在线客服

controllers/kefu/router_collector.go

@@ -0,0 +1,5 @@
+package kefu
+
+func RegisterRouters() {
+	TencentUsersigApiRegistRouters()
+}

controllers/kefu/tencent_usersig_api_controller.go

@@ -0,0 +1,64 @@
+package kefu
+
+import (
+	base_ctl "SCRM/controllers"
+	"SCRM/enums"
+	"SCRM/service/tencentim_service"
+	"SCRM/utils"
+	"strconv"
+
+	"github.com/astaxie/beego"
+)
+
+type TencentUsersigApiController struct {
+	base_ctl.BaseAuthAPIController
+}
+
+func TencentUsersigApiRegistRouters() {
+	beego.Router("/api/tencent/usersig", &TencentUsersigApiController{}, "get:GetUsersig")
+
+}
+
+//GetUsersig 签名
+func (c *TencentUsersigApiController) GetUsersig() {
+
+	adminUserInfo := c.GetAdminUserInfo()
+
+	adminId := adminUserInfo.AdminUser.Id
+	Indentifier := "Org_" + strconv.FormatInt(adminUserInfo.CurrentOrgId, 10)
+	appIDAt3rd := Indentifier
+	sig, err := tencentim_service.CreateUserSig(Indentifier, appIDAt3rd)
+	if err != nil {
+		utils.ErrorLog("usersig err : %v", err)
+		c.ServeFailJSONWithSGJErrorCode(enums.ErrorCodeParamWrong)
+		return
+	}
+
+
+	orgInfo := adminUserInfo.Orgs[adminUserInfo.CurrentOrgId]
+	IdentifierNick := ""
+	HeadURL := "http://jk.kuyicloud.com/static/images/ico_gjh.png"
+	if orgInfo != nil {
+		if len(orgInfo.OrgName) > 0 {
+			IdentifierNick = orgInfo.OrgName
+		}
+		if len(orgInfo.OrgLogo) > 0 {
+			HeadURL = orgInfo.OrgLogo
+		}
+	}
+
+	returnData := map[string]interface{}{
+		"sig":            sig,
+		"adminId":        adminId,
+		"Indentifier":    Indentifier,
+		"appIDAt3rd":     appIDAt3rd,
+		"IdentifierNick": IdentifierNick,
+		"HeadURL":        HeadURL,
+		"sdkAppID":       tencentim_service.ThisSDKAppId,
+		"accountType":    tencentim_service.ThisAccType,
+		"selToAdmin":     "AdminKeFu",
+	}
+
+	c.ServeSuccessJSON(returnData)
+	return
+}

main.go

@@ -19,7 +19,7 @@ func main() {
 	//微信开放平台
 	go func() {
 		// jobcron.RequestComponentAccessToken()
-		jobcron.RequestMpWechatAccessToken()
+		// jobcron.RequestMpWechatAccessToken()
 		// jobcron.ReqJsapiTicket()
 	}()
 	jobcron.StartOpenWechatCron()

routers/router.go

@@ -9,6 +9,7 @@ import (
 	"SCRM/controllers/members"
 	"SCRM/controllers/mpwechat"
 	"SCRM/controllers/role"
+	"SCRM/controllers/kefu"
 
 	"github.com/astaxie/beego"
 	"github.com/astaxie/beego/plugins/cors"
@@ -31,4 +32,5 @@ func init() {
 	marketing_tool.RegisterRouters()
 	article.RegisterRouters()
 	mpwechat.RegisterRouters()
+	kefu.RegisterRouters()
 }

service/tencentim_service/tencent_im_service.go

@@ -0,0 +1,28 @@
+package tencentim_service
+
+import (
+	"SCRM/utils/tencentsig"
+)
+
+//正式
+const (
+	ThisAccType    = 29296
+	ThisSDKAppId   = "1400103109"
+	ThisIdentifier = "kuyiyun" //  admin
+	ThisPriKey     = `-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgpM/saduI49IF+DeL
+jEjyU1ryKIEKTyRLekw4w4qeC7ShRANCAAQHinjtGLt6WF2wOfEKA1xomfcS19/i
+ZyymFHJlKR49WASx/9XEbm2/TNZUn/qbe5jc4HhujQR7IUVKVFtEU6Oa
+-----END PRIVATE KEY-----`
+	ThisPubKey = `-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEB4p47Ri7elhdsDnxCgNcaJn3Etff
+4mcsphRyZSkePVgEsf/VxG5tv0zWVJ/6m3uY3OB4bo0EeyFFSlRbRFOjmg==
+-----END PUBLIC KEY-----`
+)
+
+func CreateUserSig(Identifier, AppId3rd string) (userSig string, err error) {
+	conf := tencentsig.NewConf(ThisSDKAppId, Identifier, AppId3rd).WithExpire(86400)
+	userSig, err = conf.GenUserSig(ThisPriKey)
+
+	return
+}

