas.NewSasClient("identtest","group_test", "euid_111", 
        sas.WithKeyValue("x"),  //设置键值之间的连接符:x
        sas.WithChain("v"),    //设置键值对参数之间的连接符:v
        sas.WithEncryptName("ident_no", "channel_no"), //设置需要加密的字段
        sas.WithUIDAlias("uid_xyz"), //设置euid别名为:uid_xyz
        sas.WithSertModeTailAndHead(),  //签名串密钥拼接方式为头尾都拼接,并且没有设置链接符号
        sas.WithSignAlias("newsign"),  //设置签名字段名:newsign
        sas.WithTimestampAlias("newtimestamp"),  //设置时间戳字段名:newtimestamp
        sas.WithSecretName("&&&&", "@@"))    //设置密钥的名称:&&&&  并且设置密钥串和名称链接符:@@

    input := types.XMap{
        "order_no":"123456",
        "amount":100,
        "ident_no":"taosy",
        "channel_no":"",
    }

    dynamicKey := "12345678"
    //sign:数字签名字符串;
    //data:完整的请求参数(包含:timestamp, sign, euid等公共参数和业务参数input已经全部合并在其中-ident_no和channel_no是密文)
    //err :异常信息
    sign, data, err := client.Dynamic(input , dynamicKey, "sha1", "des")
    //根据配置"ident_no", "channel_no"字段会使用rsa进行加密后传输
2.5 sasSDK-secret密钥设置接口

通过http接口或者rpc服务对用户密钥进行管理(密钥的生成, 重置, 获取, 启用, 禁用)
现在http接口没有添加签名和加密等认证配置, 所以都是可以直接访问


 client,err := sas.NewSasClient("euid_111")

//SecretGenerate 生成密钥
//sceretType:加密类型:md5,sha1,sha256,sha512,hmac,rsa,aes,des,
//expire :如果是设置rsa密钥需要才需要传入此参数, 设置为0,表示不过期.  单位:秒
client.SecretGenerate(sceretType string, expire int64) (resp *Response, err error) {

//SecretGet 获取密钥
//sceretType:加密类型:md5,sha1,sha256,sha512,hmac,rsa,aes,des,(注:rsa只能获取到公钥信息)
client.SecretGet(sceretType string) (resp *Response, err error) {

//SecretReset 重置密钥
//sceretType:加密类型:md5,sha1,sha256,sha512,hmac,rsa,aes,des,
client.SecretReset(sceretType string) (resp *Response, err error) {

//SecretEnable 启用密钥
//sceretType:加密类型:md5,sha1,sha256,sha512,hmac,rsa,aes,des,
client.SecretEnable(sceretType string) (resp *Response, err error) {

//SecretDisable 禁用密钥
//sceretType:加密类型:md5,sha1,sha256,sha512,hmac,rsa,aes,des,
client.SecretDisable(sceretType string) (resp *Response, err error) {

Documentation

Index

Constants

View Source 
const (
	MD5Str    = enum.MD5Str
	SHA1Str   = enum.SHA1Str
	SHA256Str = enum.SHA256Str
	SHA512Str = enum.SHA512Str
	HMACStr   = enum.HMACStr
	RSAStr    = enum.RSAStr
	AESStr    = enum.AESStr
	DESStr    = enum.DESStr
	CertStr   = enum.CertStr
)

加密类型枚举值

Variables

This section is empty.

Functions

func Bind 

func Bind(registry services.IMicroRegistry, opts ...ConfOption) error

Bind 将SSO服务注册到应用服务器

func Config 

func Config(opts ...Option)

Config 配置

func NewSasClient 

func NewSasClient(euid string, opts ...ClientOption) *sasClient

NewSasClient 初始化sas请求对象

func Unbind 

func Unbind()

Unbind 解除服务绑定

Types

type ClientOption 

type ClientOption func(*sasClient)

