engine/encipher/aes.go

155 lines
3.5 KiB
Go
Raw Permalink Normal View History

2024-02-11 01:31:01 +08:00
package encipher
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"encoding/base64"
"encoding/json"
"strings"
"time"
"git.apinb.com/bsm-sdk/engine/env"
"git.apinb.com/bsm-sdk/engine/exception"
"git.apinb.com/bsm-sdk/engine/types"
"git.apinb.com/bsm-sdk/engine/vars"
)
var (
certBytes *types.CertFileBytes = nil
JwtSecret []byte
JwtSecretLen int
)
2024-09-17 21:27:12 +08:00
func New(token string) {
JwtSecret = []byte(token)
2024-02-11 01:31:01 +08:00
JwtSecretLen = len(env.MeshEnv.JwtSecretKey)
}
2024-03-15 15:18:54 +08:00
func GenerateTokenAes(id uint, identity, client, role string, owner any, extend map[string]string) (string, error) {
2024-02-20 16:52:41 +08:00
if (JwtSecretLen == 16 || JwtSecretLen == 24 || JwtSecretLen == 32) == false {
2024-02-28 13:47:23 +08:00
return "", exception.ErrAuthSecret
2024-02-20 16:52:41 +08:00
}
2024-02-11 01:31:01 +08:00
expireTime := time.Now().Add(vars.JwtExpireDay)
claims := types.JwtClaims{
ID: id,
Identity: identity,
2024-06-28 11:29:46 +08:00
Client: client,
2024-02-11 01:31:01 +08:00
Extend: extend,
2024-03-15 15:18:54 +08:00
Owner: owner,
2024-02-11 01:31:01 +08:00
Role: role,
ExpiresAt: expireTime.Unix(),
}
byte, err := json.Marshal(claims)
if err != nil {
2024-02-28 13:47:23 +08:00
return "", exception.ErrJsonEncode
2024-02-11 01:31:01 +08:00
}
token, err := AesEncryptCBC(byte)
if err != nil {
return "", err
}
return token, nil
}
func AesEncryptCBC(plan []byte) (string, error) {
2024-02-20 16:52:41 +08:00
2024-02-11 01:31:01 +08:00
// 分组秘钥
// NewCipher该函数限制了输入k的长度必须为16, 24或者32
2024-02-28 13:47:23 +08:00
block, err := aes.NewCipher(JwtSecret)
if err != nil {
return "", exception.ErrAuthSecret
}
2024-02-11 01:31:01 +08:00
// 获取秘钥块的长度
blockSize := block.BlockSize()
// 补全码
plan = PKCS7Padding(plan, blockSize)
// 加密模式
blockMode := cipher.NewCBCEncrypter(block, JwtSecret[:blockSize])
// 创建数组
cryted := make([]byte, len(plan))
// 加密
blockMode.CryptBlocks(cryted, plan)
return base64.StdEncoding.EncodeToString(cryted), nil
}
func AesDecryptCBC(cryted string) (b []byte, err error) {
if (JwtSecretLen == 16 || JwtSecretLen == 24 || JwtSecretLen == 32) == false {
2024-02-28 13:47:23 +08:00
return nil, exception.ErrAuthSecret
2024-02-11 01:31:01 +08:00
}
// 转成字节数组
crytedByte, err := base64.StdEncoding.DecodeString(cryted)
if err != nil {
2024-02-28 13:47:23 +08:00
return nil, exception.ErrBase64Decode
2024-02-11 01:31:01 +08:00
}
// 分组秘钥
block, err := aes.NewCipher(JwtSecret)
if err != nil {
2024-02-28 13:47:23 +08:00
return nil, exception.ErrAuthSecret
2024-02-11 01:31:01 +08:00
}
// 获取秘钥块的长度
blockSize := block.BlockSize()
// 加密模式
blockMode := cipher.NewCBCDecrypter(block, JwtSecret[:blockSize])
// 创建数组
orig := make([]byte, len(crytedByte))
// 解密
blockMode.CryptBlocks(orig, crytedByte)
// 去补全码
orig = PKCS7UnPadding(orig, blockSize)
if orig == nil {
return nil, exception.ErrAuthParseFail
}
return orig, nil
}
func PKCS7Padding(ciphertext []byte, blocksize int) []byte {
padding := blocksize - len(ciphertext)%blocksize
padtext := bytes.Repeat([]byte{byte(padding)}, padding)
return append(ciphertext, padtext...)
}
// 去码
// bug:runtime error: slice bounds out of range [:-22]
func PKCS7UnPadding(origData []byte, blocksize int) []byte {
if blocksize <= 0 {
return nil
}
if origData == nil || len(origData) == 0 {
return nil
}
if len(origData)%blocksize != 0 {
return nil
}
length := len(origData)
unpadding := int(origData[length-1])
2024-02-20 16:52:41 +08:00
if length-unpadding <= 0 {
return nil
}
2024-02-11 01:31:01 +08:00
return origData[:(length - unpadding)]
}
func ParseTokenAes(token string) (*types.JwtClaims, error) {
token = strings.TrimSpace(token)
data, err := AesDecryptCBC(token)
if err != nil {
return nil, err
}
var ac *types.JwtClaims
err = json.Unmarshal(data, &ac)
if err != nil {
return nil, exception.ErrAuthParseFail
}
expireTime := time.Now().Unix()
if expireTime > ac.ExpiresAt {
return nil, exception.ErrAuthExpire
}
return ac, nil
}