utils/tencentsig/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 yinheli
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

utils/tencentsig/Makefile

@@ -0,0 +1,12 @@
+all: test
+
+.PHONY: fmt
+fmt:
+	@gofmt -s -l -w *.go
+
+.PHONY: test
+test:
+	go test -v -coverprofile .cover.out ./...
+	@go tool cover -func=.cover.out
+	@go tool cover -html=.cover.out -o .cover.html
+	@rm .cover.out

utils/tencentsig/README.md

@@ -0,0 +1,15 @@
+# 腾讯登录服务（Tencent Login Service，TLS） userSig 生成
+
+> 这是纯go实现的版本，官方提供的是 cgo 版本，部分用户可能在 mac 等系统上会遇到编译失败的问题，故实现了这个版本
+
+
+支持的 curve 包括： prime256v1, secp256k1
+
+> 之前腾讯云只支持 secp256k1，后来测试发现有 prime256v1 的密钥
+
+具体使用请参考 `usersig_test.go`
+
+## 参考资料
+
+* https://cloud.tencent.com/document/product/269/1510
+* http://bbs.qcloud.com/thread-21826-1-1.html

utils/tencentsig/bitelliptic.go

@@ -0,0 +1,350 @@
+package tencentsig
+
+// @see https://github.com/ThePiachu/Golang-Koblitz-elliptic-curve-DSA-library/blob/master/bitelliptic/bitelliptic.go
+
+import (
+	"crypto/elliptic"
+	"io"
+	"math/big"
+	"sync"
+)
+
+// A BitCurve represents a Koblitz Curve with a=0.
+// See http://www.hyperelliptic.org/EFD/g1p/auto-shortw.html
+type BitCurve struct {
+	P       *big.Int // the order of the underlying field
+	N       *big.Int // the order of the base point
+	B       *big.Int // the constant of the BitCurve equation
+	Gx, Gy  *big.Int // (x,y) of the base point
+	BitSize int      // the size of the underlying field
+}
+
+func (BitCurve *BitCurve) Params() *elliptic.CurveParams {
+	return &elliptic.CurveParams{P: BitCurve.P, N: BitCurve.N, B: BitCurve.B, Gx: BitCurve.Gx, Gy: BitCurve.Gy, BitSize: BitCurve.BitSize}
+}
+
+// IsOnBitCurve returns true if the given (x,y) lies on the BitCurve.
+func (BitCurve *BitCurve) IsOnCurve(x, y *big.Int) bool {
+	// y² = x³ + b
+	y2 := new(big.Int).Mul(y, y) //y²
+	y2.Mod(y2, BitCurve.P)       //y²%P
+
+	x3 := new(big.Int).Mul(x, x) //x²
+	x3.Mul(x3, x)                //x³
+
+	x3.Add(x3, BitCurve.B) //x³+B
+	x3.Mod(x3, BitCurve.P) //(x³+B)%P
+
+	return x3.Cmp(y2) == 0
+}
+
+//TODO: double check if the function is okay
+// affineFromJacobian reverses the Jacobian transform. See the comment at the
+// top of the file.
+func (BitCurve *BitCurve) affineFromJacobian(x, y, z *big.Int) (xOut, yOut *big.Int) {
+	zinv := new(big.Int).ModInverse(z, BitCurve.P)
+	zinvsq := new(big.Int).Mul(zinv, zinv)
+
+	xOut = new(big.Int).Mul(x, zinvsq)
+	xOut.Mod(xOut, BitCurve.P)
+	zinvsq.Mul(zinvsq, zinv)
+	yOut = new(big.Int).Mul(y, zinvsq)
+	yOut.Mod(yOut, BitCurve.P)
+	return
+}
+
+// Add returns the sum of (x1,y1) and (x2,y2)
+func (BitCurve *BitCurve) Add(x1, y1, x2, y2 *big.Int) (*big.Int, *big.Int) {
+	z := new(big.Int).SetInt64(1)
+	return BitCurve.affineFromJacobian(BitCurve.addJacobian(x1, y1, z, x2, y2, z))
+}
+
+// addJacobian takes two points in Jacobian coordinates, (x1, y1, z1) and
+// (x2, y2, z2) and returns their sum, also in Jacobian form.
+func (BitCurve *BitCurve) addJacobian(x1, y1, z1, x2, y2, z2 *big.Int) (*big.Int, *big.Int, *big.Int) {
+	// See http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-add-2007-bl
+	z1z1 := new(big.Int).Mul(z1, z1)
+	z1z1.Mod(z1z1, BitCurve.P)
+	z2z2 := new(big.Int).Mul(z2, z2)
+	z2z2.Mod(z2z2, BitCurve.P)
+
+	u1 := new(big.Int).Mul(x1, z2z2)
+	u1.Mod(u1, BitCurve.P)
+	u2 := new(big.Int).Mul(x2, z1z1)
+	u2.Mod(u2, BitCurve.P)
+	h := new(big.Int).Sub(u2, u1)
+	if h.Sign() == -1 {
+		h.Add(h, BitCurve.P)
+	}
+	i := new(big.Int).Lsh(h, 1)
+	i.Mul(i, i)
+	j := new(big.Int).Mul(h, i)
+
+	s1 := new(big.Int).Mul(y1, z2)
+	s1.Mul(s1, z2z2)
+	s1.Mod(s1, BitCurve.P)
+	s2 := new(big.Int).Mul(y2, z1)
+	s2.Mul(s2, z1z1)
+	s2.Mod(s2, BitCurve.P)
+	r := new(big.Int).Sub(s2, s1)
+	if r.Sign() == -1 {
+		r.Add(r, BitCurve.P)
+	}
+	r.Lsh(r, 1)
+	v := new(big.Int).Mul(u1, i)
+
+	x3 := new(big.Int).Set(r)
+	x3.Mul(x3, x3)
+	x3.Sub(x3, j)
+	x3.Sub(x3, v)
+	x3.Sub(x3, v)
+	x3.Mod(x3, BitCurve.P)
+
+	y3 := new(big.Int).Set(r)
+	v.Sub(v, x3)
+	y3.Mul(y3, v)
+	s1.Mul(s1, j)
+	s1.Lsh(s1, 1)
