签名校验

最近更新时间:2024-05-20 15:59:12

我的收藏
为了让企业确认调用来自腾讯会议,腾讯会议在回调时,会在 Header 中带上消息签名,以参数 signature 为标识,企业需要验证此参数的正确性后再解码数据。

验证步骤

1. 计算签名:
dev_signature = sha1(sort(token、timestamp、nonce、data))
说明:
sort 的含义是将参数值按照字母字典排序,然后从小到大拼接成一个字符串,最后再进行 sha1 加密得到最终的签名串。
2. 比较 dev_signature 和 signature 是否相等,相等则表示验证通过。

验证示例

1. 将 token、timestamp、nonce、data 这四个参数值以字符串类型按照字典序排序:
nonce:"14964161"
timestamp:"1609239040864"
token:"bVPU6F8Htxxxxxxxp3jGV2xWp"
data:"eyJldmVudCI6Im1lZXRpbmcuY3JlYXRlZCIsInVuaXF1ZV9zZXF1ZW5jZSI6ImYyMDA5NmVlLThhYzgtNGRmMi1hN2RlLTA1NzQ2NDlmMjExYiIsInBheWxvYWQiOlt7Im9wZXJhdGVfdGltZSI6IjIwMjAtMTItMjkgMTc6NDE6MDYiLCJvcGVyYXRvciI6eyJ1c2VyaWQiOiJ0ZXN0ZXIwMDAwNmJhNWJhYjMzOTg1OGMxM2M5MzBjY2E5NTY4NCJ9LCJtZWV0aW5nX2luZm8iOnsibWVldGluZ19pZCI6IjYwNTg4OTAzODU0ODA5MjEwNTIiLCJtZWV0aW5nX2NvZGUiOiI1MzA4MTI0NTIiLCJzdWJqZWN0IjoibWVkaWEgdGVzdGVyIG1lZXRpbmciLCJjcmVhdG9yX2lkIjoidGVzdGVyMDAwMDZiYTViYWIzMzk4NThjMTNjOTMwY2NhOTU2ODQiLCJob3N0cyI6WyJ0ZXN0ZXIwMDAwNmJhNWJhYjMzOTg1OGMxM2M5MzBjY2E5NTY4NCJdLCJtZWV0aW5nX3R5cGUiOjAsInN0YXJ0X3RpbWUiOiIyMDIwLTEyLTI5IDE3OjQxOjA0IiwiZW5kX3RpbWUiOiIyMDIwLTEyLTI5IDE4OjAxOjA0In19XX0"
说明:
字符串的拼接不是固定排序,请以实际参数值按照字典序排序。
2. 拼接成一个字符串:
sort_str="149641611609239040864bVPU6F8Htxl5XkAbp3jGV2xWpeyJldmVudCI6Im1lZXRpbmcuY3JlYXRlZCI
3. 对该字符串进行 sha1 计算得到签名:
signature = sha1(sort_str) = "b11e507817336a91d7df0c8536ee2aca18bbbae8"
4. 对比从 Header 中得到的签名和上述计算的签名是否一致,若一致则签名通过,说明数据来源于腾讯会议且未被篡改,是安全的。

签名代码示例

Go语言
Java语言
C++语言
PHP(PHP5.4+)
Python语言
import (
"bytes"
"crypto/sha1"
"fmt"
"sort"
)

// 生成签名
func CalSignature(token, timestamp, nonce, data string) string {
sortArr := []string{token, timestamp, nonce, data}
sort.Strings(sortArr)
var buffer bytes.Buffer
for _, value := range sortArr {
buffer.WriteString(value)
}

sha := sha1.New()
sha.Write(buffer.Bytes())
signature := fmt.Sprintf("%x", sha.Sum(nil))
return signature
}

import java.security.MessageDigest;
import java.util.Arrays;

public class Sha1Util {

// 生成签名
public static String calSignature(String token, String timestamp, String nonce, String data) {
String[] arr = new String[]{token, timestamp, nonce, data};
Arrays.sort(arr);
StringBuffer sb = new StringBuffer();
for (int i = 0; i < arr.length; i++) {
sb.append(arr[i]);
}
return getSha1(sb.toString());
}

// sha1签名算法
public static String getSha1(String str) {
if (str == null || str.length() == 0) {
return null;
}
char hexDigits[] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };

try {
MessageDigest mdTemp = MessageDigest.getInstance("SHA1");
mdTemp.update(str.getBytes("UTF-8"));

byte[] md = mdTemp.digest();
int j = md.length;
char buf[] = new char[j * 2];
int k = 0;
for (int i = 0; i < j; i++) {
byte byte0 = md[i];
buf[k++] = hexDigits[byte0 >>> 4 & 0xf];
buf[k++] = hexDigits[byte0 & 0xf];
}
return new String(buf);
} catch (Exception e) {
return null;
}
}
}

#include <stdio.h>
#include <string>
#include <algorithm>
#include <openssl/sha.h>

std::string CalSignature(const std::string &token, const std::string &timestamp, const std::string &nonce, const std::string &data)
{
std::string sortArr[] = {token, timestamp, nonce, data};
sort(sortArr, sortArr+4);
std::string buffer;
for (int i = 0; i < 4; i++)
buffer += sortArr[i];
printf("%s\\n", buffer.c_str());
unsigned char obuf[21] = {0};
SHA1((unsigned char *)buffer.c_str(), buffer.length(), obuf);
char hexbuf[41] = {0};
for(int i = 0; i < 20; i++)
sprintf(&hexbuf[2*i], "%02x", obuf[i]);

return std::string(hexbuf);
}

function calSignature($data, $timestamp, $nonce, $token){
$list = [$data, $timestamp, $nonce, $token];
sort($list,SORT_STRING);
$signature = sha1(implode('', $list));
return $signature;
}

import hashlib

def cal_signature(token, timestamp, nonce, data):
vars = [token,timestamp,nonce,data]
vars.sort()
delimiter=''
s = delimiter.join(vars)
sign = hashlib.sha1(str.encode(s)).hexdigest()
return sign