卡拉卡

utils/cert.go

@@ -9,6 +9,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"hash"
 	"io/ioutil"
 )
 
@@ -38,7 +39,6 @@ func RSASign(data []byte, filename string) (string, error) {
 		return "", err
 	}
 	// 3、RSA数字签名（参数是随机数、私钥对象、哈希类型、签名文件的哈希串），生成base64编码的签名字符串
-	//bytes, err := rsa.SignPKCS1v15(rand.Reader, privateKey, myhash, hashed)
 	bytes, err := rsa.SignPKCS1v15(rand.Reader, privateKey, myhash, hashed)
 	if err != nil {
 		return "", err
@@ -84,7 +84,7 @@ func ReadParsePublicKey(filename string) (*rsa.PublicKey, error) {
 	// 3、解析DER编码的公钥，生成公钥接口
 	publicKeyInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
 	if err != nil {
-		fmt.Println(222)
+		fmt.Println(444)
 		return nil, err
 	}
 
@@ -125,4 +125,41 @@ func ReadParsePrivaterKey(filename string) (*rsa.PrivateKey, error) {
 	privateKey := prkI.(*rsa.PrivateKey)
 
 	return privateKey, nil
+}
+
+
+func VerifySignCert(signData, sign, signType, aliPayPublicKeyPath string) (err error) {
+	var (
+		h         hash.Hash
+		hashs     crypto.Hash
+		block     *pem.Block
+		pubKey    *x509.Certificate
+		publicKey *rsa.PublicKey
+		ok        bool
+		bytes     []byte
+	)
+	if bytes, err = ioutil.ReadFile(aliPayPublicKeyPath); err != nil {
+		return fmt.Errorf("支付宝公钥文件读取失败: %w", err)
+	}
+	signBytes, _ := base64.StdEncoding.DecodeString(sign)
+	if block, _ = pem.Decode(bytes); block == nil {
+		return errors.New("支付宝公钥Decode错误")
+	}
+	if pubKey, err = x509.ParseCertificate(block.Bytes); err != nil {
+		return fmt.Errorf("x509.ParseCertificate：%w", err)
+	}
+	if publicKey, ok = pubKey.PublicKey.(*rsa.PublicKey); !ok {
+		return errors.New("支付宝公钥转换错误")
+	}
+	switch signType {
+	case "RSA":
+		hashs = crypto.SHA1
+	case "RSA2":
+		hashs = crypto.SHA256
+	default:
+		hashs = crypto.SHA256
+	}
+	h = hashs.New()
+	h.Write([]byte(signData))
+	return rsa.VerifyPKCS1v15(publicKey, hashs, h.Sum(nil), signBytes)
 }
\ No newline at end of file