+	y3.Sub(y3, s1)
+	y3.Mod(y3, BitCurve.P)
+
+	z3 := new(big.Int).Add(z1, z2)
+	z3.Mul(z3, z3)
+	z3.Sub(z3, z1z1)
+	if z3.Sign() == -1 {
+		z3.Add(z3, BitCurve.P)
+	}
+	z3.Sub(z3, z2z2)
+	if z3.Sign() == -1 {
+		z3.Add(z3, BitCurve.P)
+	}
+	z3.Mul(z3, h)
+	z3.Mod(z3, BitCurve.P)
+
+	return x3, y3, z3
+}
+
+// Double returns 2*(x,y)
+func (BitCurve *BitCurve) Double(x1, y1 *big.Int) (*big.Int, *big.Int) {
+	z1 := new(big.Int).SetInt64(1)
+	return BitCurve.affineFromJacobian(BitCurve.doubleJacobian(x1, y1, z1))
+}
+
+// doubleJacobian takes a point in Jacobian coordinates, (x, y, z), and
+// returns its double, also in Jacobian form.
+func (BitCurve *BitCurve) doubleJacobian(x, y, z *big.Int) (*big.Int, *big.Int, *big.Int) {
+	// See http://hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l
+
+	a := new(big.Int).Mul(x, x) //X1²
+	b := new(big.Int).Mul(y, y) //Y1²
+	c := new(big.Int).Mul(b, b) //B²
+
+	d := new(big.Int).Add(x, b) //X1+B
+	d.Mul(d, d)                 //(X1+B)²
+	d.Sub(d, a)                 //(X1+B)²-A
+	d.Sub(d, c)                 //(X1+B)²-A-C
+	d.Mul(d, big.NewInt(2))     //2*((X1+B)²-A-C)
+
+	e := new(big.Int).Mul(big.NewInt(3), a) //3*A
+	f := new(big.Int).Mul(e, e)             //E²
+
+	x3 := new(big.Int).Mul(big.NewInt(2), d) //2*D
+	x3.Sub(f, x3)                            //F-2*D
+	x3.Mod(x3, BitCurve.P)
+
+	y3 := new(big.Int).Sub(d, x3)                  //D-X3
+	y3.Mul(e, y3)                                  //E*(D-X3)
+	y3.Sub(y3, new(big.Int).Mul(big.NewInt(8), c)) //E*(D-X3)-8*C
+	y3.Mod(y3, BitCurve.P)
+
+	z3 := new(big.Int).Mul(y, z) //Y1*Z1
+	z3.Mul(big.NewInt(2), z3)    //3*Y1*Z1
+	z3.Mod(z3, BitCurve.P)
+
+	return x3, y3, z3
+}
+
+//TODO: double check if it is okay
+// ScalarMult returns k*(Bx,By) where k is a number in big-endian form.
+func (BitCurve *BitCurve) ScalarMult(Bx, By *big.Int, k []byte) (*big.Int, *big.Int) {
+	// We have a slight problem in that the identity of the group (the
+	// point at infinity) cannot be represented in (x, y) form on a finite
+	// machine. Thus the standard add/double algorithm has to be tweaked
+	// slightly: our initial state is not the identity, but x, and we
+	// ignore the first true bit in |k|.  If we don't find any true bits in
+	// |k|, then we return nil, nil, because we cannot return the identity
+	// element.
+
+	Bz := new(big.Int).SetInt64(1)
+	x := Bx
+	y := By
+	z := Bz
+
+	seenFirstTrue := false
+	for _, b := range k {
+		for bitNum := 0; bitNum < 8; bitNum++ {
+			if seenFirstTrue {
+				x, y, z = BitCurve.doubleJacobian(x, y, z)
+			}
+			if b&0x80 == 0x80 {
+				if !seenFirstTrue {
+					seenFirstTrue = true
+				} else {
+					x, y, z = BitCurve.addJacobian(Bx, By, Bz, x, y, z)
+				}
+			}
+			b <<= 1
+		}
+	}
+
+	if !seenFirstTrue {
+		return nil, nil
+	}
+
+	return BitCurve.affineFromJacobian(x, y, z)
+}
+
+// ScalarBaseMult returns k*G, where G is the base point of the group and k is
+// an integer in big-endian form.
+func (BitCurve *BitCurve) ScalarBaseMult(k []byte) (*big.Int, *big.Int) {
+	return BitCurve.ScalarMult(BitCurve.Gx, BitCurve.Gy, k)
+}
+
+var mask = []byte{0xff, 0x1, 0x3, 0x7, 0xf, 0x1f, 0x3f, 0x7f}
+
+//TODO: double check if it is okay
+// GenerateKey returns a public/private key pair. The private key is generated
+// using the given reader, which must return random data.
+func (BitCurve *BitCurve) GenerateKey(rand io.Reader) (priv []byte, x, y *big.Int, err error) {
+	byteLen := (BitCurve.BitSize + 7) >> 3
+	priv = make([]byte, byteLen)
+
+	for x == nil {
+		_, err = io.ReadFull(rand, priv)
+		if err != nil {
+			return
+		}
+		// We have to mask off any excess bits in the case that the size of the
+		// underlying field is not a whole number of bytes.
+		priv[0] &= mask[BitCurve.BitSize%8]
+		// This is because, in tests, rand will return all zeros and we don't
+		// want to get the point at infinity and loop forever.
+		priv[1] ^= 0x42
+		x, y = BitCurve.ScalarBaseMult(priv)
+	}
+	return
+}
+
+// Marshal converts a point into the form specified in section 4.3.6 of ANSI