ConfOption 配置选项

func WithChain 

func WithChain(chain string) ClientOption

WithChain 设置每组键值连接符

func WithDynamicKeyName 

func WithDynamicKeyName(name string) ClientOption

WithDynamicKeyName 设置动态密钥字段名

func WithEncryptName 

func WithEncryptName(name ...string) ClientOption

WithEncryptName 设置需要加密的字段名

func WithKeyValue 

func WithKeyValue(keyValue string) ClientOption

WithKeyValue 设置键值连接符

func WithSecretName 

func WithSecretName(sertName, sertKeyValue string) ClientOption

WithSecretName 设置密钥键名(默认为空) 字段排序方式为:all,密钥也需要加入原串排序时,必须设置密钥key名称;如果不设置,默认:secert

func WithSertModeHead 

func WithSertModeHead(chain ...string) ClientOption

WithSertModeHead 设置密钥头部拼接方式 并且用chain链接

func WithSertModeTail 

func WithSertModeTail(chain ...string) ClientOption

WithSertModeTail 设置密钥尾部拼接方式 并且用chain链接

func WithSertModeTailAndHead 

func WithSertModeTailAndHead(chain ...string) ClientOption

WithSertModeTailNadHead 设置密钥头尾部拼接方式 并且用chain链接

func WithSignAlias 

func WithSignAlias(name string) ClientOption

WithSignAlias 设置sign的字段名

func WithSortAll 

func WithSortAll() ClientOption

WithSortAll 设置参数排序方式 排序方式 all-密钥和数据都要参与排序,必须设置密钥key名称;

func WithSortData 

func WithSortData() ClientOption

WithSortData 设置参数排序方式 排序方式 data-仅数据参与排序

func WithSortStatic 

func WithSortStatic(fields ...string) ClientOption

WithSortStatic 设置参数排序方式 排序方式 static--指定字段参与排序

func WithTimestampAlias 

func WithTimestampAlias(name string) ClientOption

WithTimestampAlias 设置timestamp的字段名

func WithUIDAlias 

func WithUIDAlias(name string) ClientOption

WithUIDAlias 设置用户euid的字段名

type ConfOption 

type ConfOption func()

ConfOption 配置选项

func WithDBName 

func WithDBName(db string) ConfOption

func WithServicePrefix 

func WithServicePrefix(prefix string) ConfOption

WithServicePrefix 服务前缀

type Option 

type Option func()

func WithCleanupInterval 

func WithCleanupInterval(interval time.Duration) Option

func WithExpiration 

func WithExpiration(expiration time.Duration) Option

type Response 

type Response struct {
	UID              string `json:"uid"`
	AesSecret        string `json:"aes_secret,omitempty"`
	DesSecret        string `json:"des_secret,omitempty"`
	HmacSecret       string `json:"hmac_secret,omitempty"`
	Md5Secret        string `json:"md5_secret,omitempty"`
	Sha1Secret       string `json:"sha1_secret,omitempty"`
	Sha256Secret     string `json:"sha256_secret,omitempty"`
	Sha512Secret     string `json:"sha512_secret,omitempty"`
	RsaPrivateSecret string `json:"rsa_private_secret,omitempty"`
	RsaPublicSecret  string `json:"rsa_public_secret,omitempty"`
	PkcsType         string `json:"pkcs_type,omitempty"`
	Bits             int    `json:"bits,omitempty"`
	MerchantCert     string `json:"mer_cert,omitempty"`
	SupplierCert     string `json:"spl_cert,omitempty"`
	RootCert         string `json:"root_cert,omitempty"`
	CertKey          string `json:"cert_key,omitempty"`

	Status     string `json:"status"`
	Time       string `json:"time"`
	ExpireTime string `json:"expire_time"`
}

SecretResponse 返回信息

type SecretOption 

type SecretOption func(*models.Item)

