From 0d75f1c58c6f34d5da78f17371c613a8a188e2f3 Mon Sep 17 00:00:00 2001 From: hailin Date: Fri, 13 Jun 2025 22:18:58 +0800 Subject: [PATCH] . --- license/crypto.go | 20 ++++++++++---------- license/service.go | 27 +++++++++++++++++++-------- 2 files changed, 29 insertions(+), 18 deletions(-) diff --git a/license/crypto.go b/license/crypto.go index 4687cfa..aa31ada 100644 --- a/license/crypto.go +++ b/license/crypto.go @@ -1,14 +1,15 @@ package license import ( + "crypto" "crypto/ecdsa" "crypto/elliptic" "crypto/rand" + "crypto/rsa" "crypto/sha256" "crypto/x509" "encoding/base64" "encoding/pem" - "math/big" ) var ( @@ -30,15 +31,14 @@ func SignPayload(payload []byte) (string, error) { return base64.StdEncoding.EncodeToString(sig), nil } -func VerifySignature(pubKey *ecdsa.PublicKey, payload []byte, signature string) bool { - sigBytes, _ := base64.StdEncoding.DecodeString(signature) - r := big.Int{} - s := big.Int{} - r.SetBytes(sigBytes[:len(sigBytes)/2]) - s.SetBytes(sigBytes[len(sigBytes)/2:]) - - hash := sha256.Sum256(payload) - return ecdsa.Verify(pubKey, hash[:], &r, &s) +func VerifySignature(pub *rsa.PublicKey, message []byte, signatureBase64 string) bool { + signature, err := base64.StdEncoding.DecodeString(signatureBase64) + if err != nil { + return false + } + hashed := sha256.Sum256(message) + err = rsa.VerifyPKCS1v15(pub, crypto.SHA256, hashed[:], signature) + return err == nil } func ExportPublicKeyPEM() string { diff --git a/license/service.go b/license/service.go index 268982d..f1003ae 100644 --- a/license/service.go +++ b/license/service.go @@ -62,17 +62,28 @@ func ValidateLicenseHandler(db storage.Database) fiber.Handler { return fiber.ErrBadRequest } - payloadBytes, _ := base64.StdEncoding.DecodeString(lf.Payload) - var req LicenseRequest - json.Unmarshal(payloadBytes, &req) - - if !VerifySignature(&privateKey.PublicKey, payloadBytes, lf.Signature) { - return fiber.NewError(401, "Invalid license signature") + payloadBytes, err := base64.StdEncoding.DecodeString(lf.Payload) + if err != nil { + return fiber.NewError(fiber.StatusBadRequest, "Invalid payload encoding") } - expiry, _ := time.Parse("2006-01-02", req.Expiry) + // 先验证签名是否真的是对 payloadBytes 签的 + if !VerifySignature(&privateKey.PublicKey, payloadBytes, lf.Signature) { + return fiber.NewError(fiber.StatusUnauthorized, "Invalid license signature") + } + + // 验证通过后再解析 payload 内容 + var req LicenseRequest + if err := json.Unmarshal(payloadBytes, &req); err != nil { + return fiber.NewError(fiber.StatusBadRequest, "Malformed payload") + } + + expiry, err := time.Parse("2006-01-02", req.Expiry) + if err != nil { + return fiber.NewError(fiber.StatusBadRequest, "Invalid expiry date") + } if time.Now().After(expiry) { - return fiber.NewError(403, "License expired") + return fiber.NewError(fiber.StatusForbidden, "License expired") } return c.JSON(fiber.Map{"valid": true, "features": req.Features})