+// X9.62.
+func (BitCurve *BitCurve) Marshal(x, y *big.Int) []byte {
+	byteLen := (BitCurve.BitSize + 7) >> 3
+
+	ret := make([]byte, 1+2*byteLen)
+	ret[0] = 4 // uncompressed point
+
+	xBytes := x.Bytes()
+	copy(ret[1+byteLen-len(xBytes):], xBytes)
+	yBytes := y.Bytes()
+	copy(ret[1+2*byteLen-len(yBytes):], yBytes)
+	return ret
+}
+
+// Unmarshal converts a point, serialised by Marshal, into an x, y pair. On
+// error, x = nil.
+func (BitCurve *BitCurve) Unmarshal(data []byte) (x, y *big.Int) {
+	byteLen := (BitCurve.BitSize + 7) >> 3
+	if len(data) != 1+2*byteLen {
+		return
+	}
+	if data[0] != 4 { // uncompressed form
+		return
+	}
+	x = new(big.Int).SetBytes(data[1 : 1+byteLen])
+	y = new(big.Int).SetBytes(data[1+byteLen:])
+	return
+}
+
+//curve parameters taken from:
+//http://www.secg.org/collateral/sec2_final.pdf
+
+var initonce sync.Once
+var secp160k1 *BitCurve
+var secp192k1 *BitCurve
+var secp224k1 *BitCurve
+var secp256k1 *BitCurve
+
+func initAll() {
+	initS160()
+	initS192()
+	initS224()
+	initS256()
+}
+
+func initS160() {
+	// See SEC 2 section 2.4.1
+	secp160k1 = new(BitCurve)
+	secp160k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFAC73", 16)
+	secp160k1.N, _ = new(big.Int).SetString("0100000000000000000001B8FA16DFAB9ACA16B6B3", 16)
+	secp160k1.B, _ = new(big.Int).SetString("0000000000000000000000000000000000000007", 16)
+	secp160k1.Gx, _ = new(big.Int).SetString("3B4C382CE37AA192A4019E763036F4F5DD4D7EBB", 16)
+	secp160k1.Gy, _ = new(big.Int).SetString("938CF935318FDCED6BC28286531733C3F03C4FEE", 16)
+	secp160k1.BitSize = 160
+}
+
+func initS192() {
+	// See SEC 2 section 2.5.1
+	secp192k1 = new(BitCurve)
+	secp192k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFEE37", 16)
+	secp192k1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFE26F2FC170F69466A74DEFD8D", 16)
+	secp192k1.B, _ = new(big.Int).SetString("000000000000000000000000000000000000000000000003", 16)
+	secp192k1.Gx, _ = new(big.Int).SetString("DB4FF10EC057E9AE26B07D0280B7F4341DA5D1B1EAE06C7D", 16)
+	secp192k1.Gy, _ = new(big.Int).SetString("9B2F2F6D9C5628A7844163D015BE86344082AA88D95E2F9D", 16)
+	secp192k1.BitSize = 192
+}
+
+func initS224() {
+	// See SEC 2 section 2.6.1
+	secp224k1 = new(BitCurve)
+	secp224k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFE56D", 16)
+	secp224k1.N, _ = new(big.Int).SetString("010000000000000000000000000001DCE8D2EC6184CAF0A971769FB1F7", 16)
+	secp224k1.B, _ = new(big.Int).SetString("00000000000000000000000000000000000000000000000000000005", 16)
+	secp224k1.Gx, _ = new(big.Int).SetString("A1455B334DF099DF30FC28A169A467E9E47075A90F7E650EB6B7A45C", 16)
+	secp224k1.Gy, _ = new(big.Int).SetString("7E089FED7FBA344282CAFBD6F7E319F7C0B0BD59E2CA4BDB556D61A5", 16)
+	secp224k1.BitSize = 224
+}
+
+func initS256() {
+	// See SEC 2 section 2.7.1
+	secp256k1 = new(BitCurve)
+	secp256k1.P, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F", 16)
+	secp256k1.N, _ = new(big.Int).SetString("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141", 16)
+	secp256k1.B, _ = new(big.Int).SetString("0000000000000000000000000000000000000000000000000000000000000007", 16)
+	secp256k1.Gx, _ = new(big.Int).SetString("79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798", 16)
+	secp256k1.Gy, _ = new(big.Int).SetString("483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8", 16)
+	secp256k1.BitSize = 256
+}
+
+// S160 returns a BitCurve which implements secp160k1 (see SEC 2 section 2.4.1)
+func S160() *BitCurve {
+	initonce.Do(initAll)
+	return secp160k1
+}
+
+// S192 returns a BitCurve which implements secp192k1 (see SEC 2 section 2.5.1)
+func S192() *BitCurve {
+	initonce.Do(initAll)
+	return secp192k1
+}
+
+// S224 returns a BitCurve which implements secp224k1 (see SEC 2 section 2.6.1)
+func S224() *BitCurve {
+	initonce.Do(initAll)
+	return secp224k1
+}
+
+// S256 returns a BitCurve which implements secp256k1 (see SEC 2 section 2.7.1)
+func S256() *BitCurve {
+	initonce.Do(initAll)
+	return secp256k1
+}