SecretOption 密码选项

func WithAesSecret 

func WithAesSecret(key string) SecretOption

WithAesSecret AES

func WithCertKey 

func WithCertKey(key string) SecretOption

WithCertKey CertKey

func WithDesSecret 

func WithDesSecret(key string) SecretOption

WithDesSecret DES

func WithExpire 

func WithExpire(expireSeconds int) SecretOption

WithExpire 过期时间

func WithHmacSecret 

func WithHmacSecret(key string) SecretOption

WithHmacSecret HmacSecret

func WithMd5Secret 

func WithMd5Secret(key string) SecretOption

WithMd5Secret Md5Secret

func WithMerchantCert 

func WithMerchantCert(key string) SecretOption

MerchantCert MerchantCert

func WithPkcsType 

func WithPkcsType(pkcsType string) SecretOption

WithPkcsType 编码方式 pkcs1,pkcs7,pkcs8

func WithRootCert 

func WithRootCert(key string) SecretOption

WithRootCert RootCert

func WithRsaBits 

func WithRsaBits(rsaBits int) SecretOption

WithRsaBits 编码方式 1024/2048

func WithRsaPrivateKey 

func WithRsaPrivateKey(priKey string) SecretOption

WithRsaPrivateKey 私钥

func WithRsaPublicKey 

func WithRsaPublicKey(pubKey string) SecretOption

WithRsaPublicKey 公钥

func WithSha1Secret 

func WithSha1Secret(key string) SecretOption

WithSha1Secret Hmac

func WithSha256Secret 

func WithSha256Secret(key string) SecretOption

WithSha256Secret Sha256Secret

func WithSha512Secret 

func WithSha512Secret(key string) SecretOption

WithSha512Secret Sha512Secret

func WithSupplierCert 

func WithSupplierCert(key string) SecretOption

WithSupplierCert SupplierCert

Source Files

View all Source files

Directories

Path Synopsis
modules
auth
auth/conf
const/conf
const/enum
const/models
* @Description: * @Autor: liujinyin * @Date: 2021-07-02 18:17:24 * @LastEditors: liujinyin * @LastEditTime: 2021-07-02 19:40:42
 * @Description: * @Autor: liujinyin * @Date: 2021-07-02 18:17:24 * @LastEditors: liujinyin * @LastEditTime: 2021-07-02 19:40:42
const/sqls
* @Description: * @Autor: liujinyin * @Date: 2021-07-02 17:28:46 * @LastEditors: liujinyin * @LastEditTime: 2021-07-02 18:29:12
 * @Description: * @Autor: liujinyin * @Date: 2021-07-02 17:28:46 * @LastEditors: liujinyin * @LastEditTime: 2021-07-02 18:29:12
decrypt
secret
* @Description: * @Autor: liujinyin * @Date: 2021-06-28 18:40:43 * @LastEditors: liujinyin * @LastEditTime: 2021-07-02 19:58:33
 * @Description: * @Autor: liujinyin * @Date: 2021-06-28 18:40:43 * @LastEditors: liujinyin * @LastEditTime: 2021-07-02 19:58:33
sign
sign/signfactory
util
util/permission
services
auth
cipher
* @Description: * @Autor: liujinyin * @Date: 2021-06-28 18:40:43 * @LastEditors: liujinyin * @LastEditTime: 2021-07-02 19:07:56 * @Description: * @Autor: liujinyin * @Date: 2021-06-28 18:40:43 * @LastEditors: liujinyin * @LastEditTime: 2021-07-02 18:59:24 * @Description: * @Autor: liujinyin * @Date: 2021-06-28 18:40:43 * @LastEditors: liujinyin * @LastEditTime: 2021-07-02 19:00:04
 * @Description: * @Autor: liujinyin * @Date: 2021-06-28 18:40:43 * @LastEditors: liujinyin * @LastEditTime: 2021-07-02 19:07:56 * @Description: * @Autor: liujinyin * @Date: 2021-06-28 18:40:43 * @LastEditors: liujinyin * @LastEditTime: 2021-07-02 18:59:24 * @Description: * @Autor: liujinyin * @Date: 2021-06-28 18:40:43 * @LastEditors: liujinyin * @LastEditTime: 2021-07-02 19:00:04
services

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.