utils/tencentsig/go.mod

@@ -0,0 +1,8 @@
+module github.com/yinheli/tencentsig
+
+require (
+	github.com/davecgh/go-spew v1.1.0
+	github.com/pmezard/go-difflib v1.0.0
+	github.com/stretchr/objx v0.1.0
+	github.com/stretchr/testify v1.2.1
+)

utils/tencentsig/go.sum

@@ -0,0 +1,7 @@
+github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.1 h1:52QO5WkIUcHGIR7EnGagH88x1bUzqGXTC5/1bDTUQ7U=
+github.com/stretchr/testify v1.2.1/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=

utils/tencentsig/parse.go

@@ -0,0 +1,31 @@
+package tencentsig
+
+import (
+	"crypto/x509/pkix"
+	"encoding/asn1"
+)
+
+var (
+	oidPublicKeyECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1}
+	oidNamedCurveS256 = asn1.ObjectIdentifier{1, 3, 132, 0, 10}
+)
+
+type pkcs8 struct {
+	Version    int
+	Algo       pkix.AlgorithmIdentifier
+	PrivateKey []byte
+	// optional attributes omitted.
+}
+
+type publicKeyInfo struct {
+	Raw       asn1.RawContent
+	Algorithm pkix.AlgorithmIdentifier
+	PublicKey asn1.BitString
+}
+
+type ecPrivateKey struct {
+	Version       int
+	PrivateKey    []byte
+	NamedCurveOID asn1.ObjectIdentifier `asn1:"optional,explicit,tag:0"`
+	PublicKey     asn1.BitString        `asn1:"optional,explicit,tag:1"`
+}

utils/tencentsig/usersig.go

@@ -0,0 +1,256 @@
+package tencentsig
+
+import (
+	"bytes"
+	"compress/zlib"
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/asn1"
+	"encoding/base64"
+	"encoding/hex"
+	"encoding/json"
+	"encoding/pem"
+	"fmt"
+	"io/ioutil"
+	"math/big"
+	"strings"
+	"time"
+)
+
+const (
+	accountType   = "29296"
+	version       = "201512300000"
+	defaultExpire = 3600 * 24 * 180
+)
+
+var (
+	tlsReplace = map[string]string{
+		"+": "*",
+		"/": "-",
+		"=": "_",
+	}
+)
+
+type Conf struct {
+	AccountType string `json:"TLS.account_type"`
+	Identifier  string `json:"TLS.identifier"`
+	AppidAt3rd  string `json:"TLS.appid_at_3rd"`
+	SdkAppid    string `json:"TLS.sdk_appid"`
+	ExpireAfter string `json:"TLS.expire_after"`
+	Version     string `json:"TLS.version"`
+	Time        string `json:"TLS.time"`
+	Sig         string `json:"TLS.sig"`
+}
+
+func NewConf(sdkAppId string, identifier string, appidAt3rd string) *Conf {
+	return &Conf{
+		AccountType: accountType,
+		Identifier:  identifier,
+		AppidAt3rd:  appidAt3rd,
+		SdkAppid:    sdkAppId,
+		ExpireAfter: fmt.Sprintf("%d", defaultExpire),
+		Version:     version,
+		Time:        fmt.Sprintf("%d", time.Now().Unix()),
+	}
+}
+
+func (c *Conf) WithExpire(expireInSeconds int) *Conf {
+	c.ExpireAfter = fmt.Sprintf("%d", expireInSeconds)
+	return c
+}
+
+func (c *Conf) GenUserSig(pemPrivateKey string) (string, error) {
+	var err error
+	c.Sig, err = c.sign(pemPrivateKey)
+	if err != nil {
+		return "", err
+	}
+	data, _ := json.Marshal(c)
+
+	var b bytes.Buffer
+	z := zlib.NewWriter(&b)
+	z.Write(data)
+	z.Close()
+
+	return base64Encode(b.Bytes()), nil
+}
+
+func VerifyUserSig(pemPublicKey string, userSig string) (*Conf, bool, error) {
+	data, err := base64Decode(userSig)
+	if err != nil {
+		return nil, false, err
+	}
+	reader, err := zlib.NewReader(bytes.NewReader(data))
+	if err != nil {
+		return nil, false, err
+	}
+
+	data, err = ioutil.ReadAll(reader)
+	if err != nil {
+		return nil, false, err
+	}
+
+	var conf Conf
+	err = json.Unmarshal(data, &conf)
+	if err != nil {
+		return nil, false, err
+	}
+
+	block, _ := pem.Decode([]byte(pemPublicKey))
+
+	pk, err := x509.ParsePKIXPublicKey(block.Bytes)
+	if err != nil {
+		if strings.Contains(err.Error(), "unsupported elliptic curve") {
+			var pki publicKeyInfo
+			if _, err := asn1.Unmarshal(block.Bytes, &pki); err != nil {
+				return nil, false, err
+			}
+
+			asn1Data := pki.PublicKey.RightAlign()
+			fmt.Println(hex.EncodeToString(asn1Data))
+			paramsData := pki.Algorithm.Parameters.FullBytes
+			namedCurveOID := new(asn1.ObjectIdentifier)
+			_, err = asn1.Unmarshal(paramsData, namedCurveOID)
+			if err != nil {
+				return nil, false, err
+			}
+
+			if namedCurveOID.Equal(oidNamedCurveS256) {
+				pubk := new(ecdsa.PublicKey)
+				pubk.Curve = S256()
+				pubk.X, pubk.Y = elliptic.Unmarshal(pubk.Curve, asn1Data)
+				pk = pubk
+			}
+		} else {
+			return nil, false, err
+		}
+	}
+
+	pubKey := pk.(*ecdsa.PublicKey)
+
+	content := conf.signContent()
+	hashed := sha256.Sum256([]byte(content))
+
+	signature, _ := base64.StdEncoding.DecodeString(conf.Sig)
+	r, s, err := pointsFromDER(signature)
+	if err != nil {
+		return nil, false, err
+	}
+
+	res := ecdsa.Verify(pubKey, hashed[:], r, s)
+	return &conf, res, nil
+}
+
+func (c *Conf) signContent() string {
+	var builder strings.Builder
+
+	builder.WriteString("TLS.appid_at_3rd:")
+	builder.WriteString(c.AppidAt3rd)
+	builder.WriteString("\n")
+
+	builder.WriteString("TLS.account_type:")
+	builder.WriteString(c.AccountType)
+	builder.WriteString("\n")
+
+	builder.WriteString("TLS.identifier:")
+	builder.WriteString(c.Identifier)
+	builder.WriteString("\n")
+
+	builder.WriteString("TLS.sdk_appid:")
+	builder.WriteString(c.SdkAppid)
+	builder.WriteString("\n")
+
+	builder.WriteString("TLS.time:")
+	builder.WriteString(c.Time)
+	builder.WriteString("\n")
+
+	builder.WriteString("TLS.expire_after:")
+	builder.WriteString(c.ExpireAfter)
+	builder.WriteString("\n")
+
+	return builder.String()
+}
+
+func (c *Conf) sign(privateKey string) (string, error) {
+	block, _ := pem.Decode([]byte(privateKey))
+
+	pk, err := x509.ParsePKCS8PrivateKey(block.Bytes)
+	if err != nil {
+		if strings.Contains(err.Error(), "unknown elliptic curve") {
+			var privKey pkcs8
+			if _, err := asn1.Unmarshal(block.Bytes, &privKey); err != nil {
+				return "", err
+			}
+
+			if privKey.Algo.Algorithm.Equal(oidPublicKeyECDSA) {
+				namedCurveOID := new(asn1.ObjectIdentifier)
+				asn1.Unmarshal(privKey.Algo.Parameters.FullBytes, namedCurveOID)
+				if namedCurveOID.Equal(oidNamedCurveS256) {
+					var ecPrivKey ecPrivateKey
+					asn1.Unmarshal(privKey.PrivateKey, &ecPrivKey)
+
+					k := new(ecdsa.PrivateKey)
+					k.Curve = S256()
+					d := new(big.Int)
+					d.SetBytes(ecPrivKey.PrivateKey)
+					k.D = d
+					k.X, k.Y = S256().ScalarBaseMult(d.Bytes())
+					pk = k
+				}
+			}
+		} else {
+			return "", err
+		}
+	}
+
+	priv := pk.(*ecdsa.PrivateKey)
+
+	content := c.signContent()
+
+	hashed := sha256.Sum256([]byte(content))
+
+	sig, err := priv.Sign(rand.Reader, hashed[:], crypto.SHA256)
+	if err != nil {
+		return "", err
+	}
+	return base64.StdEncoding.EncodeToString(sig), nil
+}
+
+func base64Encode(data []byte) string {
+	res := base64.StdEncoding.EncodeToString(data)
+	for k, v := range tlsReplace {
+		res = strings.Replace(res, k, v, -1)
+	}
+	return res
+}
+
+func base64Decode(data string) ([]byte, error) {
+	for k, v := range tlsReplace {
+		data = strings.Replace(data, v, k, -1)
+	}
+	return base64.StdEncoding.DecodeString(data)
+}
+
+func pointsFromDER(der []byte) (R, S *big.Int, err error) {
+	R, S = &big.Int{}, &big.Int{}
+
+	data := asn1.RawValue{}
+	if _, err = asn1.Unmarshal(der, &data); err != nil {
+		return
+	}
+
+	// The format of our DER string is 0x02 + rlen + r + 0x02 + slen + s
+	rLen := data.Bytes[1] // The entire length of R + offset of 2 for 0x02 and rlen
+	r := data.Bytes[2 : rLen+2]
+	// Ignore the next 0x02 and slen bytes and just take the start of S to the end of the byte array
+	s := data.Bytes[rLen+4:]
+
+	R.SetBytes(r)
+	S.SetBytes(s)
+
+	return
+}

utils/tencentsig/usersig_test.go

@@ -0,0 +1,97 @@
+package tencentsig
+
+import (
+	"encoding/json"
+	"github.com/stretchr/testify/assert"
+	"log"
+	"os"
+	"strings"
+	"testing"
+)
+
+var (
+	sdkAppId   = "1234567890"
+	identifier = "zhangshan"
+
+	l = log.New(os.Stdout, "[tencentsig - test] ", log.LstdFlags)
+)
+
+func doVerifyUserSig(t *testing.T, pemPrivateKey, pemPublicKey string) {
+	conf := NewConf(sdkAppId, identifier).WithExpire(defaultExpire)
+	userSig, err := conf.GenUserSig(pemPrivateKey)
+	assert.Nil(t, err)
+
+	l.Print("userSig:", userSig)
+
+	c, valid, err := VerifyUserSig(pemPublicKey, userSig)
+
+	assert.Nil(t, err)
+	assert.True(t, valid)
+
+	b, _ := json.MarshalIndent(c, "", "  ")
+	l.Print("conf:", string(b))
+}
+
+// 准备
+
+/*
+
+# list curves
+openssl ecparam -list_curves
+
+
+# prime256v1 curve
+
+openssl ecparam -name prime256v1 -genkey -noout -out private.pem
+openssl pkcs8 -topk8 -nocrypt -in private.pem -out private-pkcs8.pem && cat private-pkcs8.pem
+openssl ec -in private.pem -pubout
+
+
+# secp256k1 curve
+
+openssl ecparam -name secp256k1 -genkey -noout -out private.pem
+openssl pkcs8 -topk8 -nocrypt -in private.pem -out private-pkcs8.pem && cat private-pkcs8.pem
+openssl ec -in private.pem -pubout
+*/
+
+func TestVerifyUserSig(t *testing.T) {
+	// prime256v1
+	doVerifyUserSig(
+		t,
+
+		strings.TrimSpace(`
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgJzqd3dF+O6vd+bGJ
+7tGA7TLsWNzbYBKRGELEA65ywQahRANCAATIBFu6F5SlqrPFkuhi46IRXXKyEiuU
+g8pP+n3L5ZSiW3o0N58P0Ix77PrRVSXLfHd5VqeyF2CWWDUQZyA/butY
+-----END PRIVATE KEY-----
+		`),
+
+		strings.TrimSpace(`
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEyARbuheUpaqzxZLoYuOiEV1yshIr
+lIPKT/p9y+WUolt6NDefD9CMe+z60VUly3x3eVanshdgllg1EGcgP27rWA==
+-----END PUBLIC KEY-----
+		`),
+	)
+
+	// secp256k1
+	doVerifyUserSig(
+		t,
+
+		strings.TrimSpace(`
+-----BEGIN PRIVATE KEY-----
+MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgkRrBHsxAXy4ssvSYsJIM
+TUzzLIHOeUQ/QKygM3JhvDahRANCAATyucyxciWHFclVxRPW7zJ6d51F5au6xnZk
+bjkiDOpa6gl8JhdeWcKLYgRb5raHNq/JYUYJSrsH29whxdx0lpq7
+-----END PRIVATE KEY-----
+		`),
+
+		strings.TrimSpace(`
+-----BEGIN PUBLIC KEY-----
+MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAE8rnMsXIlhxXJVcUT1u8yenedReWrusZ2
+ZG45IgzqWuoJfCYXXlnCi2IEW+a2hzavyWFGCUq7B9vcIcXcdJaauw==
+-----END PUBLIC KEY-----
+		`),
+	)
+}